问题
I'm trying to generate an executable in PE format - Windows 7, 64 bit, initially a minimal file for testing purposes that does nothing more than
mov eax, 42
ret
I've got one that dumpbin seems happy with and contains apparently valid values for all the fields the various sources I can find say are actually used, but when I try to run it, Windows says 'not a valid Win32 application'. dumpbin output follows; can anyone see from this what I'm missing?
Dump of file a.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
8664 machine (x64)
1 number of sections
0 time date stamp Thu Jan 01 00:00:00 1970
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
22 characteristics
Executable
Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES
20B magic # (PE32+)
2.05 linker version
0 size of code
0 size of initialized data
0 size of uninitialized data
1000 entry point (0000000140001000)
0 base of code
140000000 image base (0000000140000000 to 0000000140000FFF)
1000 section alignment
200 file alignment
0.00 operating system version
0.00 image version
4.00 subsystem version
0 Win32 version
1000 size of image
200 size of headers
0 checksum
3 subsystem (Windows CUI)
8100 DLL characteristics
NX compatible
Terminal Server Aware
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
0 [ 0] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
0 [ 0] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
6 virtual size
1000 virtual address (0000000140001000 to 0000000140001005)
200 size of raw data
200 file pointer to raw data (00000200 to 000003FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
RAW DATA #1
0000000140001000: B8 2A 00 00 00 C3 ©*...+
Summary
1000 .text
回答1:
Your "size of image" covers only the header area; the .text section and the entry point lies outside of it. Set it to at least 1006 and the file should work.
How I found it:
Made a minimal C program:
int entry() { return 42; }
Compiled it without libraries and with custom entry:
cl test.cpp /link /nodefaultlib /entry:entry /subsystem:console
Started editing the header to match your listing, and run the exe after each change. Once I changed the SizeOfImage to 1000, I got the "not a valid Win32 application" message.
回答2:
I can't tell by looking at your dumpbin output but there's an excellent utility, CFF Explorer that you can use to inspect pretty much every detail of PE files. It's interactive and shows the various tables and you can also edit most of the values on the fly to experiment with it.
I found it easier in the past to compare values to the PE specs in CFF Explorer than using dumpbin.
来源:https://stackoverflow.com/questions/21585549/pe-file-whats-missing