取消可执行文件加载时重新定位的方法----方便window7下调试

typedef struct _IMAGE_OPTIONAL_HEADER {  WORD                 Magic;  BYTE                 MajorLinkerVersion;  BYTE                 MinorLinkerVersion;  DWORD                SizeOfCode;  DWORD                SizeOfInitializedData;  DWORD                SizeOfUninitializedData;  DWORD                AddressOfEntryPoint;  DWORD                BaseOfCode;  DWORD                BaseOfData;  DWORD                ImageBase;  DWORD                SectionAlignment;  DWORD                FileAlignment;  WORD                 MajorOperatingSystemVersion;  WORD                 MinorOperatingSystemVersion;  WORD                 MajorImageVersion;  WORD                 MinorImageVersion;  WORD                 MajorSubsystemVersion;  WORD                 MinorSubsystemVersion;  DWORD                Win32VersionValue;  DWORD                SizeOfImage;  DWORD                SizeOfHeaders;  DWORD                CheckSum;  WORD                 Subsystem;  WORD                 DllCharacteristics;  DWORD                SizeOfStackReserve;  DWORD                SizeOfStackCommit;  DWORD                SizeOfHeapReserve;  DWORD                SizeOfHeapCommit;  DWORD                LoaderFlags;  DWORD                NumberOfRvaAndSizes;  IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;

上面红色标记的就是PE头中控制该功能的两个字节

说明如下。

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040

The DLL can be relocated at load time.

 

若想取消，可如下操作：

用PE Explorer打开可执行文件

 

得到0x0140

异或掉0x0040

得0x0100

保存到文件。就可以了。