PE文件格式研究及PEDUMP的實現(xiàn)

摘 要

PE文件格式是可在Windows NT, windows 95和WIN32操作系統(tǒng)下可可執(zhí)行的2進制格式。
本文介紹了系統(tǒng)的開發(fā)環(huán)境及環(huán)境配置和系統(tǒng)分析、總體設計，比較全面地介紹了本系統(tǒng)的`相關知識。最后，分析了設計的原程序，針對大部分代碼給出了比較詳細的文字解釋說明。并且詳細介紹PE文件格式，包含文件頭、節(jié)表、節(jié)、資源目錄、資源等等。研究如何用程序對各部分的內容進行讀取分析顯示，甚至對原PE文件的內容進行可行的修改、導入導出等功能。并實現(xiàn)對分析結果的文本導出保存。
此軟件使用DELPHI在Windows系統(tǒng)下開發(fā)完成。

關鍵詞 ：Windous NT; window 95; win32; Delphi; PE文件格式

Abstract

The PE ("portable executable") file format is the format of executable binaries (DLLs and programs) for MS windows NT, windows 95 and win32s.
This text introduces the development environment and environments of the system to install, carrying on the system analysis, total design immediately after, introducing related knowledge of this system more and completely.The end, the original procedure that analyzed the design, aims at big and parts of codes to the more detailed writing to explain the elucidation. This article introduced the PE format,include DOS ”MZ” Header, Dos stub, NTHeader,Section Table,Section,Resource directory,Resource,etc.Study how to read all parts of PE format files and displayed it in our program,even do some change to that PE format file and rewrite into it,also can read out one part of it and save it as another file,Study how to put a TXT file for the result.
This software named Pedump was programed by Delphi,run in windows.

Keywords： Windous NT; window 95; win32; Delphi; PE file format