[address (RAW) range: 0 x00000168-0 x000001e7] [length: 80 h] [data table of contents (16, each member of 8 bytes).]
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
[members] [address (RAW)] [offset] [data: RVA] [size] [that] [structure]
Export Table: 0 x00000168 [e_lfanew + 0 x078] 0 x00000000, 0 x00000000 [Export Table] [IMAGE_DIRECTORY_ENTRY_EXPORT]
The Import Table: 0 x00000170 x0001a390 [e_lfanew + 0 x080] 0 0 x00000118 [Import Table] [IMAGE_DIRECTORY_ENTRY_IMPORT]
The Resources Table: 0 x00000178 x0001c000 [e_lfanew + 0 x088] 0 0 x00019af0 [Resources] [IMAGE_DIRECTORY_ENTRY_RESOURCE]
The Exception Table: 0 x00000180 [e_lfanew + 0 x090] 0 x00000000, 0 x00000000 abnormal [] [IMAGE_DIRECTORY_ENTRY_EXCEPTION]
The Security Table: 0 x00000188 [e_lfanew + 0 x098] 0 x00000000, 0 x00000000 [Security certificate] [IMAGE_DIRECTORY_ENTRY_SECURITY]
Base relocation Table: 0 x00000190 x00036000 [e_lfanew + 0 x0a0] 0 0 x000014f4 [relocation Table] [IMAGE_DIRECTORY_ENTRY_BASERELOC]
Debug: 0 x00000198 x00016e30 [e_lfanew + 0 x0a8.] 0 0 x00000038 [debugging information] [IMAGE_DIRECTORY_ENTRY_DEBUG]
Architecture (Copyrught) : 0 x000001a0 [e_lfanew + 0 x0b0] 0 x00000000, 0 x00000000 [proprietary] [IMAGE_DIRECTORY_ENTRY_ARCHITECTURE (IMAGE_DIRECTORY_ENTRY_COPYRIGHT)]
Global Ptr: 0 x000001a8 [e_lfanew + 0 x0b8] 0 x00000000, 0 x00000000 [Global pointer] [IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
Tread the local storage (TLS) : 0 x000001b0 [e_lfanew + 0 x0c0] 0 x00000000, 0 x00000000 [TLS table] [IMAGE_DIRECTORY_ENTRY_TLS]
The Load configuration: 0 x000001b8 x000011a0 [e_lfanew + 0 x0c8] 0 0 x0000005c loading configuration [] [IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
Bound the Import: 0 x000001c0 [e_lfanew + 0 x0d0] 0 x00000000, 0 x00000000 [binding Import] [IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
The Import Address Table (IAT) : 0 x000001c8 x0001a000 [e_lfanew + 0 x0d8] 0 0 x0000038c [IAT form] [IMAGE_DIRECTORY_ENTRY_IAT]
Delay the Import: 0 x000001d0 [e_lfanew + 0 x0e0] 0 x00000000, 0 x00000000 Import [Delay] [IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
COM descriptor: 0 x000001d8 [e_lfanew + 0 x0e8] 0 x00000000, 0 x00000000 [COM] [IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
Keep: 0 x000001e0 [e_lfanew + 0 x0f0] 0 x00000000, 0 x00000000 [keep] [NULL]
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
[members] [address (RAW)] [data: RVA] [that]
Name: 0 x000001e8. [text] [Name, length: 8 (16 bytes) of the ASCII.]
VirtualSize: 0 00015 e90 x000001f0 [V (VS), the memory size (the length of the alignment before).]
VirtualAddress: 0 x000001f4 [00001000 V (VO), memory migration (RVA of the block).]
SizeOfRawData: 0 x000001f8 00016000 [R (RS), the file size (length) after the alignment.]
PointerToRawData: 0 x000001fc 00000400 [R (RO), the file offset.]
PointerToRelocation: 0 x00000200 00000000 [in OBJ files use, relocation of deviation.]
PointerToLinenumbers: 0 x00000204 00000000 [offset line number table, provide debugging.]
NumberOfRelocations: 0 x00000206 0000 [number used in the OBJ file, relocation.]
NumberOfLinenumbers: 0 x00000208 0000/line number table. The number of bank of China,
Characteristics: 0 x0000020c 60000020 [attributes (block) signs: 20000000 h, 40000000 h, 00000020 h]
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
[members] [address (RAW)] [data: RVA] [that]
Name: 0 x00000210 [data] [Name, length: 8 (16 bytes) of the ASCII.]
VirtualSize: 0 x00000218 [00002308 V (VS), the memory size (the length of the alignment before).]
VirtualAddress: 0 x0000021c [00017000 V (VO), memory migration (RVA of the block).]
SizeOfRawData: 0 x00000220 00001200 [R (RS), the file size (length) after the alignment.]
PointerToRawData: 0 x00000224 00016400 [R (RO), the file offset.]
PointerToRelocation: 0 x00000228 00000000 [in OBJ files use, relocation of deviation.]
PointerToLinenumbers: 0 x0000022c 00000000 [offset line number table, provide debugging.]
NumberOfRelocations: 0 x0000022e 0000 [number used in the OBJ file, relocation.]
NumberOfLinenumbers: 0 x00000230 0000/line number table. The number of bank of China,
Characteristics: 0 x00000234 C0000040 [attributes (block) signs: 40000000 h, 80000000 h, 00000040 h]
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
View notepadPE RVA is 0 x01a390 when the import address table, and according to the calculation formula of raw - RVA calculate 0 x019790 when raw, but found at 0 x19790 migration is not INT corresponding offset, however I use Windows 7 notepad can find corresponding migration, is this win8.1 problem?
CodePudding user response:
No specific studied these things, you see if the computer is similar to EMET software for its protection