مساعدة في درس Lena151

[samoray]

عذرا لم أستطع الترجمة الى العربية . يمكنك استعمال قوقل للترجمة مع مراعاة الكلمات التقنية.

---

 
[align=left]    RVA (relative virtual address). In an image file, the address of an item after it is loaded into memory, with the base address of the image file subtracted from it. The RVA of an item almost always differs from its position within the file on disk (file pointer).

    In an object file, an RVA is less meaningful because memory locations are not assigned. In this case, an RVA would be an address within a section (described later in this table), to which a relocation is later applied during linking. For simplicity, a compiler should just set the first RVA in each section to zero.

    VA (virtual address). Same as RVA, except that the base address of the image file is not subtracted. The address is called a “VA” because Windows creates a distinct VA space for each process, independent of physical memory. For almost all purposes, a VA should be considered just an address. A VA is not as predictable as an RVA because the loader might not load the image at its preferred location.[/align]

. النقطة الثانية بخصوص PE :
أ. DOs MZ header : هي اول حرفين MZ لاسم الشخص الي اخترع DOS اشي زي هيك
ب. MS-DOS Header : هي الجملة الموجودة في البداية ( This program ...etc )
ج. PE File Header : يبدأ فيها PE مع رمز لمعرفة البرنامج 32 او 64 ومن بعدها في حالة وجد optional header يضاف فيها ؟؟؟

د. Sections Table : بتكون فيها Code و DATA ...الخ 
هـ. هو بداية البرنامج في olly عند العنوان 00401000


هل فهمي صحيح لها ام لا ؟

عليك مراجعة بنية الملفات من نوع PE