자꼬 까먹는 명령어!!!...!dh

!dh

The !dh extension displays the headers for the specified image.

WINDBG>!dh atapi

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES

14C machine (i386)

9 number of sections

4802539D time date stamp Mon Apr 14 03:40:29 2008

0 file pointer to symbol table

0 number of symbols

E0 size of optional header

10E characteristics

Executable

Line numbers stripped

Symbols stripped

32 bit word machine

OPTIONAL HEADER VALUES

10B magic #

7.10 linker version

14B80 size of code

2A00 size of initialized data

0 size of uninitialized data

159F7 address of entry point

380 base of code

----- new -----

80766000 image base

80 section alignment

80 file alignment

1 subsystem (Native)

5.01 operating system version

5.01 image version

5.01 subsystem version

17900 size of image

380 size of headers

1CD25 checksum

00040000 size of stack reserve

00001000 size of stack commit

00100000 size of heap reserve

00001000 size of heap commit

0 DLL characteristics

0 [ 0] address [size] of Export Directory

15A40 [ 50] address [size] of Import Directory

16780 [ 3E0] address [size] of Resource Directory

0 [ 0] address [size] of Exception Directory

0 [ 0] address [size] of Security Directory

16B80 [ C24] address [size] of Base Relocation Directory

B680 [ 1C] address [size] of Debug Directory

0 [ 0] address [size] of Description Directory

0 [ 0] address [size] of Special Directory

0 [ 0] address [size] of Thread Storage Directory

BE68 [ 40] address [size] of Load Configuration Directory

0 [ 0] address [size] of Bound Import Directory

B480 [ 1F4] address [size] of Import Address Table Directory

0 [ 0] address [size] of Delay Import Directory

0 [ 0] address [size] of COR20 Header Directory

0 [ 0] address [size] of Reserved Directory

SECTION HEADER #1

.text name

97BA virtual size

380 virtual address

9800 size of raw data

380 file pointer to raw data

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

68000020 flags

Code

Not Paged

(no align specified)

Execute Read

.....