ã€ŒPE å‹‰å¼·ä¼š (1)ã€ã«è¡Œã£ã¦ããŸ

第1回 PE勉強会完了報告 - 七誌の開発日記

å‹‰å¼·ä¼šã¨ã„ã†ã‚ˆã‚Šã‹ã¯ã€Œä¸ƒèªŒå…ˆç”Ÿã®è¬›ç¾©ã€ã£ã¦æ„Ÿã˜ã ã£ãŸã‹ãªã€‚å€‹äººçš„ã«ã¯ãƒã‚¤ãƒŠãƒªã‚¨ãƒ‡ã‚£ã‚¿ã§ç•°å¸¸å‹•ä½œã™ã‚‹ PE ã‚’ã„ã˜ã£ã¦æ£å¸¸ã«å‹•ãã‚ˆã†ã«ã™ã‚‹ã‚ãŸã‚ŠãŒ+ï¼ˆ0ï¾Ÿãƒ»âˆ€ãƒ»ï¼‰ + ï¾œï½¸ï¾ƒï½¶ +ã§ã—ãŸã€‚

é€”ä¸ã§ PE ãƒ•ã‚¡ã‚¤ãƒ«ãƒ˜ãƒƒãƒ€ã®è©±ã«ãªã£ãŸæ™‚ã«ãµã¨ã€Œã“ã® TimeDateStamp ã£ã¦ã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã®ã‚¿ã‚¤ãƒ ã‚¹ã‚¿ãƒ³ãƒ—ãŒå…¥ã‚‹ã®ï¼Ÿã€ã¨ã„ã†ã“ã¨ãŒæ°—ã«ãªã£ãŸã“ã¨ã‚’æ€ã„å‡ºã—ãŸã®ã§ã¡ã‚‡ã£ã¨è©¦ã—ã¦ã¿ãŸã€‚

typedef struct _IMAGE_FILE_HEADER {
    WORD Machine;
    WORD NumberOfSections;
    DWORD TimeDateStamp;
    DWORD PointerToSymbolTable;
    DWORD NumberOfSymbols;
    WORD SizeOfOptionalHeader;
    WORD Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

cygwin ã® gcc ã§ã‚„ã£ã¦ã¿ã‚‹ã€‚

% uname -s
CYGWIN_NT-6.1
% echo 'int main(){}' > a.c
% gcc a.c -o 1.exe
% gcc a.c -o 2.exe
% md5sum.exe 1.exe 2.exe
907129d2a56fd3777ffa725588ba9498 *1.exe
38584a31ff69bb022abf0fc87afb3a31 *2.exe

--- /dev/fd/63  (objdump.exe -afhp 1.exe)
+++ /dev/fd/62  (objdump.exe -afhp 2.exe)
@@ -1,6 +1,6 @@

-1.exe:     file format pei-i386
-1.exe
+2.exe:     file format pei-i386
+2.exe
 architecture: i386, flags 0x0000013a:
 EXEC_P, HAS_DEBUG, HAS_SYMS, HAS_LOCALS, D_PAGED
 start address 0x00401000
@@ -11,7 +11,7 @@
        line numbers stripped
        32 bit words

-Time/Date              Mon Feb 21 23:14:35 2011
+Time/Date              Mon Feb 21 23:14:38 2011
 Magic                  010b    (PE32)
 MajorLinkerVersion     2
 MinorLinkerVersion     21
@@ -33,7 +33,7 @@
 Win32Version           00000000
 SizeOfImage            0000b000
 SizeOfHeaders          00000400
-CheckSum               00007171
+CheckSum               00007174
 Subsystem              00000003        (Windows CUI)
 DllCharacteristics     00008000
 SizeOfStackReserve     00200000

ãªã‚“ã‹ CheckSum ã¨ã„ã†ã®ã‚‚~~ç‹¬è‡ª~~åˆ¥ã®ãƒ˜ãƒƒãƒ€ã«ã‚ã‚‹ãªã‚ã€‚*1 ãã‚Œã¯ã•ã¦ãŠãã€ãã‚‚ãã‚‚ä½•æ•…ã€ã“ã‚“ãªã“ã¨ãŒæ°—ã«ãªã£ãŸã‹ã¨ã„ã†ã¨ã€åŒã˜ã‚³ãƒ³ãƒ‘ã‚¤ãƒ©ãŠã‚ˆã³ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã§ã‚³ãƒ³ãƒ‘ã‚¤ãƒ«ã—ãŸãƒã‚¤ãƒŠãƒªãŒåˆè‡´ã—ãªã„ã¨ãªã‚‹ã¨ã€åŒã˜ãƒã‚¤ãƒŠãƒªã¯äºŒåº¦ã¨ã¤ãã‚Œãªã„ã¨ã„ã†ã“ã¨ã«ãªã‚‹ã®ã‹ãªã¨æ€ã£ãŸæ¬¡ç¬¬ã€‚ãƒ¡ãƒ¼ã‚«ãƒ¼ã¨ã‹ãƒ†ã‚¹ãƒˆã™ã‚‹æ™‚ã«æ‰‹é–“ã¨ã‹ã©ã†ãªã‚“ã ã‚ã¨ã‹ä½™è¨ˆãªã“ã¨ã‚’è€ƒãˆã¦ã¿ãŸã€‚

ã€è¿½è¨˜ã€‘æœ¬å½“ã«ã‚ã£ãŸã‚‰ã—ã„w

ã¡ãªã¿ã« Mac OS X ã ã¨ Mach-O ãŒãã†ã„ã†æƒ…å ±ã‚’æŒãŸãªã„ã®ã‹ã€å·®åˆ†ã¯å‡ºãªã‹ã£ãŸã€‚

% uname -s
Darwin
% echo 'int main(){}' > a.c
% gcc a.c -o 1.exe
% gcc a.c -o 2.exe
% gmd5sum a1.exe a2.exe 
dced646ad5ae2d7fbe4791a61c9bab23  a1.exe
dced646ad5ae2d7fbe4791a61c9bab23  a2.exe

Linux ã¯ã™ãã«ä½¿ãˆã‚‹ç’°å¢ƒã¯æ‰‹å…ƒã«ãªã„ã‹ã‚‰ã€æ°—ãŒå‘ã„ãŸã‚‰ã“ã“ã«è¿½è¨˜ã™ã‚‹ã€‚

ã‚ã¨ã€MacBook* ã§ã“ã®å‹‰å¼·ä¼šã«å‚åŠ ã™ã‚‹äººã¯ HugeDomains.com - LoadupDates.com is for sale (Loadup Dates) ã® mingw ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã®ã‚¯ãƒã‚¹ã‚³ãƒ³ãƒ‘ã‚¤ãƒ©ã‚’ä½¿ã†ã¨ã„ã„ã‚“ã˜ã‚ƒãªã„ã‹ãªã€‚*2

*1:EXEファイルの内部構造（PEヘッダ） (2/3)：CodeZine（コードジン）

*2:è‡ªåˆ†ã¯ VirtualBox ä¸Šã® Windows 7 ã« CygwinPorts ã‹ã‚‰ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ãŸ i686-mingw32-gcc ã‚’ä½¿ã£ã¦èª²é¡Œã‚’è§£ã„ãŸã‘ã©ã€ç´ äººã«ã¯ãŠã™ã™ã‚ã§ããªã„èŒ¨ã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã®é“ã ã¨æ€ã†ã€‚

ã„ã‘ã‚€ãƒ©ãƒ³ãƒ‰

ã¯ã¦ãƒ€ã‹ã‚‰ã‚„ã£ã¦ãã¾ã—ãŸ

ã€ŒPE å‹‰å¼·ä¼š (1)ã€ã«è¡Œã£ã¦ããŸ