Using NuMega SoftICE

How to access objects in various sections of a PE file with SoftICE

A PE format executable file contains several sections. Each section contain a group of objects with the same type of attributes. For instance, all "instructions" are combined to a section and labeld as ".text" by Visual C++ linker. Likewise, all the resource elements are put together and placed under ".rsrc" section.

The following figure shows how most programming elements (e.g. global variabe, imported function, etc.) are organized and how SoftICE shows that information with its "MAP32" command.

If you have loaded symbol information for the subject module, SoftICE will give you are list of symbols and their associated addresses with "SYM" command. This way, you can refer to most of the programming elements with symbolic name. Many SoftICE command also takes symbol name as its parameter, and it will resolve to a linear address if the symbol is listed in the symbol table.

The sample program below has

  1. An external function, Bar()
  2. A global variable, g_count
  3. A constant variable, g_message
  4. Resource string identified as IDS_STRING_FOO

Each element is stored in an appropriate section within a PE format module. When you actually issue "SYM" command, you will see a lot more than you would expect. Particularly, you see many symbols that are related to C run-time library if the program is linked to a debug version of CRT.

 

 contact guestbook | control panel 
1998-2000 Tsuyoshi Watanabe. All rights reserved.