MSVS – DumpBin 工具的使用方法

这一小节主要是讲 DumpBin 这个工具的使用

使用vc自带的工具dumpbin可以查看动态链接库dll的导出函数接口，可以看.exe文件的段内容，可以看每个段的信息。

首先我们得找到DumpBin怎么用。其实一般来说会是在控制台使用它。

先初始化环境吧，在C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools 这里找到 vsvars32.bat 这个文件。可能安装路径不一样的话，路径也不一样。

然后打开一个控制台，把这个文件拖进去，回车(理论上是什么的都没有显示的。)

然后再输出 DumpBin … 回车，有了。

要注意的是，似乎每次打开CMD都需要初始化环境…

使用结果如下：

C:\Users\xiong>DumpBin /Headers C:\Users\xiong\Desktop\Segment\Debug\Segment.exe
Microsoft (R) COFF/PE Dumper Version 12.00.30501.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file C:\Users\xiong\Desktop\Segment\Debug\Segment.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
             14C machine (x86)
               8 number of sections
        57C781A4 time date stamp Thu Sep 01 09:17:24 2016
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
             102 characteristics
                   Executable
                   32 bit word machine

OPTIONAL HEADER VALUES
             10B magic # (PE32)
           12.00 linker version
            3C00 size of code
            4000 size of initialized data
               0 size of uninitialized data
           1110E entry point (0041110E) @ILT+265(_mainCRTStartup)
            1000 base of code
            1000 base of data
          400000 image base (00400000 to 0041CFFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
           1D000 size of image
             400 size of headers
               0 checksum
               2 subsystem (Windows GUI)
            8140 DLL characteristics
                   Dynamic base
                   NX compatible
                   Terminal Server Aware
          100000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
           1915C [      3C] RVA [size] of Import Directory
           1B000 [     43C] RVA [size] of Resource Directory
               0 [       0] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
           1C000 [     34C] RVA [size] of Base Relocation Directory
           15820 [      38] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
               0 [       0] RVA [size] of Thread Storage Directory
           16568 [      40] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
           19000 [     15C] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory


SECTION HEADER #1
.textbss name
   10000 virtual size
    1000 virtual address (00401000 to 00410FFF)
       0 size of raw data
       0 file pointer to raw data
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
E00000A0 flags
         Code
         Uninitialized Data
         Execute Read Write

SECTION HEADER #2
   .text name
    3B48 virtual size
   11000 virtual address (00411000 to 00414B47)
    3C00 size of raw data
     400 file pointer to raw data (00000400 to 00003FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         Execute Read

SECTION HEADER #3
  .rdata name
    2041 virtual size
   15000 virtual address (00415000 to 00417040)
    2200 size of raw data
    4000 file pointer to raw data (00004000 to 000061FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

  Debug Directories

        Time Type       Size      RVA  Pointer
    -------- ------ -------- -------- --------
    57C781A4 cv           49 00016704     5704    Format: RSDS, {D9C58E74-2B54-486B-8D3B-272416257406}, 8, C:\Users\xiong\Desktop\Segment\Debug\Segment.pdb
    57C781A4 feat         14 00016750     5750    Counts: Pre-VC++ 11.00=0, C/C++=27, /GS=27, /sdl=1, reserved=0

SECTION HEADER #4
   .data name
     585 virtual size
   18000 virtual address (00418000 to 00418584)
     200 size of raw data
    6200 file pointer to raw data (00006200 to 000063FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         Read Write

SECTION HEADER #5
  .idata name
     823 virtual size
   19000 virtual address (00419000 to 00419822)
     A00 size of raw data
    6400 file pointer to raw data (00006400 to 00006DFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

SECTION HEADER #6
  Shared name
     10E virtual size
   1A000 virtual address (0041A000 to 0041A10D)
     200 size of raw data
    6E00 file pointer to raw data (00006E00 to 00006FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
D0000040 flags
         Initialized Data
         Shared
         Read Write

SECTION HEADER #7
   .rsrc name
     43C virtual size
   1B000 virtual address (0041B000 to 0041B43B)
     600 size of raw data
    7000 file pointer to raw data (00007000 to 000075FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

SECTION HEADER #8
  .reloc name
     501 virtual size
   1C000 virtual address (0041C000 to 0041C500)
     600 size of raw data
    7600 file pointer to raw data (00007600 to 00007BFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
42000040 flags
         Initialized Data
         Discardable
         Read Only

  Summary

        1000 .data
        1000 .idata
        3000 .rdata
        1000 .reloc
        1000 .rsrc
        4000 .text
       10000 .textbss
        1000 Shared

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

C:\Users\xiong>DumpBin /Headers C:\Users\xiong\Desktop\Segment\Debug\Segment.exe

Microsoft (R) COFF/PE Dumper Version 12.00.30501.0

Dump of file C:\Users\xiong\Desktop\Segment\Debug\Segment.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES

14C machine (x86)

8 number of sections

57C781A4 time date stamp Thu Sep 01 09:17:24 2016

0 file pointer to symbol table

0 number of symbols

E0 size of optional header

102 characteristics

Executable

32 bit word machine

OPTIONAL HEADER VALUES

10B magic # (PE32)

12.00 linker version

3C00 size of code

4000 size of initialized data

0 size of uninitialized data

1110E entry point (0041110E) @ILT+265(_mainCRTStartup)

1000 base of code

1000 base of data

400000 image base (00400000 to 0041CFFF)

1000 section alignment

200 file alignment

6.00 operating system version

0.00 image version

6.00 subsystem version

0 Win32 version

1D000 size of image

400 size of headers

0 checksum

2 subsystem (Windows GUI)

8140 DLL characteristics

Dynamic base

NX compatible

Terminal Server Aware

100000 size of stack reserve

1000 size of stack commit

100000 size of heap reserve

1000 size of heap commit

0 loader flags

10 number of directories

0 [ 0] RVA [size] of Export Directory

1915C [ 3C] RVA [size] of Import Directory

1B000 [ 43C] RVA [size] of Resource Directory

0 [ 0] RVA [size] of Exception Directory

0 [ 0] RVA [size] of Certificates Directory

1C000 [ 34C] RVA [size] of Base Relocation Directory

15820 [ 38] RVA [size] of Debug Directory

0 [ 0] RVA [size] of Architecture Directory

0 [ 0] RVA [size] of Global Pointer Directory

0 [ 0] RVA [size] of Thread Storage Directory

16568 [ 40] RVA [size] of Load Configuration Directory

0 [ 0] RVA [size] of Bound Import Directory

19000 [ 15C] RVA [size] of Import Address Table Directory

0 [ 0] RVA [size] of Delay Import Directory

0 [ 0] RVA [size] of COM Descriptor Directory

0 [ 0] RVA [size] of Reserved Directory

SECTION HEADER #1

.textbss name

10000 virtual size

1000 virtual address (00401000 to 00410FFF)

0 size of raw data

0 file pointer to raw data

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

E00000A0 flags

Code

Uninitialized Data

Execute Read Write

SECTION HEADER #2

.text name

3B48 virtual size

11000 virtual address (00411000 to 00414B47)

3C00 size of raw data

400 file pointer to raw data (00000400 to 00003FFF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

60000020 flags

Code

Execute Read

SECTION HEADER #3

.rdata name

2041 virtual size

15000 virtual address (00415000 to 00417040)

2200 size of raw data

4000 file pointer to raw data (00004000 to 000061FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

40000040 flags

Initialized Data

Read Only

Debug Directories

Time Type Size RVA Pointer

-------- ------ -------- -------- --------

57C781A4 cv 49 00016704 5704 Format: RSDS, {D9C58E74-2B54-486B-8D3B-272416257406}, 8, C:\Users\xiong\Desktop\Segment\Debug\Segment.pdb

57C781A4 feat 14 00016750 5750 Counts: Pre-VC++ 11.00=0, C/C++=27, /GS=27, /sdl=1, reserved=0

SECTION HEADER #4

.data name

585 virtual size

18000 virtual address (00418000 to 00418584)

200 size of raw data

6200 file pointer to raw data (00006200 to 000063FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

C0000040 flags

Initialized Data

Read Write

SECTION HEADER #5

.idata name

823 virtual size

19000 virtual address (00419000 to 00419822)

A00 size of raw data

6400 file pointer to raw data (00006400 to 00006DFF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

40000040 flags

Initialized Data

Read Only

SECTION HEADER #6

Shared name

10E virtual size

1A000 virtual address (0041A000 to 0041A10D)

200 size of raw data

6E00 file pointer to raw data (00006E00 to 00006FFF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

D0000040 flags

Initialized Data

Shared

Read Write

SECTION HEADER #7

.rsrc name

43C virtual size

1B000 virtual address (0041B000 to 0041B43B)

600 size of raw data

7000 file pointer to raw data (00007000 to 000075FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

40000040 flags

Initialized Data

Read Only

SECTION HEADER #8

.reloc name

501 virtual size

1C000 virtual address (0041C000 to 0041C500)

600 size of raw data

7600 file pointer to raw data (00007600 to 00007BFF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

42000040 flags

Initialized Data

Discardable

Read Only

Summary

1000 .data

1000 .idata

3000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

1000 Shared

嗯，更多精彩，自己探索…

MSVS – DumpBin 工具的使用方法

Tagged on: Win32