Visualiseur d'entete d'executable win32
Description
Ce petit outils permet d' affichier les information contenus dans l'entete d'un fichier executable de type Win32 (Portable Executable).
Voici un example d'execution de ce programme :
Header Information of PEviewer.exe
MS-DOS Header
Signature: MZ
Last PAGE Size: 0050
Total PAGES in File: 0002
Number of relocation items: 0000
Size in paragraphs of EXE header: 0004
Minimum Extra Paragraphs: 000F
Maximum Extra Paragraphs: FFFF
Initial Stack Segment: 0000
Initial Stack Pointer: 00B8
Complemented Checksum: 0000
Initial Instruction Pointer: 0000
Initial Code Segment: 0000
Relocation Table Offset: 0040
Overlay Number: 001A
PE Header
Magic: PE
Machine: Intel 80386
Number of Sections: 0008
Time Date Stamp: 2A425E19
Pointer To SymbolTable: 00000000
Number Of Symbols: 00000000
Size Of Optional Header: 00E0
Characteristics: 818E
Optional Header:
Magic: 010B
Linker Version: 2.19
Size of Code: 0000AC00
Size of Initialized Data: 00002C00
Size of Uninitialized Data: 00000000
Address of Entry Point: 0000BB68
Base of Code: 00001000
Base of Data: 0000C000
Image Base: 00400000
Section Alignment: 00001000
File Alignment: 00000200
Operating System Version: 4.0000
Image Version: 0.0000
Subsystem Version: 4.0000
Reserved1: 00000000
Size of Image: 00013000
Size of Headers: 00000400
CheckSum: 00000000
Subsystem: (Cui) Console Windows
Dll Characteristics: 0000
Size of StackReserve: 00100000
Size of StackCommit: 00004000
Size of HeapReserve: 00100000
Size of HeapCommit: 00001000
Loader Flags: 00000000
Size of data directory: 00000010
Import Directory:
RVA: 0000E000
Size: 000006AA
Resource Directory:
RVA: 00012000
Size: 00000E00
Base Relocation Table:
RVA: 00011000
Size: 00000D5C
RVA of GP:
RVA: 00010000
Size: 00000018
Section 1 Name: CODE
Virtual Size: 0000ABB8
Virtual Address: 00001000
Size of raw data: 0000AC00
Pointer to Raw Data: 00000400
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 60000020
Section 2 Name: DATA
Virtual Size: 00000438
Virtual Address: 0000C000
Size of raw data: 00000600
Pointer to Raw Data: 0000B000
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000040
Section 3 Name: BSS
Virtual Size: 00000B21
Virtual Address: 0000D000
Size of raw data: 00000000
Pointer to Raw Data: 0000B600
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000000
Section 4 Name: .idata
Virtual Size: 000006AA
Virtual Address: 0000E000
Size of raw data: 00000800
Pointer to Raw Data: 0000B600
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000040
Section 5 Name: .tls
Virtual Size: 00000008
Virtual Address: 0000F000
Size of raw data: 00000000
Pointer to Raw Data: 0000BE00
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000000
Section 6 Name: .rdata
Virtual Size: 00000018
Virtual Address: 00010000
Size of raw data: 00000200
Pointer to Raw Data: 0000BE00
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 50000040
Section 7 Name: .reloc
Virtual Size: 00000D5C
Virtual Address: 00011000
Size of raw data: 00000E00
Pointer to Raw Data: 0000C000
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 50000040
Section 8 Name: .rsrc
Virtual Size: 00000E00
Virtual Address: 00012000
Size of raw data: 00000E00
Pointer to Raw Data: 0000CE00
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 50000040
Conclusion :
Voici un example d'execution de ce programme :
Header Information of PEviewer.exe
MS-DOS Header
Signature: MZ
Last PAGE Size: 0050
Total PAGES in File: 0002
Number of relocation items: 0000
Size in paragraphs of EXE header: 0004
Minimum Extra Paragraphs: 000F
Maximum Extra Paragraphs: FFFF
Initial Stack Segment: 0000
Initial Stack Pointer: 00B8
Complemented Checksum: 0000
Initial Instruction Pointer: 0000
Initial Code Segment: 0000
Relocation Table Offset: 0040
Overlay Number: 001A
PE Header
Magic: PE
Machine: Intel 80386
Number of Sections: 0008
Time Date Stamp: 2A425E19
Pointer To SymbolTable: 00000000
Number Of Symbols: 00000000
Size Of Optional Header: 00E0
Characteristics: 818E
Optional Header:
Magic: 010B
Linker Version: 2.19
Size of Code: 0000AC00
Size of Initialized Data: 00002C00
Size of Uninitialized Data: 00000000
Address of Entry Point: 0000BB68
Base of Code: 00001000
Base of Data: 0000C000
Image Base: 00400000
Section Alignment: 00001000
File Alignment: 00000200
Operating System Version: 4.0000
Image Version: 0.0000
Subsystem Version: 4.0000
Reserved1: 00000000
Size of Image: 00013000
Size of Headers: 00000400
CheckSum: 00000000
Subsystem: (Cui) Console Windows
Dll Characteristics: 0000
Size of StackReserve: 00100000
Size of StackCommit: 00004000
Size of HeapReserve: 00100000
Size of HeapCommit: 00001000
Loader Flags: 00000000
Size of data directory: 00000010
Import Directory:
RVA: 0000E000
Size: 000006AA
Resource Directory:
RVA: 00012000
Size: 00000E00
Base Relocation Table:
RVA: 00011000
Size: 00000D5C
RVA of GP:
RVA: 00010000
Size: 00000018
Section 1 Name: CODE
Virtual Size: 0000ABB8
Virtual Address: 00001000
Size of raw data: 0000AC00
Pointer to Raw Data: 00000400
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 60000020
Section 2 Name: DATA
Virtual Size: 00000438
Virtual Address: 0000C000
Size of raw data: 00000600
Pointer to Raw Data: 0000B000
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000040
Section 3 Name: BSS
Virtual Size: 00000B21
Virtual Address: 0000D000
Size of raw data: 00000000
Pointer to Raw Data: 0000B600
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000000
Section 4 Name: .idata
Virtual Size: 000006AA
Virtual Address: 0000E000
Size of raw data: 00000800
Pointer to Raw Data: 0000B600
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000040
Section 5 Name: .tls
Virtual Size: 00000008
Virtual Address: 0000F000
Size of raw data: 00000000
Pointer to Raw Data: 0000BE00
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: C0000000
Section 6 Name: .rdata
Virtual Size: 00000018
Virtual Address: 00010000
Size of raw data: 00000200
Pointer to Raw Data: 0000BE00
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 50000040
Section 7 Name: .reloc
Virtual Size: 00000D5C
Virtual Address: 00011000
Size of raw data: 00000E00
Pointer to Raw Data: 0000C000
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 50000040
Section 8 Name: .rsrc
Virtual Size: 00000E00
Virtual Address: 00012000
Size of raw data: 00000E00
Pointer to Raw Data: 0000CE00
Pointer to Relocations: 00000000
Pointer to Line Numbers: 00000000
Number of Relocations: 0000
Number of Line Numbers: 0000
Characteristics: 50000040
Codes Sources
A voir également
- Visualiseur d'entete d'executable win32
- Turbo virtual machine executable - Forum Visual Basic 6
- Entete ethernet - Forum Visual Basic
- Interpréteur de commandes et console win32 ✓ - Forum C++ & C++ .NET
- Thread dans une aplication console win32 - Forum C++ & C++ .NET
- Win32 api python ✓ - Forum Python
Vous n'êtes pas encore membre ?
inscrivez-vous, c'est gratuit et ça prend moins d'une minute !
Les membres obtiennent plus de réponses que les utilisateurs anonymes.
Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes et codes sources.
Le fait d'être membre vous permet d'avoir des options supplémentaires.