bla*_*abb 15
Unable to verify checksum 发出的时候 checksum in pe header isnt verifiable
这可能发生如果有问题的exe编译和链接without using /RELEASE链接器选项
正常项目基于编译链接设置此选项nmake/batfile基于编译可以省略此开关,并可以导致此输出
a simple helloworld compiled and linked with and without /RELEASE链接器选项(pdb不是为简单生成而且diffed to show the difference in timestamp and checksum和l oaded in windbg和checksum warning is generated only for the exe with no checksum in pe header)
简单的hello world.cpp内容
testrelease:\>dir /b & type testrelease.cpp
testrelease.cpp
#include <stdio.h>
int main (void) {
printf("hello my relase\n");
return 0;
}
没有/ RELEASE编译
testrelease:\>cl /nologo testrelease.cpp
testrelease.cpp
使用/ RELEASE重命名exe并编译相同的源
testrelease:\>ren testrelease.exe testrelease_norel.exe
testrelease:\>cl /nologo testrelease.cpp /link /release
testrelease.cpp
比较两个exes
testrelease:\>fc /b testrelease.exe testrelease_norel.exe
Comparing files testrelease.exe and TESTRELEASE_NOREL.EXE
000000E0: D6 CE
00000130: A3 00
00000131: 95 00
00000132: 01 00
分析比较的输出
testrelease:\>xxd -s +0x3c -l 1 testrelease.exe
000003c: d8 .
testrelease:\>xxd -s +0x3c -l 1 testrelease_norel.exe
000003c: d8 .
testrelease:\>echo d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
d8 = NT_HEADER so e0 = TimeDateStamp and 130 = CheckSum
在没有校验和的情况下仅为一个exe生成的windbg警告中加载两个exes
testrelease:\>cdb -c ".reload /f ; q" testrelease.exe
.*** ERROR: Module load completed but symbols could not be loaded for image00400
testrelease:\>cdb -c ".reload /f ; q" testrelease_norel.exe
.*** WARNING: Unable to verify checksum for image00400000
*** ERROR: Module load completed but symbols could not be loaded for image004000
no symbol header available 错误意味着exe was compiled without debug information
除非你在从头开始重新创建调试信息方面有很多专业知识,否则你无法做很多事情
上面编译的两个可执行文件都会生成错误,因为我故意没有创建调试信息
DBGHELP: image00400000 missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for image00400000.pdb - no header information available
| 归档时间: |
|
| 查看次数: |
10339 次 |
| 最近记录: |