!dh 命令
kd> !dh 7c800000
File Type: DLL
FILE HEADER VALUES
14C machine (i386)
4 number of sections
4121457C time date stamp Tue Aug 17 07:38:36 2004
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
210E characteristics
Executable
Line numbers stripped
Symbols stripped
32 bit word machine
DLL
OPTIONAL HEADER VALUES
10B magic #
7.10 linker version
81E00 size of code
95400 size of initialized data
0 size of uninitialized data
B436 address of entry point
1000 base of code
----- new -----
7c800000 image base
1000 section alignment
200 file alignment
3 subsystem (Windows CUI)
5.01 operating system version
5.01 image version
4.00 subsystem version
11C000 size of image
400 size of headers
1242EA checksum
00040000 size of stack reserve
00001000 size of stack commit
00100000 size of heap reserve
00001000 size of heap commit
0 DLL characteristics
262C [ 6C7B] address [size] of Export Directory
802DC [ 28] address [size] of Import Directory
88000 [ 8D3FC] address [size] of Resource Directory
0 [ 0] address [size] of Exception Directory
0 [ 0] address [size] of Security Directory
116000 [ 5BD0] address [size] of Base Relocation Directory
82BC0 [ 38] address [size] of Debug Directory
0 [ 0] address [size] of Description Directory
0 [ 0] address [size] of Special Directory
0 [ 0] address [size] of Thread Storage Directory
4E080 [ 48] address [size] of Load Configuration Directory
280 [ 1C] address [size] of Bound Import Directory
1000 [ 620] address [size] of Import Address Table Directory
0 [ 0] address [size] of Delay Import Directory
0 [ 0] address [size] of COR20 Header Directory
0 [ 0] address [size] of Reserved Directory
SECTION HEADER #1
.text name
81C21 virtual size
1000 virtual address
81E00 size of raw data
400 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
(no align specified)
Execute Read
Debug Directories(2)
Type Size Address Pointer
Can't read debug dir
SECTION HEADER #2
.data name
4180 virtual size
83000 virtual address
2400 size of raw data
82200 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
(no align specified)
Read Write
SECTION HEADER #3
.rsrc name
8D3FC virtual size
88000 virtual address
8D400 size of raw data
84600 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
(no align specified)
Read Only
SECTION HEADER #4
.reloc name
5BD0 virtual size
116000 virtual address
5C00 size of raw data
111A00 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
(no align specified)
Read Only