Question

我想在C＃

中实现这一点

我看过这里： http://www.codeproject.com/KB/cpp/PEChecksum.aspx

我知道ImageHlp.dll MapFileAndCheckSum函数。

但是，出于各种原因，我想自己实现。

我找到的最好的是： http://forum.sysinternals.com/optional-header-checksum-calculation_topic24214.html

但是，我不明白这个解释。任何人都可以澄清如何计算校验和吗？

谢谢！

更新

我从代码示例中，我不明白这意味着什么，以及如何将其转换为C＃

sum -= sum < low 16 bits of CheckSum in file // 16-bit borrow 
sum -= low 16 bits of CheckSum in file 
sum -= sum < high 16 bits of CheckSum in file 
sum -= high 16 bits of CheckSum in file

更新＃2

谢谢，遇到了一些类似的Python代码here

    def generate_checksum(self):

    # This will make sure that the data representing the PE image
    # is updated with any changes that might have been made by
    # assigning values to header fields as those are not automatically
    # updated upon assignment.
    #
    self.__data__ = self.write()

    # Get the offset to the CheckSum field in the OptionalHeader
    #
    checksum_offset = self.OPTIONAL_HEADER.__file_offset__ + 0x40 # 64

    checksum = 0

    # Verify the data is dword-aligned. Add padding if needed
    #
    remainder = len(self.__data__) % 4
    data = self.__data__ + ( '\0' * ((4-remainder) * ( remainder != 0 )) )

    for i in range( len( data ) / 4 ):

        # Skip the checksum field
        #
        if i == checksum_offset / 4:
            continue

        dword = struct.unpack('I', data[ i*4 : i*4+4 ])[0]
        checksum = (checksum & 0xffffffff) + dword + (checksum>>32)
        if checksum > 2**32:
            checksum = (checksum & 0xffffffff) + (checksum >> 32)

    checksum = (checksum & 0xffff) + (checksum >> 16)
    checksum = (checksum) + (checksum >> 16)
    checksum = checksum & 0xffff

    # The length is the one of the original data, not the padded one
    #
    return checksum + len(self.__data__)

但是，它仍然不适合我 - 这是我对此代码的转换：

using System;
using System.IO;

namespace CheckSumTest
{
    class Program
    {
        static void Main(string[] args)
        {
            var data = File.ReadAllBytes(@"c:\Windows\notepad.exe");

            var PEStart = BitConverter.ToInt32(data, 0x3c);
            var PECoffStart = PEStart + 4;
            var PEOptionalStart = PECoffStart + 20;
            var PECheckSum = PEOptionalStart + 64;
            var checkSumInFile = BitConverter.ToInt32(data, PECheckSum);
            Console.WriteLine(string.Format("{0:x}", checkSumInFile));

            long checksum = 0;

            var remainder = data.Length % 4;
            if (remainder > 0)
            {
                Array.Resize(ref data, data.Length + (4 - remainder));
            }

            var top = Math.Pow(2, 32);

            for (int i = 0; i < data.Length / 4; i++)
            {
                if (i == PECheckSum / 4)
                {
                    continue;
                }
                var dword = BitConverter.ToInt32(data, i * 4);
                checksum = (checksum & 0xffffffff) + dword + (checksum >> 32);
                if (checksum > top)
                {
                    checksum = (checksum & 0xffffffff) + (checksum >> 32);
                }
            }

            checksum = (checksum & 0xffff) + (checksum >> 16);
            checksum = (checksum) + (checksum >> 16);
            checksum = checksum & 0xffff;

            checksum += (uint)data.Length; 
            Console.WriteLine(string.Format("{0:x}", checksum));

            Console.ReadKey();
        }
    }
}

谁能告诉我我在哪里傻了？

Answer 1

好的，终于让它工作正常......我的问题是我使用的是不是因素！因此，这段代码可以工作（假设数据是4字节对齐的，否则你必须将它填平一点） - 而PECheckSum是PE中CheckSum值的位置（在计算校验和时显然不会使用它！ !!!）

static uint CalcCheckSum(byte[] data, int PECheckSum)
{
    long checksum = 0;
    var top = Math.Pow(2, 32);

    for (var i = 0; i < data.Length / 4; i++)
    {
        if (i == PECheckSum / 4)
        {
            continue;
        }
        var dword = BitConverter.ToUInt32(data, i * 4);
        checksum = (checksum & 0xffffffff) + dword + (checksum >> 32);
        if (checksum > top)
        {
            checksum = (checksum & 0xffffffff) + (checksum >> 32);
        }
    }

    checksum = (checksum & 0xffff) + (checksum >> 16);
    checksum = (checksum) + (checksum >> 16);
    checksum = checksum & 0xffff;

    checksum += (uint)data.Length;
    return (uint)checksum;

}

Answer 2

论坛帖子中的代码与实际反汇编Windows PE代码时的代码并不完全相同。 CodeProject article you reference将“将32位值折叠为16位”为：

mov edx,eax    ; EDX = EAX
shr edx,10h    ; EDX = EDX >> 16    EDX is high order
and eax,0FFFFh ; EAX = EAX & 0xFFFF EAX is low order
add eax,edx    ; EAX = EAX + EDX    High Order Folded into Low Order
mov edx,eax    ; EDX = EAX
shr edx,10h    ; EDX = EDX >> 16    EDX is high order
add eax,edx    ; EAX = EAX + EDX    High Order Folded into Low Order
and eax,0FFFFh ; EAX = EAX & 0xFFFF EAX is low order 16 bits

您可以将其转换为C＃：

// given: uint sum = ...;
uint high = sum >> 16; // take high order from sum
sum &= 0xFFFF;         // clear out high order from sum
sum += high;           // fold high order into low order

high = sum >> 16;      // take the new high order of sum
sum += high;           // fold the new high order into sum
sum &= 0xFFFF;         // mask to 16 bits

Answer 3

以下来自emmanuel的Java代码可能无效。在我的情况下，它挂起并且没有完成。我相信这是由于代码中大量使用IO：特别是data.read（）。这可以与阵列交换作为解决方案。 RandomAccessFile完全或递增地将文件读入字节数组的位置。

我尝试了这个但由于校验和偏移条件跳过校验和标头字节，计算速度太慢。我认为OP的C＃解决方案会有类似的问题。

以下代码也会删除此内容。

public static long computeChecksum（RandomAccessFile data，int checksumOffset）抛出IOException {

    ...
    byte[] barray = new byte[(int) length];     
    data.readFully(barray);

    long i = 0;
    long ch1, ch2, ch3, ch4, dword;

    while (i < checksumOffset) {

        ch1 = ((int) barray[(int) i++]) & 0xff;
        ...

        checksum += dword = ch1 | (ch2 << 8) | (ch3 << 16) | (ch4 << 24);

        if (checksum > top) {
            checksum = (checksum & 0xffffffffL) + (checksum >> 32);
        }
    }
    i += 4;

    while (i < length) {

        ch1 = ((int) barray[(int) i++]) & 0xff;
        ...

        checksum += dword = ch1 | (ch2 << 8) | (ch3 << 16) | (ch4 << 24);

        if (checksum > top) {
            checksum = (checksum & 0xffffffffL) + (checksum >> 32);
        }
    }

    checksum = (checksum & 0xffff) + (checksum >> 16);
    checksum = checksum + (checksum >> 16);
    checksum = checksum & 0xffff;
    checksum += length;

    return checksum;
}

然而，我仍然认为代码太冗长和笨重，所以我用一个通道换掉了raf并将罪魁祸首字节重写为零以消除条件。此代码仍可能使用缓存样式缓冲读取。

public static long computeChecksum2(FileChannel ch, int checksumOffset)
            throws IOException {

    ch.position(0);
    long sum = 0;
    long top = (long) Math.pow(2, 32);
    long length = ch.size();

    ByteBuffer buffer = ByteBuffer.wrap(new byte[(int) length]);
    buffer.order(ByteOrder.LITTLE_ENDIAN);

    ch.read(buffer);
    buffer.putInt(checksumOffset, 0x0000);

    buffer.position(0);
    while (buffer.hasRemaining()) {
        sum += buffer.getInt() & 0xffffffffL;
        if (sum > top) {
            sum = (sum & 0xffffffffL) + (sum >> 32);
        }
    }   
    sum = (sum & 0xffff) + (sum >> 16);
    sum = sum + (sum >> 16);
    sum = sum & 0xffff;
    sum += length;

    return sum;
}

Answer 4

我试图用Java解决同样的问题。这是Mark的解决方案被翻译成Java，使用RandomAccessFile而不是字节数组作为输入：

static long computeChecksum(RandomAccessFile data, long checksumOffset) throws IOException {
    long checksum = 0;
    long top = (long) Math.pow(2, 32);
    long length = data.length();

    for (long i = 0; i < length / 4; i++) {
        if (i == checksumOffset / 4) {
            data.skipBytes(4);
            continue;
        }

        long ch1 = data.read();
        long ch2 = data.read();
        long ch3 = data.read();
        long ch4 = data.read();

        long dword = ch1 + (ch2 << 8) + (ch3 << 16) + (ch4 << 24);

        checksum = (checksum & 0xffffffffL) + dword + (checksum >> 32);

        if (checksum > top) {
            checksum = (checksum & 0xffffffffL) + (checksum >> 32);
        }
    }

    checksum = (checksum & 0xffff) + (checksum >> 16);
    checksum = checksum + (checksum >> 16);
    checksum = checksum & 0xffff;
    checksum += length;

    return checksum;
}

Answer 5

➜  ~ rvm install 2.3.0
Searching for binary rubies, this might take some time.
No binary rubies available for: osx/10.12/x86_64/ruby-2.3.0.
Continuing with compilation. Please read 'rvm help mount' to get more information on binary rubies.
Checking requirements for osx.
Certificates in '/usr/local/etc/openssl/cert.pem' are already up to date.
Requirements installation successful.
Installing Ruby from source to: /Users/admin/.rvm/rubies/ruby-2.3.0, this may take a while depending on your cpu(s)...
ruby-2.3.0 - #downloading ruby-2.3.0, this may take a while depending on your connection...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0     0    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0     0    0     0    0     0      0      0 --:--:--  0:00:06 --:--:--     0 13.5M    0 32283    0     0   4495      0  0:52:35  0:00:07  0:52:28  6  1 13.5M    1  143k    0     0  17673      0  0:13:22  0:00:08  0:13:14 28  1 13.5M    1  255k    0     0  28487      0  0:08:17  0:00:09  0:08:08 53  2 13.5M    2  351k    0     0  35391      0  0:06:40  0:00:10  0:06:30 80  3 13.5M    3  436k    0     0  39080      0  0:06:02  0:00:11  0:05:51 89  3 13.5M    3  495k    0     0  41702      0  0:05:40  0:00:12  0:05:28 95  4 13.5M    4  564k    0     0  43882      0  0:05:23  0:00:13  0:05:10 88  4 13.5M    4  623k    0     0  44999      0  0:05:15  0:00:14  0:05:01 75  4 13.5M    4  684k    0     0  46202      0  0:05:07  0:00:15  0:04:52 68  5 13.5M    5  735k    0     0  46462      0  0:05:05  0:00:16  0:04:49 64  5 13.5M    5  804k    0     0  47975      0  0:04:55  0:00:17  0:04:38 63  6 13.5M    6  879k    0     0  47817      0  0:04:56  0:00:18  0:04:38 56  6 13.5M    6  895k    0     0  47642      0  0:04:57  0:00:19  0:04:38 55  6 13.5M    6  948k    0     0  48109      0  0:04:54  0:00:20  0:04:34 53  7 13.5M    7  975k    0     0  47097      0  0:05:01  0:00:21  0:04:40 49  7 13.5M    7 1023k    0     0  47044      0  0:05:01  0:00:22  0:04:39 43  7 13.5M    7 1068k    0     0  47241      0  0:05:00  0:00:23  0:04:37 44  8 13.5M    8 1119k    0     0  47383      0  0:04:59  0:00:24  0:04:35 46  8 13.5M    8 1191k    0     0  48443      0  0:04:52  0:00:25  0:04:27 49  9 13.5M    9 1263k    0     0  49386      0  0:04:47  0:00:26  0:04:21 59  9 13.5M    9 1375k    0     0  51833      0  0:04:33  0:00:27  0:04:06 73 11 13.5M   11 1551k    0     0  56396      0  0:04:11  0:00:28  0:03:43 98 12 13.5M   12 1711k    0     0  59078      0  0:04:00  0:00:29  0:03:31  1 13 13.5M   13 1855k    0     0  62986      0  0:03:45  0:00:30  0:03:15  1 14 13.5M   14 1983k    0     0  65162      0  0:03:37  0:00:31  0:03:06  1 15 13.5M   15 2079k    0     0  66197      0  0:03:34  0:00:32  0:03:02  1 15 13.5M   15 2191k    0     0  67639      0  0:03:29  0:00:33  0:02:56  1 16 13.5M   16 2303k    0     0  69036      0  0:03:25  0:00:34  0:02:51  1 17 13.5M   17 2402k    0     0  69928      0  0:03:22  0:00:35  0:02:47  1 18 13.5M   18 2495k    0     0  70618      0  0:03:20  0:00:36  0:02:44  1 18 13.5M   18 2602k    0     0  71652      0  0:03:17  0:00:37  0:02:40  1 19 13.5M   19 2703k    0     0  72495      0  0:03:15  0:00:38  0:02:37  1 20 13.5M   20 2794k    0     0  72980      0  0:03:14  0:00:39  0:02:35 99 20 13.5M   20 2847k    0     0  72375      0  0:03:16  0:00:40  0:02:36 89 21 13.5M   21 2927k    0     0  72822      0  0:03:14  0:00:41  0:02:33 88 21 13.5M   21 3007k    0     0  73038      0  0:03:14  0:00:42  0:02:32 83 22 13.5M   22 3103k    0     0  73612      0  0:03:12  0:00:43  0:02:29 82 22 13.5M   22 3183k    0     0  73797      0  0:03:12  0:00:44  0:02:28 80 23 13.5M   23 3279k    0     0  74314      0  0:03:10  0:00:45  0:02:25 90 24 13.5M   24 3407k    0     0  75558      0  0:03:07  0:00:46  0:02:21 98 25 13.5M   25 3519k    0     0  76375      0  0:03:05  0:00:47  0:02:18  1 25 13.5M   25 3599k    0     0  76494      0  0:03:05  0:00:48  0:02:17    26 13.5M   26 3679k    0     0  76602      0  0:03:05  0:00:49  0:02:16    27 13.5M   27 3759k    0     0  76669      0  0:03:05  0:00:50  0:02:15 97 27 13.5M   27 3839k    0     0  76825      0  0:03:04  0:00:51  0:02:13 88 28 13.5M   28 3887k    0     0  76282      0  0:03:05  0:00:52  0:02:13 75 28 13.5M   28 3999k    0     0  77020      0  0:03:04  0:00:53  0:02:11 82 29 13.5M   29 4063k    0     0  76776      0  0:03:04  0:00:54  0:02:10 78 29 13.5M   29 4111k    0     0  75849      0  0:03:07  0:00:55  0:02:12 68 30 13.5M   30 4159k    0     0  75808      0  0:03:07  0:00:56  0:02:11 65 30 13.5M   30 4207k    0     0  75343      0  0:03:08  0:00:57  0:02:11 65 30 13.5M   30 4239k    0     0  74601      0  0:03:10  0:00:58  0:02:12 48 30 13.5M   30 4287k    0     0  74154      0  0:03:11  0:00:59  0:02:12 45 31 13.5M   31 4319k    0     0  73287      0  0:03:13  0:01:00  0:02:13 43 31 13.5M   31 4351k    0     0  72825      0  0:03:14  0:01:01  0:02:13 39 31 13.5M   31 4383k    0     0  72115      0  0:03:16  0:01:02  0:02:14 35 31 13.5M   31 4399k    0     0  71294      0  0:03:18  0:01:03  0:02:15 32 31 13.5M   31 4415k    0     0  70378      0  0:03:21  0:01:04  0:02:17 26 32 13.5M   32 4447k    0     0  69827      0  0:03:23  0:01:05  0:02:18 26 32 13.5M   32 4479k    0     0  69306      0  0:03:24  0:01:06  0:02:18 26 32 13.5M   32 4543k    0     0  69239      0  0:03:24  0:01:07  0:02:17 33 33 13.5M   33 4639k    0     0  69685      0  0:03:23  0:01:08  0:02:15 49 34 13.5M   34 4815k    0     0  71290      0  0:03:18  0:01:09  0:02:09 83 36 13.5M   36 5007k    0     0  72688      0  0:03:15  0:01:10  0:02:05  1 37 13.5M   37 5167k    0     0  74004      0  0:03:11  0:01:11  0:02:00  1 38 13.5M   38 5295k    0     0  74998      0  0:03:09  0:01:12  0:01:57  1 38 13.5M   38 5383k    0     0  74963      0  0:03:09  0:01:13  0:01:56  1 39 13.5M   39 5487k    0     0  75742      0  0:03:07  0:01:14  0:01:53  1 40 13.5M   40 5594k    0     0  76197      0  0:03:06  0:01:15  0:01:51  1 41 13.5M   41 5695k    0     0  76553      0  0:03:05  0:01:16  0:01:49  1 41 13.5M   41 5807k    0     0  77066      0  0:03:04  0:01:17  0:01:47  1 42 13.5M   42 5935k    0     0  77757      0  0:03:02  0:01:18  0:01:44  1 43 13.5M   43 6079k    0     0  78637      0  0:03:00  0:01:19  0:01:41  1 44 13.5M   44 6223k    0     0  79253      0  0:02:58  0:01:20  0:01:38  1 46 13.5M   46 6399k    0     0  80726      0  0:02:55  0:01:21  0:01:34  1 47 13.5M   47 6559k    0     0  81744      0  0:02:53  0:01:22  0:01:31  1 48 13.5M   48 6722k    0     0  82764      0  0:02:51  0:01:23  0:01:28  1 49 13.5M   49 6831k    0     0  83107      0  0:02:50  0:01:24  0:01:26  1 50 13.5M   50 6927k    0     0  83273      0  0:02:50  0:01:25  0:01:25  1 50 13.5M   50 7023k    0     0  83450      0  0:02:49  0:01:26  0:01:23  1 51 13.5M   51 7135k    0     0  83804      0  0:02:49  0:01:27  0:01:22  1 52 13.5M   52 7231k    0     0  83958      0  0:02:48  0:01:28  0:01:20  1 53 13.5M   53 7343k    0     0  84334      0  0:02:48  0:01:29  0:01:19  1 53 13.5M   53 7479k    0     0  84938      0  0:02:47  0:01:30  0:01:17  1 54 13.5M   54 7599k    0     0  85342      0  0:02:46  0:01:31  0:01:15  1 55 13.5M   55 7695k    0     0  85379      0  0:02:46  0:01:32  0:01:14  1 56 13.5M   56 7823k    0     0  85975      0  0:02:44  0:01:33  0:01:11  1 57 13.5M   57 7935k    0     0  86290      0  0:02:44  0:01:34  0:01:10  1 58 13.5M   58 8055k    0     0  86671      0  0:02:43  0:01:35  0:01:08  1 59 13.5M   59 8175k    0     0  86628      0  0:02:43  0:01:36  0:01:07  1 59 13.5M   59 8234k    0     0  86396      0  0:02:44  0:01:37  0:01:07  1 59 13.5M   59 8287k    0     0  86436      0  0:02:44  0:01:38  0:01:06 95 60 13.5M   60 8351k    0     0  86214      0  0:02:44  0:01:39  0:01:05 84 60 13.5M   60 8399k    0     0  85853      0  0:02:45  0:01:40  0:01:05 70 61 13.5M   61 8463k    0     0  85643      0  0:02:45  0:01:41  0:01:04 64 61 13.5M   61 8511k    0     0  85280      0  0:02:46  0:01:42  0:01:04 61 61 13.5M   61 8575k    0     0  84797      0  0:02:47  0:01:43  0:01:04 54 62 13.5M   62 8620k    0     0  84728      0  0:02:47  0:01:44  0:01:03 55 62 13.5M   62 8655k    0     0  84260      0  0:02:48  0:01:45  0:01:03 52 62 13.5M   62 8703k    0     0  83934      0  0:02:49  0:01:46  0:01:03 49 63 13.5M   63 8751k    0     0  83619      0  0:02:49  0:01:47  0:01:02 49 63 13.5M   63 8820k    0     0  83499      0  0:02:49  0:01:48  0:01:01 54 64 13.5M   64 8879k    0     0  83277      0  0:02:50  0:01:49  0:01:01 52 64 13.5M   64 8975k    0     0  83237      0  0:02:50  0:01:50  0:01:00 62 65 13.5M   65 9103k    0     0  83823      0  0:02:49  0:01:51  0:00:58 81 66 13.5M   66 9215k    0     0  84123      0  0:02:48  0:01:52  0:00:56 94 67 13.5M   67 9311k    0     0  84196      0  0:02:48  0:01:53  0:00:55 99 67 13.5M   67 9383k    0     0  84155      0  0:02:48  0:01:54  0:00:54  1 69 13.5M   69 9562k    0     0  85022      0  0:02:46  0:01:55  0:00:51  1 69 13.5M   69 9647k    0     0  85034      0  0:02:46  0:01:56  0:00:50  1 70 13.5M   70 9743k    0     0  85136      0  0:02:46  0:01:57  0:00:49  1 70 13.5M   70 9807k    0     0  84892      0  0:02:47  0:01:58  0:00:49    71 13.5M   71 9871k    0     0  84803      0  0:02:47  0:01:59  0:00:48 99 71 13.5M   71 9951k    0     0  84732      0  0:02:47  0:02:00  0:00:47 78 72 13.5M   72  9.7M    0     0  84620      0  0:02:47  0:02:01  0:00:46 75 72 13.5M   72  9.8M    0     0  84319      0  0:02:48  0:02:02  0:00:46 65 73 13.5M   73  9.9M    0     0  84331      0  0:02:48  0:02:03  0:00:45 70 73 13.5M   73  9.9M    0     0  84179      0  0:02:48  0:02:04  0:00:44 69 74 13.5M   74 10.0M    0     0  84134      0  0:02:48  0:02:05  0:00:43 69 74 13.5M   74 10.1M    0     0  84139      0  0:02:48  0:02:06  0:00:42 72 75 13.5M   75 10.1M    0     0  83940      0  0:02:48  0:02:07  0:00:41 74 75 13.5M   75 10.2M    0     0  83849      0  0:02:49  0:02:08  0:00:41 71 76 13.5M   76 10.3M    0     0  83963      0  0:02:48  0:02:09  0:00:39 78 77 13.5M   77 10.4M    0     0  83941      0  0:02:48  0:02:10  0:00:38 79 77 13.5M   77 10.5M    0     0  84059      0  0:02:48  0:02:11  0:00:37 82 78 13.5M   78 10.6M    0     0  84159      0  0:02:48  0:02:12  0:00:36 89 79 13.5M   79 10.7M    0     0  84391      0  0:02:48  0:02:13  0:00:35 98 80 13.5M   80 10.8M    0     0  84570      0  0:02:47  0:02:14  0:00:33 98 81 13.5M   81 10.9M    0     0  85208      0  0:02:46  0:02:15  0:00:31  1 82 13.5M   82 11.1M    0     0  85664      0  0:02:45  0:02:16  0:00:29  1 83 13.5M   83 11.2M    0     0  86230      0  0:02:44  0:02:17  0:00:27  1 84 13.5M   84 11.4M    0     0  86908      0  0:02:43  0:02:18  0:00:25  1 85 13.5M   85 11.6M    0     0  87583      0  0:02:41  0:02:19  0:00:22  1 86 13.5M   86 11.7M    0     0  87985      0  0:02:41  0:02:20  0:00:21  1 87 13.5M   87 11.8M    0     0  87953      0  0:02:41  0:02:21  0:00:20  1 88 13.5M   88 11.9M    0     0  88270      0  0:02:40  0:02:22  0:00:18  1 89 13.5M   89 12.0M    0     0  88200      0  0:02:40  0:02:23  0:00:17  1 89 13.5M   89 12.1M    0     0  88115      0  0:02:40  0:02:24  0:00:16  1 89 13.5M   89 12.1M    0     0  87903      0  0:02:41  0:02:25  0:00:16 85 90 13.5M   90 12.2M    0     0  87757      0  0:02:41  0:02:26  0:00:15 82 90 13.5M   90 12.3M    0     0  87450      0  0:02:42  0:02:27  0:00:15 65 91 13.5M   91 12.3M    0     0  87557      0  0:02:42  0:02:28  0:00:14 69 91 13.5M   91 12.4M    0     0  87413      0  0:02:42  0:02:29  0:00:13 67 92 13.5M   92 12.5M    0     0  87388      0  0:02:42  0:02:30  0:00:12 72 93 13.5M   93 12.5M    0     0  87348      0  0:02:42  0:02:31  0:00:11 75 93 13.5M   93 12.6M    0     0  87195      0  0:02:42  0:02:32  0:00:10 79 94 13.5M   94 12.7M    0     0  87167      0  0:02:42  0:02:33  0:00:09 75 94 13.5M   94 12.8M    0     0  87134      0  0:02:42  0:02:34  0:00:08 78 95 13.5M   95 12.8M    0     0  87050      0  0:02:42  0:02:35  0:00:07 76 95 13.5M   95 12.9M    0     0  86859      0  0:02:43  0:02:36  0:00:07 72 96 13.5M   96 12.9M    0     0  86694      0  0:02:43  0:02:37  0:00:06 71 96 13.5M   96 13.0M    0     0  86546      0  0:02:43  0:02:38  0:00:05 67 96 13.5M   96 13.1M    0     0  86347      0  0:02:44  0:02:39  0:00:05 62 97 13.5M   97 13.1M    0     0  86325      0  0:02:44  0:02:40  0:00:04 63 98 13.5M   98 13.2M    0     0  86303      0  0:02:44  0:02:41  0:00:03 68 99 13.5M   99 13.4M    0     0  86680      0  0:02:43  0:02:42  0:00:01 86100 13.5M  100 13.5M    0     0  87104      0  0:02:42  0:02:42 --:--:--  103k
ruby-2.3.0 - #extracting ruby-2.3.0 to /Users/admin/.rvm/src/ruby-2.3.0 - please wait
ruby-2.3.0 - #configuring - please wait
ruby-2.3.0 - #post-configuration - please wait
ruby-2.3.0 - #compiling - please wait
ruby-2.3.0 - #installing - please wait
ruby-2.3.0 - #making binaries executable - please wait
Installed rubygems 2.5.1 is newer than 2.4.8 provided with installed ruby, skipping installation, use --force to force installation.
ruby-2.3.0 - #gemset created /Users/admin/.rvm/gems/ruby-2.3.0@global
ruby-2.3.0 - #importing gemset /Users/admin/.rvm/gemsets/global.gems - please wait
ruby-2.3.0 - #generating global wrappers - please wait
ruby-2.3.0 - #gemset created /Users/admin/.rvm/gems/ruby-2.3.0
ruby-2.3.0 - #importing gemsetfile /Users/admin/.rvm/gemsets/default.gems evaluated to empty gem list
ruby-2.3.0 - #generating default wrappers - please wait
ruby-2.3.0 - #adjusting #shebangs for (gem irb erb ri rdoc testrb rake).
Install of ruby-2.3.0 - #complete
Ruby was built without documentation, to build it run: rvm docs generate-ri

如果你需要短的不安全...（不需要使用Double和Long整数，不需要在算法内部进行数组对齐）

Answer 6

Java示例并不完全正确。遵循Java实现与Microsoft Imagehlp.MapFileAndCheckSumA的原始实现结果相符。

使用inputByte & 0xff掩盖输入字节非常重要，并且当long在currentWord & 0xffffffffL的附加项中使用时，结果long checksum = 0; final long max = 4294967296L; // 2^32 // verify the data is DWORD-aligned and add padding if needed final int remainder = data.length % 4; final byte[] paddedData = Arrays.copyOf(data, data.length + (remainder > 0 ? 4 - remainder : 0)); for (int i = 0; i <= paddedData.length - 4; i += 4) { // skip the checksum field if (i == this.offsetToOriginalCheckSum) continue; // take DWORD into account for computation final long currentWord = (paddedData[i] & 0xff) + ((paddedData[i + 1] & 0xff) << 8) + ((paddedData[i + 2] & 0xff) << 16) + ((paddedData[i + 3] & 0xff) << 24); checksum = (checksum & 0xffffffffL) + (currentWord & 0xffffffffL); if (checksum > max) checksum = (checksum & 0xffffffffL) + (checksum >> 32); } checksum = (checksum & 0xffff) + (checksum >> 16); checksum = checksum + (checksum >> 16); checksum = checksum & 0xffff; checksum += data.length; // must be original data length再次被屏蔽（考虑L）：

private void Form1_Paint(object sender, PaintEventArgs e)
    {
        Graphics l = e.Graphics;
        Pen p = new Pen(Color.Black, 1);
        float angle = 0;
        float len = 100;
        PointF ori = new PointF(Width/2, 0);    
        PointF bob = new PointF(Width/2, len);
        while(true)
        {

            bob.X = ori.X + len * (float)Math.Sin(angle);
            bob.Y = ori.Y + len * (float)Math.Cos(angle);
            angle += 0.001F;
            l.DrawLine(p, ori.X, ori.Y, bob.X, bob.Y);
            l.DrawEllipse(p, bob.X - 15, bob.Y, 30, 30);
            if(angle == 360)
            {
                break;
            }
            l.Dispose();
        } 
    }

在这种情况下，Java有点不方便。

Answer 7

没有人真正回答“任何人都可以定义Windows PE校验和算法？”这一原始问题。所以我将尽可能简单地定义它。到目前为止，给出的许多示例都在优化无符号32位整数（又名DWORD），但是如果您只是想从最根本的角度了解算法本身，那就很简单：

使用一个无符号的16位整数（即WORD）存储校验和，除PE可选标头校验和的4个字节外，将数据的所有WORD相加。如果文件不是WORD对齐的，则最后一个字节为0x00。
将校验和从WORD转换为DWORD并添加文件的大小。

上面的PE校验和算法实际上与原始MS-DOS校验和算法相同。唯一的区别是跳过的位置，最后替换了XOR 0xFFFF，而是添加了文件的大小。

在我的WinPEFile class for PHP中，上述算法如下：

    $x = 0;
    $y = strlen($data);
    $val = 0;
    while ($x < $y)
    {
        // Skip the checksum field location.
        if ($x === $this->pe_opt_header["checksum_pos"])  $x += 4;
        else
        {
            $val += self::GetUInt16($data, $x, $y);

            // In PHP, integers are either signed 32-bit or 64-bit integers.
            if ($val > 0xFFFF)  $val = ($val & 0xFFFF) + 1;
        }
    }

    // Add the file size.
    $val += $y;

任何人都可以定义Windows PE校验和算法吗？

7 个答案: