dumpbin的命令

大家好，又见面了，我是你们的朋友全栈君。1 所有的命令

用法: DUMPBIN [选项] [文件]

   选项:

      /ALL

      /ARCHIVEMEMBERS

      /CLRHEADER

      /DEPENDENTS

      /DIRECTIVES

      /DISASM[:{BYTES|NOBYTES}]

      /ERRORREPORT:{NONE|PROMPT|QUEUE|SEND}

      /EXPORTS

      /FPO

      /HEADERS

      /IMPORTS[:文件名]

      /LINENUMBERS

      /LINKERMEMBER[:{1|2}]

      /LOADCONFIG

      /OUT:文件名

      /PDATA

      /PDBPATH[:VERBOSE]

      /RANGE:vaMin[,vaMax]

      /RAWDATA[:{NONE|1|2|4|8}[,#]]

      /RELOCATIONS

      /SECTION:名称

      /SUMMARY

      /SYMBOLS

      /TLS

      /UNWINDINFO

<1> ALL 

解释：显示除了反汇编代码外的所有可用信息

<2> ARCHIVEMEMBERS 

解释：此选项显示有关库成员的最少信息

测试文件如下所示：

Dump of file CConsoleDll.dll

File Type: DLL

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<3> CLRHEADER

CLRHEADER显示有关在任何托管程序中使用的关于.NET Header的信息。输出显示.NET Header所处的位置和大小(以字节为单位)，以及

Header中的段（Sections）

<4> DIRECTIVES

解释：This option dumps the compiler-generated .drective section of an image.

这个选项导出编译器产生的镜像的.drective段。

这里的image指代的什么，不是很明白，但是猜测不应该是图像，也不应该是镜像，或许指的就是dll，exe等。

<5> DEPENDENTS

解释：Dumps the names of the DLLs from which the image imports functions. Does not dump the names of the imported functions.

导出镜像从哪导入函数的Dlls，不是导出导入函数的名字

Dump of file CConsoleDll.dll

File Type: DLL

  Image has the following dependencies:

    MSVCR100D.dll

    KERNEL32.dll

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<6> DISASM

解释：This option displays disassembly of code sections, using symbols if present in the file.

/DISASM should only be used on native (not managed) images.

这个选项展示代码段的反汇编 如果呈现在文件中就用符号。/DISASM 只能用在本地代码，而不是托管代码。

<7> ERRORREPORT

解释：If dumpbin.exe fails at runtime, you can use /ERRORREPORT to send information to Microsoft about these internal errors.

如果dumpbin在运行的时候出现错误，那么就用 /ERRORREPORT 导出错误信息

<8> EXPORTS

解释：This option displays all definitions exported from an executable file or DLL.

这个选项展示exe或者dll中导出的所有定义的东西。

Dump of file CConsoleDll.dll

File Type: DLL

  Section contains the following exports for CConsoleDll.dll

    00000000 characteristics

    539426F1 time date stamp Sun Jun 08 17:03:45 2014

        0.00 version

           1 ordinal base

           4 number of functions

           4 number of names

    ordinal hint RVA      name

          1    0 00011131 ??4Math@@QAEAAV0@ABV0@@Z

          2    1 00011005 ?add@Math@@SAHHH@Z

          3    2 0001111D ?mul@Math@@SAHHH@Z

          4    3 00011069 ?sub@Math@@SAHHH@Z

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<9> FPO

解释：This option displays frame pointer optimization (FPO) records.

这个选项显示框架指针优化的记录

<10>  HEADERS

解释：This option displays the file header and the header for each section. When used with a library, it displays the header for each member object.

这个选项用来显示文件头，以及 各个段的头。当用library的时候，它显示每个成员对象的头。

例如：

Dump of file CConsoleDll.dll

PE signature found

File Type: DLL

FILE HEADER VALUES

             14C machine (x86)

               7 number of sections

        539426F1 time date stamp Sun Jun 08 17:03:45 2014

               0 file pointer to symbol table

               0 number of symbols

              E0 size of optional header

            2102 characteristics

                   Executable

                   32 bit word machine

                   DLL

OPTIONAL HEADER VALUES

             10B magic # (PE32)

           10.00 linker version

            3600 size of code

            3600 size of initialized data

               0 size of uninitialized data

           110D2 entry point (100110D2)

            1000 base of code

            1000 base of data

        10000000 image base (10000000 to 1001AFFF)

            1000 section alignment

             200 file alignment

            5.01 operating system version

            0.00 image version

            5.01 subsystem version

               0 Win32 version

           1B000 size of image

             400 size of headers

               0 checksum

               2 subsystem (Windows GUI)

             140 DLL characteristics

                   Dynamic base

                   NX compatible

          100000 size of stack reserve

            1000 size of stack commit

          100000 size of heap reserve

            1000 size of heap commit

               0 loader flags

              10 number of directories

           16950 [     1D5] RVA [size] of Export Directory

           18000 [      3C] RVA [size] of Import Directory

           19000 [     459] RVA [size] of Resource Directory

               0 [       0] RVA [size] of Exception Directory

               0 [       0] RVA [size] of Certificates Directory

           1A000 [     2A8] RVA [size] of Base Relocation Directory

           15520 [      1C] RVA [size] of Debug Directory

               0 [       0] RVA [size] of Architecture Directory

               0 [       0] RVA [size] of Global Pointer Directory

               0 [       0] RVA [size] of Thread Storage Directory

               0 [       0] RVA [size] of Load Configuration Directory

               0 [       0] RVA [size] of Bound Import Directory

           18174 [     138] RVA [size] of Import Address Table Directory

               0 [       0] RVA [size] of Delay Import Directory

               0 [       0] RVA [size] of COM Descriptor Directory

               0 [       0] RVA [size] of Reserved Directory

SECTION HEADER #1

.textbss name

   10000 virtual size

    1000 virtual address (10001000 to 10010FFF)

       0 size of raw data

       0 file pointer to raw data

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

E00000A0 flags

         Code

         Uninitialized Data

         Execute Read Write

SECTION HEADER #2

   .text name

    353A virtual size

   11000 virtual address (10011000 to 10014539)

    3600 size of raw data

     400 file pointer to raw data (00000400 to 000039FF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

60000020 flags

         Code

         Execute Read

SECTION HEADER #3

  .rdata name

    1B25 virtual size

   15000 virtual address (10015000 to 10016B24)

    1C00 size of raw data

    3A00 file pointer to raw data (00003A00 to 000055FF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

40000040 flags

         Initialized Data

         Read Only

  Debug Directories

        Time Type       Size      RVA  Pointer

    ——– —— ——– ——– ——–

    539426F1 cv           42 00016014     4A14    Format: RSDS, {65C8A361-D22F-4152-8FCF-341CD543DC92}, 2, F:\code\CConsoleDll\Debug\CConsoleDll.pdb

SECTION HEADER #4

   .data name

     558 virtual size

   17000 virtual address (10017000 to 10017557)

     200 size of raw data

    5600 file pointer to raw data (00005600 to 000057FF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

C0000040 flags

         Initialized Data

         Read Write

SECTION HEADER #5

  .idata name

     792 virtual size

   18000 virtual address (10018000 to 10018791)

     800 size of raw data

    5800 file pointer to raw data (00005800 to 00005FFF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

C0000040 flags

         Initialized Data

         Read Write

SECTION HEADER #6

   .rsrc name

     459 virtual size

   19000 virtual address (10019000 to 10019458)

     600 size of raw data

    6000 file pointer to raw data (00006000 to 000065FF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

40000040 flags

         Initialized Data

         Read Only

SECTION HEADER #7

  .reloc name

     437 virtual size

   1A000 virtual address (1001A000 to 1001A436)

     600 size of raw data

    6600 file pointer to raw data (00006600 to 00006BFF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

42000040 flags

         Initialized Data

         Discardable

         Read Only

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<11> IMPORTS

解释：This option displays the list of DLLs (both statically linked and delay loaded) that are imported to an executable file or DLL and all the individual imports from each of these DLLs.

这个选项展示exe或者dll中导入的dlls，以及他们所用到的函数

Dump of file CConsoleDll.dll

File Type: DLL

  Section contains the following imports:

    MSVCR100D.dll

              10018228 Import Address Table

              100180F0 Import Name Table

                     0 time date stamp

                     0 Index of first forwarder reference

                  22D _crt_debugger_hook

                  581 _wsplitpath_s

                  675 wcscpy_s

                  55F _wmakepath_s

                  254 _except_handler4_common

                  402 _onexit

                  35A _lock

                  17D __dllonexit

                  4C8 _unlock

                  175 __clean_type_info_names_internal

                  153 __CppXcptFilter

                  1F2 _amsg_exit

                  2EA _initterm_e

                  2E9 _initterm

                  137 _CrtSetCheckCount

                  24C _encoded_null

                  287 _free_dbg

                  36C _malloc_dbg

                  121 _CRT_RTC_INITW

    KERNEL32.dll

              10018174 Import Address Table

              1001803C Import Name Table

                     0 time date stamp

                     0 Index of first forwarder reference

                  3A7 QueryPerformanceCounter

                  4A5 SetUnhandledExceptionFilter

                  4D3 UnhandledExceptionFilter

                  1C0 GetCurrentProcess

                  4C0 TerminateProcess

                  162 FreeLibrary

                  218 GetModuleHandleW

                  4F1 VirtualQuery

                  214 GetModuleFileNameW

                  24A GetProcessHeap

                  2CB HeapAlloc

                  2CF HeapFree

                  33F LoadLibraryW

                  245 GetProcAddress

                  54D lstrlenA

                  3B1 RaiseException

                  367 MultiByteToWideChar

                  300 IsDebuggerPresent

                  511 WideCharToMultiByte

                   DE DisableThreadLibraryCalls

                   EA EncodePointer

                   CA DecodePointer

                  2EC InterlockedExchange

                  4B2 Sleep

                  2E9 InterlockedCompareExchange

                  293 GetTickCount

                  1C5 GetCurrentThreadId

                  1C1 GetCurrentProcessId

                  279 GetSystemTimeAsFileTime

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<12> LINENUMBERS

解释：This option displays COFF line numbers. Line numbers exist in an object file if it was compiled with Program Database (/Zi), C7 Compatible (/Z7), or Line Numbers Only (/Zd). An executable file or DLL contains COFF line numbers if it was linked with Generate Debug Info (/DEBUG).

此选项显示 COFF 行号。如果对象文件是用程序数据库 (/Zi)、C7 兼容 (/Z7) 或仅限行号 (/Zd) 编译的，则它包含行号。如果可执行文件或 DLL 是与生成调试信息 (/DEBUG) 链接的，则它包含 COFF 行号。

<13> LINKERMEMBER

解释：This option displays public symbols defined in a library. Specify the 1 argument to display symbols in object order, along with their offsets. Specify the 2 argument to display offsets and index numbers of objects, and then list the symbols in alphabetical order, along with the object index for each. To get both outputs, specify /LINKERMEMBER without the number argument.

此选项显示库中定义的公共符号。指定参数 1 将按对象顺序显示符号及其偏移量。指定参数 2 将显示对象的偏移量和索引号，然后按字母顺序列出这些符号及每个符号的对象索引。若要两个输出都获得，指定不带数字参数的 /LINKERMEMBER。

<14> LOADCONFIG

This option dumps the IMAGE_LOAD_CONFIG_DIRECTORY structure, an optional structure that is used by the Windows NT loader and defined in WINNT.H.

此选项导出 IMAGE_LOAD_CONFIG_DIRECTORY 结构，此结构是由 Windows NT 加载程序使用并在 WINNT.H 中定义的可选结构。

　

<15> OUT

解释：This option specifies a filename for the output. By default, DUMPBIN displays the information to standard output.

此选项指定输出的 filename。默认情况下，DUMPBIN 将信息显示到标准输出。

<16> PDATA

解释：RISC processors only.

This option dumps the exception tables (.pdata) from an image or object.

精简指令处理器独有，这个选项导出映像或者对象的异常表

<17> PDBPATH

解释：/PDBPATH will search your computer along the same paths that the debugger would search for a .pdb file and will report which, if any, .pdb files correspond to the file specified in filename.

PDBPATH 命令会和调试器寻找一个.pdb文件那样的路径顺序来搜索你的电脑。

Dump of file CConsoleDll.dll

File Type: DLL

  PDB 文件“F:\code\CConsoleDll\Debug\CConsoleDll.pdb”已选中。(23)

  PDB 文件“F:\code\CConsoleDll\Debug\CConsoleDll.pdb”已选中。(23)

  PDB 文件“C:\Windows\symbols\dll\CConsoleDll.pdb”已选中。(23)

  PDB 文件“C:\Windows\dll\CConsoleDll.pdb”已选中。(23)

  PDB 文件“C:\Windows\CConsoleDll.pdb”已选中。(23)

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<17> RANGE

解释：Modifies the output of dumpbin when used with other dumpbin options, such as /RAWDATA or /DISASM.

/RANGE:vaMin[,vaMax]

示例：

dumpbin /disasm /range:4219334,0x004061CD t.exe

<18> RAWDATA

解释：This option displays the raw contents of each section in the file. 

显示文件中每个段的 原始内容

/RAWDATA[:{1|2|4|8|NONE[,number]]

<19> RELOCATIONS 

解释：This option displays any relocations in the object or image.

这个选项显示对象或者映像中的任何 relocation

<20> SECTION

解释：This option restricts the output to information on the specified section.

这个选项限定指定段中输出的信息

例如：

dumpbin /section:.idata CConsoleDll.dll > Section.txt

结果如下：

Dump of file CConsoleDll.dll

File Type: DLL

SECTION HEADER #5

  .idata name

     792 virtual size

   18000 virtual address (10018000 to 10018791)

     800 size of raw data

    5800 file pointer to raw data (00005800 to 00005FFF)

       0 file pointer to relocation table

       0 file pointer to line numbers

       0 number of relocations

       0 number of line numbers

C0000040 flags

         Initialized Data

         Read Write

  Summary

        1000 .idata

<21> SUMMARY 

解释：This option displays minimal information about sections, including total size. This option is the default if no other option is specified.

显示段的最少信息。

Dump of file CConsoleDll.dll

File Type: DLL

  Summary

        1000 .data

        1000 .idata

        2000 .rdata

        1000 .reloc

        1000 .rsrc

        4000 .text

       10000 .textbss

<22> SYMBOL

解释：This option displays the COFF symbol table. Symbol tables exist in all object files. A COFF symbol table appears in an image file only if it is linked with /DEBUG.

这个选项显示COFF对象的符号表。符号表存在在所有的对象文件中。一个COFF 符号表仅仅当用Debug方式连接的时候才会存在。

<23> TLS

解释：Displays the IMAGE_TLS_DIRECTORY structure from an executable.

显示 exe中的IMAGE_TLS_DIRECTORY 结构体

<24> UNWINDINFO

解释：Dumps the unwind descriptors of the structured exception handling (SEH) tables in program images (for example, exes and dlls). /UNWINDINFO only works on Itanium Processor Family (IPF) images.

导出程序映像（如exe，dll）中SEH(结构化异常处理)表的展开描述符。UNWINDINFO 仅仅在安腾处理器家族的映像。