Java PE标题要求

PE文件（PE/COFF）的要求是什么？为使其能够在Windows上“运行”，应至少设置哪些字段、哪个值（即执行“ret”指令，然后关闭，无误）

我首先构建的库是链接器：现在，我的问题是PE文件（PE/COFF）在PE文件可以在我的平台上实际执行之前，我不知道它需要什么。我的测试平台是Vista。当我通过双击执行时，会收到一条错误消息，说“这不是有效的Win32可执行文件。”，当使用CLI cmd执行时，会收到一条“拒绝访问”的消息。我有两个部分，.text和.data

我已经实现了一些在线文档（即MSDN和其他一些第三方文档）提供的PE头。如果我使用十六进制编辑器，它看起来几乎像一个普通的PE文件。我不使用任何导入、IAT或PE头中的任何目录

编辑：我添加了一个导入表，但仍然不是有效的.exe文件，我的Windows说。我尝试使用的值也在最小PE文件指南中提到。不走运。实际上，我似乎唯一搞不清楚的是什么是必需的，什么不是。一些导游告诉我一切都是必需的，而另一些人则说去润滑：可以是零

我希望这是足够的信息。提前谢谢你

---

当前PE标头的原始数据（根据要求）：

4D 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 50 45 00 00 4C 01 02 00 C8 7A 55 4B 00 00 00 00 00 00 00 00 E0 00 82 01 0B 01 0D 25 00 10 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 0B 00 00 00 00 00 03 00 0A 00 00 00 00 00 00 22 00 00 38 01 00 00 00 00 00 00 03 00 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 40 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 00 00 00 00 00 10 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2E 69 64 61 74 61 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 20 00 00 00 00 00 00 00 00 00 00 24 20 00 00 34 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 01 00 00 80 00 00 00 00 01 00 00 80 00 00 00 00

---

Microsoft PE/COFF规范是我所知的唯一规范。

将粘贴复制到十六进制编辑器中是一件非常痛苦的事情，因此不幸的是，我不能马上说任何太聪明的东西

PE文件中需要注意的事项： 确保您的DOS标头有效。 确保IMAGE\u OPTIONAL\u头的格式正确，因为不管它的名称如何，Windows都不希望它不能正确执行

有关MS格式以外的更多信息，请参阅lookup，这是我所知道的关于PE格式的最好的自制指南之一

---

如果您可以只发布字节，我可以尝试将其放在我自己的PE解析器中，看看是否可以提供更多帮助。

这可能会引起兴趣：特别是，它提到Win2k加载程序需要导入KERNEL32.DLL，因此这可能值得研究。

您可以尝试像.NET 2.0 IL Assembler这样的书。本书有一整章专门介绍PE格式的可执行文件是什么样子的（以及.Net PE是什么样子的）

您还可以尝试使用PE文件读取器加载PE文件并检查结果。 如果PE阅读器与您的PE发生冲突，那么您有一个指向失败原因的指针

这是我写的一篇文章。还有一个GUI（带有源代码）使用它

---

源代码是完全开放的（不受GPL限制），因此您可以使用它做任何您想做的事情（除了对其施加GPL，这会阻止它完全开放），包括关闭您的版本。

您尝试执行的操作取决于您使用的Windows版本。例如，在Windows 2000上读取PE文件的方式与Windows 7读取PE文件的方式不同。我是一个OSX用户，但在我拥有的Windows7上，我无法以Windows2000和更早版本的方式操作PE文件。我还没有测试过XP或Vista（或2000和Win7之间的其他版本），以了解Windows何时开始以不同的方式阅读PE。在Windows 7上，MS-DOS标头和存根中的每一位内存都将被忽略。唯一重要的两个部分是“幻数”（一个等于“MZ”的单词）和PE偏移量，这是一个DWORD，用于定义PE头在内存中的位置。我不确定Windows是否100%地忽略MS-DOS头和存根中的所有其他值，但不包括我刚才提到的两个值，如果所有其他值都设置为0，有效的可执行程序将正常运行

在Windows 2000和更早的版本中，我不知道我上面提到的是否正确，但当时允许您修改MS-DOS存根的长度（或者删除它），前提是PE偏移量值仍然指向内存中查找PE头的正确位置。在Windows 7上，如果您修改了MS-DOS存根的长度，即使PE Offset指向正确的修改位置，Windows也不会运行exe并声称它不是有效的Win32应用程序

4D 5A00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 008000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

这是PE文件的MS-DOS部分在Windows 7上所能拥有的最小值，同时仍然具有有效的可执行文件。这一点不能缩短

---

希望这能澄清一些问题。

您当前的标题基于什么？你读过微软的PE/COFF规范（）吗？当这个项目完成后，我会对它感兴趣。离题：实际上我正在开发一种编程语言。我想以Win32为目标。我使用Java，因为它是一种很好的“宏语言”，也就是说，我只使用Java.io和Java.nio。这很有趣，但我还是被这个问题困扰着。我也在做同样的事情！我也在开发一种输出PE文件的语言，但它还处于初级阶段。我知道的不多，但mingw的objdump在二进制文件上报告“无法识别文件格式”。我使用了该指南（如“第三方”）来构建我的实现。我将立即更新它，只包含字节。不幸的是，我不知道到底是什么错误。我进一步检查这一点的第一个想法是使用已知的“正确”程序（如visual studio）创建相同的程序，并使用十六进制编辑器比较输出