PE 文件 - 缺少什么？

Question

我正在尝试生成 PE 格式的可执行文件 - Windows 7，64 位，最初是用于测试目的的最小文件，其作用无非是

\n\n

mov eax, 42\nret\n

\n\n

我有一个转储箱似乎很满意，并且包含我可以找到的各种来源说实际使用的所有字段的明显有效值，但是当我尝试运行它时，Windows 说“不是有效的 Win32 应用程序”。dumpbin 输出如下；有人能从中看出我错过了什么吗？

\n\n

Dump of file a.exe\n\nPE signature found\n\nFile Type: EXECUTABLE IMAGE\n\nFILE HEADER VALUES\n            8664 machine (x64)\n               1 number of sections\n               0 time date stamp Thu Jan 01 00:00:00 1970\n               0 file pointer to symbol table\n               0 number of symbols\n              F0 size of optional header\n              22 characteristics\n                   Executable\n                   Application can handle large (>2GB) addresses\n\nOPTIONAL HEADER VALUES\n             20B magic # (PE32+)\n            2.05 linker version\n               0 size of code\n               0 size of initialized data\n               0 size of uninitialized data\n            1000 entry point (0000000140001000)\n               0 base of code\n       140000000 image base (0000000140000000 to 0000000140000FFF)\n            1000 section alignment\n             200 file alignment\n            0.00 operating system version\n            0.00 image version\n            4.00 subsystem version\n               0 Win32 version\n            1000 size of image\n             200 size of headers\n               0 checksum\n               3 subsystem (Windows CUI)\n            8100 DLL characteristics\n                   NX compatible\n                   Terminal Server Aware\n          100000 size of stack reserve\n            1000 size of stack commit\n          100000 size of heap reserve\n            1000 size of heap commit\n               0 loader flags\n              10 number of directories\n               0 [       0] RVA [size] of Export Directory\n               0 [       0] RVA [size] of Import Directory\n               0 [       0] RVA [size] of Resource Directory\n               0 [       0] RVA [size] of Exception Directory\n               0 [       0] RVA [size] of Certificates Directory\n               0 [       0] RVA [size] of Base Relocation Directory\n               0 [       0] RVA [size] of Debug Directory\n               0 [       0] RVA [size] of Architecture Directory\n               0 [       0] RVA [size] of Global Pointer Directory\n               0 [       0] RVA [size] of Thread Storage Directory\n               0 [       0] RVA [size] of Load Configuration Directory\n               0 [       0] RVA [size] of Bound Import Directory\n               0 [       0] RVA [size] of Import Address Table Directory\n               0 [       0] RVA [size] of Delay Import Directory\n               0 [       0] RVA [size] of COM Descriptor Directory\n               0 [       0] RVA [size] of Reserved Directory\n\n\nSECTION HEADER #1\n   .text name\n       6 virtual size\n    1000 virtual address (0000000140001000 to 0000000140001005)\n     200 size of raw data\n     200 file pointer to raw data (00000200 to 000003FF)\n       0 file pointer to relocation table\n       0 file pointer to line numbers\n       0 number of relocations\n       0 number of line numbers\n60000020 flags\n         Code\n         Execute Read\n\nRAW DATA #1\n  0000000140001000: B8 2A 00 00 00 C3                                \xc2\xa9*...+\n\n  Summary\n\n        1000 .text\n

\n

Answer 1

您的“图像大小”仅覆盖标题区域；该.text部分和入口点位于其外部。将其设置为至少 1006，该文件应该可以工作。

我是如何找到它的：

1. 做了一个最小的C程序：

   int 条目() { 返回 42; }

2. 在没有库和自定义条目的情况下编译它：

   cl test.cpp /link /nodefaultlib /entry:entry /subsystem:console

3. 开始编辑标题以匹配您的列表，并在每次更改后运行 exe。将 SizeOfImage 更改为 1000 后，我收到“不是有效的 Win32 应用程序”消息。