新版PING EXE源码分析指导书.doc

PAGE 天天快乐 PING.EXE十六进制源码分析 车生兵 著 中南林业科技大学计算机与信息工程学院 2010年10月18日 目录 1 ping.exe十六进制源码…3 2 ping.exe源码数据分析…………………………………………………………………………………………7 1、源码结构…………………………………………………………………………………………………7 2、DOS头结点………………………………………………………………………………………………7 3、DOS文件体……………7 4、PE头结点…8 4.1 PE头结点结构8 4.2 PE可选头部10 4.3数据目录……………………………………………………………….…………………….13 5 PE文件段15 6、ping.exe加载后的内存数据映像18 3 Ping.exe的实现与原理分析24 4.1 常用数据结构24 4.2 ping.asm源程序分析27 4.3、_ConsoleInit.asm分析35 4.4、_CmdLine.asm分析37 4.5、_CalcCheckSum.asm分析41 4.6、测试结果举例43 1 ping.exe十六进制源码 在文件存储空间中，ping.exe十六进制源码示例如下： ;header 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ?.. B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ?@ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 ?.. 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ..?.???L?Th 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 mode$ A3 19 CD DB E7 78 A3 88 E7 78 A3 88 E7 78 A3 88 ?哇鐇鐇鐇 E7 78 A3 88 FA 78 A3 88 84 5A 89 88 E6 78 A3 88 鐇鷛刏増鎥 000000A0 52 69 63 68 E7 78 A3 88 00 00 00 00 00 00 00 00 Rich鐇 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000C0 50 45 00 00 4C 01 03 00 C4 46 FA 3C 00 00 00 00 PE..L...腇? 000000D0 00 00 00 00 E0 00 0F 01 0B 01 05 0C 00 06 00 00 ? 000000E0 00 0A 01 00 00 00 00 00 14 15 00 00 00 10 00 00 000000F0 00 20 00 00 00 00 40 00 00 10 00 00 00 02 00 00 . @ 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 03 00 00 00 .@ 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 20 00 00 50 00 00 00 00 00 00 00 00 00 00 00 d ..P