COFF文件

• SimpleSection.c文件

• int printf(const char* format,...);
  
  int global_int_var = 84;
  int global_unint_var;
  
  void func1(int i)
  {
  	printf("%d\n",i);
  }
  
  int main(void)
  {
  	static int static_var = 85;
  	static int static_var2;	
  	int a = 1;
  	int b;
  
  	func1(static_var + static_var2 + a + b);
  
  	return 0;
  }

• cl /c SimpleSection.c ---->SimpleSection.obj
• dumpbin /all SimpleSection.obj

• Microsoft (R) COFF/PE Dumper Version 8.00.50727.762
  Copyright (C) Microsoft Corporation.  All rights reserved.
  
  
  Dump of file simplesection.obj
  
  File Type: COFF OBJECT
  
  FILE HEADER VALUES
               14C machine (x86)
                 5 number of sections
          4E43414B time date stamp Thu Aug 11 10:41:15 2011
               1F2 file pointer to symbol table
                14 number of symbols
                 0 size of optional header
                 0 characteristics
  
  SECTION HEADER #1
  .drectve name
         0 physical address
         0 virtual address
        2F size of raw data
        DC file pointer to raw data (000000DC to 0000010A)
         0 file pointer to relocation table
         0 file pointer to line numbers
         0 number of relocations
         0 number of line numbers
    100A00 flags
           Info
           Remove
           1 byte align
  
  RAW DATA #1
    00000000: 20 20 20 2F 44 45 46 41 55 4C 54 4C 49 42 3A 22     /DEFAULTLIB:"
    00000010: 4C 49 42 43 4D 54 22 20 2F 44 45 46 41 55 4C 54  LIBCMT" /DEFAULT
    00000020: 4C 49 42 3A 22 4F 4C 44 4E 41 4D 45 53 22 20     LIB:"OLDNAMES" 
  
     Linker Directives
     -----------------
     /DEFAULTLIB:"LIBCMT"
     /DEFAULTLIB:"OLDNAMES"
  
  SECTION HEADER #2
  .debug$S name
         0 physical address
         0 virtual address
        5B size of raw data
       10B file pointer to raw data (0000010B to 00000165)
         0 file pointer to relocation table
         0 file pointer to line numbers
         0 number of relocations
         0 number of line numbers
  42100040 flags
           Initialized Data
           Discardable
           1 byte align
           Read Only
  
  RAW DATA #2
    00000000: 02 00 00 00 1B 00 09 00 00 00 00 00 14 45 3A 5C  .............E:\
    00000010: 73 69 6D 70 6C 65 73 65 63 74 69 6F 6E 2E 6F 62  simplesection.ob
    00000020: 6A 38 00 13 10 00 22 00 00 07 00 0E 00 00 00 27  j8...."........'
    00000030: C6 0E 00 00 00 27 C6 21 4D 69 63 72 6F 73 6F 66  ?....'?!Microsof
    00000040: 74 20 28 52 29 20 4F 70 74 69 6D 69 7A 69 6E 67  t (R) Optimizing
    00000050: 20 43 6F 6D 70 69 6C 65 72 00 00                  Compiler..
  
  SECTION HEADER #3
     .data name
         0 physical address
         0 virtual address
         C size of raw data
       166 file pointer to raw data (00000166 to 00000171)
         0 file pointer to relocation table
         0 file pointer to line numbers
         0 number of relocations
         0 number of line numbers
  C0300040 flags
           Initialized Data
           4 byte align
           Read Write
  
  RAW DATA #3
    00000000: 54 00 00 00 25 64 0A 00 55 00 00 00              T...%d..U...
  
  SECTION HEADER #4
     .text name
         0 physical address
         0 virtual address
        4E size of raw data
       172 file pointer to raw data (00000172 to 000001BF)
       1C0 file pointer to relocation table
         0 file pointer to line numbers
         5 number of relocations
         0 number of line numbers
  60500020 flags
           Code
           16 byte align
           Execute Read
  
  RAW DATA #4
    00000000: 55 8B EC 8B 45 08 50 68 00 00 00 00 E8 00 00 00  U.ì.E.Ph....è...
    00000010: 00 83 C4 08 5D C3 CC CC CC CC CC CC CC CC CC CC  ..?.]?ìììììììììì
    00000020: 55 8B EC 83 EC 08 C7 45 FC 01 00 00 00 A1 00 00  U.ì.ì.?Eü....?..
    00000030: 00 00 03 05 00 00 00 00 03 45 FC 03 45 F8 50 E8  .........Eü.E?Pè
    00000040: 00 00 00 00 83 C4 04 8B 45 FC 8B E5 5D C3        .....?..Eü.?]?
  
  RELOCATIONS #4
                                                  Symbol    Symbol
   Offset    Type              Applied To         Index     Name
   --------  ----------------  -----------------  --------  ------
   00000008  DIR32                      00000000         A  $SG612
   0000000D  REL32                      00000000         F  _printf
   0000002E  DIR32                      00000000         B  ?static_var@?1??main@@9@9 (`main'::`2'::static_var)
   00000034  DIR32                      00000000        13  ?static_var2@?1??main@@9@9 (`main'::`2'::static_var2)
   00000040  REL32                      00000000         E  _func1
  
  SECTION HEADER #5
      .bss name
         0 physical address
         0 virtual address
         4 size of raw data
         0 file pointer to raw data
         0 file pointer to relocation table
         0 file pointer to line numbers
         0 number of relocations
         0 number of line numbers
  C0300080 flags
           Uninitialized Data
           4 byte align
           Read Write
  
  COFF SYMBOL TABLE
  000 006DC627 ABS    notype       Static       | @comp.id
  001 00000001 ABS    notype       Static       | @feat.00
  002 00000000 SECT1  notype       Static       | .drectve
      Section length   2F, #relocs    0, #linenums    0, checksum        0
  004 00000000 SECT2  notype       Static       | .debug$S
      Section length   5B, #relocs    0, #linenums    0, checksum        0
  006 00000004 UNDEF  notype       External     | _global_unint_var
  007 00000000 SECT3  notype       Static       | .data
      Section length    C, #relocs    0, #linenums    0, checksum AC5AB941
  009 00000000 SECT3  notype       External     | _global_int_var
  00A 00000004 SECT3  notype       Static       | $SG612
  00B 00000008 SECT3  notype       Static       | ?static_var@?1??main@@9@9 (`main'::`2'::static_var)
  00C 00000000 SECT4  notype       Static       | .text
      Section length   4E, #relocs    5, #linenums    0, checksum CC61DB94
  00E 00000000 SECT4  notype ()    External     | _func1
  00F 00000000 UNDEF  notype ()    External     | _printf
  010 00000020 SECT4  notype ()    External     | _main
  011 00000000 SECT5  notype       Static       | .bss
      Section length    4, #relocs    0, #linenums    0, checksum        0
  013 00000000 SECT5  notype       Static       | ?static_var2@?1??main@@9@9 (`main'::`2'::static_var2)
  
  String Table Size = 0x5B bytes
  
    Summary
  
             4 .bss
             C .data
            5B .debug$S
            2F .drectve
            4E .text

• 拆解SimpleSection.obj

• ====Image Header====
  4C01//machine (x86)
  0500//5个段
  4B41434E//时间戳
  F2010000//符号表地址
  14000000//符号数
  0000//可选头大小
  0000//标志
  
  ====段表====
  
  2E64726563747665//.drectve
  00000000
  00000000
  2F000000//段数据大小
  DC000000//段数据起始位置
  00000000
  00000000
  0000
  0000
  000A1000//段标志字
  
  2E64656275672453//.debug$S
  00000000
  00000000
  5B000000
  0B010000
  00000000
  00000000
  0000
  0000
  40001042
  
  2E64617461000000//.data
  00000000
  00000000
  0C000000
  66010000
  00000000
  00000000
  0000
  0000
  400030C0
  
  2E74657874000000//.text
  00000000
  00000000
  4E000000
  72010000
  C0010000//重定位数据位置
  00000000
  0500//重定位数据大小
  0000
  20005060
  
  2E62737300000000//.bss
  00000000
  00000000
  04000000
  00000000
  00000000
  00000000
  0000
  0000
  800030C0
  
  ====RAW DATA====
  
  //#1
  2020202F44454641554C544C49423A22
  4C4942434D5422202F44454641554C54
  4C49423A224F4C444E414D45532220
  
  //#2
  020000001B0009000000000014453A5C
  73696D706C6573656374696F6E2E6F62
  6A380013100022000007000E00000027
  C60E00000027C6214D6963726F736F66
  7420285229204F7074696D697A696E67
  20436F6D70696C65720000
  
  //#3
  5400000025640A0055000000
  
  //#4
  558BEC8B4508506800000000E8000000
  0083C4085DC3CCCCCCCCCCCCCCCCCCCC
  558BEC83EC08C745FC01000000A10000
  00000305000000000345FC0345F850E8
  0000000083C4048B45FC8BE55DC3
  
  ====重定位表====
  
  08000000//重定位入口的段内偏移
  0A000000//在符号表内的索引
  0600//属性：重定位目标的32位虚拟地址
  
  0D000000
  0F000000//在符号表内的索引---->_printf
  1400//属性：重定位目标的32位相对偏移
  
  2E000000
  0B000000
  0600
  
  34000000
  13000000
  0600
  
  40000000
  0E000000
  1400
  
  ====符号表====//通过符号大小和序号计算符号段内偏移地址?
  
  40636F6D702E6964//@comp.id
  27C66D00//符号大小
  FFFF
  0000//符号类型：变量及其他
  03//可见类型：static
  00
  
  40666561742E3030//@feat.00
  01000000
  FFFF
  0000
  03
  00
  
  2E64726563747665//.drectve
  00000000
  0100//段号：1
  0000
  03
  01//1个附加信息
  2F0000000000000000000000000000000000
  
  2E64656275672453//.debug$S
  00000000
  0200
  0000
  03
  01
  5B0000000000000000000000000000000000
  
  00000000//为0，则后四字节为字符串偏移
  04000000//字符串表偏移4--->_global_unint_var
  04000000//大小为4
  0000
  0000//符号类型：变量及其他
  02//可见类型：external
  00
  
  2E64617461000000//.data\0\0\0
  00000000
  0300
  0000
  03
  01
  0C0000000000000041B95AAC000000000000
  
  00000000
  16000000//字符串表偏移22--->_global_int_var
  00000000//??
  0300//段号：3
  0000
  02//可见类型：external
  00
  
  2453473631320000//$SG612\0\0
  04000000
  0300
  0000
  03
  00
  000000002600000008000000030000000300
  
  2E74657874000000//.text\0\0\0
  00000000
  0400
  0000
  03
  01
  4E0000000500000094DB61CC000000000000
  
  5F66756E63310000//_func1\0\0
  00000000
  0400
  2000//符号类型：函数
  02
  00
  
  5F7072696E746600//_printf\0
  00000000
  0000
  2000
  02
  00
  
  5F6D61696E000000//_main\0\0\0
  20000000//大小
  0400//段号
  2000//符号类型：函数
  02//可见类型：external
  00
  
  2E62737300000000//.bss\0\0\0\0
  00000000
  0500
  0000
  03
  01
  040000000000000000000000000000000000000000004000000000000000050000000300
  
  ====字符串表====
  
  5B000000
  5F676C6F62616C5F756E696E745F76617200//_global_unint_var
  5F676C6F62616C5F696E745F76617200//_global_int_var
  3F7374617469635F766172403F313F3F6D61696E404039403900//?static_var@?1??main@@9@9
  3F7374617469635F76617232403F313F3F6D61696E404039403900//?static_var2@?1??main@@9@9

• 数据结构

• typedef struct _IMAGE_FILE_HEADER {
      WORD    Machine;
      WORD    NumberOfSections;
      DWORD   TimeDateStamp;
      DWORD   PointerToSymbolTable;
      DWORD   NumberOfSymbols;
      WORD    SizeOfOptionalHeader;
      WORD    Characteristics;
  } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
  
  typedef struct _IMAGE_SECTION_HEADER {
      BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
      union {
              DWORD   PhysicalAddress;
              DWORD   VirtualSize;
      } Misc;
      DWORD   VirtualAddress;
      DWORD   SizeOfRawData;
      DWORD   PointerToRawData;
      DWORD   PointerToRelocations;
      DWORD   PointerToLinenumbers;
      WORD    NumberOfRelocations;
      WORD    NumberOfLinenumbers;
      DWORD   Characteristics;
  } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
  
  typedef struct _IMAGE_RELOCATION {
      union {
          DWORD   VirtualAddress;
          DWORD   RelocCount;             
      };
      DWORD   SymbolTableIndex;
      WORD    Type;
  } IMAGE_RELOCATION;
  
  typedef struct _IMAGE_SYMBOL {
      union {
          BYTE    ShortName[8];
          struct {
              DWORD   Short;     // if 0, use LongName
              DWORD   Long;      // offset into string table
          } Name;
          PBYTE   LongName[2];
      } N;
      DWORD   Value;
      SHORT   SectionNumber;
      WORD    Type;
      BYTE    StorageClass;
      BYTE    NumberOfAuxSymbols;
  } IMAGE_SYMBOL;

• 参考：
• http://bbs.pediy.com/archive/index.php?t-74060.html
• 《程序员的自我修养》