基础C++教学??004dumpbin工具2019-11-21

←↑→↓↖↙↗↘??
unicode=Geometric Shapes
? 仅仅个别字不同的时候的对比标识
◆
? 着重强调

??◆ 1、
??◆ 2、
??◆ 3、

??
??
??
??
??
??
??
??

Miscellaneous Symbols

?
Dingbats
? 重点记忆，个人总结的点，或者知识。
??
?

章节号	内容????????????
1图片格式(png)	宽度大于620px,保持高宽比减低为620px
1-1	应用
1-1-1	方法

第1章节?

??微软参考
??The Microsoft COFF Binary File Dumper (DUMPBIN.EXE) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

C:UsersloDesktopNew Folder11>dumpbin /?
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

usage: DUMPBIN [options] [files]

options:

/ALL
/ARCHIVEMEMBERS
/CLRHEADER
/DEPENDENTS
/DIRECTIVES
/DISASM[:{BYTES|NOBYTES}]
/ERRORREPORT:{NONE|PROMPT|QUEUE|SEND}
/EXPORTS
/FPO
/HEADERS
/IMPORTS[:filename]
/LINENUMBERS
/LINKERMEMBER[:{1|2}]
/LOADCONFIG
/OUT:filename
/PDATA
/PDBPATH[:VERBOSE]
/RANGE:vaMin[,vaMax]
/RAWDATA[:{NONE|1|2|4|8}[,#]]
/RELOCATIONS
/SECTION:name
/SUMMARY
/SYMBOLS
/TLS
/UNWINDINFO

??Only the /HEADERS DUMPBIN option is available for use on files produced with the /GL compiler option.
??只有/HEADERS DUMPBIN选项可用于使用/GL编译器选项生成的文件。

1?/ALL选项

??This option displays all available information except code disassembly. Use /DISASM to display disassembly. You can use /RAWDATA:NONE with /ALL to omit the raw binary details of the file.
??显示除了反汇编代码的之外的所有信息。如果需要反汇编的代码信息，加上 /DISASM选项。使用 /RAWDATA:NONE去除rawdata。

C:UsersloDesktopNew Folder11>dumpbin /all main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
14C machine (x86)
10 number of sections
0 time date stamp Thu Jan 01 08:00:00 1970
CD200 file pointer to symbol table
3A0C number of symbols
E0 size of optional header
107 characteristics
Relocations stripped
Executable
Line numbers stripped
32 bit word machine

OPTIONAL HEADER VALUES
10B magic # (PE32)
2.24 linker version
B6C00 size of code
C3C00 size of initialized data
2400 size of uninitialized data
1280 entry point (00401280)
1000 base of code
B8000 base of data
400000 image base (00400000 to 004D9FFF)
1000 section alignment
200 file alignment
4.00 operating system version
1.00 image version
4.00 subsystem version
0 Win32 version
DA000 size of image
400 size of headers
183740 checksum
3 subsystem (Windows CUI)
0 DLL characteristics
200000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
C9000 [ D78] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
CB004 [ 18] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
C9250 [ 200] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory

SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read

RAW DATA #1
00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24 S.ì8?@áK..àt.?D$
00401010: 08 00 00 00 00 C7 44 24 04 02 00 00 00 C7 04 24 .....?D$.....?.$
00401020: 00 00 00 00 FF D0 83 EC 0C C7 04 24 10 11 40 00 ....?D.ì.?.$..@.
00401030: E8 5B 73 03 00 83 EC 04 E8 B3 5B 02 00 E8 8E 5C è[s...ì.è3[..è.
00401040: 02 00 8D 44 24 2C 89 44 24 10 A1 C0 80 4B 00 C7 ...D$,.D$.?à.K.?
00401050: 44 24 04 00 60 4C 00 C7 04 24 04 60 4C 00 C7 44 D$..`L.?.$.`L.?D
00401060: 24 2C 00 00 00 00 89 44 24 0C 8D 44 24 28 89 44 $,.....D$..D$(.D
00401070: 24 08 E8 89 FA 02 00 A1 9C 77 4C 00 85 C0 74 42 $.è.ú..?.wL..àtB
.
.
.

??同时使用/ALL 和 /DISASM,输出将包含反汇编代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /all /disasm main.oo
.
.
.
SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read

00401000: 53 push ebx
00401001: 83 EC 38 sub esp,38h
00401004: A1 40 E1 4B 00 mov eax,dword ptr ds:[004BE140h]
.
.
.

??同时使用/ALL 和/RAWDATA:NONE,剔除rawdata，直接显示符号表:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

C:UsersloDesktopNew Folder11>dumpbin /all /RAWDATA:NONE main.oo
.
.
.
SECTION HEADER #10
/102 name (.debug_ranges)
3B0 virtual size
D9000 virtual address (004D9000 to 004D93AF)
400 size of raw data
CCE00 file pointer to raw data (000CCE00 to 000CD1FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42100040 flags
Initialized Data
RESERVED - UNKNOWN
Discardable
Read Only

COFF SYMBOL TABLE
000 00000011 DEBUG notype Filename | .file
crt1.c
002 00000000 SECT1 notype () Static | ___mingw_CRTStartup
tag index 00000000 size 00000000 lines 00000000 next function 00000000
004 00000110 SECT1 notype () Static | __gnu_exception_handler@4
005 00000280 SECT1 notype () External | _mainCRTStartup
.
.
.

2?/ARCHIVEMEMBERS选项

??This option displays minimal information about member objects in a library.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /ARCHIVEMEMBERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

3?/CLRHEADER选项

??Display CLR-specific information.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /CLRHEADER main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

4?/DEPENDENTS选项

??Dumps the names of the DLLs from which the image imports functions. You can use the list to determine which DLLs to redistribute with your app, or find the name of a missing dependency.
??dump出文件引用的dll文件名。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

C:UsersloDesktopNew Folder11>dumpbin /DEPENDENTS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Image has the following dependencies:

KERNEL32.dll
msvcrt.dll
msvcrt.dll

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

5?/DIRECTIVES选项

??This option dumps the compiler-generated .drective section of an image.
??dump出编译器生成的.drective

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /DIRECTIVES main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

6?/DISASM选项

??Print the disassembly of code sections in the DUMPBIN output.
??直接输出反汇编代码：

1
2
3
4
5
6
7
8
9
10
11
12
13
14

C:UsersloDesktopNew Folder11>dumpbin /DISASM main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

00401000: 53 push ebx
00401001: 83 EC 38 sub esp,38h
00401004: A1 40 E1 4B 00 mov eax,dword ptr ds:[004BE140h]
00401009: 85 C0 test eax,eax
0040100B: 74 1C je 00401029

7?/ERRORREPORT (dumpbin.exe)选项

??If dumpbin.exe fails at runtime, you can use /ERRORREPORT to send information to Microsoft about these internal errors.

8?/EXPORTS选项

??This option displays all definitions exported from an executable file or DLL.
??从DLL文件中export出定义：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

C:UsersloDesktopNew Folder11>dumpbin /EXPORTS msdis170.dll
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file msdis170.dll

File Type: DLL

Section contains the following exports for msdis170.dll

00000000 characteristics
4B144B0F time date stamp Tue Dec 01 06:45:35 2009
0.00 version
1 ordinal base
15 number of functions
15 number of names

ordinal hint RVA name

1 0 00001050 ?Addr@DIS@@QEBA_KXZ
2 1 00001070 ?CchFormatAddr@DIS@@QEBA_K_KPEA_W0@Z
3 2 00001120 ?CchFormatInstr@DIS@@QEBA_KPEA_W_K@Z
4 3 000011C0 ?Dist@DIS@@QEBA?AW4DIST@1@XZ
5 4 000012E0 ?PdisNew@DIS@@SAPEAV1@W4DIST@1@@Z
6 5 00001480 ?PfncchaddrSet@DIS@@QEAAP6A_KPEBV1@_KPEA_W1PEA_K@ZP6A_K01213@Z@Z
7 6 00001490 ?PfncchfixupSet@DIS@@QEAAP6A_KPEBV1@_K1PEA_W1PEA_K@ZP6A_K011213@Z@Z
8 7 000014B0 ?PfncchregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@PEA_W_K@ZP6A_K0123@Z@Z
9 8 000014A0 ?PfncchregrelSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@KPEA_W_KPEAK@ZP6A_K01K234@Z@Z
10 9 000014C0 ?PfndwgetregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@@ZP6A_K01@Z@Z
11 A 000014D0 ?PvClient@DIS@@QEBAPEAXXZ
12 B 000014E0 ?PvClientSet@DIS@@QEAAPEAXPEAX@Z
13 C 000231B0 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@PEA_W_K@Z
14 D 00023140 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@XZ
15 E 000014F0 ?SetAddr64@DIS@@QEAAX_N@Z

Summary

4000 .data
2000 .pdata
59000 .rdata
8000 .reloc
1000 .rsrc
31000 .text

9?/FPO选项

??This option displays frame pointer optimization (FPO) records.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /FPO main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

10?/HEADERS选项

??This option displays the file header and the header for each section. When used with a library, it displays the header for each member object.
??dump出文件的header和section的header。

C:UsersloDesktopNew Folder11>dumpbin /HEADERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
14C machine (x86)
10 number of sections
0 time date stamp Thu Jan 01 08:00:00 1970
CD200 file pointer to symbol table
3A0C number of symbols
E0 size of optional header
107 characteristics
Relocations stripped
Executable
Line numbers stripped
32 bit word machine

OPTIONAL HEADER VALUES
10B magic # (PE32)
2.24 linker version
B6C00 size of code
C3C00 size of initialized data
2400 size of uninitialized data
1280 entry point (00401280)
1000 base of code
B8000 base of data
400000 image base (00400000 to 004D9FFF)
1000 section alignment
200 file alignment
4.00 operating system version
1.00 image version
4.00 subsystem version
0 Win32 version
DA000 size of image
400 size of headers
183740 checksum
3 subsystem (Windows CUI)
0 DLL characteristics
200000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
C9000 [ D78] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
CB004 [ 18] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
C9250 [ 200] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory

SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read
.
.
.

11?/IMPORTS选项

??/IMPORTS[:file]
??This option displays the list of DLLs (both statically linked and delay loaded) that are imported to an executable file or DLL and all the individual imports from each of these DLLs.
??把执行文件引入的DLL的内容list出来。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175

C:UsersloDesktopNew Folder11>dumpbin /IMPORTS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Section contains the following imports:

KERNEL32.dll
4C9250 Import Address Table
4C9050 Import Name Table
0 time date stamp
0 Index of first forwarder reference

3 AddAtomA
52 CloseHandle
81 CreateEventA
9A CreateMutexA
A9 CreateSemaphoreA
CF DeleteCriticalSection
E6 DuplicateHandle
EC EnterCriticalSection
117 ExitProcess
12A FindAtomA
16B GetAtomNameA
1BE GetCurrentProcess
1C2 GetCurrentThread
1C3 GetCurrentThreadId
1FB GetHandleInformation
1FE GetLastError
211 GetModuleHandleA
241 GetProcAddress
242 GetProcessAffinityMask
275 GetSystemTimeAsFileTime
282 GetThreadContext
28A GetThreadPriority
2DE InitializeCriticalSection
2E7 InterlockedDecrement
2E8 InterlockedExchange
2E9 InterlockedExchangeAdd
2EB InterlockedIncrement
2FB IsDBCSLeadByteEx
32E LeaveCriticalSection
35C MultiByteToWideChar
3CE ReleaseMutex
3D2 ReleaseSemaphore
3E3 ResetEvent
3E7 ResumeThread
41A SetCriticalSectionSpinCount
429 SetEvent
443 SetLastError
44E SetProcessAffinityMask
461 SetThreadContext
469 SetThreadPriority
474 SetUnhandledExceptionFilter
480 Sleep
488 SuspendThread
493 TlsAlloc
495 TlsGetValue
496 TlsSetValue
49C TryEnterCriticalSection
4BD VirtualProtect
4BF VirtualQuery
4C5 WaitForMultipleObjects
4C7 WaitForSingleObject
4DF WideCharToMultiByte

msvcrt.dll
4C9324 Import Address Table
4C9124 Import Name Table
0 time date stamp
0 Index of first forwarder reference

17 _fdopen
40 _read
6D _write

msvcrt.dll
4C9334 Import Address Table
4C9134 Import Name Table
0 time date stamp
0 Index of first forwarder reference

37 __getmainargs
41 __mb_cur_max
4D __p__environ
4F __p__fmode
63 __set_app_type
8F _beginthreadex
93 _cexit
B3 _endthreadex
B6 _errno
CB _filelengthi64
E0 _fstati64
10A _iob
13D _lseeki64
17F _onexit
1A6 _setjmp
1AA _setmode
247 abort
24E atexit
250 atoi
253 calloc
25C exit
25F fclose
262 fflush
264 fgetpos
26A fopen
26B fprintf
26C fputc
26D fputs
270 fread
271 free
276 fsetpos
279 fwrite
27B getc
27D getenv
27F getwc
292 iswctype
29F localeconv
2A3 longjmp
2A4 malloc
2A8 memchr
2A9 memcmp
2AA memcpy
2AB memmove
2AC memset
2B1 printf
2B2 putc
2B5 putwc
2BA realloc
2C0 setlocale
2C1 setvbuf
2C2 signal
2C5 sprintf
2CA strchr
2CB strcmp
2CC strcoll
2CF strerror
2D0 strftime
2D1 strlen
2D9 strtod
2DC strtoul
2DD strxfrm
2E8 towlower
2E9 towupper
2EA ungetc
2EB ungetwc
2EC vfprintf
2F5 wcscoll
2F8 wcsftime
2F9 wcslen
306 wcsxfrm

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

??指定某个DLL文件：

C:UsersloDesktopNew Folder11>dumpbin /IMPORTS:KERNEL32.dll main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Section contains the following imports:

KERNEL32.dll
4C9250 Import Address Table
4C9050 Import Name Table
0 time date stamp
0 Index of first forwarder reference

3 AddAtomA
52 CloseHandle
81 CreateEventA
9A CreateMutexA
A9 CreateSemaphoreA
CF DeleteCriticalSection
E6 DuplicateHandle
EC EnterCriticalSection
117 ExitProcess
12A FindAtomA
16B GetAtomNameA
1BE GetCurrentProcess
1C2 GetCurrentThread
1C3 GetCurrentThreadId
1FB GetHandleInformation
1FE GetLastError
211 GetModuleHandleA
241 GetProcAddress
242 GetProcessAffinityMask
275 GetSystemTimeAsFileTime
282 GetThreadContext
28A GetThreadPriority
2DE InitializeCriticalSection
2E7 InterlockedDecrement
2E8 InterlockedExchange
2E9 InterlockedExchangeAdd
2EB InterlockedIncrement
2FB IsDBCSLeadByteEx
32E LeaveCriticalSection
35C MultiByteToWideChar
3CE ReleaseMutex
3D2 ReleaseSemaphore
3E3 ResetEvent
3E7 ResumeThread
41A SetCriticalSectionSpinCount
429 SetEvent
443 SetLastError
44E SetProcessAffinityMask
461 SetThreadContext
469 SetThreadPriority
474 SetUnhandledExceptionFilter
480 Sleep
488 SuspendThread
493 TlsAlloc
495 TlsGetValue
496 TlsSetValue
49C TryEnterCriticalSection
4BD VirtualProtect
4BF VirtualQuery
4C5 WaitForMultipleObjects
4C7 WaitForSingleObject
4DF WideCharToMultiByte

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

12?/LINENUMBERS选项

??This option displays COFF line numbers. Line numbers exist in an object file if it was compiled with Program Database (/Zi), C7 Compatible (/Z7), or Line Numbers Only (/Zd). An executable file or DLL contains COFF line numbers if it was linked with Generate Debug Info (/DEBUG).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /LINENUMBERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

13?/LINKERMEMBER选项

??/LINKERMEMBER[:{1|2}]
??This option displays public symbols defined in a library. Specify the 1 argument to display symbols in object order, along with their offsets. Specify the 2 argument to display offsets and index numbers of objects, and then list the symbols in alphabetical order, along with the object index for each. To get both outputs, specify /LINKERMEMBER without the number argument.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /LINKERMEMBER main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

14?/LOADCONFIG选项

??This option dumps the IMAGE_LOAD_CONFIG_DIRECTORY structure, an optional structure that is used by the Windows NT loader and defined in WINNT.H.
??输出略。与上列出相同，无特殊。

15?/NOPDB选项

??Tells DUMPBIN not to load and search program database (PDB) files for symbol information.
??By default, DUMPBIN attempts to load PDB files for its target object files, libraries, or executables. DUMPBIN uses this information to match addresses to symbol names. The process can be time-consuming if the PDB files are large, or must be loaded from a remote server. The /NOPDB option tells DUMPBIN to skip this step. It only prints the addresses and symbol information available in the object file, library, or executable.
??To set the /NOPDB linker option in Visual Studio
??1. Open the Property Pages dialog box for the project. For more information, see Set C++ compiler and build properties in Visual Studio.
??2. Select the Configuration Properties > Linker > Command Line property page.
??3. In the Additional options box, add the /NOPDB option. Choose OK or Apply to save your changes.
??To set this linker option programmatically
??* This option doesn't have a programmatic equivalent.
??未清楚。

16?/OUT选项

??/OUT:filename
??This option specifies a filename for the output. By default, DUMPBIN displays the information to standard output.
??输出重定向。

17?/PDATA选项

??RISC processors only.
??This option dumps the exception tables (.pdata) from an image or object.
??未清楚。

18?/PDBPATH选项

??/PDBPATH[:VERBOSE] filename
?? :Parameters
?? filename
?? The name of the .dll or .exe file for which you want to find the matching .pdb file.
?? :VERBOSE
?? (Optional) Reports all directories where an attempt was made to locate the .pdb file.
??/PDBPATH will search your computer along the same paths that the debugger would search for a .pdb file and will report which, if any, .pdb files correspond to the file specified in filename.
??When using the Visual Studio debugger, you may experience a problem due to the fact that the debugger is using a .pdb file for a different version of the file you are debugging.
??/PDBPATH will search for .pdb files along the following paths:
??Check the location where the executable resides.
??Check the location of the PDB written into the executable. This is usually the location at the time the image was linked.
??Check along the search path configured in the Visual Studio IDE.
??Check along the paths in the _NT_SYMBOL_PATH and _NT_ALT_SYMBOL_PATH environment variables.
??Check in the Windows directory.
??未清楚。

19?/RANGE选项

??/RANGE:vaMin[,vaMax]
??Modifies the output of dumpbin when used with other dumpbin options, such as /RAWDATA or /DISASM.

??vaMin
??The virtual address at which you want the dumpbin operation to begin.
??vaMax
??(Optional) The virtual address at which you want the dumpbin operation to end. If not specified, dumpbin will go to the end of the file.

??To see the virtual addresses for an image, use the map file for the image (RVA + Base), the /DISASM or /HEADERS option of dumpbin, or the disassembly window in the Visual Studio debugger.
??样例说明：在使用 /RAWDATA 或 /DISASM的时候指定地址范围进行dump。

1 2	dumpbin /disasm /range:4219334,0x004061CD t.exe 说明：从10进制的4219334输出到16进制的0x004061CD

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA /RANGE:0x00402EF0,0x00403200 main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

RAW DATA #1
00402EF0: 8B 44 24 48 89 04 24 E8 A4 64 00 00 89 C2 83 EC .D$H..$è¤d...?.ì
00402F00: 04 B8 06 00 00 00 84 D2 75 C3 E9 58 FF FF FF 90 .?.....òu?éX???.
00402F10: 55 57 56 53 89 CE 83 EC 3C 8B 44 24 54 8B 7C 24 UWVS.?.ì<.D$T.|$
00402F20: 58 89 4C 24 1C 89 44 24 04 8B 44 24 50 89 7C 24 X.L$..D$..D$P.|$
00402F30: 08 89 04 24 E8 D7 FD FF FF 83 EC 0C 84 C0 89 C2 ...$è×y??.ì..à.?
00402F40: 0F 85 56 01 00 00 8B 47 08 A8 10 89 44 24 14 0F ..V....G.¨..D$..
00402F50: 85 C0 01 00 00 8B 44 24 1C 89 7C 24 58 8B 68 0C .à....D$..|$X.h.
00402F60: 8D 74 E8 08 8B 44 24 14 83 E0 01 89 44 24 18 E9 .tè..D$..à..D$.é
00402F70: 98 00 00 00 89 D8 C1 F8 08 85 D2 74 08 8B 7C 24 .....?á?..òt..|$
00402F80: 54 03 07 8B 00 03 44 24 54 8B 0E 8D 7C 24 20 8B T.....D$T...|$ .
00402F90: 11 89 44 24 04 8B 44 24 50 89 7C 24 08 89 04 24 ..D$..D$P.|$...$
00402FA0: FF 52 18 83 EC 0C 84 C0 89 C2 74 5A 83 7C 24 2C ?R..ì..à.?tZ.|$,
00402FB0: 08 75 0D 83 E3 01 74 08 8B 06 89 44 24 2C 66 90 .u..?.t....D$,f.
00402FC0: 8B 44 24 24 83 F8 03 7E 0F 8B 4C 24 10 85 C9 75 .D$$.?.~..L$..éu
00402FD0: 07 83 E0 FD 89 44 24 24 8B 44 24 58 8B 58 0C 85 ..ày.D$$.D$X.X..
00402FE0: DB 74 7F 8B 44 24 58 8B 00 3B 44 24 20 0F 85 53 ?t..D$X..;D$ ..S
00402FF0: 01 00 00 85 C0 0F 84 B5 00 00 00 8B 7C 24 58 8B ....à..μ....|$X.
00403000: 44 24 24 09 47 04 83 ED 01 83 EE 08 85 ED 0F 84 D$$.G..í..?..í..
00403010: 0D 01 00 00 8B 44 24 14 8B 5E 04 C7 44 24 20 00 .....D$..^.?D$ .
00403020: 00 00 00 C7 44 24 24 00 00 00 00 C7 44 24 2C 00 ...?D$$....?D$,.
00403030: 00 00 00 89 44 24 28 89 DA 89 D8 83 E2 01 83 E0 ....D$(.ú.?.a..à
00403040: 02 89 44 24 10 75 08 8B 44 24 18 85 C0 74 B7 8B ..D$.u..D$..àt·.
00403050: 7C 24 54 85 FF 0F 85 19 FF FF FF 31 C0 E9 27 FF |$T.?...???1àé'?
00403060: FF FF 8B 4C 24 58 8B 44 24 20 8B 7C 24 58 89 01 ??.L$X.D$ .|$X..
00403070: 8B 44 24 24 89 41 04 8B 4C 24 28 83 F8 03 89 4F .D$$.A..L$(.?..O
00403080: 08 8B 4C 24 2C 89 4F 0C 7E 12 A8 02 74 73 8B 44 ..L$,.O.~.¨.ts.D
00403090: 24 1C F6 40 08 01 0F 85 6A FF FF FF 83 C4 3C 89 [email protected]???.?<.
004030A0: D0 5B 5E 5F 5D C2 0C 00 90 8D B4 26 00 00 00 00 D[^_]?....′&....
004030B0: 8B 4C 24 2C 83 F9 08 0F 84 83 00 00 00 83 FB 08 .L$,.ù........?.
004030C0: 74 7E 89 1C 24 88 54 24 10 E8 D2 62 00 00 83 EC t~..$.T$.èòb...ì
004030D0: 04 84 C0 75 1C 0F B6 54 24 10 8B 7C 24 58 C7 47 ..àu..?T$..|$X?G
004030E0: 04 02 00 00 00 83 C4 3C 89 D0 5B 5E 5F 5D C2 0C ......?<.D[^_]?.
004030F0: 00 8B 4C 24 58 8B 44 24 24 09 41 04 E9 05 FF FF ..L$X.D$$.A.é.??
00403100: FF A8 01 74 97 8B 44 24 1C F6 40 08 02 0F 85 F3 ?¨.t..D$.?@....ó
00403110: FE FF FF EB 87 8B 46 08 89 44 24 14 E9 34 FE FF t???..F..D$.é4t?
00403120: FF 8B 7C 24 58 8B 47 04 85 C0 0F 95 C2 83 C4 3C ?.|$X.G..à..?.?<
00403130: 5B 89 D0 5E 5F 5D C2 0C 00 8D B4 26 00 00 00 00 [.D^_]?...′&....
00403140: 8B 7C 24 58 EB 98 8B 7C 24 58 C7 07 00 00 00 00 .|$X?..|$X?.....
00403150: C7 47 04 02 00 00 00 E9 40 FF FF FF 8D 74 26 00 ?G.....é@???.t&.
00403160: 55 57 56 53 83 EC 6C 8B AC 24 98 00 00 00 89 4C UWVS.ìl.?$.....L
00403170: 24 30 F6 45 10 10 74 06 8B 41 08 89 45 10 8B 84 $0?E..t..A..E...
00403180: 24 94 00 00 00 39 84 24 8C 00 00 00 0F 84 0E 05 $....9.$........
00403190: 00 00 8B 84 24 88 00 00 00 8B 4C 24 30 89 04 24 ....$.....L$0..$
004031A0: E8 FB 61 00 00 83 EC 04 84 C0 88 44 24 3A 0F 85 è?a...ì..à.D$:..
004031B0: 3C 02 00 00 8B 84 24 80 00 00 00 8B 94 24 94 00 <.....$......$..
004031C0: 00 00 2B 94 24 80 00 00 00 C6 44 24 38 00 C6 44 ..+.$....?D$8.?D
004031D0: 24 3B 00 C6 44 24 39 01 85 C0 B8 00 00 00 00 0F $;.?D$9..à?.....
004031E0: 49 C2 89 44 24 2C 8B 84 24 84 00 00 00 83 C8 01 I?.D$,..$.....è.
004031F0: 89 44 24 34 8B 7C 24 30 8B 47 0C 8D 7C C7 0C 89 .D$4.|$0.G..|?..
00403200: 44 D

Summary

B7000 .text

20?/RAWDATA选项

??/RAWDATA[:{1|2|4|8|NONE[,number]]

??This option displays the raw contents of each section in the file. The arguments control the format of the display, as shown below:

1
2
3
4
5
6
7

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:1 main.oo
RAW DATA #1
00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24 S.ì8?@áK..àt.?D$

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:2 main.oo
RAW DATA #1
00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444 S.ì8?@áK..àt.?D$

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:4 main.oo
RAW DATA #1
00401000: 38EC8353 4BE140A1 74C08500 2444C71C S.ì8?@áK..àt.?D$

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:8 main.oo
RAW DATA #1
00401000: 4BE140A138EC8353 2444C71C74C08500 S.ì8?@áK..àt.?D$

??指定输出的宽度：

1
2
3
4
5
6
7

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:,8 main.oo
RAW DATA #1
00401000: 53 83 EC 38 A1 40 E1 4B

C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:2,8 main.oo
RAW DATA #1
00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444

21?/RELOCATIONS选项

??This option displays any relocations in the object or image.
??未清楚。

22?/SECTION选项

??/SECTION:section
??This option restricts the output to information on the specified section. Use the /HEADERS option to get a list of sections in the file.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

C:UsersloDesktopNew Folder11>dumpbin /SECTION:.text main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read

Summary

B7000 .text

23?/SUMMARY选项

??This option displays minimal information about sections, including total size. This option is the default if no other option is specified.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

C:UsersloDesktopNew Folder11>dumpbin /SUMMARY main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

24?/SYMBOLS选项

??This option displays the COFF symbol table. Symbol tables exist in all object files. A COFF symbol table appears in an image file only if it is linked with /DEBUG.
??The following is a description of the output for /SYMBOLS. Additional information on the meaning of /SYMBOLS output can be found by looking in winnt.h (IMAGE_SYMBOL and IMAGE_AUX_SYMBOL), or COFF documentation.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

C:UsersloDesktopNew Folder11>dumpbin /SYMBOLS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

COFF SYMBOL TABLE
000 00000011 DEBUG notype Filename | .file
crt1.c
002 00000000 SECT1 notype () Static | ___mingw_CRTStartup
tag index 00000000 size 00000000 lines 00000000 next function 00000000
.
.
.

25?/TLS

??Displays the IMAGE_TLS_DIRECTORY structure from an executable.
??/TLS displays the fields of the TLS structure as well as the addresses of the TLS callback functions.
??If a program does not use thread local storage, its image will not contain a TLS structure. See thread for more information.
??IMAGE_TLS_DIRECTORY is defined in winnt.h.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

C:UsersloDesktopNew Folder11>dumpbin /TLS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file main.oo

File Type: EXECUTABLE IMAGE

Section contains the following TLS directory:

004CB001 Start of raw data
004CB01C End of raw data
004C7798 Address of index
004CA004 Address of callbacks
0 Size of zero fill
00000000 Characteristics

TLS Callbacks

Address
--------
00426B50
00426B00
00433440
00000000

Summary

1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls

3-1?类的初步—定义一个类并创建对象实例

??3-1-1. 导言—用户管理—用户的分类及介绍

3-2?类的初步—定义一个类并创建对象实例

??3-2-1. 导言—用户管理—用户的分类及介绍

第3章节?

3-1?类的初步—定义一个类并创建对象实例

??3-1-1. 导言—用户管理—用户的分类及介绍

3-2?类的初步—定义一个类并创建对象实例

第1章节?

1?/ALL选项

2?/ARCHIVEMEMBERS选项

3?/CLRHEADER选项

4?/DEPENDENTS选项

5?/DIRECTIVES选项

6?/DISASM选项

7?/ERRORREPORT (dumpbin.exe)选项

8?/EXPORTS选项

9?/FPO选项

10?/HEADERS选项

11?/IMPORTS选项

12?/LINENUMBERS选项

13?/LINKERMEMBER选项

14?/LOADCONFIG选项

15?/NOPDB选项

16?/OUT选项

17?/PDATA选项

18?/PDBPATH选项

19?/RANGE选项

20?/RAWDATA选项

21?/RELOCATIONS选项

22?/SECTION选项

23?/SUMMARY选项

24?/SYMBOLS选项

25?/TLS

3-1?类的初步—定义一个类并创建对象实例

??3-1-1. 导言—用户管理—用户的分类及介绍

3-2?类的初步—定义一个类并创建对象实例

??3-2-1. 导言—用户管理—用户的分类及介绍

第3章节?

3-1?类的初步—定义一个类并创建对象实例

??3-1-1. 导言—用户管理—用户的分类及介绍

3-2?类的初步—定义一个类并创建对象实例

??3-2-1. 导言—用户管理—用户的分类及介绍