.rdata is for const data. It is the read only version of the .data segment.
.idata holds the import directory (.edata for exports).
It is used by EXE‘s and DLL‘s to designate the imported and exported functions.
See the PE format specification (http://msdn.microsoft.com/library/windows/hardware/gg463125) for details.
Summarizing typical segment names:
.text: Code .data: Initialized data .bss: Uninitialized data .rdata: Const/read-only (and initialized) data
.edata: Export descriptors .idata: Import descriptors
In fact, the names of the segments are ignored by Windows.
There are linkers that use different segment names and it is even possible
to store the Import Descriptors, Export descriptors, Resources etc.
in the ".text" segment instead of using separate segments.
However it seems to be simpler to create separate sections for such metadata so most linkers will use separate sections.
This means:
Sections ".idata", ".rdata", ".rsrc", ... do not contain program data (although their name ends with "data")
but they contain meta information that is used by the operating system.
The ".rsrc" section for example holds information about the icon that is shown when looking at the executable file in the Explorer.
".idata" contains information about all DLL files required by the program.
IDA .edata .rdata .idata .text segments
原文:http://www.cnblogs.com/shangdawei/p/4788503.html