dos下的可执行文件头!谁知道!请告诉我!我要!我想知道它的数据结构! 问题点数:20、回复次数:4Top
scrolling="no" frameborder="0" src="http://topic.csdn.net/Include/Board.htm?Tags=文件,word,执行,program,文件头,dw,relocation,映象,exeheader,pgm">
1 楼awinder(风)回复于 2002-07-17 21:31:27 得分 5
.EXE - DOS EXE File Structure Offset Size Description 00 word "MZ" - Link file .EXE signature (Mark Zbikowski?) 02 word length of image mod 512 04 word size of file in 512 byte pages 06 word number of relocation items following header 08 word size of header in 16 byte paragraphs, used to locate the beginning of the load module 0A word min # of paragraphs needed to run program 0C word max # of paragraphs the program would like 0E word offset in load module of stack segment (in paras) 10 word initial SP value to be loaded 12 word negative checksum of pgm used while by EXEC loads pgm 14 word program entry point, (initial IP value) 16 word offset in load module of the code segment (in paras) 18 word offset in .EXE file of first relocation item 1A word overlay number (0 for root program) - relocation table and the program load module follow the header - relocation entries are 32 bit values representing the offset into the load module needing patched - once the relocatable item is found, the CS register is added to the value found at the calculated offset Registers at load time of the EXE file are as follows: AX: contains number of characters in command tail, or 0 BX:CX 32 bit value indicating the load module memory size DX zero SS:SP set to stack segment if defined else, SS = CS and SP=FFFFh or top of memory. DS set to segment address of EXE header ES set to segment address of EXE header CS:IP far address of program entry point, (label on "END" statement of program)Top
2 楼wowocock(机器猫)回复于 2002-07-18 21:53:55 得分 15
Dos exe file structure
offset size description
00 word "mz" - link file .exe signature (mark zbikowski?)
02 word length of image mod 512
04 word size of file in 512 byte pages
06 word number of relocation items following header
08 word size of header in 16 byte paragraphs, used to locate
the beginning of the load module
0a word min # of paragraphs needed to run program
0c word max # of paragraphs the program would like
0e word offset in load module of stack segment (in paras)
10 word initial sp value to be loaded
12 word negative checksum of pgm used while by exec loads pgm
14 word program entry point, (initial ip value)
16 word offset in load module of the code segment (in paras)
18 word offset in .exe file of first relocation item
1a word overlay number (0 for root program)
- relocation table and the program load module follow the header
- relocation entries are 32 bit values representing the offset
into the load module needing patched
- once the relocatable item is found, the cs register is added to
the value found at the calculated offset
registers at load time of the exe file are as follows:
ax: contains number of characters in command tail, or 0
bx:cx 32 bit value indicating the load module memory size
dx zero
ss:sp set to stack segment if defined else, ss = cs and
sp=ffffh or top of memory.
ds set to segment address of exe header
es set to segment address of exe header
cs:ip far address of program entry point, (label on "end"
statement of program).
EXE文件包含一个文件头和一个可重定位程序映象.文件头包含MS-DOS
用于加载程序的信息,例如程序的大小和寄存器的初始值.文件头还指向一个
重定位表,该表包含指向程序映象中可重定位段地址的指针链表.文件头的形
式与EXEHEADER结构对应:
EXEHEADER STRUC
exSignature dw 5A4Dh ;.EXE标志
exExraBytes dw ? ;最后(部分)页中的字节数
exPages dw ? ;文件中的全部和部分页数
exRelocItems dw ? ;重定位表中的指针数
exHeaderSize dw ? ;以字节为单位的文件头大小
exMinAlloc dw ? ;最小分配大小
exMaxAlloc dw ? ;最大分配大小
exInitSS dw ? ;初始SS值
exInitSP dw ? ;初始SP值
exChechSum dw ? ;补码校验值
exInitIP dw ? ;初始IP值
exInitCS dw ? ;初始CS值
exRelocTable dw ? ;重定位表的字节偏移量
exOverlay dw ? ;覆盖号
EXEHEADER ENDS
程序映象,包含处理器代码和程序的初始数据,紧接在文件头之后.它的
大小,以字节为单位,等于.EXE文件的大小减去文件头的大小,也等于exHeaderSize
的域的值乘以16.MS-DOS通过把该映象直接从文件拷贝到内存加载.EXE程序
然后调整定位表中说明的可重定位段地址.
定位表是一个重定位指针数组,每个指向程序映象中的可重定位段地址. 文件头中的exRelocItems域说明了数组中指针的个数,exRelocTable域说明了 分配表的起始文件偏移量.每个重定位指针由两个16位值组成:偏移量和段值. 为加载.EXE程序,MS-DOS首先读文件头以确定.EXE标志并计算程序映象的 大小,然后它试图申请内存.首先,它计算程序映象文件的大小加上PSP的大小 再加上EXEHEADER结构中的exMinAlloc域说明的内存大小这三者之和,如果总 和超过最大可用内存块的大小,则MS-DOS停止加载程序并返回一个出错值.否 则,它计算程序映象的大小加上PSP的大小再加上EXEHEADER结构中exMaxAlloc 域说明的内存大小之和,如果第二个总和小于最大可用内存块的大小,则MS-DOS 分配计算得到的内存量.否则,它分配最大可用内存块. 分配完内存后,MS-DOS确定段地址;也称为起始段地址,MS-DOS从此处加载 程序映象.如果exMinAlloc域和exMaxAlloc域中的值都为零,则MS-DOS把映象 尽可能地加载到内存最高端.否则,它把映象加载到紧挨着PSP域之上. 接下来,MS-DOS读取重定位表中的项目调整所有由可重定位指针说明的段 地址.对于重定位表中的每个指针,MS-DOS寻找程序映象中相应的可重定位段 地址,并把起始段地址加到它之上.一旦调整完毕,段地址便指向了内存中被加 载程序的代码和数据段. MS-DOS在所分配内存的最低部分建造256字节的PSP,把AL和AH设置为加载 .COM程序时所设置的值.MS-DOS使用文件头中的值设置SP与SS,调整SS初始值, 把起始地址加到它之上.MS-DOS还把ES和DS设置为PSP的段地址. 最后,MS-DOS从程序文件头读取CS和IP的初始值,把起始段地址加到CS之 上,把控制转移到位于调整后地址处的程序.
