1、先准备两个程序,一个汇编、一个C语言
在汇编中没有定义变量,因为在一个模块中不会有问题;
在C中定义了两个函数,一些局部变量,一些全局变量;
这样我们要考虑的内容都完备了。
ms.asm mc2.c
.386 int sum(int i){
.model flat int k = i;
extrn c m:near int j = 0;
public _start int s = 0;
.code for(j=1;j<=k;j++) s+=j;
_start: return s;
mov ax,cs }
mov ds,ax
call m int e = 1;
stop: int f = 2;
jmp stop int ar[6000000L];
end _start
extern void m(){
int d;
long c;
c=1;
2、分别编译成obj文件
ml /c /coff ms.asm //指定生成coff格式的obj文件
cl /c /Fomc.obj mc2.c //指定生成的obj文件名为mc.obj
link /subsystem:windows ms.obj mc.obj //这里使用32位的链接器,要设好lib路径
现在得到ms.obj mc.obj ms.exe 三个文件
3、分析一下源代码,显然程序入口点是_start(在使用/coff参数进行编译时必须有下划线),在汇编中
调用了C中的m函数,这是需要重定位的。在C中m调用了sum函数,这也是要重定位的。
4、现在利用VC6自带的dumpbin.exe工具,生成解析文件:
dumpbin /all ms.obj>msobj.txt
dumpbin /all mc.obj>mcobj.txt
dumpbin /all ms.exe>msexe.txt
现在得到三个解析文件,下面逐个分析
*******************************************************************************
*msobj.txt
*******************************************************************************
Microsoft (R) COFF Binary File Dumper Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
Dump of file ms.obj
File Type: COFF OBJECT
FILE HEADER valueS
14C machine (i386) //机器类型为386
3 number of sections //ms.obj文件有三节
41AABB57 time date stamp Mon Nov 29 14:01:59 2004
B2 file pointer to symbol table //符号表的文件偏移是 0B2H
B number of symbols //共 0BH=11 个符号
0 size of optional header
0 characteristics
//第一节的头部
SECTION HEADER #1
.text name
0 physical address
0 virtual address
D size of raw data //原始数据长度为 0DH=13 个字节
8C file pointer to raw data //其在文件内的偏移为 8Ch
9A file pointer to relocation table //其重定位表在文件内的偏移为9Ah
0 file pointer to line numbers
1 number of relocations //需重定位的项有 1 项
0 number of line numbers
60300020 flags
Code //这是一个代码段
4 byte align
Execute Read
RAW DATA #1 //这里列出了原始数据,恰好 13=0DH 个字节
00000000: 66 8C C8 66 8E D8 E8 00 00 00 00 EB FE f..f.........
|-->这是偏移7的位置,查下面的重定位表知道它需要重定位。
当前值是 00 00 00 00 ,E8代表call
RELOCATIONS #1 //这是重定位表
Symbol Symbol
Offset Type Applied To Index Name
-------- ---------------- ----------------- -------- ------
00000007 REL32 00000000 7 _m //清楚的指出_m需要重定位
\ \
\-->在原始数据内的偏移是7 \
\-->7表示_m在符号表中的索引号
//第二节的头部
SECTION HEADER #2
.data name
D physical address
0 virtual address
0 size of raw data
0 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0300040 flags
Initialized Data //这节是初始化的数据段,也就是全局变量段,
4 byte align //上面所有的项都是0,说明汇编中没有定义全局变量
Read Write //注意,汇编中定义的_start是全局标号,并不是变量!!!
//第三节的头部
SECTION HEADER #3
.drectve name
D physical address
0 virtual address
D size of raw data //原始数据共 0Dh
A4 file pointer to raw data //在obj文件中的偏移为0A4h
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
A00 flags
Info //表明这只是一个信息段,即不是数据也不是代码,
Remove //只是用来说明某种支持信息
(no align specified)
RAW DATA #3 //看一下原始数据,原来是说明程序的入口点是_start,完全正确
00000000: 2D 65 6E 74 72 79 3A 73 74 61 72 74 20 -entry:start
Linker Directives
-----------------
-entry:start
//符号表
COFF SYMBOL TABLE
000 00000000 DEBUG notype Filename | .file
ms.asm
002 001220FC ABS notype Static | @comp.id
003 00000000 SECT1 notype Static | .text
Section length D, #relocs 1, #linenums 0, checksum 0
005 00000000 SECT2 notype Static | .data
Section length 0, #relocs 0, #linenums 0, checksum 0
007 00000000 UNDEF notype () External | _m
008 00000000 SECT1 notype () External | start
009 00000000 SECT3 notype Static | .drectve
Section length D, #relocs 0, #linenums 0, checksum 0
//可以看到_m被说明为未定义(UNDEF)、外部变量(External)、是个函数 ( () )
//start定义在节1中(SECT1)、是个函数(())、可供外部使用(External)
//字符串信息为0,即不存在
String Table Size = 0x0 bytes
Summary
0 .data
D .drectve
D .text
******************************************************************************
*mc.obj
******************************************************************************
Microsoft (R) COFF Binary File Dumper Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
Dump of file mc.obj
File Type: COFF OBJECT
FILE HEADER valueS
14C machine (i386) //机器类型为386
2 number of sections //mc.obj文件有2节
41AABA2D time date stamp Mon Nov 29 13:57:01 2004
158 file pointer to symbol table //符号表的文件偏移是 158H
C number of symbols //共 0CH=12 个符号
0 size of optional header
0 characteristics
//第一节的头部
SECTION HEADER #1
.drectve name
0 physical address
0 virtual address
26 size of raw data //原始数据长充为 26H=38 个字节
64 file pointer to raw data //其在文件内的偏移为 64h
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
100A00 flags
Info //这是一个信息段
Remove
1 byte align
//第一节的原始数据
RAW DATA #1 //原来是说明默认库的信息
00000000: 2D 64 65 66 61 75 6C 74 6C 69 62 3A 4C 49 42 43 -defaultlib:LIBC
00000010: 20 2D 64 65 66 61 75 6C 74 6C 69 62 3A 4F 4C 44 -defaultlib:OLD
00000020: 4E 41 4D 45 53 20 NAMES
Linker Directives
-----------------
-defaultlib:LIBC
-defaultlib:OLDNAMES
//第二节的头部
SECTION HEADER #2
.text name
0 physical address
0 virtual address
A6 size of raw data //原始数据长充为 0A6H=166 个字节
8A file pointer to raw data //其在文件内的偏移为 8Ah
130 file pointer to relocation table //其重定位表在文件内的偏移为130h
0 file pointer to line numbers
4 number of relocations //需重定位的项有4项
0 number of line numbers
60500020 flags
Code //这是一个代码段
16 byte align //对齐方式是以16个字节的小段边缘对齐
Execute Read //该代码 可读、可执行
//这点可通过编译参数/SECTION来改变
//第二节的原始数据
//使用W32Dasm打开mc.obj文件,输入偏移地址为8Ah(见第二节的头部说明),反编译下面这段
//与汇编生成的lst文件对比,可以看出下面的数据从偏移0开始的55 8B到偏移44H的5D C3是sum
//函数的数据。紧跟其后直至最后的是函数 m 的代码
//这里可以看出,32位编译器把所有的代码按它们在源代码中出现的顺序“堆积”在obj文件中
RAW DATA #2
00000000: 55 8B EC 83 EC 0C 8B 45 08 89 45 F4 C7 45 F8 00 U......E..E..E..
00000010: 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 01 00 00 ....E......E....
00000020: 00 EB 09 8B 4D F8 83 C1 01 89 4D F8 8B 55 F8 3B ....M.....M..U.;
00000030: 55 F4 7F 0B 8B 45 FC 03 45 F8 89 45 FC EB E4 8B U....E..E..E....
00000040: 45 FC 8B E5 5D C3 55 8B EC 83 EC 08 C7 45 FC 01 E...].U......E..
00000050: 00 00 00 C7 45 F8 01 00 00 00 C7 05 00 00 00 00 ....E...........
00000060: 01 00 00 00 C7 05 00 00 00 00 01 00 00 00 6A 05 ..............j.
00000070: E8 00 00 00 00 83 C4 04 C7 45 FC 00 00 00 00 EB .........E......
00000080: 09 8B 45 FC 83 C0 01 89 45 FC 81 7D FC 80 5B ..E.....E..}.?[
00000090: 00 7D 0F 8B 4D FC 8B 55 FC 89 14 00 00 00 00 .}..M..U........
000000A0: EB DF 8B E5 5D C3 ....].
//第二节的重定位表
RELOCATIONS #2
Symbol Symbol
Offset Type Applied To Index Name
-------- ---------------- ----------------- -------- ------
0000005C DIR32 00000000 7 _e
00000066 DIR32 00000000 6 _f
00000071 REL32 00000000 A _sum
0000009C DIR32 00000000 5 _ar
//可以看到_sum要重定位,所有的全局变量也要重定位,它们各自在上面原始数据中的位置都正确的记录着
COFF SYMBOL TABLE
000 00000000 DEBUG notype Filename | .file
mc2.c
002 000A1FE8 ABS notype Static | @comp.id
003 00000000 SECT1 notype Static | .drectve
Section length 26, #relocs 0, #linenums 0, checksum 0
005 016E3600 UNDEF notype External | _ar
006 00000004 UNDEF notype External | _f
007 00000004 UNDEF notype External | _e
008 00000000 SECT2 notype Static | .text
Section length A6, #relocs 4, #linenums 0, checksum DB3BC338
00A 00000000 SECT2 notype () External | _sum
00B 00000046 SECT2 notype () External | _m
String Table Size = 0x0 bytes
Summary
26 .drectve
A6 .text
*******************************************************************************
*ms.exe
*******************************************************************************
Microsoft (R) COFF Binary File Dumper Version 5.12.8078
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
//因为ms.exe实际上是一个可执行文件了,这里的结构就是Windows的PE头结构
Dump of file ms.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER valueS
14C machine (i386) //机器类型为386
2 number of sections //ms.exe文件有2节
41AABAC2 time date stamp Mon Nov 29 13:59:30 2004
0 file pointer to symbol table
0 number of symbols
E0 size of optional header //这里有个可选头
10F characteristics
Relocations stripped
Executable
Line numbers stripped
Symbols stripped
32 bit word machine
OPTIONAL HEADER valueS //可选头说明程序的基本情况,告诉操作系统如何加载它
10B magic #
6.00 linker version
1000 size of code
16E4000 size of initialized data //初始化数据大小,也就是为全局变量分配的空间
0 size of uninitialized data
1000 RVA of entry point //入口点在文件中的偏移,打开ms.exe,查看一下1000h处,呵呵,确实是汇编部分的代码
1000 base of code //代码段在文件内的偏移
2000 base of data //数据段在文件内的偏移
400000 image base //告诉操作系统将程序到内存线性地址时,应以止为基址
1000 section alignment //段对齐方式
1000 file alignment //文件对齐方式
4.00 operating system version
0.00 image version
4.00 subsystem version
0 Win32 version
16E6000 size of image //文件镜像大小
1000 size of headers //PE头大小,说明真正的文件内容从1000h开始,与前面的各处吻合
0 checksum
2 subsystem (Windows GUI)
0 DLL characteristics
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
0 [ 0] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Special Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
0 [ 0] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of Reserved Directory
0 [ 0] RVA [size] of Reserved Directory
//第一节的头部
SECTION HEADER #1
.text name
B6 virtual size
1000 virtual address
1000 size of raw data
1000 file pointer to raw data //在文件内的偏移是 1000h
0 file pointer to relocation table //可执行文件无重定位表
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code //这是代码段
Execute Read
//原始数据
//对照lst文件可知,从偏移0开始的66 8C到偏移0Ch的FE结束的是ms.asm编译的结果,后面
//3 个字节的CC CC CC,是以16字节小段对齐的结果,在正常情况下,不可能执行
//到这3个字节。
//从偏移10h开始的55 8B到54h的5D C3是sum()编译的结果,56h开始到结束是m()编译的结果。
//下面看一下应该重定位的项当前的值:
RAW DATA #1
00401000: 66 8C C8 66 8E D8 E8 4B 00 00 00 EB FE CC CC CC f..f...K........
00401010: 55 8B EC 83 EC 0C 8B 45 08 89 45 F4 C7 45 F8 00 U......E..E..E..
00401020: 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 01 00 00 ....E......E....
00401030: 00 EB 09 8B 4D F8 83 C1 01 89 4D F8 8B 55 F8 3B ....M.....M..U.;
00401040: 55 F4 7F 0B 8B 45 FC 03 45 F8 89 45 FC EB E4 8B U....E..E..E....
00401050: 45 FC 8B E5 5D C3 55 8B EC 83 EC 08 C7 45 FC 01 E...].U......E..
00401060: 00 00 00 C7 45 F8 01 00 00 00 C7 05 00 20 40 00 ....E........ @.
00401070: 01 00 00 00 C7 05 04 20 40 00 01 00 00 00 6A 05 ....... @.....j.
00401080: E8 8B FF FF FF 83 C4 04 C7 45 FC 00 00 00 00 EB .........E......
00401090: 09 8B 45 FC 83 C0 01 89 45 FC 81 7D FC 80 5B ..E.....E..}.?[
004010A0: 00 7D 0F 8B 4D FC 8B 55 FC 89 14 20 20 40 00 .}..M..U.... @.
004010B0: EB DF 8B E5 5D C3 ....].
//下面为了分析,对上面的代码进行了多次拷贝
//1、对照msobj.txt的重定位指示
//00000007 REL32 ... _m -->这是msobj.txt中的重定位指示
/ 现在它是00 00 00 4B,计算一下:m()开始于56H,
/ EB 4B 00 00 00是call 4B的意思,它的下一条指令
/ 开始于0Bh处,所以call _m转换计算如下:
/ 56H - 0BH = 4Bh 即为call 4B完全正确!!!
/
RAW DATA #1 / /-->这里的偏移是0BH
00401000: 66 8C C8 66 8E D8 E8 4B 00 00 00 EB FE CC CC CC f..f...K........
00401010: 55 8B EC 83 EC 0C 8B 45 08 89 45 F4 C7 45 F8 00 U......E..E..E..
00401020: 00 00 00 C7 45 FC 00 00 00 00 C7 45 F8 01 00 00 ....E......E....
00401030: 00 EB 09 8B 4D F8 83 C1 01 89 4D F8 8B 55 F8 3B ....M.....M..U.;
00401040: 55 F4 7F 0B 8B 45 FC 03 45 F8 89 45 FC EB E4 8B U....E..E..E....
00401050: 45 FC 8B E5 5D C3 55 8B------------55 是m()的开始,该处偏移是56H
//2、对照mcobj.txt的重定位指示
//0000005C DIR32 00000000 7 _e
//00000066 DIR32 00000000 6 _f
//00000071 REL32 00000000 A _sum
//0000009C DIR32 00000000 5 _ar
//因为mc2.c中代码编译结果在ms.exe的代码段中是从偏移10H处开始的,所以上面的重定位偏移相应
//的都要加上10H成为 6CH 76H 81H ACH
//先看三个与数据段有关的重定位
-->偏移 6CH处现为00 20 40 00,即地址402000H
/ C7 05 00 20 40 00 01 00 00 00 = mov [402000H],1
/ 也就是C程序中的 e = 1 ,其中的e是一个全局变量
/ 注意这里用了绝对地址402000H,这意味着如果代码段不是初始化在
/ 402000H处的话,程序将出错!!!!!!!!
//a、00401060: .... C7 05 00 20 40 00
// 00401070: 01 00 00 00
//b、00401074: C7 05 04 20 40 00 01 00 00 00 //mov word prt [402000H],1
//c、004010A9: 89 14 20 20 40 00 //movDWORD PTR [402020][ecx*4], edx
//b、 c同a ,如果数据段的加载地址不是402000H时将出错
//再看一下与函数sum()相关的重定位
//00401080: E8 8B FF FF FF //call FF FF FF 8B
//我们知道FF FF FF 8B其实就是-75H的补码表示法,好,算一下
//call FF FF FF 8B的下一条指令开始于85H
//85H + (-75H)= 10 H
//从前面的分析已经看到,sum()开始于10H,所以这里就是call _sum
//完全正确,因为是相对位置,所以无论代码段初始化在什么地方都不会出错
SECTION HEADER #2
.data name
16E3620 virtual size
2000 virtual address
1000 size of raw data //原始数据大小为1000H=4096字节
2000 file pointer to raw data //开始于文件偏移2000H处
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data //初始化的数据段
Read Write
/-->int e = 1;
/
/ /-->int f = 2;
/ /
/ /
/ / /-->int ar[6000000L];这里很大的空间
RAW DATA #2 / / /
00402000: 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
00402010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004020A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004020B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004020C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004020D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004020E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004020F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004021A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004021B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004021C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004021D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004021E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004021F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402250: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004022A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004022B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004022C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004022D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004022E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004022F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402350: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004023A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004023B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004023C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004023D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004023E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004023F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004024A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004024B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004024C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004024D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004024E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004024F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402590: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004025A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004025B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004025C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004025D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004025E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004025F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004026A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004026B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004026C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004026D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004026E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004026F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004027A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004027B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004027C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004027D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004027E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004027F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004028A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004028B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004028C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004028D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004028E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004028F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402990: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004029A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004029B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004029C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004029D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004029E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004029F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402A90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402AA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402AB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402AC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402AD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402AE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402AF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402B90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402BA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402BB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402BC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402BD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402BE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402BF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402C90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402CA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402CB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402CC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402CD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402CE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402CF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402D90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402DA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402DB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402DC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402DD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402DE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402DF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402E90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402EA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402EB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402EC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402ED0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402EE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402EF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402F90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402FA0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402FB0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402FC0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402FD0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402FE0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00402FF0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Summary
16E4000 .data
1000 .text
5、结论:
因为在32位程序中,寻址范围多达32G,因此几乎所有编译器在链接时都是
将各个模块中的所有可执行代码集中到最后可执行文件中的一个单一的模块中,
所有的Call、jmp都成为段内间接转移,因为现在的转移范围可以高达32G,没有
跳不到的地方!!!这时指令中的地址是相对地址,无论代码加载到哪都不会错,
因此在开发操作系统时,当操作系统已经进入到保护模式之后就可以大胆使用这
些开发工具进行开发,产生的代码相互之间的关系不会有任何问题。
同时,编译器会自动将各模块中的所有数据组织到一个单一的初始化数据段中,
并且在处理与数据相关的重定位时,会将地址填写为“预计”的内存位置,因为我们
开发的操作系统运行时基本上不太可能将数据段恰好加载在正确的位置,因此这里
会产生错误,要注意一点,数据段在文件中总是被放在代码段的后面。
解决的办法,用MicroSoft的32位链接器时可以用/BASE参数,指定程序将在内
存中的加载位置,步骤如下:
i、操作系统的开发者先计划好这段代码应加载到内存的什么位置,假设起始地址
是loadBase.
ii、链接使用
link .... /BASE:loadBase ....
iii、删除掉无用的文件头,现在你的程序应该可以被直接载入内存中并正确的运行了
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
不敢乱用C和汇编混合了
