←↑→↓↖↙↗↘??
unicode=Geometric Shapes
? 仅仅个别字不同的时候的对比标识
◆
? 着重强调
??◆ 1、
??◆ 2、
??◆ 3、
??
??
??
??
??
??
??
??
Miscellaneous Symbols
?
Dingbats
? 重点记忆,个人总结的点,或者知识。
??
?
章节号 | 内容???????????? |
---|---|
1图片格式(png) | 宽度大于620px,保持高宽比减低为620px |
1-1 | 应用 |
1-1-1 | 方法 |
第1章节?
??微软参考
??The Microsoft COFF Binary File Dumper (DUMPBIN.EXE) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | C:UsersloDesktopNew Folder11>dumpbin /? Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. usage: DUMPBIN [options] [files] options: /ALL /ARCHIVEMEMBERS /CLRHEADER /DEPENDENTS /DIRECTIVES /DISASM[:{BYTES|NOBYTES}] /ERRORREPORT:{NONE|PROMPT|QUEUE|SEND} /EXPORTS /FPO /HEADERS /IMPORTS[:filename] /LINENUMBERS /LINKERMEMBER[:{1|2}] /LOADCONFIG /OUT:filename /PDATA /PDBPATH[:VERBOSE] /RANGE:vaMin[,vaMax] /RAWDATA[:{NONE|1|2|4|8}[,#]] /RELOCATIONS /SECTION:name /SUMMARY /SYMBOLS /TLS /UNWINDINFO |
??Only the /HEADERS DUMPBIN option is available for use on files produced with the /GL compiler option.
??只有/HEADERS DUMPBIN选项可用于使用/GL编译器选项生成的文件。
-
1?/ALL选项
??This option displays all available information except code disassembly. Use /DISASM to display disassembly. You can use /RAWDATA:NONE with /ALL to omit the raw binary details of the file.
??显示除了反汇编代码的之外的所有信息。如果需要反汇编的代码信息,加上 /DISASM选项。使用 /RAWDATA:NONE去除rawdata。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 | C:UsersloDesktopNew Folder11>dumpbin /all main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo PE signature found File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (x86) 10 number of sections 0 time date stamp Thu Jan 01 08:00:00 1970 CD200 file pointer to symbol table 3A0C number of symbols E0 size of optional header 107 characteristics Relocations stripped Executable Line numbers stripped 32 bit word machine OPTIONAL HEADER VALUES 10B magic # (PE32) 2.24 linker version B6C00 size of code C3C00 size of initialized data 2400 size of uninitialized data 1280 entry point (00401280) 1000 base of code B8000 base of data 400000 image base (00400000 to 004D9FFF) 1000 section alignment 200 file alignment 4.00 operating system version 1.00 image version 4.00 subsystem version 0 Win32 version DA000 size of image 400 size of headers 183740 checksum 3 subsystem (Windows CUI) 0 DLL characteristics 200000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit 0 loader flags 10 number of directories 0 [ 0] RVA [size] of Export Directory C9000 [ D78] RVA [size] of Import Directory 0 [ 0] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 0 [ 0] RVA [size] of Base Relocation Directory 0 [ 0] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory CB004 [ 18] RVA [size] of Thread Storage Directory 0 [ 0] RVA [size] of Load Configuration Directory 0 [ 0] RVA [size] of Bound Import Directory C9250 [ 200] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 0 [ 0] RVA [size] of COM Descriptor Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 .text name B6BA0 virtual size 1000 virtual address (00401000 to 004B7B9F) B6C00 size of raw data 400 file pointer to raw data (00000400 to 000B6FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60500060 flags Code Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Execute Read RAW DATA #1 00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24 S.ì8?@áK..àt.?D$ 00401010: 08 00 00 00 00 C7 44 24 04 02 00 00 00 C7 04 24 .....?D$.....?.$ 00401020: 00 00 00 00 FF D0 83 EC 0C C7 04 24 10 11 40 00 ....?D.ì.?.$..@. 00401030: E8 5B 73 03 00 83 EC 04 E8 B3 5B 02 00 E8 8E 5C è[s...ì.è3[..è. 00401040: 02 00 8D 44 24 2C 89 44 24 10 A1 C0 80 4B 00 C7 ...D$,.D$.?à.K.? 00401050: 44 24 04 00 60 4C 00 C7 04 24 04 60 4C 00 C7 44 D$..`L.?.$.`L.?D 00401060: 24 2C 00 00 00 00 89 44 24 0C 8D 44 24 28 89 44 $,.....D$..D$(.D 00401070: 24 08 E8 89 FA 02 00 A1 9C 77 4C 00 85 C0 74 42 $.è.ú..?.wL..àtB . . . |
??同时使用/ALL 和 /DISASM,输出将包含反汇编代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /all /disasm main.oo . . . SECTION HEADER #1 .text name B6BA0 virtual size 1000 virtual address (00401000 to 004B7B9F) B6C00 size of raw data 400 file pointer to raw data (00000400 to 000B6FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60500060 flags Code Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Execute Read 00401000: 53 push ebx 00401001: 83 EC 38 sub esp,38h 00401004: A1 40 E1 4B 00 mov eax,dword ptr ds:[004BE140h] . . . |
??同时使用/ALL 和/RAWDATA:NONE,剔除rawdata,直接显示符号表:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | C:UsersloDesktopNew Folder11>dumpbin /all /RAWDATA:NONE main.oo . . . SECTION HEADER #10 /102 name (.debug_ranges) 3B0 virtual size D9000 virtual address (004D9000 to 004D93AF) 400 size of raw data CCE00 file pointer to raw data (000CCE00 to 000CD1FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42100040 flags Initialized Data RESERVED - UNKNOWN Discardable Read Only COFF SYMBOL TABLE 000 00000011 DEBUG notype Filename | .file crt1.c 002 00000000 SECT1 notype () Static | ___mingw_CRTStartup tag index 00000000 size 00000000 lines 00000000 next function 00000000 004 00000110 SECT1 notype () Static | __gnu_exception_handler@4 005 00000280 SECT1 notype () External | _mainCRTStartup . . . |
-
2?/ARCHIVEMEMBERS选项
??This option displays minimal information about member objects in a library.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /ARCHIVEMEMBERS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
3?/CLRHEADER选项
??Display CLR-specific information.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /CLRHEADER main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
4?/DEPENDENTS选项
??Dumps the names of the DLLs from which the image imports functions. You can use the list to determine which DLLs to redistribute with your app, or find the name of a missing dependency.
??dump出文件引用的dll文件名。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | C:UsersloDesktopNew Folder11>dumpbin /DEPENDENTS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Image has the following dependencies: KERNEL32.dll msvcrt.dll msvcrt.dll Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
5?/DIRECTIVES选项
??This option dumps the compiler-generated .drective section of an image.
??dump出编译器生成的.drective
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /DIRECTIVES main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
6?/DISASM选项
??Print the disassembly of code sections in the DUMPBIN output.
??直接输出反汇编代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | C:UsersloDesktopNew Folder11>dumpbin /DISASM main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE 00401000: 53 push ebx 00401001: 83 EC 38 sub esp,38h 00401004: A1 40 E1 4B 00 mov eax,dword ptr ds:[004BE140h] 00401009: 85 C0 test eax,eax 0040100B: 74 1C je 00401029 |
-
7?/ERRORREPORT (dumpbin.exe)选项
??If dumpbin.exe fails at runtime, you can use /ERRORREPORT to send information to Microsoft about these internal errors.
-
8?/EXPORTS选项
??This option displays all definitions exported from an executable file or DLL.
??从DLL文件中export出定义:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | C:UsersloDesktopNew Folder11>dumpbin /EXPORTS msdis170.dll Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file msdis170.dll File Type: DLL Section contains the following exports for msdis170.dll 00000000 characteristics 4B144B0F time date stamp Tue Dec 01 06:45:35 2009 0.00 version 1 ordinal base 15 number of functions 15 number of names ordinal hint RVA name 1 0 00001050 ?Addr@DIS@@QEBA_KXZ 2 1 00001070 ?CchFormatAddr@DIS@@QEBA_K_KPEA_W0@Z 3 2 00001120 ?CchFormatInstr@DIS@@QEBA_KPEA_W_K@Z 4 3 000011C0 ?Dist@DIS@@QEBA?AW4DIST@1@XZ 5 4 000012E0 ?PdisNew@DIS@@SAPEAV1@W4DIST@1@@Z 6 5 00001480 ?PfncchaddrSet@DIS@@QEAAP6A_KPEBV1@_KPEA_W1PEA_K@ZP6A_K01213@Z@Z 7 6 00001490 ?PfncchfixupSet@DIS@@QEAAP6A_KPEBV1@_K1PEA_W1PEA_K@ZP6A_K011213@Z@Z 8 7 000014B0 ?PfncchregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@PEA_W_K@ZP6A_K0123@Z@Z 9 8 000014A0 ?PfncchregrelSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@KPEA_W_KPEAK@ZP6A_K01K234@Z@Z 10 9 000014C0 ?PfndwgetregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@@ZP6A_K01@Z@Z 11 A 000014D0 ?PvClient@DIS@@QEBAPEAXXZ 12 B 000014E0 ?PvClientSet@DIS@@QEAAPEAXPEAX@Z 13 C 000231B0 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@PEA_W_K@Z 14 D 00023140 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@XZ 15 E 000014F0 ?SetAddr64@DIS@@QEAAX_N@Z Summary 4000 .data 2000 .pdata 59000 .rdata 8000 .reloc 1000 .rsrc 31000 .text |
-
9?/FPO选项
??This option displays frame pointer optimization (FPO) records.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /FPO main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
10?/HEADERS选项
??This option displays the file header and the header for each section. When used with a library, it displays the header for each member object.
??dump出文件的header和section的header。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | C:UsersloDesktopNew Folder11>dumpbin /HEADERS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo PE signature found File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (x86) 10 number of sections 0 time date stamp Thu Jan 01 08:00:00 1970 CD200 file pointer to symbol table 3A0C number of symbols E0 size of optional header 107 characteristics Relocations stripped Executable Line numbers stripped 32 bit word machine OPTIONAL HEADER VALUES 10B magic # (PE32) 2.24 linker version B6C00 size of code C3C00 size of initialized data 2400 size of uninitialized data 1280 entry point (00401280) 1000 base of code B8000 base of data 400000 image base (00400000 to 004D9FFF) 1000 section alignment 200 file alignment 4.00 operating system version 1.00 image version 4.00 subsystem version 0 Win32 version DA000 size of image 400 size of headers 183740 checksum 3 subsystem (Windows CUI) 0 DLL characteristics 200000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit 0 loader flags 10 number of directories 0 [ 0] RVA [size] of Export Directory C9000 [ D78] RVA [size] of Import Directory 0 [ 0] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 0 [ 0] RVA [size] of Base Relocation Directory 0 [ 0] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory CB004 [ 18] RVA [size] of Thread Storage Directory 0 [ 0] RVA [size] of Load Configuration Directory 0 [ 0] RVA [size] of Bound Import Directory C9250 [ 200] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 0 [ 0] RVA [size] of COM Descriptor Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 .text name B6BA0 virtual size 1000 virtual address (00401000 to 004B7B9F) B6C00 size of raw data 400 file pointer to raw data (00000400 to 000B6FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60500060 flags Code Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Execute Read . . . |
-
11?/IMPORTS选项
??/IMPORTS[:file]
??This option displays the list of DLLs (both statically linked and delay loaded) that are imported to an executable file or DLL and all the individual imports from each of these DLLs.
??把执行文件引入的DLL的内容list出来。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 | C:UsersloDesktopNew Folder11>dumpbin /IMPORTS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Section contains the following imports: KERNEL32.dll 4C9250 Import Address Table 4C9050 Import Name Table 0 time date stamp 0 Index of first forwarder reference 3 AddAtomA 52 CloseHandle 81 CreateEventA 9A CreateMutexA A9 CreateSemaphoreA CF DeleteCriticalSection E6 DuplicateHandle EC EnterCriticalSection 117 ExitProcess 12A FindAtomA 16B GetAtomNameA 1BE GetCurrentProcess 1C2 GetCurrentThread 1C3 GetCurrentThreadId 1FB GetHandleInformation 1FE GetLastError 211 GetModuleHandleA 241 GetProcAddress 242 GetProcessAffinityMask 275 GetSystemTimeAsFileTime 282 GetThreadContext 28A GetThreadPriority 2DE InitializeCriticalSection 2E7 InterlockedDecrement 2E8 InterlockedExchange 2E9 InterlockedExchangeAdd 2EB InterlockedIncrement 2FB IsDBCSLeadByteEx 32E LeaveCriticalSection 35C MultiByteToWideChar 3CE ReleaseMutex 3D2 ReleaseSemaphore 3E3 ResetEvent 3E7 ResumeThread 41A SetCriticalSectionSpinCount 429 SetEvent 443 SetLastError 44E SetProcessAffinityMask 461 SetThreadContext 469 SetThreadPriority 474 SetUnhandledExceptionFilter 480 Sleep 488 SuspendThread 493 TlsAlloc 495 TlsGetValue 496 TlsSetValue 49C TryEnterCriticalSection 4BD VirtualProtect 4BF VirtualQuery 4C5 WaitForMultipleObjects 4C7 WaitForSingleObject 4DF WideCharToMultiByte msvcrt.dll 4C9324 Import Address Table 4C9124 Import Name Table 0 time date stamp 0 Index of first forwarder reference 17 _fdopen 40 _read 6D _write msvcrt.dll 4C9334 Import Address Table 4C9134 Import Name Table 0 time date stamp 0 Index of first forwarder reference 37 __getmainargs 41 __mb_cur_max 4D __p__environ 4F __p__fmode 63 __set_app_type 8F _beginthreadex 93 _cexit B3 _endthreadex B6 _errno CB _filelengthi64 E0 _fstati64 10A _iob 13D _lseeki64 17F _onexit 1A6 _setjmp 1AA _setmode 247 abort 24E atexit 250 atoi 253 calloc 25C exit 25F fclose 262 fflush 264 fgetpos 26A fopen 26B fprintf 26C fputc 26D fputs 270 fread 271 free 276 fsetpos 279 fwrite 27B getc 27D getenv 27F getwc 292 iswctype 29F localeconv 2A3 longjmp 2A4 malloc 2A8 memchr 2A9 memcmp 2AA memcpy 2AB memmove 2AC memset 2B1 printf 2B2 putc 2B5 putwc 2BA realloc 2C0 setlocale 2C1 setvbuf 2C2 signal 2C5 sprintf 2CA strchr 2CB strcmp 2CC strcoll 2CF strerror 2D0 strftime 2D1 strlen 2D9 strtod 2DC strtoul 2DD strxfrm 2E8 towlower 2E9 towupper 2EA ungetc 2EB ungetwc 2EC vfprintf 2F5 wcscoll 2F8 wcsftime 2F9 wcslen 306 wcsxfrm Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
??指定某个DLL文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | C:UsersloDesktopNew Folder11>dumpbin /IMPORTS:KERNEL32.dll main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Section contains the following imports: KERNEL32.dll 4C9250 Import Address Table 4C9050 Import Name Table 0 time date stamp 0 Index of first forwarder reference 3 AddAtomA 52 CloseHandle 81 CreateEventA 9A CreateMutexA A9 CreateSemaphoreA CF DeleteCriticalSection E6 DuplicateHandle EC EnterCriticalSection 117 ExitProcess 12A FindAtomA 16B GetAtomNameA 1BE GetCurrentProcess 1C2 GetCurrentThread 1C3 GetCurrentThreadId 1FB GetHandleInformation 1FE GetLastError 211 GetModuleHandleA 241 GetProcAddress 242 GetProcessAffinityMask 275 GetSystemTimeAsFileTime 282 GetThreadContext 28A GetThreadPriority 2DE InitializeCriticalSection 2E7 InterlockedDecrement 2E8 InterlockedExchange 2E9 InterlockedExchangeAdd 2EB InterlockedIncrement 2FB IsDBCSLeadByteEx 32E LeaveCriticalSection 35C MultiByteToWideChar 3CE ReleaseMutex 3D2 ReleaseSemaphore 3E3 ResetEvent 3E7 ResumeThread 41A SetCriticalSectionSpinCount 429 SetEvent 443 SetLastError 44E SetProcessAffinityMask 461 SetThreadContext 469 SetThreadPriority 474 SetUnhandledExceptionFilter 480 Sleep 488 SuspendThread 493 TlsAlloc 495 TlsGetValue 496 TlsSetValue 49C TryEnterCriticalSection 4BD VirtualProtect 4BF VirtualQuery 4C5 WaitForMultipleObjects 4C7 WaitForSingleObject 4DF WideCharToMultiByte Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
12?/LINENUMBERS选项
??This option displays COFF line numbers. Line numbers exist in an object file if it was compiled with Program Database (/Zi), C7 Compatible (/Z7), or Line Numbers Only (/Zd). An executable file or DLL contains COFF line numbers if it was linked with Generate Debug Info (/DEBUG).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /LINENUMBERS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
13?/LINKERMEMBER选项
??/LINKERMEMBER[:{1|2}]
??This option displays public symbols defined in a library. Specify the 1 argument to display symbols in object order, along with their offsets. Specify the 2 argument to display offsets and index numbers of objects, and then list the symbols in alphabetical order, along with the object index for each. To get both outputs, specify /LINKERMEMBER without the number argument.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /LINKERMEMBER main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
14?/LOADCONFIG选项
??This option dumps the IMAGE_LOAD_CONFIG_DIRECTORY structure, an optional structure that is used by the Windows NT loader and defined in WINNT.H.
??输出略。与上列出相同,无特殊。
-
15?/NOPDB选项
??Tells DUMPBIN not to load and search program database (PDB) files for symbol information.
??By default, DUMPBIN attempts to load PDB files for its target object files, libraries, or executables. DUMPBIN uses this information to match addresses to symbol names. The process can be time-consuming if the PDB files are large, or must be loaded from a remote server. The /NOPDB option tells DUMPBIN to skip this step. It only prints the addresses and symbol information available in the object file, library, or executable.
??To set the /NOPDB linker option in Visual Studio
??1. Open the Property Pages dialog box for the project. For more information, see Set C++ compiler and build properties in Visual Studio.
??2. Select the Configuration Properties > Linker > Command Line property page.
??3. In the Additional options box, add the /NOPDB option. Choose OK or Apply to save your changes.
??To set this linker option programmatically
??* This option doesn't have a programmatic equivalent.
??未清楚。
-
16?/OUT选项
??/OUT:filename
??This option specifies a filename for the output. By default, DUMPBIN displays the information to standard output.
??输出重定向。
-
17?/PDATA选项
??RISC processors only.
??This option dumps the exception tables (.pdata) from an image or object.
??未清楚。
-
18?/PDBPATH选项
??/PDBPATH[:VERBOSE] filename
?? :Parameters
?? filename
?? The name of the .dll or .exe file for which you want to find the matching .pdb file.
?? :VERBOSE
?? (Optional) Reports all directories where an attempt was made to locate the .pdb file.
??/PDBPATH will search your computer along the same paths that the debugger would search for a .pdb file and will report which, if any, .pdb files correspond to the file specified in filename.
??When using the Visual Studio debugger, you may experience a problem due to the fact that the debugger is using a .pdb file for a different version of the file you are debugging.
??/PDBPATH will search for .pdb files along the following paths:
??Check the location where the executable resides.
??Check the location of the PDB written into the executable. This is usually the location at the time the image was linked.
??Check along the search path configured in the Visual Studio IDE.
??Check along the paths in the _NT_SYMBOL_PATH and _NT_ALT_SYMBOL_PATH environment variables.
??Check in the Windows directory.
??未清楚。
-
19?/RANGE选项
??/RANGE:vaMin[,vaMax]
??Modifies the output of dumpbin when used with other dumpbin options, such as /RAWDATA or /DISASM.
??vaMin
??The virtual address at which you want the dumpbin operation to begin.
??vaMax
??(Optional) The virtual address at which you want the dumpbin operation to end. If not specified, dumpbin will go to the end of the file.
??To see the virtual addresses for an image, use the map file for the image (RVA + Base), the /DISASM or /HEADERS option of dumpbin, or the disassembly window in the Visual Studio debugger.
??样例说明:在使用 /RAWDATA 或 /DISASM的时候指定地址范围进行dump。
1 2 | dumpbin /disasm /range:4219334,0x004061CD t.exe 说明:从10进制的4219334输出到16进制的0x004061CD |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | C:UsersloDesktopNew Folder11>dumpbin /RAWDATA /RANGE:0x00402EF0,0x00403200 main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE RAW DATA #1 00402EF0: 8B 44 24 48 89 04 24 E8 A4 64 00 00 89 C2 83 EC .D$H..$è¤d...?.ì 00402F00: 04 B8 06 00 00 00 84 D2 75 C3 E9 58 FF FF FF 90 .?.....òu?éX???. 00402F10: 55 57 56 53 89 CE 83 EC 3C 8B 44 24 54 8B 7C 24 UWVS.?.ì<.D$T.|$ 00402F20: 58 89 4C 24 1C 89 44 24 04 8B 44 24 50 89 7C 24 X.L$..D$..D$P.|$ 00402F30: 08 89 04 24 E8 D7 FD FF FF 83 EC 0C 84 C0 89 C2 ...$è×y??.ì..à.? 00402F40: 0F 85 56 01 00 00 8B 47 08 A8 10 89 44 24 14 0F ..V....G.¨..D$.. 00402F50: 85 C0 01 00 00 8B 44 24 1C 89 7C 24 58 8B 68 0C .à....D$..|$X.h. 00402F60: 8D 74 E8 08 8B 44 24 14 83 E0 01 89 44 24 18 E9 .tè..D$..à..D$.é 00402F70: 98 00 00 00 89 D8 C1 F8 08 85 D2 74 08 8B 7C 24 .....?á?..òt..|$ 00402F80: 54 03 07 8B 00 03 44 24 54 8B 0E 8D 7C 24 20 8B T.....D$T...|$ . 00402F90: 11 89 44 24 04 8B 44 24 50 89 7C 24 08 89 04 24 ..D$..D$P.|$...$ 00402FA0: FF 52 18 83 EC 0C 84 C0 89 C2 74 5A 83 7C 24 2C ?R..ì..à.?tZ.|$, 00402FB0: 08 75 0D 83 E3 01 74 08 8B 06 89 44 24 2C 66 90 .u..?.t....D$,f. 00402FC0: 8B 44 24 24 83 F8 03 7E 0F 8B 4C 24 10 85 C9 75 .D$$.?.~..L$..éu 00402FD0: 07 83 E0 FD 89 44 24 24 8B 44 24 58 8B 58 0C 85 ..ày.D$$.D$X.X.. 00402FE0: DB 74 7F 8B 44 24 58 8B 00 3B 44 24 20 0F 85 53 ?t..D$X..;D$ ..S 00402FF0: 01 00 00 85 C0 0F 84 B5 00 00 00 8B 7C 24 58 8B ....à..μ....|$X. 00403000: 44 24 24 09 47 04 83 ED 01 83 EE 08 85 ED 0F 84 D$$.G..í..?..í.. 00403010: 0D 01 00 00 8B 44 24 14 8B 5E 04 C7 44 24 20 00 .....D$..^.?D$ . 00403020: 00 00 00 C7 44 24 24 00 00 00 00 C7 44 24 2C 00 ...?D$$....?D$,. 00403030: 00 00 00 89 44 24 28 89 DA 89 D8 83 E2 01 83 E0 ....D$(.ú.?.a..à 00403040: 02 89 44 24 10 75 08 8B 44 24 18 85 C0 74 B7 8B ..D$.u..D$..àt·. 00403050: 7C 24 54 85 FF 0F 85 19 FF FF FF 31 C0 E9 27 FF |$T.?...???1àé'? 00403060: FF FF 8B 4C 24 58 8B 44 24 20 8B 7C 24 58 89 01 ??.L$X.D$ .|$X.. 00403070: 8B 44 24 24 89 41 04 8B 4C 24 28 83 F8 03 89 4F .D$$.A..L$(.?..O 00403080: 08 8B 4C 24 2C 89 4F 0C 7E 12 A8 02 74 73 8B 44 ..L$,.O.~.¨.ts.D 00403090: 24 1C F6 40 08 01 0F 85 6A FF FF FF 83 C4 3C 89 [email protected]???.?<. 004030A0: D0 5B 5E 5F 5D C2 0C 00 90 8D B4 26 00 00 00 00 D[^_]?....′&.... 004030B0: 8B 4C 24 2C 83 F9 08 0F 84 83 00 00 00 83 FB 08 .L$,.ù........?. 004030C0: 74 7E 89 1C 24 88 54 24 10 E8 D2 62 00 00 83 EC t~..$.T$.èòb...ì 004030D0: 04 84 C0 75 1C 0F B6 54 24 10 8B 7C 24 58 C7 47 ..àu..?T$..|$X?G 004030E0: 04 02 00 00 00 83 C4 3C 89 D0 5B 5E 5F 5D C2 0C ......?<.D[^_]?. 004030F0: 00 8B 4C 24 58 8B 44 24 24 09 41 04 E9 05 FF FF ..L$X.D$$.A.é.?? 00403100: FF A8 01 74 97 8B 44 24 1C F6 40 08 02 0F 85 F3 ?¨.t..D$.?@....ó 00403110: FE FF FF EB 87 8B 46 08 89 44 24 14 E9 34 FE FF t???..F..D$.é4t? 00403120: FF 8B 7C 24 58 8B 47 04 85 C0 0F 95 C2 83 C4 3C ?.|$X.G..à..?.?< 00403130: 5B 89 D0 5E 5F 5D C2 0C 00 8D B4 26 00 00 00 00 [.D^_]?...′&.... 00403140: 8B 7C 24 58 EB 98 8B 7C 24 58 C7 07 00 00 00 00 .|$X?..|$X?..... 00403150: C7 47 04 02 00 00 00 E9 40 FF FF FF 8D 74 26 00 ?G.....é@???.t&. 00403160: 55 57 56 53 83 EC 6C 8B AC 24 98 00 00 00 89 4C UWVS.ìl.?$.....L 00403170: 24 30 F6 45 10 10 74 06 8B 41 08 89 45 10 8B 84 $0?E..t..A..E... 00403180: 24 94 00 00 00 39 84 24 8C 00 00 00 0F 84 0E 05 $....9.$........ 00403190: 00 00 8B 84 24 88 00 00 00 8B 4C 24 30 89 04 24 ....$.....L$0..$ 004031A0: E8 FB 61 00 00 83 EC 04 84 C0 88 44 24 3A 0F 85 è?a...ì..à.D$:.. 004031B0: 3C 02 00 00 8B 84 24 80 00 00 00 8B 94 24 94 00 <.....$......$.. 004031C0: 00 00 2B 94 24 80 00 00 00 C6 44 24 38 00 C6 44 ..+.$....?D$8.?D 004031D0: 24 3B 00 C6 44 24 39 01 85 C0 B8 00 00 00 00 0F $;.?D$9..à?..... 004031E0: 49 C2 89 44 24 2C 8B 84 24 84 00 00 00 83 C8 01 I?.D$,..$.....è. 004031F0: 89 44 24 34 8B 7C 24 30 8B 47 0C 8D 7C C7 0C 89 .D$4.|$0.G..|?.. 00403200: 44 D Summary B7000 .text |
-
20?/RAWDATA选项
??/RAWDATA[:{1|2|4|8|NONE[,number]]
??This option displays the raw contents of each section in the file. The arguments control the format of the display, as shown below:
1 2 3 4 5 6 7 | | Argument | Result | | 1 | The default. Contents are displayed in hexadecimal bytes, and also as ASCII characters if they have a printed representation. | | 2 | Contents are displayed as hexadecimal 2-byte values. | | 4 | Contents are displayed as hexadecimal 4-byte values. | | 8 | Contents are displayed as hexadecimal 8-byte values. | | NONE | Raw data is suppressed. This argument is useful to control the output of /ALL. | | *Number* | Displayed lines are set to a width that holds `number` values per line. | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:1 main.oo RAW DATA #1 00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24 S.ì8?@áK..àt.?D$ C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:2 main.oo RAW DATA #1 00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444 S.ì8?@áK..àt.?D$ C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:4 main.oo RAW DATA #1 00401000: 38EC8353 4BE140A1 74C08500 2444C71C S.ì8?@áK..àt.?D$ C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:8 main.oo RAW DATA #1 00401000: 4BE140A138EC8353 2444C71C74C08500 S.ì8?@áK..àt.?D$ |
??指定输出的宽度:
1 2 3 4 5 6 7 | C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:,8 main.oo RAW DATA #1 00401000: 53 83 EC 38 A1 40 E1 4B C:UsersloDesktopNew Folder11>dumpbin /RAWDATA:2,8 main.oo RAW DATA #1 00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444 |
-
21?/RELOCATIONS选项
??This option displays any relocations in the object or image.
??未清楚。
-
22?/SECTION选项
??/SECTION:section
??This option restricts the output to information on the specified section. Use the /HEADERS option to get a list of sections in the file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | C:UsersloDesktopNew Folder11>dumpbin /SECTION:.text main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE SECTION HEADER #1 .text name B6BA0 virtual size 1000 virtual address (00401000 to 004B7B9F) B6C00 size of raw data 400 file pointer to raw data (00000400 to 000B6FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60500060 flags Code Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Execute Read Summary B7000 .text |
-
23?/SUMMARY选项
??This option displays minimal information about sections, including total size. This option is the default if no other option is specified.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | C:UsersloDesktopNew Folder11>dumpbin /SUMMARY main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
24?/SYMBOLS选项
??This option displays the COFF symbol table. Symbol tables exist in all object files. A COFF symbol table appears in an image file only if it is linked with /DEBUG.
??The following is a description of the output for /SYMBOLS. Additional information on the meaning of /SYMBOLS output can be found by looking in winnt.h (IMAGE_SYMBOL and IMAGE_AUX_SYMBOL), or COFF documentation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | C:UsersloDesktopNew Folder11>dumpbin /SYMBOLS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE COFF SYMBOL TABLE 000 00000011 DEBUG notype Filename | .file crt1.c 002 00000000 SECT1 notype () Static | ___mingw_CRTStartup tag index 00000000 size 00000000 lines 00000000 next function 00000000 . . . |
-
25?/TLS
??Displays the IMAGE_TLS_DIRECTORY structure from an executable.
??/TLS displays the fields of the TLS structure as well as the addresses of the TLS callback functions.
??If a program does not use thread local storage, its image will not contain a TLS structure. See thread for more information.
??IMAGE_TLS_DIRECTORY is defined in winnt.h.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | C:UsersloDesktopNew Folder11>dumpbin /TLS main.oo Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file main.oo File Type: EXECUTABLE IMAGE Section contains the following TLS directory: 004CB001 Start of raw data 004CB01C End of raw data 004C7798 Address of index 004CA004 Address of callbacks 0 Size of zero fill 00000000 Characteristics TLS Callbacks Address -------- 00426B50 00426B00 00433440 00000000 Summary 1000 .CRT 3000 .bss 1000 .data 1000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 6000 .debug_info 1000 .debug_line 2000 .debug_loc 1000 .debug_ranges 1000 .debug_str 2000 .eh_frame 1000 .idata B000 .rdata B7000 .text 1000 .tls |
-
3-1?类的初步—定义一个类并创建对象实例
??3-1-1. 导言—用户管理—用户的分类及介绍
-
3-2?类的初步—定义一个类并创建对象实例
??3-2-1. 导言—用户管理—用户的分类及介绍
第3章节?
-
3-1?类的初步—定义一个类并创建对象实例
??3-1-1. 导言—用户管理—用户的分类及介绍
-
3-2?类的初步—定义一个类并创建对象实例