←↑→↓↖↙↗↘↕⏤
unicode=Geometric Shapes
▶ 仅仅个别字不同的时候的对比标识
◆
◉ 着重强调
◆ 1、
◆ 2、
◆ 3、
Miscellaneous Symbols
☞
Dingbats
✍ 重点记忆,个人总结的点,或者知识。
✎✎
⟱
| 章节号 | 内容 |
|---|---|
| 1图片格式(png) | 宽度大于620px,保持高宽比减低为620px |
| 1-1 | 应用 |
| 1-1-1 | 方法 |
第1章节
微软参考
The Microsoft COFF Binary File Dumper (DUMPBIN.EXE) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs).
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /?
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
usage: DUMPBIN [options] [files]
options:
/ALL
/ARCHIVEMEMBERS
/CLRHEADER
/DEPENDENTS
/DIRECTIVES
/DISASM[:{BYTES|NOBYTES}]
/ERRORREPORT:{NONE|PROMPT|QUEUE|SEND}
/EXPORTS
/FPO
/HEADERS
/IMPORTS[:filename]
/LINENUMBERS
/LINKERMEMBER[:{1|2}]
/LOADCONFIG
/OUT:filename
/PDATA
/PDBPATH[:VERBOSE]
/RANGE:vaMin[,vaMax]
/RAWDATA[:{NONE|1|2|4|8}[,#]]
/RELOCATIONS
/SECTION:name
/SUMMARY
/SYMBOLS
/TLS
/UNWINDINFO
Only the /HEADERS DUMPBIN option is available for use on files produced with the /GL compiler option.
只有/HEADERS DUMPBIN选项可用于使用/GL编译器选项生成的文件。
-
1 /ALL选项
This option displays all available information except code disassembly. Use /DISASM to display disassembly. You can use /RAWDATA:NONE with /ALL to omit the raw binary details of the file.
显示除了反汇编代码的之外的所有信息。如果需要反汇编的代码信息,加上 /DISASM选项。使用 /RAWDATA:NONE去除rawdata。
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /all main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
14C machine (x86)
10 number of sections
0 time date stamp Thu Jan 01 08:00:00 1970
CD200 file pointer to symbol table
3A0C number of symbols
E0 size of optional header
107 characteristics
Relocations stripped
Executable
Line numbers stripped
32 bit word machine
OPTIONAL HEADER VALUES
10B magic # (PE32)
2.24 linker version
B6C00 size of code
C3C00 size of initialized data
2400 size of uninitialized data
1280 entry point (00401280)
1000 base of code
B8000 base of data
400000 image base (00400000 to 004D9FFF)
1000 section alignment
200 file alignment
4.00 operating system version
1.00 image version
4.00 subsystem version
0 Win32 version
DA000 size of image
400 size of headers
183740 checksum
3 subsystem (Windows CUI)
0 DLL characteristics
200000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
C9000 [ D78] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
CB004 [ 18] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
C9250 [ 200] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read
RAW DATA #1
00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24 S.ì8¡@áK..Àt.ÇD$
00401010: 08 00 00 00 00 C7 44 24 04 02 00 00 00 C7 04 24 .....ÇD$.....Ç.$
00401020: 00 00 00 00 FF D0 83 EC 0C C7 04 24 10 11 40 00 ....ÿÐ.ì.Ç.$..@.
00401030: E8 5B 73 03 00 83 EC 04 E8 B3 5B 02 00 E8 8E 5C è[s...ì.è³[..è.\
00401040: 02 00 8D 44 24 2C 89 44 24 10 A1 C0 80 4B 00 C7 ...D$,.D$.¡À.K.Ç
00401050: 44 24 04 00 60 4C 00 C7 04 24 04 60 4C 00 C7 44 D$..`L.Ç.$.`L.ÇD
00401060: 24 2C 00 00 00 00 89 44 24 0C 8D 44 24 28 89 44 $,.....D$..D$(.D
00401070: 24 08 E8 89 FA 02 00 A1 9C 77 4C 00 85 C0 74 42 $.è.ú..¡.wL..ÀtB
.
.
.
同时使用/ALL 和 /DISASM,输出将包含反汇编代码:
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /all /disasm main.oo
.
.
.
SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read
00401000: 53 push ebx
00401001: 83 EC 38 sub esp,38h
00401004: A1 40 E1 4B 00 mov eax,dword ptr ds:[004BE140h]
.
.
.
同时使用/ALL 和/RAWDATA:NONE,剔除rawdata,直接显示符号表:
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /all /RAWDATA:NONE main.oo
.
.
.
SECTION HEADER #10
/102 name (.debug_ranges)
3B0 virtual size
D9000 virtual address (004D9000 to 004D93AF)
400 size of raw data
CCE00 file pointer to raw data (000CCE00 to 000CD1FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42100040 flags
Initialized Data
RESERVED - UNKNOWN
Discardable
Read Only
COFF SYMBOL TABLE
000 00000011 DEBUG notype Filename | .file
crt1.c
002 00000000 SECT1 notype () Static | ___mingw_CRTStartup
tag index 00000000 size 00000000 lines 00000000 next function 00000000
004 00000110 SECT1 notype () Static | __gnu_exception_handler@4
005 00000280 SECT1 notype () External | _mainCRTStartup
.
.
.
-
2 /ARCHIVEMEMBERS选项
This option displays minimal information about member objects in a library.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /ARCHIVEMEMBERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
3 /CLRHEADER选项
Display CLR-specific information.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /CLRHEADER main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
4 /DEPENDENTS选项
Dumps the names of the DLLs from which the image imports functions. You can use the list to determine which DLLs to redistribute with your app, or find the name of a missing dependency.
dump出文件引用的dll文件名。
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /DEPENDENTS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Image has the following dependencies:
KERNEL32.dll
msvcrt.dll
msvcrt.dll
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
5 /DIRECTIVES选项
This option dumps the compiler-generated .drective section of an image.
dump出编译器生成的.drective
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /DIRECTIVES main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
6 /DISASM选项
Print the disassembly of code sections in the DUMPBIN output.
直接输出反汇编代码:
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /DISASM main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
00401000: 53 push ebx
00401001: 83 EC 38 sub esp,38h
00401004: A1 40 E1 4B 00 mov eax,dword ptr ds:[004BE140h]
00401009: 85 C0 test eax,eax
0040100B: 74 1C je 00401029
-
7 /ERRORREPORT (dumpbin.exe)选项
If dumpbin.exe fails at runtime, you can use /ERRORREPORT to send information to Microsoft about these internal errors.
-
8 /EXPORTS选项
This option displays all definitions exported from an executable file or DLL.
从DLL文件中export出定义:
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /EXPORTS msdis170.dll
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file msdis170.dll
File Type: DLL
Section contains the following exports for msdis170.dll
00000000 characteristics
4B144B0F time date stamp Tue Dec 01 06:45:35 2009
0.00 version
1 ordinal base
15 number of functions
15 number of names
ordinal hint RVA name
1 0 00001050 ?Addr@DIS@@QEBA_KXZ
2 1 00001070 ?CchFormatAddr@DIS@@QEBA_K_KPEA_W0@Z
3 2 00001120 ?CchFormatInstr@DIS@@QEBA_KPEA_W_K@Z
4 3 000011C0 ?Dist@DIS@@QEBA?AW4DIST@1@XZ
5 4 000012E0 ?PdisNew@DIS@@SAPEAV1@W4DIST@1@@Z
6 5 00001480 ?PfncchaddrSet@DIS@@QEAAP6A_KPEBV1@_KPEA_W1PEA_K@ZP6A_K01213@Z@Z
7 6 00001490 ?PfncchfixupSet@DIS@@QEAAP6A_KPEBV1@_K1PEA_W1PEA_K@ZP6A_K011213@Z@Z
8 7 000014B0 ?PfncchregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@PEA_W_K@ZP6A_K0123@Z@Z
9 8 000014A0 ?PfncchregrelSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@KPEA_W_KPEAK@ZP6A_K01K234@Z@Z
10 9 000014C0 ?PfndwgetregSet@DIS@@QEAAP6A_KPEBV1@W4REGA@1@@ZP6A_K01@Z@Z
11 A 000014D0 ?PvClient@DIS@@QEBAPEAXXZ
12 B 000014E0 ?PvClientSet@DIS@@QEAAPEAXPEAX@Z
13 C 000231B0 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@PEA_W_K@Z
14 D 00023140 ?PwostrstreamNew@wostrstream@DIS@@SAPEAV12@XZ
15 E 000014F0 ?SetAddr64@DIS@@QEAAX_N@Z
Summary
4000 .data
2000 .pdata
59000 .rdata
8000 .reloc
1000 .rsrc
31000 .text
-
9 /FPO选项
This option displays frame pointer optimization (FPO) records.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /FPO main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
10 /HEADERS选项
This option displays the file header and the header for each section. When used with a library, it displays the header for each member object.
dump出文件的header和section的header。
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /HEADERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
14C machine (x86)
10 number of sections
0 time date stamp Thu Jan 01 08:00:00 1970
CD200 file pointer to symbol table
3A0C number of symbols
E0 size of optional header
107 characteristics
Relocations stripped
Executable
Line numbers stripped
32 bit word machine
OPTIONAL HEADER VALUES
10B magic # (PE32)
2.24 linker version
B6C00 size of code
C3C00 size of initialized data
2400 size of uninitialized data
1280 entry point (00401280)
1000 base of code
B8000 base of data
400000 image base (00400000 to 004D9FFF)
1000 section alignment
200 file alignment
4.00 operating system version
1.00 image version
4.00 subsystem version
0 Win32 version
DA000 size of image
400 size of headers
183740 checksum
3 subsystem (Windows CUI)
0 DLL characteristics
200000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
C9000 [ D78] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
CB004 [ 18] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
C9250 [ 200] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read
.
.
.
-
11 /IMPORTS选项
/IMPORTS[:file]
This option displays the list of DLLs (both statically linked and delay loaded) that are imported to an executable file or DLL and all the individual imports from each of these DLLs.
把执行文件引入的DLL的内容list出来。
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /IMPORTS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Section contains the following imports:
KERNEL32.dll
4C9250 Import Address Table
4C9050 Import Name Table
0 time date stamp
0 Index of first forwarder reference
3 AddAtomA
52 CloseHandle
81 CreateEventA
9A CreateMutexA
A9 CreateSemaphoreA
CF DeleteCriticalSection
E6 DuplicateHandle
EC EnterCriticalSection
117 ExitProcess
12A FindAtomA
16B GetAtomNameA
1BE GetCurrentProcess
1C2 GetCurrentThread
1C3 GetCurrentThreadId
1FB GetHandleInformation
1FE GetLastError
211 GetModuleHandleA
241 GetProcAddress
242 GetProcessAffinityMask
275 GetSystemTimeAsFileTime
282 GetThreadContext
28A GetThreadPriority
2DE InitializeCriticalSection
2E7 InterlockedDecrement
2E8 InterlockedExchange
2E9 InterlockedExchangeAdd
2EB InterlockedIncrement
2FB IsDBCSLeadByteEx
32E LeaveCriticalSection
35C MultiByteToWideChar
3CE ReleaseMutex
3D2 ReleaseSemaphore
3E3 ResetEvent
3E7 ResumeThread
41A SetCriticalSectionSpinCount
429 SetEvent
443 SetLastError
44E SetProcessAffinityMask
461 SetThreadContext
469 SetThreadPriority
474 SetUnhandledExceptionFilter
480 Sleep
488 SuspendThread
493 TlsAlloc
495 TlsGetValue
496 TlsSetValue
49C TryEnterCriticalSection
4BD VirtualProtect
4BF VirtualQuery
4C5 WaitForMultipleObjects
4C7 WaitForSingleObject
4DF WideCharToMultiByte
msvcrt.dll
4C9324 Import Address Table
4C9124 Import Name Table
0 time date stamp
0 Index of first forwarder reference
17 _fdopen
40 _read
6D _write
msvcrt.dll
4C9334 Import Address Table
4C9134 Import Name Table
0 time date stamp
0 Index of first forwarder reference
37 __getmainargs
41 __mb_cur_max
4D __p__environ
4F __p__fmode
63 __set_app_type
8F _beginthreadex
93 _cexit
B3 _endthreadex
B6 _errno
CB _filelengthi64
E0 _fstati64
10A _iob
13D _lseeki64
17F _onexit
1A6 _setjmp
1AA _setmode
247 abort
24E atexit
250 atoi
253 calloc
25C exit
25F fclose
262 fflush
264 fgetpos
26A fopen
26B fprintf
26C fputc
26D fputs
270 fread
271 free
276 fsetpos
279 fwrite
27B getc
27D getenv
27F getwc
292 iswctype
29F localeconv
2A3 longjmp
2A4 malloc
2A8 memchr
2A9 memcmp
2AA memcpy
2AB memmove
2AC memset
2B1 printf
2B2 putc
2B5 putwc
2BA realloc
2C0 setlocale
2C1 setvbuf
2C2 signal
2C5 sprintf
2CA strchr
2CB strcmp
2CC strcoll
2CF strerror
2D0 strftime
2D1 strlen
2D9 strtod
2DC strtoul
2DD strxfrm
2E8 towlower
2E9 towupper
2EA ungetc
2EB ungetwc
2EC vfprintf
2F5 wcscoll
2F8 wcsftime
2F9 wcslen
306 wcsxfrm
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
指定某个DLL文件:
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /IMPORTS:KERNEL32.dll main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Section contains the following imports:
KERNEL32.dll
4C9250 Import Address Table
4C9050 Import Name Table
0 time date stamp
0 Index of first forwarder reference
3 AddAtomA
52 CloseHandle
81 CreateEventA
9A CreateMutexA
A9 CreateSemaphoreA
CF DeleteCriticalSection
E6 DuplicateHandle
EC EnterCriticalSection
117 ExitProcess
12A FindAtomA
16B GetAtomNameA
1BE GetCurrentProcess
1C2 GetCurrentThread
1C3 GetCurrentThreadId
1FB GetHandleInformation
1FE GetLastError
211 GetModuleHandleA
241 GetProcAddress
242 GetProcessAffinityMask
275 GetSystemTimeAsFileTime
282 GetThreadContext
28A GetThreadPriority
2DE InitializeCriticalSection
2E7 InterlockedDecrement
2E8 InterlockedExchange
2E9 InterlockedExchangeAdd
2EB InterlockedIncrement
2FB IsDBCSLeadByteEx
32E LeaveCriticalSection
35C MultiByteToWideChar
3CE ReleaseMutex
3D2 ReleaseSemaphore
3E3 ResetEvent
3E7 ResumeThread
41A SetCriticalSectionSpinCount
429 SetEvent
443 SetLastError
44E SetProcessAffinityMask
461 SetThreadContext
469 SetThreadPriority
474 SetUnhandledExceptionFilter
480 Sleep
488 SuspendThread
493 TlsAlloc
495 TlsGetValue
496 TlsSetValue
49C TryEnterCriticalSection
4BD VirtualProtect
4BF VirtualQuery
4C5 WaitForMultipleObjects
4C7 WaitForSingleObject
4DF WideCharToMultiByte
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
12 /LINENUMBERS选项
This option displays COFF line numbers. Line numbers exist in an object file if it was compiled with Program Database (/Zi), C7 Compatible (/Z7), or Line Numbers Only (/Zd). An executable file or DLL contains COFF line numbers if it was linked with Generate Debug Info (/DEBUG).
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /LINENUMBERS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
13 /LINKERMEMBER选项
/LINKERMEMBER[:{1|2}]
This option displays public symbols defined in a library. Specify the 1 argument to display symbols in object order, along with their offsets. Specify the 2 argument to display offsets and index numbers of objects, and then list the symbols in alphabetical order, along with the object index for each. To get both outputs, specify /LINKERMEMBER without the number argument.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /LINKERMEMBER main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
14 /LOADCONFIG选项
This option dumps the IMAGE_LOAD_CONFIG_DIRECTORY structure, an optional structure that is used by the Windows NT loader and defined in WINNT.H.
输出略。与上列出相同,无特殊。
-
15 /NOPDB选项
Tells DUMPBIN not to load and search program database (PDB) files for symbol information.
By default, DUMPBIN attempts to load PDB files for its target object files, libraries, or executables. DUMPBIN uses this information to match addresses to symbol names. The process can be time-consuming if the PDB files are large, or must be loaded from a remote server. The /NOPDB option tells DUMPBIN to skip this step. It only prints the addresses and symbol information available in the object file, library, or executable.
To set the /NOPDB linker option in Visual Studio
1. Open the Property Pages dialog box for the project. For more information, see Set C++ compiler and build properties in Visual Studio.
2. Select the Configuration Properties > Linker > Command Line property page.
3. In the Additional options box, add the /NOPDB option. Choose OK or Apply to save your changes.
To set this linker option programmatically
* This option doesn't have a programmatic equivalent.
未清楚。
-
16 /OUT选项
/OUT:filename
This option specifies a filename for the output. By default, DUMPBIN displays the information to standard output.
输出重定向。
-
17 /PDATA选项
RISC processors only.
This option dumps the exception tables (.pdata) from an image or object.
未清楚。
-
18 /PDBPATH选项
/PDBPATH[:VERBOSE] filename
:Parameters
filename
The name of the .dll or .exe file for which you want to find the matching .pdb file.
:VERBOSE
(Optional) Reports all directories where an attempt was made to locate the .pdb file.
/PDBPATH will search your computer along the same paths that the debugger would search for a .pdb file and will report which, if any, .pdb files correspond to the file specified in filename.
When using the Visual Studio debugger, you may experience a problem due to the fact that the debugger is using a .pdb file for a different version of the file you are debugging.
/PDBPATH will search for .pdb files along the following paths:
Check the location where the executable resides.
Check the location of the PDB written into the executable. This is usually the location at the time the image was linked.
Check along the search path configured in the Visual Studio IDE.
Check along the paths in the _NT_SYMBOL_PATH and _NT_ALT_SYMBOL_PATH environment variables.
Check in the Windows directory.
未清楚。
-
19 /RANGE选项
/RANGE:vaMin[,vaMax]
Modifies the output of dumpbin when used with other dumpbin options, such as /RAWDATA or /DISASM.
vaMin
The virtual address at which you want the dumpbin operation to begin.
vaMax
(Optional) The virtual address at which you want the dumpbin operation to end. If not specified, dumpbin will go to the end of the file.
To see the virtual addresses for an image, use the map file for the image (RVA + Base), the /DISASM or /HEADERS option of dumpbin, or the disassembly window in the Visual Studio debugger.
样例说明:在使用 /RAWDATA 或 /DISASM的时候指定地址范围进行dump。
dumpbin /disasm /range:4219334,0x004061CD t.exe
说明:从10进制的4219334输出到16进制的0x004061CD
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA /RANGE:0x00402EF0,0x00403200 main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
RAW DATA #1
00402EF0: 8B 44 24 48 89 04 24 E8 A4 64 00 00 89 C2 83 EC .D$H..$è¤d...Â.ì
00402F00: 04 B8 06 00 00 00 84 D2 75 C3 E9 58 FF FF FF 90 .¸.....ÒuÃéXÿÿÿ.
00402F10: 55 57 56 53 89 CE 83 EC 3C 8B 44 24 54 8B 7C 24 UWVS.Î.ì<.D$T.|$
00402F20: 58 89 4C 24 1C 89 44 24 04 8B 44 24 50 89 7C 24 X.L$..D$..D$P.|$
00402F30: 08 89 04 24 E8 D7 FD FF FF 83 EC 0C 84 C0 89 C2 ...$è×ýÿÿ.ì..À.Â
00402F40: 0F 85 56 01 00 00 8B 47 08 A8 10 89 44 24 14 0F ..V....G.¨..D$..
00402F50: 85 C0 01 00 00 8B 44 24 1C 89 7C 24 58 8B 68 0C .À....D$..|$X.h.
00402F60: 8D 74 E8 08 8B 44 24 14 83 E0 01 89 44 24 18 E9 .tè..D$..à..D$.é
00402F70: 98 00 00 00 89 D8 C1 F8 08 85 D2 74 08 8B 7C 24 .....ØÁø..Òt..|$
00402F80: 54 03 07 8B 00 03 44 24 54 8B 0E 8D 7C 24 20 8B T.....D$T...|$ .
00402F90: 11 89 44 24 04 8B 44 24 50 89 7C 24 08 89 04 24 ..D$..D$P.|$...$
00402FA0: FF 52 18 83 EC 0C 84 C0 89 C2 74 5A 83 7C 24 2C ÿR..ì..À.ÂtZ.|$,
00402FB0: 08 75 0D 83 E3 01 74 08 8B 06 89 44 24 2C 66 90 .u..ã.t....D$,f.
00402FC0: 8B 44 24 24 83 F8 03 7E 0F 8B 4C 24 10 85 C9 75 .D$$.ø.~..L$..Éu
00402FD0: 07 83 E0 FD 89 44 24 24 8B 44 24 58 8B 58 0C 85 ..àý.D$$.D$X.X..
00402FE0: DB 74 7F 8B 44 24 58 8B 00 3B 44 24 20 0F 85 53 Ût..D$X..;D$ ..S
00402FF0: 01 00 00 85 C0 0F 84 B5 00 00 00 8B 7C 24 58 8B ....À..µ....|$X.
00403000: 44 24 24 09 47 04 83 ED 01 83 EE 08 85 ED 0F 84 D$$.G..í..î..í..
00403010: 0D 01 00 00 8B 44 24 14 8B 5E 04 C7 44 24 20 00 .....D$..^.ÇD$ .
00403020: 00 00 00 C7 44 24 24 00 00 00 00 C7 44 24 2C 00 ...ÇD$$....ÇD$,.
00403030: 00 00 00 89 44 24 28 89 DA 89 D8 83 E2 01 83 E0 ....D$(.Ú.Ø.â..à
00403040: 02 89 44 24 10 75 08 8B 44 24 18 85 C0 74 B7 8B ..D$.u..D$..Àt·.
00403050: 7C 24 54 85 FF 0F 85 19 FF FF FF 31 C0 E9 27 FF |$T.ÿ...ÿÿÿ1Àé'ÿ
00403060: FF FF 8B 4C 24 58 8B 44 24 20 8B 7C 24 58 89 01 ÿÿ.L$X.D$ .|$X..
00403070: 8B 44 24 24 89 41 04 8B 4C 24 28 83 F8 03 89 4F .D$$.A..L$(.ø..O
00403080: 08 8B 4C 24 2C 89 4F 0C 7E 12 A8 02 74 73 8B 44 ..L$,.O.~.¨.ts.D
00403090: 24 1C F6 40 08 01 0F 85 6A FF FF FF 83 C4 3C 89 $.ö@....jÿÿÿ.Ä<.
004030A0: D0 5B 5E 5F 5D C2 0C 00 90 8D B4 26 00 00 00 00 Ð[^_]Â....´&....
004030B0: 8B 4C 24 2C 83 F9 08 0F 84 83 00 00 00 83 FB 08 .L$,.ù........û.
004030C0: 74 7E 89 1C 24 88 54 24 10 E8 D2 62 00 00 83 EC t~..$.T$.èÒb...ì
004030D0: 04 84 C0 75 1C 0F B6 54 24 10 8B 7C 24 58 C7 47 ..Àu..¶T$..|$XÇG
004030E0: 04 02 00 00 00 83 C4 3C 89 D0 5B 5E 5F 5D C2 0C ......Ä<.Ð[^_]Â.
004030F0: 00 8B 4C 24 58 8B 44 24 24 09 41 04 E9 05 FF FF ..L$X.D$$.A.é.ÿÿ
00403100: FF A8 01 74 97 8B 44 24 1C F6 40 08 02 0F 85 F3 ÿ¨.t..D$.ö@....ó
00403110: FE FF FF EB 87 8B 46 08 89 44 24 14 E9 34 FE FF þÿÿë..F..D$.é4þÿ
00403120: FF 8B 7C 24 58 8B 47 04 85 C0 0F 95 C2 83 C4 3C ÿ.|$X.G..À..Â.Ä<
00403130: 5B 89 D0 5E 5F 5D C2 0C 00 8D B4 26 00 00 00 00 [.Ð^_]Â...´&....
00403140: 8B 7C 24 58 EB 98 8B 7C 24 58 C7 07 00 00 00 00 .|$Xë..|$XÇ.....
00403150: C7 47 04 02 00 00 00 E9 40 FF FF FF 8D 74 26 00 ÇG.....é@ÿÿÿ.t&.
00403160: 55 57 56 53 83 EC 6C 8B AC 24 98 00 00 00 89 4C UWVS.ìl.¬$.....L
00403170: 24 30 F6 45 10 10 74 06 8B 41 08 89 45 10 8B 84 $0öE..t..A..E...
00403180: 24 94 00 00 00 39 84 24 8C 00 00 00 0F 84 0E 05 $....9.$........
00403190: 00 00 8B 84 24 88 00 00 00 8B 4C 24 30 89 04 24 ....$.....L$0..$
004031A0: E8 FB 61 00 00 83 EC 04 84 C0 88 44 24 3A 0F 85 èûa...ì..À.D$:..
004031B0: 3C 02 00 00 8B 84 24 80 00 00 00 8B 94 24 94 00 <.....$......$..
004031C0: 00 00 2B 94 24 80 00 00 00 C6 44 24 38 00 C6 44 ..+.$....ÆD$8.ÆD
004031D0: 24 3B 00 C6 44 24 39 01 85 C0 B8 00 00 00 00 0F $;.ÆD$9..À¸.....
004031E0: 49 C2 89 44 24 2C 8B 84 24 84 00 00 00 83 C8 01 IÂ.D$,..$.....È.
004031F0: 89 44 24 34 8B 7C 24 30 8B 47 0C 8D 7C C7 0C 89 .D$4.|$0.G..|Ç..
00403200: 44 D
Summary
B7000 .text
-
20 /RAWDATA选项
/RAWDATA[:{1|2|4|8|NONE[,number]]
This option displays the raw contents of each section in the file. The arguments control the format of the display, as shown below:
| Argument | Result |
| 1 | The default. Contents are displayed in hexadecimal bytes, and also as ASCII characters if they have a printed representation. |
| 2 | Contents are displayed as hexadecimal 2-byte values. |
| 4 | Contents are displayed as hexadecimal 4-byte values. |
| 8 | Contents are displayed as hexadecimal 8-byte values. |
| NONE | Raw data is suppressed. This argument is useful to control the output of /ALL. |
| *Number* | Displayed lines are set to a width that holds `number` values per line. |
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:1 main.oo
RAW DATA #1
00401000: 53 83 EC 38 A1 40 E1 4B 00 85 C0 74 1C C7 44 24 S.ì8¡@áK..Àt.ÇD$
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:2 main.oo
RAW DATA #1
00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444 S.ì8¡@áK..Àt.ÇD$
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:4 main.oo
RAW DATA #1
00401000: 38EC8353 4BE140A1 74C08500 2444C71C S.ì8¡@áK..Àt.ÇD$
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:8 main.oo
RAW DATA #1
00401000: 4BE140A138EC8353 2444C71C74C08500 S.ì8¡@áK..Àt.ÇD$
指定输出的宽度:
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:,8 main.oo
RAW DATA #1
00401000: 53 83 EC 38 A1 40 E1 4B
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /RAWDATA:2,8 main.oo
RAW DATA #1
00401000: 8353 38EC 40A1 4BE1 8500 74C0 C71C 2444
-
21 /RELOCATIONS选项
This option displays any relocations in the object or image.
未清楚。
-
22 /SECTION选项
/SECTION:section
This option restricts the output to information on the specified section. Use the /HEADERS option to get a list of sections in the file.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /SECTION:.text main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
SECTION HEADER #1
.text name
B6BA0 virtual size
1000 virtual address (00401000 to 004B7B9F)
B6C00 size of raw data
400 file pointer to raw data (00000400 to 000B6FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read
Summary
B7000 .text
-
23 /SUMMARY选项
This option displays minimal information about sections, including total size. This option is the default if no other option is specified.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /SUMMARY main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
24 /SYMBOLS选项
This option displays the COFF symbol table. Symbol tables exist in all object files. A COFF symbol table appears in an image file only if it is linked with /DEBUG.
The following is a description of the output for /SYMBOLS. Additional information on the meaning of /SYMBOLS output can be found by looking in winnt.h (IMAGE_SYMBOL and IMAGE_AUX_SYMBOL), or COFF documentation.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /SYMBOLS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
COFF SYMBOL TABLE
000 00000011 DEBUG notype Filename | .file
crt1.c
002 00000000 SECT1 notype () Static | ___mingw_CRTStartup
tag index 00000000 size 00000000 lines 00000000 next function 00000000
.
.
.
-
25 /TLS
Displays the IMAGE_TLS_DIRECTORY structure from an executable.
/TLS displays the fields of the TLS structure as well as the addresses of the TLS callback functions.
If a program does not use thread local storage, its image will not contain a TLS structure. See thread for more information.
IMAGE_TLS_DIRECTORY is defined in winnt.h.
C:\Users\lo\Desktop\New Folder\1\1>dumpbin /TLS main.oo
Microsoft (R) COFF/PE Dumper Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file main.oo
File Type: EXECUTABLE IMAGE
Section contains the following TLS directory:
004CB001 Start of raw data
004CB01C End of raw data
004C7798 Address of index
004CA004 Address of callbacks
0 Size of zero fill
00000000 Characteristics
TLS Callbacks
Address
--------
00426B50
00426B00
00433440
00000000
Summary
1000 .CRT
3000 .bss
1000 .data
1000 .debug_abbrev
1000 .debug_aranges
1000 .debug_frame
6000 .debug_info
1000 .debug_line
2000 .debug_loc
1000 .debug_ranges
1000 .debug_str
2000 .eh_frame
1000 .idata
B000 .rdata
B7000 .text
1000 .tls
-
3-1 类的初步—定义一个类并创建对象实例
3-1-1. 导言—用户管理—用户的分类及介绍
-
3-2 类的初步—定义一个类并创建对象实例
3-2-1. 导言—用户管理—用户的分类及介绍
第3章节
-
3-1 类的初步—定义一个类并创建对象实例
3-1-1. 导言—用户管理—用户的分类及介绍
-
3-2 类的初步—定义一个类并创建对象实例
网友评论