您好我的EXE格式问题http://www.delorie.com/djgpp/doc/exe/。
我已将我的文件作为十六进制加载到我的编辑器中(qedit)然后我反汇编了这个并且我很惊讶!
我的CS等于0和IP但我的程序代码(可能是00000040?)后来开始几个字节而且我甚至无法确定,因为我写的代码是下一个!
在00000200地址我可以看到>我的< (由我编写)反汇编代码。
那么你能解释一下CS:IP(我的0000:0000)指向哪里(给我地址)?因为正如我所读,它应该指向我的代码。
00000000 :4D 5A 90 00 03 00 00 00 - 04 00 00 00 FF FF 00 00
00000010 :B8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00
00000020 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000030 :00 00 00 00 00 00 00 00 - 00 00 00 00 A8 00 00 00
00000040 :0E 1F BA 0E 00 B4 09 CD - 21 B8 01 4C CD 21 54 68
00000050 :69 73 20 70 72 6F 67 72 - 61 6D 20 63 61 6E 6E 6F
00000060 :74 20 62 65 20 72 75 6E - 20 69 6E 20 44 4F 53 20
00000070 :6D 6F 64 65 2E 0D 0D 0A - 24 00 00 00 00 00 00 00
00000080 :5D 17 1D DB 19 76 73 88 - 19 76 73 88 19 76 73 88
00000090 :E5 56 61 88 18 76 73 88 - 52 69 63 68 19 76 73 88
000000A0 :00 00 00 00 00 00 00 00 - 50 45 00 00 4C 01 01 00
000000B0 :B8 EC 66 4B 00 00 00 00 - 00 00 00 00 E0 00 0F 01
000000C0 :0B 01 05 0C 00 02 00 00 - 00 00 00 00 00 00 00 00
000000D0 :00 10 00 00 00 10 00 00 - 00 20 00 00 00 00 40 00
000000E0 :00 10 00 00 00 02 00 00 - 04 00 00 00 00 00 00 00
000000F0 :04 00 00 00 00 00 00 00 - 00 20 00 00 00 02 00 00
00000100 :00 00 00 00 03 00 00 00 - 00 00 10 00 00 10 00 00
00000110 :00 00 10 00 00 10 00 00 - 00 00 00 00 10 00 00 00
00000120 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000130 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000140 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000150 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000160 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000170 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000180 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000190 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000001A0 :2E 74 65 78 74 00 00 00 - 1B 00 00 00 00 10 00 00
000001B0 :00 02 00 00 00 02 00 00 - 00 00 00 00 00 00 00 00
000001C0 :00 00 00 00 20 00 00 60 - 00 00 00 00 00 00 00 00
000001D0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000001E0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000001F0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000200 :33 C0 B0 32 50 66 B8 40 - 1F 50 B8 8F 7A 83 7C FF
00000210 :D0 33 C0 50 B8 FA CA 81 - 7C FF D0 00 00 00 00 00
00000220 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000230 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000240 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000250 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000260 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000270 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000280 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000290 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000002A0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000002B0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000002C0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000002D0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000002E0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000002F0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000300 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000310 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000320 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000330 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000340 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000350 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000360 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000370 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000380 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000390 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000003A0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000003B0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000003C0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000003D0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000003E0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
000003F0 :00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00000400 :
答案 0 :(得分:1)
您在此处显示的是.EXE文件的十六进制视图。
还有另外一件事,那就是程序在内存中加载。
当你在谈论IP(指令指针,虽然我认为你实际上是指EIP)时,你正在讨论下一条要执行的指令的存储器地址。
运行可执行文件将使您的操作系统读取文件,找到部分(代码部分,数据部分等)并将它们映射到内存,从而创建一个进程。所有内存指针都指向这些位置,而不是可执行文件中的位置。
这就是差异所在。
注意:对于记录,您所呈现的内容是不反汇编您的可执行文件。它只是一个十六进制转储(即,您将文件视为十六进制值序列)。反汇编会向您显示实际的机器指令(MOV,CMP,JMP等)。
答案 1 :(得分:0)
IIRC dos exe不会在绝对地址加载。它分配下一个可用的空闲段,并通过应用fixup重新定位起始段(和段的负载)。 (可以在您提供的URL中看到它的存在)。
段内的偏移量不会被重新定位,但是因为段每16字节开始一次,所以不会花费那么多的内存。
这是合乎逻辑的,因为在dos中加载一些额外的TSR可以使第二个存储器的地址可以加载到二进制文件中。
查看链接器和加载器免费电子书,以连贯的方式解释二进制格式:
====添加===
哎呀,看到djgpp有点晚了。 IIRC DJGPP是COFF。如果是生成djgpp,你应该查看DJGPP提供的utils来查看它是否有东西来检查二进制文件(a -dump program so)