Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Microsoft Utilities: Edidbin - Exe

    Enviado por

    velufun
    28 visualizações4 páginas
    Edit Bins

    Título original

    Edit Bins

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Edit Bins

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    28 visualizações4 páginas

    Microsoft Utilities: Edidbin - Exe

    Enviado por

    velufun
    Edit Bins

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 4

    Microsoft Utilities

    EDIDBIN.EXE
    This program has a promising name . Nevertheless, it hardly deserves to be called an editor. Its main goal
    is to convert object files in the OMF format into the COFF format. In addition, this utility allows for
    changing some other attributes of executable and object modules. If you specify the name of the object
    module in its command line, then, if that module is in the OMF format, it will be converted into the COFF
    format. Consider the command-line options of this program. They can be applied to both executable and
    object modules.
    /BIND Allows you to specify the paths to dynamic link libraries (DLLs) that use this executable
    module. For example: EDITBIN/BIND: PATH =c:\edit;d:\dll EDIT.EXE .
    /HEAP Specifies the heap size in bytes. For example: EDITBIN/HEAP: 100000,100000 (see the
    LINK.EXE options).
    /LARGEADDRESSAWARE Specifies that the application operates with addresses larger than 2 GB.
    /NOLOGO Suppresses the output of information about the program.
    /REBASE Sets the module's base address. By default, the base address for an executable module is
    equal to 400000H, and for DLLs, it is 10000000H.
    /RELEASE Sets the checksum in the header of the executable module.
    /SECTION Changes the attributes of the sections of the executable module. The full format of this
    option is as follows :
    /SECTION:name[=newname][,attributes][,alignment]

    Table 22.1: Attribute values


    Attri bute

    V al ue

    Code

    Discardable

    Executable

    Initialized data

    Cached virtual memory

    Link remove

    Link information

    Paged virtual memory

    Read

    Shared

    Uninitialized data

    Write

    Table 22.2: The value of the alignment option


    Opti on

    Al i gnment (i n bytes )

    16

    32

    64

    No alignment
    /STACK Changes the value required for the executable module's stack. For example: EDITBIN
    /STACK:10000,10000 EDIT.EXE .
    /SUBSYSTEM Redefines the subsystem, in which this program operates. For example, if the program
    has been translated with the /SUBSYSTEM: WINDOWS option, this setting can be changed without
    recompiling: EDITBIN /SUBSYSTEM: CONSOLE EDIT.EXE .
    /SWAPRUN Sets the "move to swap file" attribute for the executable module.
    /VERSION Sets the version for the executable module.
    /WS (/WS: AGGRESSIVE) Sets the AGGRESSIVE attribute, which is used by operating systems of the
    Windows NT family.

    This utility is useful for quickly changing attributes of executable and object modules.

    DUMPBIN.EXE
    This program is mainly used for the investigation of executable and object modules in the COFF format. It
    outputs information to the current console. The command-line options of this program are as follows:

    /ALL Outputs all available information about the module except the Assembly code.
    /ARCH Outputs information about the .arch section of the module header.
    /ARCHIVEMEMBERS Outputs minimal information about the elements of the object library.
    /DEPENDENTS Outputs the names of DLLs, from which the module imports functions.
    /DIRECTIVES Outputs the contents of the .drectve section created by the compiler (only for object
    modules).
    /DISASM Disassembles the contents of module sections using symbolic information (if present).
    /EXPORTS Outputs the names exported by the module.
    /HEADER Outputs headers of the module and all its sections. In the case of an object library, it outputs
    the headers of all object modules that make up that library.
    /IMPORTS Outputs the names imported by this module.
    /LINENUMBERS Outputs the line numbers of the object module (if it contains numbered lines).
    /LINKERMEMBER[: {112}] Outputs all names defined as public in the object library.
    /LINKERMEMBER:1 Outputs in the order, in which object modules follow each other in the library.
    /LINKERMEMBER:2 First outputs the offset and the index of object modules, then outputs an
    alphabetically sorted list of names for each module.
    /LINKERMEMBER Combines options 1 and 2.
    /OUT Specifies the data that should be output to the file (i.e., /OUT:ED.TXT ) instead of to a console.
    /PDATA Outputs the contents of exception tables.
    /RAWDATA Outputs the dump of each file section. This option has the following
    variants:/RAWDATA:BYTE, /RAWDATA:SHORTS, /RAWDATA:LONGS, /RAWDATA:NONE ,
    and /RAWDATA:, number. Here, number defines the length of the output strings.
    /SUMMARY Outputs minimal information about sections.
    /SYMBOLS Outputs the symbols table of the COFF file.
    This program is a powerful disassembling tool. Suppose that the program name is PROG.ASM. Translate
    this program as follows:
    ml /c /coff /Zi /Zd prog.asm link /debug /subsystem:windows prog.obj

    In this case, in addition to the executable module PROG.EXE, another file, PROG.PDB, will appear. This file
    will contain the debug information. Now, issue the command DUMPBIN /DISASM /OUT:PROG.TXT
    PROG.EXE . As a result, you'll get the disassembled code, practically identical to the source code of the
    program. Part of this code is presented in Listing 22.1.
    Listing 22.1: Fragment of the disassembled code

    _START: 0040101C: 6AO0 PUSH 0 0040101E: E843020000 CALL _GetModuleHandleA@4 00401023:


    A344404000 MOV [00404044],eax 00401028: C7051C404000 MOV DWORD PTR DS:[40401Ch],
    4003h 03400000 00401032: C70520404000 MOV DWORD PTR DS: [404020h], offset
    @ILT+0(_WNDPROC@0) 05104000 0040103C: C70524404000 MOV DWORD PTR DS:[404024h], 0
    00000000 00401046: C70528404000 MOV DWORD PTR DS:[404028h], 0 00000000 00401050:
    A144404000 MOV EAX, .[00404044] 00401055: A32C404000 MOV [0040402C], EAX 0040105A:

    68007F0000 PUSH 7F00h 0040105F: 6A00 PUSH 0 00401061: E8D6010000 CALL _LoadIconA@8
    00401066: A330404000 MOV [00404030], EAX 0040106B: 68037F0000 PUSH 7F03h 00401070:
    6A00 PUSH 0 00401072: E8BF010000 CALL _LoadCursorA@8

    As you can see, this is a transparent code that is practically no different from normal code written in
    Assembly language. Near the end of the file, interesting information can be found. Here is the fragment:
    LoadIconA@8: 0040123C: FF2510514000 JMP DWORD PTR [__IMP__LoadIconA@8]

    When a function is called, for example, _LoadIconA@8 , the jump is carried out to the address of the
    following command:
    JMP DWORD PTR [__IMP__LoadIconA@8].

    Because of this, you can declare _imp__LoadIconA@8 instead of LoadIcon@8 , which will somewhat
    improve the performance of your program. I didn't mention this possibility before because of two reasons:
    The performance gain achieved using this approach is minimal.
    TASM32 does everything in a slightly different manner. This topic is covered in more detail later in this
    chapter.

    Você também pode gostar