PE文件和COFF文件格式分析——签名、COFF文件头和可选文件头3
《PE2》中介绍了一些可选文件头中重要的属性,为了全面起见,本文将会讲解那些不是那么重要的属性。虽然不重要,但是还是可以发现很多好玩的情况。首先看一下32位的可选文件头详细定义。(转载请指明来源于breaksoftware的CSDN博客)
Constant
Value
Description
0x0001
Reserved, must be zero.
0x0002
Reserved, must be zero.
0x0004
Reserved, must be zero.
0x0008
Reserved, must be zero.
IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE
0x0040
DLL can be relocated at load time.
IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY
0x0080
Code Integrity checks are enforced.
IMAGE_DLL_CHARACTERISTICS_NX_COMPAT
0x0100
Image is NX compatible.
IMAGE_DLLCHARACTERISTICS_ NO_ISOLATION
0x0200
Isolation aware, but do not isolate the image.
IMAGE_DLLCHARACTERISTICS_ NO_SEH
0x0400
Does not use structured exception (SE) handling. No SE handler may be called in this image.
IMAGE_DLLCHARACTERISTICS_ NO_BIND
0x0800
Do not bind the image.
0x1000
Reserved, must be zero.
IMAGE_DLLCHARACTERISTICS_ WDM_DRIVER
0x2000
A WDM driver.
IMAGE_DLLCHARACTERISTICS_ TERMINAL_SERVER_AWARE
0x8000
Terminal Server aware.
MAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE是说Dll可以在加载时被重定向,我发现我电脑上文件SDKDBLib.dll是特例,它没有设置这个属性,这个文件也没有设置IMAGE_DLLCHARACTERISTICS_ NO_SEH,即该文件不使用SEH。
