PE文件中的COM_DESCRIPTOR

Question

我正在PE文件中查找有关COM_DESCRIPTOR目录的信息。它是什么?它的用途是什么？我已经阅读了PE文件的结构，但仍然不明白什么是COM_DESCRIPTOR。

谢谢!

Answer 1

PE标头中的"COM描述符目录“也称为"CLR标头”。它只存在于托管PE映像中(使用C#和其他Dot编译器创建)。您可以使用DumpBin /CLRHRADER选项转储此目录的内容。例如：

DumBin /CLRHEADER someapp.exe

clr Header：

          48 cb
        2.05 runtime version
        30C4 [    1DEC] RVA [size] of MetaData Directory
           1 flags
               IL Only
     6000004 entry point token
        4EB0 [    2560] RVA [size] of Resources Directory
           0 [       0] RVA [size] of StrongNameSignature Directory
           0 [       0] RVA [size] of CodeManagerTable Directory
           0 [       0] RVA [size] of VTableFixups Directory
           0 [       0] RVA [size] of ExportAddressTableJumps Directory
           0 [       0] RVA [size] of ManagedNativeHeader Directory

此目录条目中的RVA指向WinNt.h中定义的IMAGE_COR20_HEADER。它也在CorHdr.h中定义：

typedef struct IMAGE_COR20_HEADER
{
    // Header versioning
    DWORD                   cb;              
    WORD                    MajorRuntimeVersion;
    WORD                    MinorRuntimeVersion;

    // Symbol table and startup information
    IMAGE_DATA_DIRECTORY    MetaData;        
    DWORD                   Flags;           

    // The main program if it is an EXE (not used if a DLL?)
    // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, EntryPointToken represents a managed entrypoint.
    // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, EntryPointRVA represents an RVA to a native entrypoint
    // (depricated for DLLs, use modules constructors intead). 
    union {
        DWORD               EntryPointToken;
        DWORD               EntryPointRVA;
    };

    // This is the blob of managed resources. Fetched using code:AssemblyNative.GetResource and
    // code:PEFile.GetResource and accessible from managed code from
    // System.Assembly.GetManifestResourceStream.  The meta data has a table that maps names to offsets into
    // this blob, so logically the blob is a set of resources. 
    IMAGE_DATA_DIRECTORY    Resources;
    // IL assemblies can be signed with a public-private key to validate who created it.  The signature goes
    // here if this feature is used. 
    IMAGE_DATA_DIRECTORY    StrongNameSignature;

    IMAGE_DATA_DIRECTORY    CodeManagerTable;           // Depricated, not used 
    // Used for manged codee that has unmaanaged code inside it (or exports methods as unmanaged entry points)
    IMAGE_DATA_DIRECTORY    VTableFixups;
    IMAGE_DATA_DIRECTORY    ExportAddressTableJumps;

    // null for ordinary IL images.  NGEN images it points at a code:CORCOMPILE_HEADER structure
    IMAGE_DATA_DIRECTORY    ManagedNativeHeader;

} IMAGE_COR20_HEADER, *PIMAGE_COR20_HEADER;