基础C++教学⮱⮱004【dumpbin工具】2019-11-2

2019-11-21  本文已影响0人  平知

←↑→↓↖↙↗↘↕⏤
unicode=Geometric Shapes
▶ 仅仅个别字不同的时候的对比标识

◉ 着重强调

  ◆ 1、
  ◆ 2、
  ◆ 3、

  
  
  
  
  
  
  
  

Miscellaneous Symbols


Dingbats
✍ 重点记忆,个人总结的点,或者知识。
✎✎

章节号 内容            
1图片格式(png) 宽度大于620px,保持高宽比减低为620px
1-1 应用
1-1-1 方法

第1章节 

  微软参考
  The Microsoft COFF Binary File Dumper (DUMPBIN.EXE) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs).

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /?
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.

usage: DUMPBIN [options] [files]

   options:

      /ALL
      /ARCHIVEMEMBERS
      /CLRHEADER
      /DEPENDENTS
      /DIRECTIVES
      /DISASM[:{BYTES|NOBYTES}]
      /ERRORREPORT:{NONE|PROMPT|QUEUE|SEND}
      /EXPORTS
      /FPO
      /HEADERS
      /IMPORTS[:filename]
      /LINENUMBERS
      /LINKERMEMBER[:{1|2}]
      /LOADCONFIG
      /OUT:filename
      /PDATA
      /PDBPATH[:VERBOSE]
      /RANGE:vaMin[,vaMax]
      /RAWDATA[:{NONE|1|2|4|8}[,#]]
      /RELOCATIONS
      /SECTION:name
      /SUMMARY
      /SYMBOLS
      /TLS
      /UNWINDINFO

  Only the /HEADERS DUMPBIN option is available for use on files produced with the /GL compiler option.
  只有/HEADERS DUMPBIN选项可用于使用/GL编译器选项生成的文件。

  This option displays all available information except code disassembly. Use /DISASM to display disassembly. You can use /RAWDATA:NONE with /ALL to omit the raw binary details of the file.
  显示除了反汇编代码的之外的所有信息。如果需要反汇编的代码信息,加上 /DISASM选项。使用 /RAWDATA:NONE去除rawdata。

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /all main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
             14C machine (x86)
              10 number of sections
               0 time date stamp Thu Jan 01 08:00:00 1970
           CD200 file pointer to symbol table
            3A0C number of symbols
              E0 size of optional header
             107 characteristics
                   Relocations stripped
                   Executable
                   Line numbers stripped
                   32 bit word machine

OPTIONAL HEADER VALUES
             10B magic # (PE32)
            2.24 linker version
           B6C00 size of code
           C3C00 size of initialized data
            2400 size of uninitialized data
            1280 entry point (00401280)
            1000 base of code
           B8000 base of data
          400000 image base (00400000 to 004D9FFF)
            1000 section alignment
             200 file alignment
            4.00 operating system version
            1.00 image version
            4.00 subsystem version
               0 Win32 version
           DA000 size of image
             400 size of headers
          183740 checksum
               3 subsystem (Windows CUI)
               0 DLL characteristics
          200000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
           C9000 [     D78] RVA [size] of Import Directory
               0 [       0] RVA [size] of Resource Directory
               0 [       0] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
               0 [       0] RVA [size] of Base Relocation Directory
               0 [       0] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
           CB004 [      18] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
           C9250 [     200] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory


SECTION HEADER #1
   .text name
   B6BA0 virtual size
    1000 virtual address (00401000 to 004B7B9F)
   B6C00 size of raw data
     400 file pointer to raw data (00000400 to 000B6FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60500060 flags
         Code
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Execute Read

RAW DATA #1
  00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24  S.ì8¡@áK..Àt.ÇD$
  00401010: 08 00 00 00 00 C7 44 24 04 02 00 00 00 C7 04 24  .....ÇD$.....Ç.$
  00401020: 00 00 00 00 FF D0 83 EC 0C C7 04 24 10 11 40 00  ....ÿÐ.ì.Ç.$..@.
  00401030: E8 5B 73 03 00 83 EC 04 E8 B3 5B 02 00 E8 8E 5C  è[s...ì.è³[..è.\
  00401040: 02 00 8D 44 24 2C 89 44 24 10 A1 C0 80 4B 00 C7  ...D$,.D$.¡À.K.Ç
  00401050: 44 24 04 00 60 4C 00 C7 04 24 04 60 4C 00 C7 44  D$..`L.Ç.$.`L.ÇD
  00401060: 24 2C 00 00 00 00 89 44 24 0C 8D 44 24 28 89 44  $,.....D$..D$(.D
  00401070: 24 08 E8 89 FA 02 00 A1 9C 77 4C 00 85 C0 74 42  $.è.ú..¡.wL..ÀtB
.
.
.

  同时使用/ALL 和 /DISASM,输出将包含反汇编代码:

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /all /disasm main.oo
.
.
.
SECTION HEADER #1
   .text name
   B6BA0 virtual size
    1000 virtual address (00401000 to 004B7B9F)
   B6C00 size of raw data
     400 file pointer to raw data (00000400 to 000B6FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60500060 flags
         Code
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Execute Read

  00401000: 53                 push        ebx
  00401001: 83 EC 38           sub         esp,38h
  00401004: A1 40 E1 4B 00     mov         eax,dword ptr ds:[004BE140h]
.
.
.

  同时使用/ALL 和/RAWDATA:NONE,剔除rawdata,直接显示符号表:

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /all  /RAWDATA:NONE  main.oo
.
.
.
SECTION HEADER #10
    /102 name (.debug_ranges)
     3B0 virtual size
   D9000 virtual address (004D9000 to 004D93AF)
     400 size of raw data
   CCE00 file pointer to raw data (000CCE00 to 000CD1FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
42100040 flags
         Initialized Data
         RESERVED - UNKNOWN
         Discardable
         Read Only

COFF SYMBOL TABLE
000 00000011 DEBUG  notype       Filename     | .file
    crt1.c
002 00000000 SECT1  notype ()    Static       | ___mingw_CRTStartup
    tag index 00000000 size 00000000 lines 00000000 next function 00000000
004 00000110 SECT1  notype ()    Static       | __gnu_exception_handler@4
005 00000280 SECT1  notype ()    External     | _mainCRTStartup
.
.
.

  This option displays minimal information about member objects in a library.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /ARCHIVEMEMBERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  Display CLR-specific information.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /CLRHEADER main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  Dumps the names of the DLLs from which the image imports functions. You can use the list to determine which DLLs to redistribute with your app, or find the name of a missing dependency.
  dump出文件引用的dll文件名。

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /DEPENDENTS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Image has the following dependencies:

    KERNEL32.dll
    msvcrt.dll
    msvcrt.dll

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  This option dumps the compiler-generated .drective section of an image.
  dump出编译器生成的.drective

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /DIRECTIVES main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  Print the disassembly of code sections in the DUMPBIN output.
  直接输出反汇编代码:

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /DISASM main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  00401000: 53                 push        ebx
  00401001: 83 EC 38           sub         esp,38h
  00401004: A1 40 E1 4B 00     mov         eax,dword ptr ds:[004BE140h]
  00401009: 85 C0              test        eax,eax
  0040100B: 74 1C              je          00401029

  If dumpbin.exe fails at runtime, you can use /ERRORREPORT to send information to Microsoft about these internal errors.

  This option displays all definitions exported from an executable file or DLL.
  从DLL文件中export出定义:

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /EXPORTS msdis170.dll
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file msdis170.dll

File Type: DLL

  Section contains the following exports for msdis170.dll

    00000000 characteristics
    4B144B0F time date stamp Tue Dec 01 06:45:35 2009
        0.00 version
           1 ordinal base
          15 number of functions
          15 number of names

    ordinal hint RVA      name

          1    0 00001050 ?Addr@DIS@@QEBA_KXZ
          2    1 00001070 ?CchFormatAddr@DIS@@QEBA_K_KPEA_W0@Z
          3    2 00001120 ?CchFormatInstr@DIS@@QEBA_KPEA_W_K@Z
          4    3 000011C0 ?Dist@DIS@@QEBA?AW4DIST@1@XZ
          5    4 000012E0 ?PdisNew@DIS@@SAPEAV1@W4DIST@1@@Z
          6    5 00001480 ?PfncchaddrSet@DIS@@QEAAP6A_KPEBV1@_KPEA_W1PEA_K@ZP6A_K01213@Z@Z
          7    6 00001490 ?PfncchfixupSet@DIS@@QEAAP6A_KPEBV1@_K1PEA_W1PEA_K@ZP6A_K011213@Z@Z
          8    7 000014B0 ?PfncchregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@PEA_W_K@ZP6A_K0123@Z@Z
          9    8 000014A0 ?PfncchregrelSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@KPEA_W_KPEAK@ZP6A_K01K234@Z@Z
         10    9 000014C0 ?PfndwgetregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@@ZP6A_K01@Z@Z
         11    A 000014D0 ?PvClient@DIS@@QEBAPEAXXZ
         12    B 000014E0 ?PvClientSet@DIS@@QEAAPEAXPEAX@Z
         13    C 000231B0 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@PEA_W_K@Z
         14    D 00023140 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@XZ
         15    E 000014F0 ?SetAddr64@DIS@@QEAAX_N@Z

  Summary

        4000 .data
        2000 .pdata
       59000 .rdata
        8000 .reloc
        1000 .rsrc
       31000 .text

  This option displays frame pointer optimization (FPO) records.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /FPO main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  This option displays the file header and the header for each section. When used with a library, it displays the header for each member object.
  dump出文件的header和section的header。

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /HEADERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
             14C machine (x86)
              10 number of sections
               0 time date stamp Thu Jan 01 08:00:00 1970
           CD200 file pointer to symbol table
            3A0C number of symbols
              E0 size of optional header
             107 characteristics
                   Relocations stripped
                   Executable
                   Line numbers stripped
                   32 bit word machine

OPTIONAL HEADER VALUES
             10B magic # (PE32)
            2.24 linker version
           B6C00 size of code
           C3C00 size of initialized data
            2400 size of uninitialized data
            1280 entry point (00401280)
            1000 base of code
           B8000 base of data
          400000 image base (00400000 to 004D9FFF)
            1000 section alignment
             200 file alignment
            4.00 operating system version
            1.00 image version
            4.00 subsystem version
               0 Win32 version
           DA000 size of image
             400 size of headers
          183740 checksum
               3 subsystem (Windows CUI)
               0 DLL characteristics
          200000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
           C9000 [     D78] RVA [size] of Import Directory
               0 [       0] RVA [size] of Resource Directory
               0 [       0] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
               0 [       0] RVA [size] of Base Relocation Directory
               0 [       0] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
           CB004 [      18] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
           C9250 [     200] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory


SECTION HEADER #1
   .text name
   B6BA0 virtual size
    1000 virtual address (00401000 to 004B7B9F)
   B6C00 size of raw data
     400 file pointer to raw data (00000400 to 000B6FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60500060 flags
         Code
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Execute Read
.
.
.

  /IMPORTS[:file]
  This option displays the list of DLLs (both statically linked and delay loaded) that are imported to an executable file or DLL and all the individual imports from each of these DLLs.
  把执行文件引入的DLL的内容list出来。

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /IMPORTS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Section contains the following imports:

    KERNEL32.dll
                4C9250 Import Address Table
                4C9050 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                    3 AddAtomA
                   52 CloseHandle
                   81 CreateEventA
                   9A CreateMutexA
                   A9 CreateSemaphoreA
                   CF DeleteCriticalSection
                   E6 DuplicateHandle
                   EC EnterCriticalSection
                  117 ExitProcess
                  12A FindAtomA
                  16B GetAtomNameA
                  1BE GetCurrentProcess
                  1C2 GetCurrentThread
                  1C3 GetCurrentThreadId
                  1FB GetHandleInformation
                  1FE GetLastError
                  211 GetModuleHandleA
                  241 GetProcAddress
                  242 GetProcessAffinityMask
                  275 GetSystemTimeAsFileTime
                  282 GetThreadContext
                  28A GetThreadPriority
                  2DE InitializeCriticalSection
                  2E7 InterlockedDecrement
                  2E8 InterlockedExchange
                  2E9 InterlockedExchangeAdd
                  2EB InterlockedIncrement
                  2FB IsDBCSLeadByteEx
                  32E LeaveCriticalSection
                  35C MultiByteToWideChar
                  3CE ReleaseMutex
                  3D2 ReleaseSemaphore
                  3E3 ResetEvent
                  3E7 ResumeThread
                  41A SetCriticalSectionSpinCount
                  429 SetEvent
                  443 SetLastError
                  44E SetProcessAffinityMask
                  461 SetThreadContext
                  469 SetThreadPriority
                  474 SetUnhandledExceptionFilter
                  480 Sleep
                  488 SuspendThread
                  493 TlsAlloc
                  495 TlsGetValue
                  496 TlsSetValue
                  49C TryEnterCriticalSection
                  4BD VirtualProtect
                  4BF VirtualQuery
                  4C5 WaitForMultipleObjects
                  4C7 WaitForSingleObject
                  4DF WideCharToMultiByte

    msvcrt.dll
                4C9324 Import Address Table
                4C9124 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                   17 _fdopen
                   40 _read
                   6D _write

    msvcrt.dll
                4C9334 Import Address Table
                4C9134 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                   37 __getmainargs
                   41 __mb_cur_max
                   4D __p__environ
                   4F __p__fmode
                   63 __set_app_type
                   8F _beginthreadex
                   93 _cexit
                   B3 _endthreadex
                   B6 _errno
                   CB _filelengthi64
                   E0 _fstati64
                  10A _iob
                  13D _lseeki64
                  17F _onexit
                  1A6 _setjmp
                  1AA _setmode
                  247 abort
                  24E atexit
                  250 atoi
                  253 calloc
                  25C exit
                  25F fclose
                  262 fflush
                  264 fgetpos
                  26A fopen
                  26B fprintf
                  26C fputc
                  26D fputs
                  270 fread
                  271 free
                  276 fsetpos
                  279 fwrite
                  27B getc
                  27D getenv
                  27F getwc
                  292 iswctype
                  29F localeconv
                  2A3 longjmp
                  2A4 malloc
                  2A8 memchr
                  2A9 memcmp
                  2AA memcpy
                  2AB memmove
                  2AC memset
                  2B1 printf
                  2B2 putc
                  2B5 putwc
                  2BA realloc
                  2C0 setlocale
                  2C1 setvbuf
                  2C2 signal
                  2C5 sprintf
                  2CA strchr
                  2CB strcmp
                  2CC strcoll
                  2CF strerror
                  2D0 strftime
                  2D1 strlen
                  2D9 strtod
                  2DC strtoul
                  2DD strxfrm
                  2E8 towlower
                  2E9 towupper
                  2EA ungetc
                  2EB ungetwc
                  2EC vfprintf
                  2F5 wcscoll
                  2F8 wcsftime
                  2F9 wcslen
                  306 wcsxfrm

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  指定某个DLL文件:

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /IMPORTS:KERNEL32.dll main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Section contains the following imports:

    KERNEL32.dll
                4C9250 Import Address Table
                4C9050 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

                    3 AddAtomA
                   52 CloseHandle
                   81 CreateEventA
                   9A CreateMutexA
                   A9 CreateSemaphoreA
                   CF DeleteCriticalSection
                   E6 DuplicateHandle
                   EC EnterCriticalSection
                  117 ExitProcess
                  12A FindAtomA
                  16B GetAtomNameA
                  1BE GetCurrentProcess
                  1C2 GetCurrentThread
                  1C3 GetCurrentThreadId
                  1FB GetHandleInformation
                  1FE GetLastError
                  211 GetModuleHandleA
                  241 GetProcAddress
                  242 GetProcessAffinityMask
                  275 GetSystemTimeAsFileTime
                  282 GetThreadContext
                  28A GetThreadPriority
                  2DE InitializeCriticalSection
                  2E7 InterlockedDecrement
                  2E8 InterlockedExchange
                  2E9 InterlockedExchangeAdd
                  2EB InterlockedIncrement
                  2FB IsDBCSLeadByteEx
                  32E LeaveCriticalSection
                  35C MultiByteToWideChar
                  3CE ReleaseMutex
                  3D2 ReleaseSemaphore
                  3E3 ResetEvent
                  3E7 ResumeThread
                  41A SetCriticalSectionSpinCount
                  429 SetEvent
                  443 SetLastError
                  44E SetProcessAffinityMask
                  461 SetThreadContext
                  469 SetThreadPriority
                  474 SetUnhandledExceptionFilter
                  480 Sleep
                  488 SuspendThread
                  493 TlsAlloc
                  495 TlsGetValue
                  496 TlsSetValue
                  49C TryEnterCriticalSection
                  4BD VirtualProtect
                  4BF VirtualQuery
                  4C5 WaitForMultipleObjects
                  4C7 WaitForSingleObject
                  4DF WideCharToMultiByte

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  This option displays COFF line numbers. Line numbers exist in an object file if it was compiled with Program Database (/Zi), C7 Compatible (/Z7), or Line Numbers Only (/Zd). An executable file or DLL contains COFF line numbers if it was linked with Generate Debug Info (/DEBUG).

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /LINENUMBERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  /LINKERMEMBER[:{1|2}]
  This option displays public symbols defined in a library. Specify the 1 argument to display symbols in object order, along with their offsets. Specify the 2 argument to display offsets and index numbers of objects, and then list the symbols in alphabetical order, along with the object index for each. To get both outputs, specify /LINKERMEMBER without the number argument.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /LINKERMEMBER main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  This option dumps the IMAGE_LOAD_CONFIG_DIRECTORY structure, an optional structure that is used by the Windows NT loader and defined in WINNT.H.
  输出略。与上列出相同,无特殊。

  Tells DUMPBIN not to load and search program database (PDB) files for symbol information.
  By default, DUMPBIN attempts to load PDB files for its target object files, libraries, or executables. DUMPBIN uses this information to match addresses to symbol names. The process can be time-consuming if the PDB files are large, or must be loaded from a remote server. The /NOPDB option tells DUMPBIN to skip this step. It only prints the addresses and symbol information available in the object file, library, or executable.
  To set the /NOPDB linker option in Visual Studio
  1. Open the Property Pages dialog box for the project. For more information, see Set C++ compiler and build properties in Visual Studio.
  2. Select the Configuration Properties > Linker > Command Line property page.
  3. In the Additional options box, add the /NOPDB option. Choose OK or Apply to save your changes.
  To set this linker option programmatically
  * This option doesn't have a programmatic equivalent.
  未清楚。

  /OUT:filename
  This option specifies a filename for the output. By default, DUMPBIN displays the information to standard output.
  输出重定向。

  RISC processors only.
  This option dumps the exception tables (.pdata) from an image or object.
  未清楚。

  /PDBPATH[:VERBOSE] filename
   :Parameters
   filename
   The name of the .dll or .exe file for which you want to find the matching .pdb file.
   :VERBOSE
   (Optional) Reports all directories where an attempt was made to locate the .pdb file.
  /PDBPATH will search your computer along the same paths that the debugger would search for a .pdb file and will report which, if any, .pdb files correspond to the file specified in filename.
  When using the Visual Studio debugger, you may experience a problem due to the fact that the debugger is using a .pdb file for a different version of the file you are debugging.
  /PDBPATH will search for .pdb files along the following paths:
  Check the location where the executable resides.
  Check the location of the PDB written into the executable. This is usually the location at the time the image was linked.
  Check along the search path configured in the Visual Studio IDE.
  Check along the paths in the _NT_SYMBOL_PATH and _NT_ALT_SYMBOL_PATH environment variables.
  Check in the Windows directory.
  未清楚。

  /RANGE:vaMin[,vaMax]
  Modifies the output of dumpbin when used with other dumpbin options, such as /RAWDATA or /DISASM.

  vaMin
  The virtual address at which you want the dumpbin operation to begin.
  vaMax
  (Optional) The virtual address at which you want the dumpbin operation to end. If not specified, dumpbin will go to the end of the file.

  To see the virtual addresses for an image, use the map file for the image (RVA + Base), the /DISASM or /HEADERS option of dumpbin, or the disassembly window in the Visual Studio debugger.
  样例说明:在使用 /RAWDATA 或 /DISASM的时候指定地址范围进行dump。

dumpbin /disasm /range:4219334,0x004061CD t.exe
说明:从10进制的4219334输出到16进制的0x004061CD
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA /RANGE:0x00402EF0,0x00403200 main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

RAW DATA #1
  00402EF0: 8B 44 24 48 89 04 24 E8 A4 64 00 00 89 C2 83 EC  .D$H..$è¤d...Â.ì
  00402F00: 04 B8 06 00 00 00 84 D2 75 C3 E9 58 FF FF FF 90  .¸.....ÒuÃéXÿÿÿ.
  00402F10: 55 57 56 53 89 CE 83 EC 3C 8B 44 24 54 8B 7C 24  UWVS.Î.ì<.D$T.|$
  00402F20: 58 89 4C 24 1C 89 44 24 04 8B 44 24 50 89 7C 24  X.L$..D$..D$P.|$
  00402F30: 08 89 04 24 E8 D7 FD FF FF 83 EC 0C 84 C0 89 C2  ...$è×ýÿÿ.ì..À.Â
  00402F40: 0F 85 56 01 00 00 8B 47 08 A8 10 89 44 24 14 0F  ..V....G.¨..D$..
  00402F50: 85 C0 01 00 00 8B 44 24 1C 89 7C 24 58 8B 68 0C  .À....D$..|$X.h.
  00402F60: 8D 74 E8 08 8B 44 24 14 83 E0 01 89 44 24 18 E9  .tè..D$..à..D$.é
  00402F70: 98 00 00 00 89 D8 C1 F8 08 85 D2 74 08 8B 7C 24  .....ØÁø..Òt..|$
  00402F80: 54 03 07 8B 00 03 44 24 54 8B 0E 8D 7C 24 20 8B  T.....D$T...|$ .
  00402F90: 11 89 44 24 04 8B 44 24 50 89 7C 24 08 89 04 24  ..D$..D$P.|$...$
  00402FA0: FF 52 18 83 EC 0C 84 C0 89 C2 74 5A 83 7C 24 2C  ÿR..ì..À.ÂtZ.|$,
  00402FB0: 08 75 0D 83 E3 01 74 08 8B 06 89 44 24 2C 66 90  .u..ã.t....D$,f.
  00402FC0: 8B 44 24 24 83 F8 03 7E 0F 8B 4C 24 10 85 C9 75  .D$$.ø.~..L$..Éu
  00402FD0: 07 83 E0 FD 89 44 24 24 8B 44 24 58 8B 58 0C 85  ..àý.D$$.D$X.X..
  00402FE0: DB 74 7F 8B 44 24 58 8B 00 3B 44 24 20 0F 85 53  Ût..D$X..;D$ ..S
  00402FF0: 01 00 00 85 C0 0F 84 B5 00 00 00 8B 7C 24 58 8B  ....À..µ....|$X.
  00403000: 44 24 24 09 47 04 83 ED 01 83 EE 08 85 ED 0F 84  D$$.G..í..î..í..
  00403010: 0D 01 00 00 8B 44 24 14 8B 5E 04 C7 44 24 20 00  .....D$..^.ÇD$ .
  00403020: 00 00 00 C7 44 24 24 00 00 00 00 C7 44 24 2C 00  ...ÇD$$....ÇD$,.
  00403030: 00 00 00 89 44 24 28 89 DA 89 D8 83 E2 01 83 E0  ....D$(.Ú.Ø.â..à
  00403040: 02 89 44 24 10 75 08 8B 44 24 18 85 C0 74 B7 8B  ..D$.u..D$..Àt·.
  00403050: 7C 24 54 85 FF 0F 85 19 FF FF FF 31 C0 E9 27 FF  |$T.ÿ...ÿÿÿ1Àé'ÿ
  00403060: FF FF 8B 4C 24 58 8B 44 24 20 8B 7C 24 58 89 01  ÿÿ.L$X.D$ .|$X..
  00403070: 8B 44 24 24 89 41 04 8B 4C 24 28 83 F8 03 89 4F  .D$$.A..L$(.ø..O
  00403080: 08 8B 4C 24 2C 89 4F 0C 7E 12 A8 02 74 73 8B 44  ..L$,.O.~.¨.ts.D
  00403090: 24 1C F6 40 08 01 0F 85 6A FF FF FF 83 C4 3C 89  $.ö@....jÿÿÿ.Ä<.
  004030A0: D0 5B 5E 5F 5D C2 0C 00 90 8D B4 26 00 00 00 00  Ð[^_]Â....´&....
  004030B0: 8B 4C 24 2C 83 F9 08 0F 84 83 00 00 00 83 FB 08  .L$,.ù........û.
  004030C0: 74 7E 89 1C 24 88 54 24 10 E8 D2 62 00 00 83 EC  t~..$.T$.èÒb...ì
  004030D0: 04 84 C0 75 1C 0F B6 54 24 10 8B 7C 24 58 C7 47  ..Àu..¶T$..|$XÇG
  004030E0: 04 02 00 00 00 83 C4 3C 89 D0 5B 5E 5F 5D C2 0C  ......Ä<.Ð[^_]Â.
  004030F0: 00 8B 4C 24 58 8B 44 24 24 09 41 04 E9 05 FF FF  ..L$X.D$$.A.é.ÿÿ
  00403100: FF A8 01 74 97 8B 44 24 1C F6 40 08 02 0F 85 F3  ÿ¨.t..D$.ö@....ó
  00403110: FE FF FF EB 87 8B 46 08 89 44 24 14 E9 34 FE FF  þÿÿë..F..D$.é4þÿ
  00403120: FF 8B 7C 24 58 8B 47 04 85 C0 0F 95 C2 83 C4 3C  ÿ.|$X.G..À..Â.Ä<
  00403130: 5B 89 D0 5E 5F 5D C2 0C 00 8D B4 26 00 00 00 00  [.Ð^_]Â...´&....
  00403140: 8B 7C 24 58 EB 98 8B 7C 24 58 C7 07 00 00 00 00  .|$Xë..|$XÇ.....
  00403150: C7 47 04 02 00 00 00 E9 40 FF FF FF 8D 74 26 00  ÇG.....é@ÿÿÿ.t&.
  00403160: 55 57 56 53 83 EC 6C 8B AC 24 98 00 00 00 89 4C  UWVS.ìl.¬$.....L
  00403170: 24 30 F6 45 10 10 74 06 8B 41 08 89 45 10 8B 84  $0öE..t..A..E...
  00403180: 24 94 00 00 00 39 84 24 8C 00 00 00 0F 84 0E 05  $....9.$........
  00403190: 00 00 8B 84 24 88 00 00 00 8B 4C 24 30 89 04 24  ....$.....L$0..$
  004031A0: E8 FB 61 00 00 83 EC 04 84 C0 88 44 24 3A 0F 85  èûa...ì..À.D$:..
  004031B0: 3C 02 00 00 8B 84 24 80 00 00 00 8B 94 24 94 00  <.....$......$..
  004031C0: 00 00 2B 94 24 80 00 00 00 C6 44 24 38 00 C6 44  ..+.$....ÆD$8.ÆD
  004031D0: 24 3B 00 C6 44 24 39 01 85 C0 B8 00 00 00 00 0F  $;.ÆD$9..À¸.....
  004031E0: 49 C2 89 44 24 2C 8B 84 24 84 00 00 00 83 C8 01  IÂ.D$,..$.....È.
  004031F0: 89 44 24 34 8B 7C 24 30 8B 47 0C 8D 7C C7 0C 89  .D$4.|$0.G..|Ç..
  00403200: 44                                               D

  Summary

       B7000 .text

  /RAWDATA[:{1|2|4|8|NONE[,number]]

  This option displays the raw contents of each section in the file. The arguments control the format of the display, as shown below:

| Argument | Result                                                       |
| 1        | The default. Contents are displayed in hexadecimal bytes, and also as ASCII characters if they have a printed representation. |
| 2        | Contents are displayed as hexadecimal 2-byte values.         |
| 4        | Contents are displayed as hexadecimal 4-byte values.         |
| 8        | Contents are displayed as hexadecimal 8-byte values.         |
| NONE     | Raw data is suppressed. This argument is useful to control the output of /ALL. |
| *Number* | Displayed lines are set to a width that holds `number` values per line. |
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:1 main.oo
RAW DATA #1
  00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24  S.ì8¡@áK..Àt.ÇD$

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:2 main.oo
RAW DATA #1
  00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444  S.ì8¡@áK..Àt.ÇD$

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:4 main.oo
RAW DATA #1
  00401000: 38EC8353 4BE140A1 74C08500 2444C71C  S.ì8¡@áK..Àt.ÇD$

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:8 main.oo
RAW DATA #1
  00401000: 4BE140A138EC8353 2444C71C74C08500   S.ì8¡@áK..Àt.ÇD$

  指定输出的宽度:

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:,8 main.oo
RAW DATA #1
  00401000: 53 83 EC 38 A1 40 E1 4B

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:2,8 main.oo
RAW DATA #1
  00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444

  This option displays any relocations in the object or image.
  未清楚。

  /SECTION:section
  This option restricts the output to information on the specified section. Use the /HEADERS option to get a list of sections in the file.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /SECTION:.text main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

SECTION HEADER #1
   .text name
   B6BA0 virtual size
    1000 virtual address (00401000 to 004B7B9F)
   B6C00 size of raw data
     400 file pointer to raw data (00000400 to 000B6FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60500060 flags
         Code
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Execute Read

  Summary

       B7000 .text

  This option displays minimal information about sections, including total size. This option is the default if no other option is specified.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /SUMMARY main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls

  This option displays the COFF symbol table. Symbol tables exist in all object files. A COFF symbol table appears in an image file only if it is linked with /DEBUG.
  The following is a description of the output for /SYMBOLS. Additional information on the meaning of /SYMBOLS output can be found by looking in winnt.h (IMAGE_SYMBOL and IMAGE_AUX_SYMBOL), or COFF documentation.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /SYMBOLS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

COFF SYMBOL TABLE
000 00000011 DEBUG  notype       Filename     | .file
    crt1.c
002 00000000 SECT1  notype ()    Static       | ___mingw_CRTStartup
    tag index 00000000 size 00000000 lines 00000000 next function 00000000
.
.
.

  Displays the IMAGE_TLS_DIRECTORY structure from an executable.
  /TLS displays the fields of the TLS structure as well as the addresses of the TLS callback functions.
  If a program does not use thread local storage, its image will not contain a TLS structure. See thread for more information.
  IMAGE_TLS_DIRECTORY is defined in winnt.h.

C:\Users\lo\Desktop\New Folder\1\1>dumpbin /TLS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file main.oo

File Type: EXECUTABLE IMAGE

  Section contains the following TLS directory:

            004CB001 Start of raw data
            004CB01C End of raw data
            004C7798 Address of index
            004CA004 Address of callbacks
                   0 Size of zero fill
            00000000 Characteristics

    TLS Callbacks

          Address
          --------
          00426B50
          00426B00
          00433440
          00000000

  Summary

        1000 .CRT
        3000 .bss
        1000 .data
        1000 .debug_abbrev
        1000 .debug_aranges
        1000 .debug_frame
        6000 .debug_info
        1000 .debug_line
        2000 .debug_loc
        1000 .debug_ranges
        1000 .debug_str
        2000 .eh_frame
        1000 .idata
        B000 .rdata
       B7000 .text
        1000 .tls



  3-1-1. 导言—用户管理—用户的分类及介绍
  3-2-1. 导言—用户管理—用户的分类及介绍

第3章节 

  3-1-1. 导言—用户管理—用户的分类及介绍
  3-2-1. 导言—用户管理—用户的分类及介绍
上一篇下一篇

猜你喜欢

热点阅读