//
// Headers
// ram:00400000-ram:004003ff
//
assume DF = 0x0 (Default)
IMAGE_DOS_HEADER_00400000 XREF[6]: 0040011c(*),
FUN_00401885:0040195d(*),
FUN_00403f05:00403f1d(*),
FUN_00403f05:00403f32(*),
FUN_00403f67:00403f7f(*),
FUN_00403f67:00403f94(*)
00400000 4d 5a 90 IMAGE_DO
00 03 00
00 00 04
00400000 4d 5a char[2] "MZ" e_magic XREF[6]: 0040011c(*),
FUN_00401885:0040195d(*),
FUN_00403f05:00403f1d(*),
FUN_00403f05:00403f32(*),
FUN_00403f67:00403f7f(*),
FUN_00403f67:00403f94(*)
00400000 [0] 'M', 'Z'
00400002 90 00 dw 90h e_cblp Bytes of last page
00400004 03 00 dw 3h e_cp Pages in file
00400006 00 00 dw 0h e_crlc Relocations
00400008 04 00 dw 4h e_cparhdr Size of header in
0040000a 00 00 dw 0h e_minalloc Minimum extra para
0040000c ff ff dw FFFFh e_maxalloc Maximum extra para
0040000e 00 00 dw 0h e_ss Initial (relative)
00400010 b8 00 dw B8h e_sp Initial SP value
00400012 00 00 dw 0h e_csum Checksum
00400014 00 00 dw 0h e_ip Initial IP value
00400016 00 00 dw 0h e_cs Initial (relative)
00400018 40 00 dw 40h e_lfarlc File address of re
0040001a 00 00 dw 0h e_ovno Overlay number
0040001c 00 00 00 00 00 dw[4] e_res[4] Reserved words
00 00 00
00400024 00 00 dw 0h e_oemid OEM identifier (fo
00400026 00 00 dw 0h e_oeminfo OEM information; e
00400028 00 00 00 00 00 dw[10] e_res2[10] Reserved words
00 00 00 00 00
00 00 00 00 00
0040003c e8 00 00 00 ddw E8h e_lfanew File address of ne
00400040 0e 1f ba 0e 00 db[64] e_program Actual DOS program
b4 09 cd 21 b8
01 4c cd 21 54
最新の画像[もっと見る]
