PE文件格式研究及PEDUMP的实现

PE文件格式研究及PEDUMP的实现

摘 要

PE文件格式是可在Windows NT, windows 95和WIN32操作系统下可可执行的2进制格式。
本文介绍了系统的开发环境及环境配置和系统分析、总体设计,比较全面地介绍了本系统的`相关知识。最后,分析了设计的原程序,针对大部分代码给出了比较详细的文字解释说明。并且详细介绍PE文件格式,包含文件头、节表、节、资源目录、资源等等。研究如何用程序对各部分的内容进行读取分析显示,甚至对原PE文件的内容进行可行的修改、导入导出等功能。并实现对分析结果的文本导出保存。
此软件使用DELPHI在Windows系统下开发完成。

关键词 :Windous NT; window 95; win32; Delphi; PE文件格式

Abstract

The PE ("portable executable") file format is the format of executable binaries (DLLs and programs) for MS windows NT, windows 95 and win32s.
This text introduces the development environment and environments of the system to install, carrying on the system analysis, total design immediately after, introducing related knowledge of this system more and completely.The end, the original procedure that analyzed the design, aims at big and parts of codes to the more detailed writing to explain the elucidation. This article introduced the PE format,include DOS ”MZ” Header, Dos stub, NTHeader,Section Table,Section,Resource directory,Resource,etc.Study how to read all parts of PE format files and displayed it in our program,even do some change to that PE format file and rewrite into it,also can read out one part of it and save it as another file,Study how to put a TXT file for the result.
This software named Pedump was programed by Delphi,run in windows.

Keywords: Windous NT; window 95; win32; Delphi; PE file format

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至 yyfangchan@163.com (举报时请带上具体的网址) 举报,一经查实,本站将立刻删除