小甲鱼在这里为大家做好了详细的注释,免得大家一头雾水,另外可以结合小甲鱼《加密系列》-系统篇-PE结构详解视频教程学习~若有纰漏之处还望大家不吝指正。
(注:最左边是文件头的偏移量。)
IMAGE_DOS_HEADER
STRUCT
STRUCT
{
+0h WORD
e_magic //Magic DOS signature MZ(4Dh 5Ah) DOS可执行文件标记
e_magic //Magic DOS signature MZ(4Dh 5Ah) DOS可执行文件标记
+2h WORD
e_cblp //Bytes on last page of file
e_cblp //Bytes on last page of file
+4h WORD
e_cp //Pages in file
e_cp //Pages in file
+6h
WORD e_crlc //Relocations
WORD e_crlc //Relocations
+8h WORD
e_cparhdr //Size of header in paragraphs
e_cparhdr //Size of header in paragraphs
+0ah WORD
e_minalloc //Minimun extra paragraphs needs
e_minalloc //Minimun extra paragraphs needs
+0ch WORD
e_maxalloc //Maximun extra paragraphs needs
e_maxalloc //Maximun extra paragraphs needs
+0eh WORD
e_ss //intial(relative)SS value DOS代码的初始化堆栈SS
e_ss //intial(relative)SS value DOS代码的初始化堆栈SS
+10h
WORD
e_sp //intial SP value
DOS代码的初始化堆栈指针SP
WORD
e_sp //intial SP value
DOS代码的初始化堆栈指针SP
+12h
WORD
e_csum //Checksum
WORD
e_csum //Checksum
+14h
WORD
e_ip // intial IP value DOS代码的初始化指令入口[指针IP]
WORD
e_ip // intial IP value DOS代码的初始化指令入口[指针IP]
+16h
WORD
e_cs //intial(relative)CS value DOS代码的初始堆栈入口
WORD
e_cs //intial(relative)CS value DOS代码的初始堆栈入口
+18h
WORD
e_lfarlc //File Address of relocation table
WORD
e_lfarlc //File Address of relocation table
+1ah
WORD
e_ovno // Overlay number
WORD
e_ovno // Overlay number
+1ch
WORD
e_res[4] //Reserved words
WORD
e_res[4] //Reserved words
+24h
WORD
e_oemid // OEM identifier(for e_oeminfo)
WORD
e_oemid // OEM identifier(for e_oeminfo)
+26h
WORD e_oeminfo // OEM information;e_oemid specific
WORD e_oeminfo // OEM information;e_oemid specific
+29h
WORD
e_res2[10] // Reserved words
WORD
e_res2[10] // Reserved words
+3ch
DWORD e_lfanew //Offset
to start of PE header 指向PE文件头
DWORD e_lfanew //Offset
to start of PE header 指向PE文件头
} IMAGE_DOS_HEADER ENDS