{"id":179,"date":"2021-12-11T17:17:59","date_gmt":"2021-12-11T09:17:59","guid":{"rendered":"https:\/\/www.yuyiares.com\/?p=179"},"modified":"2022-09-30T13:12:11","modified_gmt":"2022-09-30T05:12:11","slug":"window-pe","status":"publish","type":"post","link":"https:\/\/www.yuyiares.com\/?p=179","title":{"rendered":"Window PE"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

What is PE ?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

PE \u70ba Portable Executable \u7684\u7e2e\u5beb\uff0c\u70ba ” \u53ef\u57f7\u884c\uff08Executable\uff09\u7a0b\u5f0f\u6216\u52d5\u614b\u9023\u7d50\u51fd\u5f0f\u5eab\uff08Dynamic link library\uff09\u7684\u6587\u4ef6\u683c\u5f0f<\/strong> “\u3002<\/p>

\u5e38\u898b\u7684\u5e38\u898b\u7684EXE\u3001DLL\u3001OCX\u3001SYS\u3001COM\u90fd\u662fPE\u6a94\u6848\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

PE \u7d50\u69cb<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

PE \u7d50\u69cb\u53ef\u4ee5\u5206\u70ba\u5e7e\u500b\u90e8\u5206\uff1a<\/p>

  • DOS header<\/li>
  • NT Header (PE Header)<\/li>
  • Section Header (Section Table)<\/li>
  • Section Data <\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    DOS Header <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    • IMAGE_DOS_HEADER<\/li>
    • \u958b\u982d\u5fc5\u70ba \u201cMZ\u201d \u5b57\u4e32\uff0c\u70ba 4D 5A\u201d\uff0c\u70ba”\u53ef\u57f7\u884c\u6a94\u6848”\u7684\u6a19\u8a18\u3002<\/li>
    • \u4e3b\u8981\u7528\u8655\u70ba\u78ba\u4fddPE file \u5728 DOS \u6a21\u5f0f\u4e0b\u4e5f\u53ef\u57f7\u884c\u3002<\/li>
    • \u5927\u5c0f\u5927\u6982\u70ba 40h bytes\u3002<\/li>
    • \u00a0<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      DOS Stub<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      \u82e5\u662f\u7a0b\u5f0f\u5728 DOS \u4e0b\u7121\u6cd5\u57f7\u884c\u4fbf\u6703\u8df3\u51fa\u9019\u908a\u7684\u932f\u8aa4\u8a0a\u606f\uff1a\uff02This Program cannot be run in DOS mode<\/code>\uff02\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

      \n\t\t\t\t
      \n\t\t\t\t\t

      e_lfanew<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t
      • \u6700\u5f8c\u4e00\u500b\u6b04\u4f4d<\/li>
      • \u662f\u7528\u4f86\u6307\u5411 PE Header \u7684\u6307\u6a19\u3002<\/li>
      • \u82e5\u70ba 0 \u5247\u4ee3\u8868\u8a72\u6a94\u6848\u662f\u4e00\u500b DOS \u6a94\u6848 \u3002<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t

        NT Header <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t
        • IMAGE_NT_HEADER<\/li>
        • \u5176\u7d50\u69cb\u4e3b\u8981\u70ba “PE Signature “\u3001 ” File Header ” \u548c ” Optional header ” \u00a0 \u7d44\u6210\u3002 \u00a0<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t

          PE Signature<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t

          \u7528\u65bc\u9a57\u8b49\u662f\u5426\u6709\u6548 \uff0c\u5fc5\u6c38\u9060\u7b49\u65bc \u201cPE\\x00\\x00\u201d \u5b57\u4e32<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

          \n\t\t\t\t
          \n\t\t\t\t\t

          File Header<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t

          \u7d44\u8b6f\u5668\u6240\u7522\u751f\u7684 COFF \u6a94\u6848\u7684 header<\/p>

          • Machine \uff1a\u6a5f\u68b0\u78bc\uff0c\u901a\u5e38\u70ba x86 \u300164 \u6216 ARM\u3002<\/li>
          • NumberOfSections \uff1a\u8a18\u9304\u5340\u584a\u6578\u91cf\uff0c\u7528\u65bc\u6307\u5411Section \u9663\u5217\u6642\u4f7f\u7528<\/li>
          • TimeDataStamp \uff1a\u7de8\u8b6f\u6642\u9593<\/li>
          • SizeOfOptionaHeader \uff1aOptional \u6a19\u982d\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u6a94\u6848\u5927\u5c0f<\/li>
          • Characteristics \uff1a\u6240\u6709PE\u7684\u5c6c\u6027\uff0c\u78ba\u8a8d\u662f\u5426\u70ba32 bit \u3001DLL\u6a21\u7d44 \u3001\u662f\u5426\u53ef\u4ee5\u57f7\u884c\u3001\u662f\u5426\u5177\u6709\u91cd\u65b0\u5b9a\u5411\u8cc7\u8a0a\u7b49\u7b49<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t

            Optinoal Header <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t

            \u7de8\u8b6f\u4e4b\u5f8c\u7531\u9023\u63a5\u5668\u88dc\u4e0a\u7684\u8cc7\u8a0a\uff0c\u78ba\u4fdd\u80fd\u5920\u6b63\u78ba\u88dd\u8f09\u7a0b\u5f0f<\/p>

            • ImageBase \uff1a\u7d00\u9304PE\u6a21\u7d44\u7684\u9810\u8a2d\u4f4d\u7f6e\uff0c\u78ba\u8a8d\u4e00\u958b\u59cb\u6a94\u6848\u653e\u7f6e\u7684\u4f4d\u7f6e\u3002<\/li>
            • SizeOfImage \uff1a\u52d5\u614b\u57f7\u884c\u6642\u6240\u9700\u7a7a\u9593\u3002<\/li>
            • SizeOfHeaders \uff1aHeader\u7684\u7a7a\u9593\u5927\u5c0f)<\/li>
            • AddressOfEntryPoint \uff1a\u7a0b\u5f0f\u57f7\u884c\u7684\u5165\u53e3\u9ede\u3002<\/li>
            • FileAlignment \uff1a\u7528\u65bc\u975c\u614b\u5340\u6bb5\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u975c\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x200\u3002<\/li>
            • SectionAlignment \uff1a\u52d5\u614b\u6a94\u6848\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u52d5\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x1000\u3002<\/li>
            • DataDirectory \uff1a\u8a18\u9304\u6240\u9700\u8cc7\u6599\u7684\u8d77\u9ede\u548c\u5927\u5c0f\u3002<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t

              Section Header <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t\t\t

              NT Header \u7684\u7d50\u5c3e\u5c31\u662fSection Header \u7684\u8d77\u9ede\u3002<\/p>

              Section Header \u70ba\u9663\u5217\u5f62\u5f0f<\/p>

              • PointerToRawData \uff1a\u76ee\u524d\u5340\u6bb5\u7684\u975c\u614b\u6a94\u6848\u504f\u79fb\u91cf\uff0c\u6703\u6307\u5411 Section data \u7684\u4f4d\u7f6e\uff0c\u53d6\u5f97\u8cc7\u6599\u6642\u7528\u3002<\/li>
              • SizeOfRawData \uff1a\u8a72 Section data \u7684\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u8a72 Section \u7684\u8d77\u9ede\u548c\u7d42\u9ede\u3002<\/li>
              • VirtualAddress \uff1a\u8981\u5beb\u5165\u7684\u4f4d\u7f6e\uff0c\u653e\u9032\u6620\u50cf\u4f4d\u5740\u7684”\u76f8\u5c0d\u504f\u79fb\u91cf”\u3002<\/li>
              • VirtualSize \uff1a\u8981\u5beb\u5165\u7684\u5927\u5c0f<\/li>
              • Characteristics \uff1a\u8cc7\u8a0a\u7d00\u9304\uff0c\u8a18\u9304\u8cc7\u6599\u7684\u72c0\u6cc1\uff0c\u5982\u53ef\u5beb\u3001\u53ef\u8b80\u3001\u53ef\u57f7\u884c……<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                \n\t\t\t\t
                \n\t\t\t\t\t

                Section<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                \n\t\t\t\t
                \n\t\t\t\t\t\t\t\t\t
                • .data \uff1a\u5df2\u521d\u59cb\u5316\u7684\u6578\u64da<\/li>
                • .idata\uff1aimport \u7684\u6587\u4ef6\u540d\u8868<\/li>
                • .edata\uff1aexport \u7684\u6587\u4ef6\u540d\u8868<\/li>
                • .rdata\uff1aread only \u7684\u521d\u59cb\u6578\u64da<\/li>
                • .reloc\uff1a\u91cd\u5b9a\u4f4d\u8868\u8a0a\u606f<\/li>
                • .rsrc\uff1a\u8cc7\u6e90<\/li>
                • .text\uff1aexe \u6216 dll \u7684\u53ef\u57f7\u884c\u7a0b\u5f0f\u78bc<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                  \n\t\t\t\t
                  \n\t\t\t\t\t

                  PE \u7d50\u69cb\u5716\u7247<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                  \n\t\t\t\t
                  \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"PE\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                  \n\t\t\t\t
                  \n\t\t\t\t\t\t\t\t\t
                  • \u4e00\u500b Section \u7684 \u7d42\u9ede\u70baPointerToRawData + SizeofRawData<\/li>
                  • \u6574\u500b\u7a0b\u5f0f\u5927\u5c0f\u70ba \u70ba [ ( DOS Header\u00a0 + NT Header + Section Header)\u00a0 \u5c0d\u9f4a File Alignment\u00a0 ] + \u5404\u500b\u5340\u6bb5\u5c0d\u9f4a\u4e4b\u5f8c\u7684\u5927\u5c0f<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

                    What is PE ? PE \u70ba Portable Executable \u7684\u7e2e\u5beb\uff0c\u70ba ” \u53ef\u57f7\u884c\uff08Executable\uff09\u7a0b\u5f0f\u6216\u52d5\u614b\u9023\u7d50\u51fd\u5f0f\u5eab\uff08Dynamic link library\uff09\u7684\u6587\u4ef6\u683c\u5f0f “\u3002 \u5e38\u898b\u7684\u5e38\u898b\u7684EXE\u3001DLL\u3001OCX\u3001SYS\u3001COM\u90fd\u662fPE\u6a94\u6848\u3002 PE \u7d50\u69cb PE \u7d50\u69cb\u53ef\u4ee5\u5206\u70ba\u5e7e\u500b\u90e8\u5206\uff1a DOS header NT Header (PE Header) Section Header (Section Table) Section Data DOS Header IMAGE_DOS_HEADER \u958b\u982d\u5fc5\u70ba \u201cMZ\u201d \u5b57\u4e32\uff0c\u70ba 4D 5A\u201d\uff0c\u70ba”\u53ef\u57f7\u884c\u6a94\u6848”\u7684\u6a19\u8a18\u3002 \u4e3b\u8981\u7528\u8655\u70ba\u78ba\u4fddPE file \u5728 DOS \u6a21\u5f0f\u4e0b\u4e5f\u53ef\u57f7\u884c\u3002 \u5927\u5c0f\u5927\u6982\u70ba 40h bytes\u3002 \u00a0 DOS Stub \u82e5\u662f\u7a0b\u5f0f\u5728 DOS \u4e0b\u7121\u6cd5\u57f7\u884c\u4fbf\u6703\u8df3\u51fa\u9019\u908a\u7684\u932f\u8aa4\u8a0a\u606f\uff1a\uff02This Program cannot be run in DOS mode\uff02\u3002 e_lfanew \u6700\u5f8c\u4e00\u500b\u6b04\u4f4d \u662f\u7528\u4f86\u6307\u5411 PE Header \u7684\u6307\u6a19\u3002 \u82e5\u70ba 0 \u5247\u4ee3\u8868\u8a72\u6a94\u6848\u662f\u4e00\u500b DOS \u6a94\u6848 \u3002 NT Header IMAGE_NT_HEADER \u5176\u7d50\u69cb\u4e3b\u8981\u70ba “PE Signature “\u3001 ” File Header ” \u548c ” Optional header ” \u00a0 \u7d44\u6210\u3002 \u00a0 PE Signature \u7528\u65bc\u9a57\u8b49\u662f\u5426\u6709\u6548 \uff0c\u5fc5\u6c38\u9060\u7b49\u65bc \u201cPEx00x00\u201d \u5b57\u4e32 File Header \u7d44\u8b6f\u5668\u6240\u7522\u751f\u7684 COFF \u6a94\u6848\u7684 header Machine \uff1a\u6a5f\u68b0\u78bc\uff0c\u901a\u5e38\u70ba x86 \u300164 \u6216 ARM\u3002 NumberOfSections \uff1a\u8a18\u9304\u5340\u584a\u6578\u91cf\uff0c\u7528\u65bc\u6307\u5411Section \u9663\u5217\u6642\u4f7f\u7528 TimeDataStamp \uff1a\u7de8\u8b6f\u6642\u9593 SizeOfOptionaHeader \uff1aOptional \u6a19\u982d\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u6a94\u6848\u5927\u5c0f Characteristics \uff1a\u6240\u6709PE\u7684\u5c6c\u6027\uff0c\u78ba\u8a8d\u662f\u5426\u70ba32 bit \u3001DLL\u6a21\u7d44 \u3001\u662f\u5426\u53ef\u4ee5\u57f7\u884c\u3001\u662f\u5426\u5177\u6709\u91cd\u65b0\u5b9a\u5411\u8cc7\u8a0a\u7b49\u7b49 Optinoal Header \u7de8\u8b6f\u4e4b\u5f8c\u7531\u9023\u63a5\u5668\u88dc\u4e0a\u7684\u8cc7\u8a0a\uff0c\u78ba\u4fdd\u80fd\u5920\u6b63\u78ba\u88dd\u8f09\u7a0b\u5f0f ImageBase \uff1a\u7d00\u9304PE\u6a21\u7d44\u7684\u9810\u8a2d\u4f4d\u7f6e\uff0c\u78ba\u8a8d\u4e00\u958b\u59cb\u6a94\u6848\u653e\u7f6e\u7684\u4f4d\u7f6e\u3002 SizeOfImage \uff1a\u52d5\u614b\u57f7\u884c\u6642\u6240\u9700\u7a7a\u9593\u3002 SizeOfHeaders \uff1aHeader\u7684\u7a7a\u9593\u5927\u5c0f) AddressOfEntryPoint \uff1a\u7a0b\u5f0f\u57f7\u884c\u7684\u5165\u53e3\u9ede\u3002 FileAlignment \uff1a\u7528\u65bc\u975c\u614b\u5340\u6bb5\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u975c\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x200\u3002 SectionAlignment \uff1a\u52d5\u614b\u6a94\u6848\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u52d5\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x1000\u3002 DataDirectory \uff1a\u8a18\u9304\u6240\u9700\u8cc7\u6599\u7684\u8d77\u9ede\u548c\u5927\u5c0f\u3002 Section Header NT Header \u7684\u7d50\u5c3e\u5c31\u662fSection Header \u7684\u8d77\u9ede\u3002 Section Header \u70ba\u9663\u5217\u5f62\u5f0f PointerToRawData \uff1a\u76ee\u524d\u5340\u6bb5\u7684\u975c\u614b\u6a94\u6848\u504f\u79fb\u91cf\uff0c\u6703\u6307\u5411 Section data \u7684\u4f4d\u7f6e\uff0c\u53d6\u5f97\u8cc7\u6599\u6642\u7528\u3002 SizeOfRawData \uff1a\u8a72 Section data \u7684\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u8a72 Section \u7684\u8d77\u9ede\u548c\u7d42\u9ede\u3002 VirtualAddress \uff1a\u8981\u5beb\u5165\u7684\u4f4d\u7f6e\uff0c\u653e\u9032\u6620\u50cf\u4f4d\u5740\u7684”\u76f8\u5c0d\u504f\u79fb\u91cf”\u3002 VirtualSize \uff1a\u8981\u5beb\u5165\u7684\u5927\u5c0f Characteristics \uff1a\u8cc7\u8a0a\u7d00\u9304\uff0c\u8a18\u9304\u8cc7\u6599\u7684\u72c0\u6cc1\uff0c\u5982\u53ef\u5beb\u3001\u53ef\u8b80\u3001\u53ef\u57f7\u884c…… Section .data \uff1a\u5df2\u521d\u59cb\u5316\u7684\u6578\u64da .idata\uff1aimport \u7684\u6587\u4ef6\u540d\u8868 .edata\uff1aexport \u7684\u6587\u4ef6\u540d\u8868 .rdata\uff1aread only \u7684\u521d\u59cb\u6578\u64da .reloc\uff1a\u91cd\u5b9a\u4f4d\u8868\u8a0a\u606f .rsrc\uff1a\u8cc7\u6e90 .text\uff1aexe \u6216 dll \u7684\u53ef\u57f7\u884c\u7a0b\u5f0f\u78bc PE \u7d50\u69cb\u5716\u7247 \u4e00\u500b Section \u7684 \u7d42\u9ede\u70baPointerToRawData + SizeofRawData \u6574\u500b\u7a0b\u5f0f\u5927\u5c0f\u70ba \u70ba [ ( DOS Header\u00a0 + NT Header + Section Header)\u00a0 \u5c0d\u9f4a File Alignment\u00a0 ] + \u5404\u500b\u5340\u6bb5\u5c0d\u9f4a\u4e4b\u5f8c\u7684\u5927\u5c0f<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20,5,19],"tags":[],"class_list":["post-179","post","type-post","status-publish","format-standard","hentry","category-pe-","category-research-study","category-window"],"yoast_head":"\nWindow PE - Ares Vlog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.yuyiares.com\/?p=179\" \/>\n<meta property=\"og:locale\" content=\"zh_TW\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Window PE - Ares Vlog\" \/>\n<meta property=\"og:description\" content=\"What is PE ? PE \u70ba Portable Executable \u7684\u7e2e\u5beb\uff0c\u70ba ” \u53ef\u57f7\u884c\uff08Executable\uff09\u7a0b\u5f0f\u6216\u52d5\u614b\u9023\u7d50\u51fd\u5f0f\u5eab\uff08Dynamic link library\uff09\u7684\u6587\u4ef6\u683c\u5f0f “\u3002 \u5e38\u898b\u7684\u5e38\u898b\u7684EXE\u3001DLL\u3001OCX\u3001SYS\u3001COM\u90fd\u662fPE\u6a94\u6848\u3002 PE \u7d50\u69cb PE \u7d50\u69cb\u53ef\u4ee5\u5206\u70ba\u5e7e\u500b\u90e8\u5206\uff1a DOS header NT Header (PE Header) Section Header (Section Table) Section Data DOS Header IMAGE_DOS_HEADER \u958b\u982d\u5fc5\u70ba \u201cMZ\u201d \u5b57\u4e32\uff0c\u70ba 4D 5A\u201d\uff0c\u70ba”\u53ef\u57f7\u884c\u6a94\u6848”\u7684\u6a19\u8a18\u3002 \u4e3b\u8981\u7528\u8655\u70ba\u78ba\u4fddPE file \u5728 DOS \u6a21\u5f0f\u4e0b\u4e5f\u53ef\u57f7\u884c\u3002 \u5927\u5c0f\u5927\u6982\u70ba 40h bytes\u3002 \u00a0 DOS Stub \u82e5\u662f\u7a0b\u5f0f\u5728 DOS \u4e0b\u7121\u6cd5\u57f7\u884c\u4fbf\u6703\u8df3\u51fa\u9019\u908a\u7684\u932f\u8aa4\u8a0a\u606f\uff1a\uff02This Program cannot be run in DOS mode\uff02\u3002 e_lfanew \u6700\u5f8c\u4e00\u500b\u6b04\u4f4d \u662f\u7528\u4f86\u6307\u5411 PE Header \u7684\u6307\u6a19\u3002 \u82e5\u70ba 0 \u5247\u4ee3\u8868\u8a72\u6a94\u6848\u662f\u4e00\u500b DOS \u6a94\u6848 \u3002 NT Header IMAGE_NT_HEADER \u5176\u7d50\u69cb\u4e3b\u8981\u70ba “PE Signature “\u3001 ” File Header ” \u548c ” Optional header ” \u00a0 \u7d44\u6210\u3002 \u00a0 PE Signature \u7528\u65bc\u9a57\u8b49\u662f\u5426\u6709\u6548 \uff0c\u5fc5\u6c38\u9060\u7b49\u65bc \u201cPEx00x00\u201d \u5b57\u4e32 File Header \u7d44\u8b6f\u5668\u6240\u7522\u751f\u7684 COFF \u6a94\u6848\u7684 header Machine \uff1a\u6a5f\u68b0\u78bc\uff0c\u901a\u5e38\u70ba x86 \u300164 \u6216 ARM\u3002 NumberOfSections \uff1a\u8a18\u9304\u5340\u584a\u6578\u91cf\uff0c\u7528\u65bc\u6307\u5411Section \u9663\u5217\u6642\u4f7f\u7528 TimeDataStamp \uff1a\u7de8\u8b6f\u6642\u9593 SizeOfOptionaHeader \uff1aOptional \u6a19\u982d\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u6a94\u6848\u5927\u5c0f Characteristics \uff1a\u6240\u6709PE\u7684\u5c6c\u6027\uff0c\u78ba\u8a8d\u662f\u5426\u70ba32 bit \u3001DLL\u6a21\u7d44 \u3001\u662f\u5426\u53ef\u4ee5\u57f7\u884c\u3001\u662f\u5426\u5177\u6709\u91cd\u65b0\u5b9a\u5411\u8cc7\u8a0a\u7b49\u7b49 Optinoal Header \u7de8\u8b6f\u4e4b\u5f8c\u7531\u9023\u63a5\u5668\u88dc\u4e0a\u7684\u8cc7\u8a0a\uff0c\u78ba\u4fdd\u80fd\u5920\u6b63\u78ba\u88dd\u8f09\u7a0b\u5f0f ImageBase \uff1a\u7d00\u9304PE\u6a21\u7d44\u7684\u9810\u8a2d\u4f4d\u7f6e\uff0c\u78ba\u8a8d\u4e00\u958b\u59cb\u6a94\u6848\u653e\u7f6e\u7684\u4f4d\u7f6e\u3002 SizeOfImage \uff1a\u52d5\u614b\u57f7\u884c\u6642\u6240\u9700\u7a7a\u9593\u3002 SizeOfHeaders \uff1aHeader\u7684\u7a7a\u9593\u5927\u5c0f) AddressOfEntryPoint \uff1a\u7a0b\u5f0f\u57f7\u884c\u7684\u5165\u53e3\u9ede\u3002 FileAlignment \uff1a\u7528\u65bc\u975c\u614b\u5340\u6bb5\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u975c\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x200\u3002 SectionAlignment \uff1a\u52d5\u614b\u6a94\u6848\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u52d5\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x1000\u3002 DataDirectory \uff1a\u8a18\u9304\u6240\u9700\u8cc7\u6599\u7684\u8d77\u9ede\u548c\u5927\u5c0f\u3002 Section Header NT Header \u7684\u7d50\u5c3e\u5c31\u662fSection Header \u7684\u8d77\u9ede\u3002 Section Header \u70ba\u9663\u5217\u5f62\u5f0f PointerToRawData \uff1a\u76ee\u524d\u5340\u6bb5\u7684\u975c\u614b\u6a94\u6848\u504f\u79fb\u91cf\uff0c\u6703\u6307\u5411 Section data \u7684\u4f4d\u7f6e\uff0c\u53d6\u5f97\u8cc7\u6599\u6642\u7528\u3002 SizeOfRawData \uff1a\u8a72 Section data \u7684\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u8a72 Section \u7684\u8d77\u9ede\u548c\u7d42\u9ede\u3002 VirtualAddress \uff1a\u8981\u5beb\u5165\u7684\u4f4d\u7f6e\uff0c\u653e\u9032\u6620\u50cf\u4f4d\u5740\u7684”\u76f8\u5c0d\u504f\u79fb\u91cf”\u3002 VirtualSize \uff1a\u8981\u5beb\u5165\u7684\u5927\u5c0f Characteristics \uff1a\u8cc7\u8a0a\u7d00\u9304\uff0c\u8a18\u9304\u8cc7\u6599\u7684\u72c0\u6cc1\uff0c\u5982\u53ef\u5beb\u3001\u53ef\u8b80\u3001\u53ef\u57f7\u884c…… Section .data \uff1a\u5df2\u521d\u59cb\u5316\u7684\u6578\u64da .idata\uff1aimport \u7684\u6587\u4ef6\u540d\u8868 .edata\uff1aexport \u7684\u6587\u4ef6\u540d\u8868 .rdata\uff1aread only \u7684\u521d\u59cb\u6578\u64da .reloc\uff1a\u91cd\u5b9a\u4f4d\u8868\u8a0a\u606f .rsrc\uff1a\u8cc7\u6e90 .text\uff1aexe \u6216 dll \u7684\u53ef\u57f7\u884c\u7a0b\u5f0f\u78bc PE \u7d50\u69cb\u5716\u7247 \u4e00\u500b Section \u7684 \u7d42\u9ede\u70baPointerToRawData + SizeofRawData \u6574\u500b\u7a0b\u5f0f\u5927\u5c0f\u70ba \u70ba [ ( DOS Header\u00a0 + NT Header + Section Header)\u00a0 \u5c0d\u9f4a File Alignment\u00a0 ] + \u5404\u500b\u5340\u6bb5\u5c0d\u9f4a\u4e4b\u5f8c\u7684\u5927\u5c0f\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yuyiares.com\/?p=179\" \/>\n<meta property=\"og:site_name\" content=\"Ares Vlog\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-11T09:17:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-30T05:12:11+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005:\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u4f30\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/#\\\/schema\\\/person\\\/3d4db07eab24e08cc9eea662ef3053ac\"},\"headline\":\"Window PE\",\"datePublished\":\"2021-12-11T09:17:59+00:00\",\"dateModified\":\"2022-09-30T05:12:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179\"},\"wordCount\":143,\"commentCount\":0,\"articleSection\":[\"PE \u6a94\u6848\",\"Research & Study\",\"Window\"],\"inLanguage\":\"zh-TW\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.yuyiares.com\\\/?p=179#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179\",\"url\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179\",\"name\":\"Window PE - Ares Vlog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/#website\"},\"datePublished\":\"2021-12-11T09:17:59+00:00\",\"dateModified\":\"2022-09-30T05:12:11+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/#\\\/schema\\\/person\\\/3d4db07eab24e08cc9eea662ef3053ac\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179#breadcrumb\"},\"inLanguage\":\"zh-TW\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.yuyiares.com\\\/?p=179\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/?p=179#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.yuyiares.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Window PE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/#website\",\"url\":\"https:\\\/\\\/www.yuyiares.com\\\/\",\"name\":\"Ares Vlog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.yuyiares.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-TW\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.yuyiares.com\\\/#\\\/schema\\\/person\\\/3d4db07eab24e08cc9eea662ef3053ac\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-TW\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7a48eb75ce0e81d088764746bc78b3a75ae3f2fbe40d6f69bbc7cfd2fa004a03?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7a48eb75ce0e81d088764746bc78b3a75ae3f2fbe40d6f69bbc7cfd2fa004a03?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7a48eb75ce0e81d088764746bc78b3a75ae3f2fbe40d6f69bbc7cfd2fa004a03?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/www.yuyiares.com\"],\"url\":\"https:\\\/\\\/www.yuyiares.com\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Window PE - Ares Vlog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.yuyiares.com\/?p=179","og_locale":"zh_TW","og_type":"article","og_title":"Window PE - Ares Vlog","og_description":"What is PE ? PE \u70ba Portable Executable \u7684\u7e2e\u5beb\uff0c\u70ba ” \u53ef\u57f7\u884c\uff08Executable\uff09\u7a0b\u5f0f\u6216\u52d5\u614b\u9023\u7d50\u51fd\u5f0f\u5eab\uff08Dynamic link library\uff09\u7684\u6587\u4ef6\u683c\u5f0f “\u3002 \u5e38\u898b\u7684\u5e38\u898b\u7684EXE\u3001DLL\u3001OCX\u3001SYS\u3001COM\u90fd\u662fPE\u6a94\u6848\u3002 PE \u7d50\u69cb PE \u7d50\u69cb\u53ef\u4ee5\u5206\u70ba\u5e7e\u500b\u90e8\u5206\uff1a DOS header NT Header (PE Header) Section Header (Section Table) Section Data DOS Header IMAGE_DOS_HEADER \u958b\u982d\u5fc5\u70ba \u201cMZ\u201d \u5b57\u4e32\uff0c\u70ba 4D 5A\u201d\uff0c\u70ba”\u53ef\u57f7\u884c\u6a94\u6848”\u7684\u6a19\u8a18\u3002 \u4e3b\u8981\u7528\u8655\u70ba\u78ba\u4fddPE file \u5728 DOS \u6a21\u5f0f\u4e0b\u4e5f\u53ef\u57f7\u884c\u3002 \u5927\u5c0f\u5927\u6982\u70ba 40h bytes\u3002 \u00a0 DOS Stub \u82e5\u662f\u7a0b\u5f0f\u5728 DOS \u4e0b\u7121\u6cd5\u57f7\u884c\u4fbf\u6703\u8df3\u51fa\u9019\u908a\u7684\u932f\u8aa4\u8a0a\u606f\uff1a\uff02This Program cannot be run in DOS mode\uff02\u3002 e_lfanew \u6700\u5f8c\u4e00\u500b\u6b04\u4f4d \u662f\u7528\u4f86\u6307\u5411 PE Header \u7684\u6307\u6a19\u3002 \u82e5\u70ba 0 \u5247\u4ee3\u8868\u8a72\u6a94\u6848\u662f\u4e00\u500b DOS \u6a94\u6848 \u3002 NT Header IMAGE_NT_HEADER \u5176\u7d50\u69cb\u4e3b\u8981\u70ba “PE Signature “\u3001 ” File Header ” \u548c ” Optional header ” \u00a0 \u7d44\u6210\u3002 \u00a0 PE Signature \u7528\u65bc\u9a57\u8b49\u662f\u5426\u6709\u6548 \uff0c\u5fc5\u6c38\u9060\u7b49\u65bc \u201cPEx00x00\u201d \u5b57\u4e32 File Header \u7d44\u8b6f\u5668\u6240\u7522\u751f\u7684 COFF \u6a94\u6848\u7684 header Machine \uff1a\u6a5f\u68b0\u78bc\uff0c\u901a\u5e38\u70ba x86 \u300164 \u6216 ARM\u3002 NumberOfSections \uff1a\u8a18\u9304\u5340\u584a\u6578\u91cf\uff0c\u7528\u65bc\u6307\u5411Section \u9663\u5217\u6642\u4f7f\u7528 TimeDataStamp \uff1a\u7de8\u8b6f\u6642\u9593 SizeOfOptionaHeader \uff1aOptional \u6a19\u982d\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u6a94\u6848\u5927\u5c0f Characteristics \uff1a\u6240\u6709PE\u7684\u5c6c\u6027\uff0c\u78ba\u8a8d\u662f\u5426\u70ba32 bit \u3001DLL\u6a21\u7d44 \u3001\u662f\u5426\u53ef\u4ee5\u57f7\u884c\u3001\u662f\u5426\u5177\u6709\u91cd\u65b0\u5b9a\u5411\u8cc7\u8a0a\u7b49\u7b49 Optinoal Header \u7de8\u8b6f\u4e4b\u5f8c\u7531\u9023\u63a5\u5668\u88dc\u4e0a\u7684\u8cc7\u8a0a\uff0c\u78ba\u4fdd\u80fd\u5920\u6b63\u78ba\u88dd\u8f09\u7a0b\u5f0f ImageBase \uff1a\u7d00\u9304PE\u6a21\u7d44\u7684\u9810\u8a2d\u4f4d\u7f6e\uff0c\u78ba\u8a8d\u4e00\u958b\u59cb\u6a94\u6848\u653e\u7f6e\u7684\u4f4d\u7f6e\u3002 SizeOfImage \uff1a\u52d5\u614b\u57f7\u884c\u6642\u6240\u9700\u7a7a\u9593\u3002 SizeOfHeaders \uff1aHeader\u7684\u7a7a\u9593\u5927\u5c0f) AddressOfEntryPoint \uff1a\u7a0b\u5f0f\u57f7\u884c\u7684\u5165\u53e3\u9ede\u3002 FileAlignment \uff1a\u7528\u65bc\u975c\u614b\u5340\u6bb5\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u975c\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x200\u3002 SectionAlignment \uff1a\u52d5\u614b\u6a94\u6848\u7684\u5c0d\u9f4a\uff0c\u7c21\u55ae\u4f86\u8aaa\u5c31\u662f\u52d5\u614b\u6a94\u6848\u5340\u6bb5\u7684\u6700\u5c0f\u503c\uff0c\u572832bit \u70ba 0x1000\u3002 DataDirectory \uff1a\u8a18\u9304\u6240\u9700\u8cc7\u6599\u7684\u8d77\u9ede\u548c\u5927\u5c0f\u3002 Section Header NT Header \u7684\u7d50\u5c3e\u5c31\u662fSection Header \u7684\u8d77\u9ede\u3002 Section Header \u70ba\u9663\u5217\u5f62\u5f0f PointerToRawData \uff1a\u76ee\u524d\u5340\u6bb5\u7684\u975c\u614b\u6a94\u6848\u504f\u79fb\u91cf\uff0c\u6703\u6307\u5411 Section data \u7684\u4f4d\u7f6e\uff0c\u53d6\u5f97\u8cc7\u6599\u6642\u7528\u3002 SizeOfRawData \uff1a\u8a72 Section data \u7684\u5927\u5c0f\uff0c\u7528\u65bc\u78ba\u8a8d\u8a72 Section \u7684\u8d77\u9ede\u548c\u7d42\u9ede\u3002 VirtualAddress \uff1a\u8981\u5beb\u5165\u7684\u4f4d\u7f6e\uff0c\u653e\u9032\u6620\u50cf\u4f4d\u5740\u7684”\u76f8\u5c0d\u504f\u79fb\u91cf”\u3002 VirtualSize \uff1a\u8981\u5beb\u5165\u7684\u5927\u5c0f Characteristics \uff1a\u8cc7\u8a0a\u7d00\u9304\uff0c\u8a18\u9304\u8cc7\u6599\u7684\u72c0\u6cc1\uff0c\u5982\u53ef\u5beb\u3001\u53ef\u8b80\u3001\u53ef\u57f7\u884c…… Section .data \uff1a\u5df2\u521d\u59cb\u5316\u7684\u6578\u64da .idata\uff1aimport \u7684\u6587\u4ef6\u540d\u8868 .edata\uff1aexport \u7684\u6587\u4ef6\u540d\u8868 .rdata\uff1aread only \u7684\u521d\u59cb\u6578\u64da .reloc\uff1a\u91cd\u5b9a\u4f4d\u8868\u8a0a\u606f .rsrc\uff1a\u8cc7\u6e90 .text\uff1aexe \u6216 dll \u7684\u53ef\u57f7\u884c\u7a0b\u5f0f\u78bc PE \u7d50\u69cb\u5716\u7247 \u4e00\u500b Section \u7684 \u7d42\u9ede\u70baPointerToRawData + SizeofRawData \u6574\u500b\u7a0b\u5f0f\u5927\u5c0f\u70ba \u70ba [ ( DOS Header\u00a0 + NT Header + Section Header)\u00a0 \u5c0d\u9f4a File Alignment\u00a0 ] + \u5404\u500b\u5340\u6bb5\u5c0d\u9f4a\u4e4b\u5f8c\u7684\u5927\u5c0f","og_url":"https:\/\/www.yuyiares.com\/?p=179","og_site_name":"Ares Vlog","article_published_time":"2021-12-11T09:17:59+00:00","article_modified_time":"2022-09-30T05:12:11+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005:":"admin","\u9810\u4f30\u95b1\u8b80\u6642\u9593":"2 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.yuyiares.com\/?p=179#article","isPartOf":{"@id":"https:\/\/www.yuyiares.com\/?p=179"},"author":{"name":"admin","@id":"https:\/\/www.yuyiares.com\/#\/schema\/person\/3d4db07eab24e08cc9eea662ef3053ac"},"headline":"Window PE","datePublished":"2021-12-11T09:17:59+00:00","dateModified":"2022-09-30T05:12:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.yuyiares.com\/?p=179"},"wordCount":143,"commentCount":0,"articleSection":["PE \u6a94\u6848","Research & Study","Window"],"inLanguage":"zh-TW","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.yuyiares.com\/?p=179#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.yuyiares.com\/?p=179","url":"https:\/\/www.yuyiares.com\/?p=179","name":"Window PE - Ares Vlog","isPartOf":{"@id":"https:\/\/www.yuyiares.com\/#website"},"datePublished":"2021-12-11T09:17:59+00:00","dateModified":"2022-09-30T05:12:11+00:00","author":{"@id":"https:\/\/www.yuyiares.com\/#\/schema\/person\/3d4db07eab24e08cc9eea662ef3053ac"},"breadcrumb":{"@id":"https:\/\/www.yuyiares.com\/?p=179#breadcrumb"},"inLanguage":"zh-TW","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yuyiares.com\/?p=179"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.yuyiares.com\/?p=179#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yuyiares.com\/"},{"@type":"ListItem","position":2,"name":"Window PE"}]},{"@type":"WebSite","@id":"https:\/\/www.yuyiares.com\/#website","url":"https:\/\/www.yuyiares.com\/","name":"Ares Vlog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yuyiares.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-TW"},{"@type":"Person","@id":"https:\/\/www.yuyiares.com\/#\/schema\/person\/3d4db07eab24e08cc9eea662ef3053ac","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/secure.gravatar.com\/avatar\/7a48eb75ce0e81d088764746bc78b3a75ae3f2fbe40d6f69bbc7cfd2fa004a03?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7a48eb75ce0e81d088764746bc78b3a75ae3f2fbe40d6f69bbc7cfd2fa004a03?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7a48eb75ce0e81d088764746bc78b3a75ae3f2fbe40d6f69bbc7cfd2fa004a03?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/www.yuyiares.com"],"url":"https:\/\/www.yuyiares.com\/?author=1"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=\/wp\/v2\/posts\/179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=179"}],"version-history":[{"count":3,"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=\/wp\/v2\/posts\/179\/revisions"}],"predecessor-version":[{"id":183,"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=\/wp\/v2\/posts\/179\/revisions\/183"}],"wp:attachment":[{"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yuyiares.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}