C++ 使用位运算符的PE文件格式指针
我想知道这些代码背后的数学原理。处理指针。有人能教我在if语句中使用+运算符和&位运算符进行数学运算吗?我只是不太明白C++ 使用位运算符的PE文件格式指针,c++,c,file,assembly,portable-executable,C++,C,File,Assembly,Portable Executable,我想知道这些代码背后的数学原理。处理指针。有人能教我在if语句中使用+运算符和&位运算符进行数学运算吗?我只是不太明白 // check signatures -- must be a PE pDosHeader = (PIMAGE_DOS_HEADER)hMap; if(pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) goto cleanup; pNtHeaders = (PIMAGE_NT_HEADERS)((DWOR
// check signatures -- must be a PE
pDosHeader = (PIMAGE_DOS_HEADER)hMap;
if(pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) goto cleanup;
pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)hMap + pDosHeader->e_lfanew);
if(pNtHeaders->Signature != IMAGE_NT_SIGNATURE) goto cleanup;
// Not dll
if (pNtHeaders->FileHeader.Characteristics & IMAGE_FILE_DLL
&& pNtHeaders->FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) goto cleanup;
// get last section's header...
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)hMap + pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS));
pSection = pSectionHeader;
pSection += (pNtHeaders->FileHeader.NumberOfSections - 1);
+运算符只是一个算术加号。当使用指针时,C和C++中指针的类型变得更清晰了——它不仅向地址添加字节,而且增加了它指向的任何类型的大小。p> 例如,如果我们有:
struct stuff x;
struct stuff *p = &x; /* p now points at x */
p = p + 1;
/* the address at p has been incremented by the sizeof(struct stuff),
and is pointing at the next struct stuff in memeory */
unsigned int b = 99; /* 99 is binary 01100011 */
unsigned int w = b & 6; /* 6 is binary 00000110 */
/* w is now 2 2 is binary 00000010 */
在您的示例代码中,它似乎用于测试结构成员中是否设置了位掩码IMAGE\u FILE\u DLL和IMAGE\u FILE\u EXECUTABLE\u IMAGE。Ya,我在规范中注意到这些值:0000 0000 0000 0000 0010(IMAGE\u FILE\u EXECUTABLE\u IMAGE)0000 0000 0010 0000 0000 0000(IMAGE\u FILE\u DLL)--------------------------------------+1和侧栏,在执行指针差分时,情况正好相反(很少提及)。如果相同类型的两个指针差分(相减),即
size\u t n=(p-q)