Windows 系統內的 PE 工具函式

研究 Microsoft PE(Portable Excutable) Format 時,倘若需要寫一些Tools 來hack 時,在Windows 9x 下可以使用Imagehlp.dll 內的一些函式,而Windows 2000 開始則建議改用 Dbghelp.dll。詳細內容參閱 MSDN
 
底下轉自 MSDN 的內容

Platform SDK: Debugging and Error Handling

Image Help Library

This overview describes the function set provided by the ImageHlp DLL. These functions allow you to work with a portable executable (PE) image.

Warning  Starting with Windows 2000, you can no longer redistribute the ImageHlp DLL that is included with the operating system. A subset of the functions have been moved to a DLL that is redistributable. Existing applications will continue to work because ImageHlp uses forwarders to call into the new DLL. However, these applications should be modified to use the new DLL. For more information, see Debug Help Library.


看到上面的警告標語自Windows 2000起, 將不能依賴ImageHelp,應改用DbgHelp.dll,下面是 Debug Help Library 的 MSDN 內容


Platform SDK: Debugging and Error Handling

Debug Help Library

This overview describes the function set provided by the debug help library, DbgHelp. It contains a set a debugging support routines that allow you to work with executable images in the portable executable (PE) format.

The DbgHelp documentation is as follows:

For a description of the PE format, download the specification from the following location: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx. For more information on DIA, see the Debug Interface Access SDK in the Visual Studio .NET documentation.

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s

%d 位部落客按了讚: