有没有免费的调试软件可以让我查看编译后的 pyexe 文件的工作原理?
我想了解更多有关可执行文件的机制,但我没有汇编代码的背景。有什么程序可以用于此目的吗?我希望能够实时暂停程序并在那一刻读取其内存转储。 Windows 7 32 有类似的东西吗? Windows 7 64 怎么样?
谢谢
I am trying to learn more about the mechanics of executable files, but I have no background in assembler code. Is there any program I can use for this purpose? I would like to be able to pause a program in real time and read its memory dump at that instant. Is there anything like that for windows 7 32? What about for windows 7 64?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您想了解 PE 可执行文件的标头和内部工作原理(以及 ELF 的提及),Pyfunc 有一个很好的答案。他对大会建议的看法也是完全正确的。
至于您的反汇编程序请求,我建议使用 OllyDBG 进行即时调试,IDA Pro 用于代码分析和 PEExplorer 用于 PE(Windows 可执行文件)标头分析。不过,许多人在调试阶段更喜欢 SoftICE。
虽然这些适用于任何已编译的可执行文件或库,但以虚拟模式(跨平台位代码或解释型通用语言)运行的语言(如 Java 或 .NET Framework)的处理方式有所不同。例如,.NET 可执行文件可以通过 Reflector 之类的软件轻松分析,因为它将允许返回高级编程语言而不是调试汇编。
充分了解您正在处理的内容(编写软件的语言、I/O 操作等)将使您能够更好地辨别程序的微妙之处。您可以使用 PEiD 来帮助您进行此分析。
请记住,反汇编和逆向工程可能是非法的,具体取决于您所在的国家/地区以及您应用的软件。如果不确定,您应该始终在自己的项目或自己编译的程序中使用此类软件(从开源软件开始是一个好主意)。
Pyfunc has a good answer if you want to know the header and inner workings of PE executables (and the mention of ELF). He is also totally right about the assembly recommendation.
As for your disassembler request, I recommend OllyDBG for on-the-fly debugging, IDA Pro for code analysis and PEExplorer for PE (windows executables) headers analysis. SoftICE is prefered by many people for the debugging stage, though.
While these works for any compiled executable or library, languages running in a virtual mode (cross-platform bitcode or interpreted common language) like Java or .NET Framework are dealt differently. For example, a .NET executable would be easily analysable via a software like Reflector because it would allow to get back to the high level programming language instead of debugging assembly.
A good knowledge of what you are dealing with (language the software was written in, I/O operations, etc) will allow you to better discernate a program subtilities. You can use PEiD to help you with this analyse.
Please bear in mind that disassembly and reverse engineering can be illegal depending in which country you are and on which piece of software you apply it. If unsure, you should always use these kind of software on your own projects or programs your compiled yourself (OpenSource ones would be a good idea to begin with).
我建议你加强汇编编程。
另请阅读有关 Windows 可执行格式的信息
其他
- http://www.slideshare。 net/rety61/a-handson-introduction-to-the-elf-object-file-format
您还可以阅读以下也使用 Windows 工具的书。
像pe reader这样的工具
- http://code.google.com/p/pefile/
I would suggest that you beef up on assembly programming.
Also read about and around windows executable format
Others
- http://www.slideshare.net/rety61/a-handson-introduction-to-the-elf-object-file-format
You can also read the following book which uses windows tools too.
Tools like pe reader
- http://code.google.com/p/pefile/