能力值:
( LV2,RANK:10 )
|
-
-
2 楼
应该怎么改,就能规范了?有知道吗?说一说,谢谢!
|
能力值:
![]()
(RANK:990 )
|
-
-
3 楼
你这个是 Delphi 这一类的程序吧?找个相同编译器的未加壳的程序看一下各个区段名就知道了。下面是我以前收集的一些编译器各个区段的参数,你可以参考一下:
一、Visual C++
01 .text
特征值: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
02 .rdata
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
03 .data
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
04 .rsrc
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
------------------------------------------------------------------------------------------------------------------------
二、MASM32
01 .text
特征值: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
02 .rdata
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
03 .data
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
04 .rsrc
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
------------------------------------------------------------------------------------------------------------------------
三、C++ Builder
01 .text
特征值: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
02 .data
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
03 .tls
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
04 .rdata
特征值: 50000040h
INITIALIZED_DATA SHARED READ ALIGN_DEFAULT(16)
05 .idata
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
06 .edata
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
07 .rsrc
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
08 .reloc
特征值: 50000040h
INITIALIZED_DATA SHARED READ ALIGN_DEFAULT(16)
------------------------------------------------------------------------------------------------------------------------
四、Delphi 7 以下
01 CODE
特征值: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
02 DATA
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
03 BSS
特征值: C0000000h
READ WRITE ALIGN_DEFAULT(16)
04 .idata
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
05 .tls
特征值: C0000000h
READ WRITE ALIGN_DEFAULT(16)
06 .rdata
特征值: 50000040h
INITIALIZED_DATA SHARED READ ALIGN_DEFAULT(16)
07 .reloc
特征值: 50000040h
INITIALIZED_DATA SHARED READ ALIGN_DEFAULT(16)
08 .rsrc
特征值: 50000040h
INITIALIZED_DATA SHARED READ ALIGN_DEFAULT(16)
------------------------------------------------------------------------------------------------------------------------
五、Delphi 10
01 .text
特征值: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
02 .itext
特征值: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
03 .data
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
04 .bss
特征值: C0000000h
READ WRITE ALIGN_DEFAULT(16)
05 .idata
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
06 .tls
特征值: C0000000h
READ WRITE ALIGN_DEFAULT(16)
07 .rdata
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
08 .reloc
特征值: 42000040h
INITIALIZED_DATA DISCARDABLE READ ALIGN_DEFAULT(16)
09 .rsrc
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
------------------------------------------------------------------------------------------------------------------------
六、VB 6.0 以下
01 .text
特征值: E0000020h
CODE EXECUTE READ WRITE ALIGN_DEFAULT(16)
02 .data
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
03 .rsrc
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
------------------------------------------------------------------------------------------------------------------------
七、FreeBasic
01 .text
特征值: 60000060h
CODE INITIALIZED_DATA EXECUTE READ ALIGN_DEFAULT(16)
02 .data
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
03 .rdata
特征值: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
04 .bss
特征值: C0000080h
UNINITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
05 .idata
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
06 .rsrc
特征值: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
|
能力值:
( LV6,RANK:90 )
|
-
-
4 楼
用OD载入,Alt+M打开内存窗口,区段属性。
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
谢谢,我试试
|
|
|
|
