dump 命令_dump用法

编程小6 (1) 2024-06-06 16:12

Hi，大家好，我是编程小6，很荣幸遇见你，我把这些年在开发过程中遇到的问题或想法写出来，今天说一说dump 命令_dump用法,希望能够帮助你!!!。
1 所有的命令

用法: DUMPBIN [选项] [文件]

选项:

/ALL

/ARCHIVEMEMBERS

/CLRHEADER

/DEPENDENTS

/DIRECTIVES

/DISASM[:{BYTES|NOBYTES}]

/ERRORREPORT:{NONE|PROMPT|QUEUE|SEND}

/EXPORTS

/FPO

/HEADERS

/IMPORTS[:文件名]

/LINENUMBERS

/LINKERMEMBER[:{1|2}]

/LOADCONFIG

/OUT:文件名

/PDATA

/PDBPATH[:VERBOSE]

/RANGE:vaMin[,vaMax]

/RAWDATA[:{NONE|1|2|4|8}[,#]]

/RELOCATIONS

/SECTION:名称

/SUMMARY

/SYMBOLS

/TLS

/UNWINDINFO

<1> ALL

解释：显示除了反汇编代码外的所有可用信息

<2> ARCHIVEMEMBERS

解释：此选项显示有关库成员的最少信息

测试文件如下所示：

Dump of file CConsoleDll.dll

File Type: DLL

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<3> CLRHEADER

CLRHEADER显示有关在任何托管程序中使用的关于.NET Header的信息。输出显示.NET Header所处的位置和大小(以字节为单位)，以及

Header中的段（Sections）

<4> DIRECTIVES

解释：This option dumps the compiler-generated .drective section of an image.

这个选项导出编译器产生的镜像的.drective段。

这里的image指代的什么，不是很明白，但是猜测不应该是图像，也不应该是镜像，或许指的就是dll，exe等。

<5> DEPENDENTS

解释：Dumps the names of the DLLs from which the image imports functions. Does not dump the names of the imported functions.

导出镜像从哪导入函数的Dlls，不是导出导入函数的名字

Dump of file CConsoleDll.dll

File Type: DLL

Image has the following dependencies:

MSVCR100D.dll

KERNEL32.dll

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<6> DISASM

解释：This option displays disassembly of code sections, using symbols if present in the file.

/DISASM should only be used on native (not managed) images.

这个选项展示代码段的反汇编如果呈现在文件中就用符号。/DISASM 只能用在本地代码，而不是托管代码。

<7> ERRORREPORT

解释：If dumpbin.exe fails at runtime, you can use /ERRORREPORT to send information to Microsoft about these internal errors.

如果dumpbin在运行的时候出现错误，那么就用 /ERRORREPORT 导出错误信息

<8> EXPORTS

解释：This option displays all definitions exported from an executable file or DLL.

这个选项展示exe或者dll中导出的所有定义的东西。

Dump of file CConsoleDll.dll

File Type: DLL

Section contains the following exports for CConsoleDll.dll

00000000 characteristics

539426F1 time date stamp Sun Jun 08 17:03:45 2014

0.00 version

1 ordinal base

4 number of functions

4 number of names

ordinal hint RVA name

1 0 00011131 ??4Math@@QAEAAV0@ABV0@@Z

2 1 00011005 ?add@Math@@SAHHH@Z

3 2 0001111D ?mul@Math@@SAHHH@Z

4 3 00011069 ?sub@Math@@SAHHH@Z

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<9> FPO

解释：This option displays frame pointer optimization (FPO) records.

这个选项显示框架指针优化的记录

<10> HEADERS

解释：This option displays the file header and the header for each section. When used with a library, it displays the header for each member object.

这个选项用来显示文件头，以及各个段的头。当用library的时候，它显示每个成员对象的头。

例如：

Dump of file CConsoleDll.dll

PE signature found

File Type: DLL

FILE HEADER VALUES

14C machine (x86)

7 number of sections

539426F1 time date stamp Sun Jun 08 17:03:45 2014

0 file pointer to symbol table

0 number of symbols

E0 size of optional header

2102 characteristics

Executable

32 bit word machine

DLL

OPTIONAL HEADER VALUES

10B magic # (PE32)

10.00 linker version

3600 size of code

3600 size of initialized data

0 size of uninitialized data

110D2 entry point (100110D2)

1000 base of code

1000 base of data

10000000 image base (10000000 to 1001AFFF)

1000 section alignment

200 file alignment

5.01 operating system version

0.00 image version

5.01 subsystem version

0 Win32 version

1B000 size of image

400 size of headers

0 checksum

2 subsystem (Windows GUI)

140 DLL characteristics

Dynamic base

NX compatible

100000 size of stack reserve

1000 size of stack commit

100000 size of heap reserve

1000 size of heap commit

0 loader flags

10 number of directories

16950 [ 1D5] RVA [size] of Export Directory

18000 [ 3C] RVA [size] of Import Directory

19000 [ 459] RVA [size] of Resource Directory

0 [ 0] RVA [size] of Exception Directory

0 [ 0] RVA [size] of Certificates Directory

1A000 [ 2A8] RVA [size] of Base Relocation Directory

15520 [ 1C] RVA [size] of Debug Directory

0 [ 0] RVA [size] of Architecture Directory

0 [ 0] RVA [size] of Global Pointer Directory

0 [ 0] RVA [size] of Thread Storage Directory

0 [ 0] RVA [size] of Load Configuration Directory

0 [ 0] RVA [size] of Bound Import Directory

18174 [ 138] RVA [size] of Import Address Table Directory

0 [ 0] RVA [size] of Delay Import Directory

0 [ 0] RVA [size] of COM Descriptor Directory

0 [ 0] RVA [size] of Reserved Directory

SECTION HEADER #1

.textbss name

10000 virtual size

1000 virtual address (10001000 to 10010FFF)

0 size of raw data

0 file pointer to raw data

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

E00000A0 flags

Code

Uninitialized Data

Execute Read Write

SECTION HEADER #2

.text name

353A virtual size

11000 virtual address (10011000 to 10014539)

3600 size of raw data

400 file pointer to raw data (00000400 to 000039FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

60000020 flags

Code

Execute Read

SECTION HEADER #3

.rdata name

1B25 virtual size

15000 virtual address (10015000 to 10016B24)

1C00 size of raw data

3A00 file pointer to raw data (00003A00 to 000055FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

40000040 flags

Initialized Data

Read Only

Debug Directories

Time Type Size RVA Pointer

-------- ------ -------- -------- --------

539426F1 cv 42 00016014 4A14 Format: RSDS, {65C8A361-D22F-4152-8FCF-341CD543DC92}, 2, F:\code\CConsoleDll\Debug\CConsoleDll.pdb

SECTION HEADER #4

.data name

558 virtual size

17000 virtual address (10017000 to 10017557)

200 size of raw data

5600 file pointer to raw data (00005600 to 000057FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

C0000040 flags

Initialized Data

Read Write

SECTION HEADER #5

.idata name

792 virtual size

18000 virtual address (10018000 to 10018791)

800 size of raw data

5800 file pointer to raw data (00005800 to 00005FFF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

C0000040 flags

Initialized Data

Read Write

SECTION HEADER #6

.rsrc name

459 virtual size

19000 virtual address (10019000 to 10019458)

600 size of raw data

6000 file pointer to raw data (00006000 to 000065FF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

40000040 flags

Initialized Data

Read Only

SECTION HEADER #7

.reloc name

437 virtual size

1A000 virtual address (1001A000 to 1001A436)

600 size of raw data

6600 file pointer to raw data (00006600 to 00006BFF)

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

42000040 flags

Initialized Data

Discardable

Read Only

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<11> IMPORTS

解释：This option displays the list of DLLs (both statically linked and delay loaded) that are imported to an executable file or DLL and all the individual imports from each of these DLLs.

这个选项展示exe或者dll中导入的dlls，以及他们所用到的函数

Dump of file CConsoleDll.dll

File Type: DLL

Section contains the following imports:

MSVCR100D.dll

10018228 Import Address Table

100180F0 Import Name Table

0 time date stamp

0 Index of first forwarder reference

22D _crt_debugger_hook

581 _wsplitpath_s

675 wcscpy_s

55F _wmakepath_s

254 _except_handler4_common

402 _onexit

35A _lock

17D __dllonexit

4C8 _unlock

175 __clean_type_info_names_internal

153 __CppXcptFilter

1F2 _amsg_exit

2EA _initterm_e

2E9 _initterm

137 _CrtSetCheckCount

24C _encoded_null

287 _free_dbg

36C _malloc_dbg

121 _CRT_RTC_INITW

KERNEL32.dll

10018174 Import Address Table

1001803C Import Name Table

0 time date stamp

0 Index of first forwarder reference

3A7 QueryPerformanceCounter

4A5 SetUnhandledExceptionFilter

4D3 UnhandledExceptionFilter

1C0 GetCurrentProcess

4C0 TerminateProcess

162 FreeLibrary

218 GetModuleHandleW

4F1 VirtualQuery

214 GetModuleFileNameW

24A GetProcessHeap

2CB HeapAlloc

2CF HeapFree

33F LoadLibraryW

245 GetProcAddress

54D lstrlenA

3B1 RaiseException

367 MultiByteToWideChar

300 IsDebuggerPresent

511 WideCharToMultiByte

DE DisableThreadLibraryCalls

EA EncodePointer

CA DecodePointer

2EC InterlockedExchange

4B2 Sleep

2E9 InterlockedCompareExchange

293 GetTickCount

1C5 GetCurrentThreadId

1C1 GetCurrentProcessId

279 GetSystemTimeAsFileTime

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<12> LINENUMBERS

解释：This option displays COFF line numbers. Line numbers exist in an object file if it was compiled with Program Database (/Zi), C7 Compatible (/Z7), or Line Numbers Only (/Zd). An executable file or DLL contains COFF line numbers if it was linked with Generate Debug Info (/DEBUG).

此选项显示 COFF 行号。如果对象文件是用程序数据库 (/Zi)、C7 兼容 (/Z7) 或仅限行号 (/Zd) 编译的，则它包含行号。如果可执行文件或 DLL 是与生成调试信息 (/DEBUG) 链接的，则它包含 COFF 行号。

<13> LINKERMEMBER

解释：This option displays public symbols defined in a library. Specify the 1 argument to display symbols in object order, along with their offsets. Specify the 2 argument to display offsets and index numbers of objects, and then list the symbols in alphabetical order, along with the object index for each. To get both outputs, specify /LINKERMEMBER without the number argument.

此选项显示库中定义的公共符号。指定参数 1 将按对象顺序显示符号及其偏移量。指定参数 2 将显示对象的偏移量和索引号，然后按字母顺序列出这些符号及每个符号的对象索引。若要两个输出都获得，指定不带数字参数的 /LINKERMEMBER。

<14> LOADCONFIG

This option dumps the IMAGE_LOAD_CONFIG_DIRECTORY structure, an optional structure that is used by the Windows NT loader and defined in WINNT.H.

此选项导出 IMAGE_LOAD_CONFIG_DIRECTORY 结构，此结构是由 Windows NT 加载程序使用并在 WINNT.H 中定义的可选结构。

　

<15> OUT

解释：This option specifies a filename for the output. By default, DUMPBIN displays the information to standard output.

此选项指定输出的 filename。默认情况下，DUMPBIN 将信息显示到标准输出。

<16> PDATA

解释：RISC processors only.

This option dumps the exception tables (.pdata) from an image or object.

精简指令处理器独有，这个选项导出映像或者对象的异常表

<17> PDBPATH

解释：/PDBPATH will search your computer along the same paths that the debugger would search for a .pdb file and will report which, if any, .pdb files correspond to the file specified in filename.

PDBPATH 命令会和调试器寻找一个.pdb文件那样的路径顺序来搜索你的电脑。

Dump of file CConsoleDll.dll

File Type: DLL

PDB 文件“F:\code\CConsoleDll\Debug\CConsoleDll.pdb”已选中。(23)

PDB 文件“F:\code\CConsoleDll\Debug\CConsoleDll.pdb”已选中。(23)

PDB 文件“C:\Windows\symbols\dll\CConsoleDll.pdb”已选中。(23)

PDB 文件“C:\Windows\dll\CConsoleDll.pdb”已选中。(23)

PDB 文件“C:\Windows\CConsoleDll.pdb”已选中。(23)

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<17> RANGE

解释：Modifies the output of dumpbin when used with other dumpbin options, such as /RAWDATA or /DISASM.

/RANGE:vaMin[,vaMax]

示例：

dumpbin /disasm /range:4219334,0x004061CD t.exe

<18> RAWDATA

解释：This option displays the raw contents of each section in the file.

显示文件中每个段的原始内容

/RAWDATA[:{1|2|4|8|NONE[,number]]

<19> RELOCATIONS

解释：This option displays any relocations in the object or image.

这个选项显示对象或者映像中的任何 relocation

<20> SECTION

解释：This option restricts the output to information on the specified section.

这个选项限定指定段中输出的信息

例如：

dumpbin /section:.idata CConsoleDll.dll > Section.txt

结果如下：

Dump of file CConsoleDll.dll

File Type: DLL

Summary

1000 .idata

<21> SUMMARY

解释：This option displays minimal information about sections, including total size. This option is the default if no other option is specified.

显示段的最少信息。

Dump of file CConsoleDll.dll

File Type: DLL

Summary

1000 .data

1000 .idata

2000 .rdata

1000 .reloc

1000 .rsrc

4000 .text

10000 .textbss

<22> SYMBOL

解释：This option displays the COFF symbol table. Symbol tables exist in all object files. A COFF symbol table appears in an image file only if it is linked with /DEBUG.

这个选项显示COFF对象的符号表。符号表存在在所有的对象文件中。一个COFF 符号表仅仅当用Debug方式连接的时候才会存在。

<23> TLS

解释：Displays the IMAGE_TLS_DIRECTORY structure from an executable.

显示 exe中的IMAGE_TLS_DIRECTORY 结构体

<24> UNWINDINFO

解释：Dumps the unwind descriptors of the structured exception handling (SEH) tables in program images (for example, exes and dlls). /UNWINDINFO only works on Itanium Processor Family (IPF) images.

导出程序映像（如exe，dll）中SEH(结构化异常处理)表的展开描述符。UNWINDINFO 仅仅在安腾处理器家族的映像。

今天的分享到此就结束了，感谢您的阅读，如果确实帮到您，您可以动动手指转发给其他人。