From: Nick Clifton <nickc@redhat.com>
To: binutils@sourceware.org
Subject: Re: RFC: Objdump: Dumping PE specific headers
Date: Fri, 26 May 2023 15:40:59 +0100 [thread overview]
Message-ID: <9add4711-4efb-66af-387e-e7b2902af5e8@redhat.com> (raw)
In-Reply-To: <871qj41iw5.fsf@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1204 bytes --]
Hi Guys,
Right - I am commit the attached, revised version of my original patch.
Following Jan's suggestions I have changed the layout slightly and dropped
this display of the IMAGE_DOS_SIGNATURE magic number. In addition I have
added:
* Support for displaying some of the contents of the optional header,
if it is present.
* Support for displaying PE format object files (which do not have the
PEI_filehdr structure at the start of the file).
* Documentation (gasp), a testcase and a NEWS entry.
Cheers
Nick
2023-05-26 Nick Clifton <nickc@redhat.com>
* od-pe.c: New file: Dumps fields in PE format headers.
* configure.ac (od_vectors): Add objdump_private_desc_pe for PE
format targets.
(od_files): Add od-pe for PE format targets.
* configure: Regenerate.
* Makefile.am (CFILES): Add od-pe.c
(EXTRA_objdump_SOURCE): Likewise.
* Makefile.in: Generate.
* NEWS: Mention the new feature.
* doc/binutils.texi: Document the new support.
* objdump.c (wide_output): Change from local to global.
* objdump.h (wide_output): Prototype.
(objdump_private_desc_pe): Prototype.
* testsuite/binutils-all/objdump.exp: Add a test of the new feature.
[-- Attachment #2: fred --]
[-- Type: text/plain, Size: 16679 bytes --]
--- /dev/null 2023-05-25 08:58:13.102395769 +0100
+++ current/binutils/od-pe.c 2023-05-26 15:24:38.401889536 +0100
@@ -0,0 +1,565 @@
+/* od-pe.c -- dump information about a PE object file.
+ Copyright (C) 2011-2023 Free Software Foundation, Inc.
+ Written by Tristan Gingold, Adacore and Nick Clifton, Red Hat.
+
+ This file is part of GNU Binutils.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, 51 Franklin Street - Fifth Floor, Boston,
+ MA 02110-1301, USA. */
+
+#include "sysdep.h"
+#include <stddef.h>
+#include <time.h>
+#include "safe-ctype.h"
+#include "bfd.h"
+#include "objdump.h"
+#include "bucomm.h"
+#include "bfdlink.h"
+#include "coff/internal.h"
+#define L_LNNO_SIZE 4 /* FIXME: which value should we use ? */
+#include "coff/external.h"
+#include "coff/pe.h"
+#include "libcoff.h"
+#include "libpei.h"
+
+/* Index of the options in the options[] array. */
+#define OPT_FILE_HEADER 0
+#define OPT_AOUT 1
+#define OPT_SECTIONS 2
+#define OPT_SYMS 3
+#define OPT_RELOCS 4
+#define OPT_LINENO 5
+#define OPT_LOADER 6
+#define OPT_EXCEPT 7
+#define OPT_TYPCHK 8
+#define OPT_TRACEBACK 9
+#define OPT_TOC 10
+#define OPT_LDINFO 11
+
+/* List of actions. */
+static struct objdump_private_option options[] =
+{
+ { "header", 0 },
+ { "aout", 0 },
+ { "sections", 0 },
+ { "syms", 0 },
+ { "relocs", 0 },
+ { "lineno", 0 },
+ { "loader", 0 },
+ { "except", 0 },
+ { "typchk", 0 },
+ { "traceback", 0 },
+ { "toc", 0 },
+ { "ldinfo", 0 },
+ { NULL, 0 }
+};
+
+/* Simplified section header. */
+struct pe_section
+{
+ /* NUL terminated name. */
+ char name[9];
+
+ /* Section flags. */
+ unsigned int flags;
+
+ /* Offsets in file. */
+ ufile_ptr scnptr;
+ ufile_ptr relptr;
+ ufile_ptr lnnoptr;
+
+ /* Number of relocs and line numbers. */
+ unsigned int nreloc;
+ unsigned int nlnno;
+};
+
+/* Translation entry type. The last entry must be {0, NULL}. */
+
+struct xlat_table
+{
+ unsigned int val;
+ const char * name;
+};
+
+/* PE file flags. */
+static const struct xlat_table file_flag_xlat[] =
+{
+ { IMAGE_FILE_RELOCS_STRIPPED, "RELOCS STRIPPED"},
+ { IMAGE_FILE_EXECUTABLE_IMAGE, "EXECUTABLE"},
+ { IMAGE_FILE_LINE_NUMS_STRIPPED, "LINE NUMS STRIPPED"},
+ { IMAGE_FILE_LOCAL_SYMS_STRIPPED, "LOCAL SYMS STRIPPED"},
+ { IMAGE_FILE_AGGRESSIVE_WS_TRIM, "AGGRESSIVE WS TRIM"},
+ { IMAGE_FILE_LARGE_ADDRESS_AWARE, "LARGE ADDRESS AWARE"},
+ { IMAGE_FILE_16BIT_MACHINE, "16BIT MACHINE"},
+ { IMAGE_FILE_BYTES_REVERSED_LO, "BYTES REVERSED LO"},
+ { IMAGE_FILE_32BIT_MACHINE, "32BIT MACHINE"},
+ { IMAGE_FILE_DEBUG_STRIPPED, "DEBUG STRIPPED"},
+ { IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, "REMOVABLE RUN FROM SWAP"},
+ { IMAGE_FILE_NET_RUN_FROM_SWAP, "NET RUN FROM SWAP"},
+ { IMAGE_FILE_SYSTEM, "SYSTEM"},
+ { IMAGE_FILE_DLL, "DLL"},
+ { IMAGE_FILE_UP_SYSTEM_ONLY, "UP SYSTEM ONLY"},
+ { IMAGE_FILE_BYTES_REVERSED_HI, "BYTES REVERSED HI"},
+ { 0, NULL }
+};
+
+/* PE section flags. */
+static const struct xlat_table section_flag_xlat[] =
+{
+ { IMAGE_SCN_MEM_DISCARDABLE, "DISCARDABLE" },
+ { IMAGE_SCN_MEM_EXECUTE, "EXECUTE" },
+ { IMAGE_SCN_MEM_READ, "READ" },
+ { IMAGE_SCN_MEM_WRITE, "WRITE" },
+ { IMAGE_SCN_TYPE_NO_PAD, "NO PAD" },
+ { IMAGE_SCN_CNT_CODE, "CODE" },
+ { IMAGE_SCN_CNT_INITIALIZED_DATA, "INITIALIZED DATA" },
+ { IMAGE_SCN_CNT_UNINITIALIZED_DATA, "UNINITIALIZED DATA" },
+ { IMAGE_SCN_LNK_OTHER, "OTHER" },
+ { IMAGE_SCN_LNK_INFO, "INFO" },
+ { IMAGE_SCN_LNK_REMOVE, "REMOVE" },
+ { IMAGE_SCN_LNK_COMDAT, "COMDAT" },
+ { IMAGE_SCN_MEM_FARDATA, "FARDATA" },
+ { IMAGE_SCN_MEM_PURGEABLE, "PURGEABLE" },
+ { IMAGE_SCN_MEM_LOCKED, "LOCKED" },
+ { IMAGE_SCN_MEM_PRELOAD, "PRELOAD" },
+ { IMAGE_SCN_LNK_NRELOC_OVFL, "NRELOC OVFL" },
+ { IMAGE_SCN_MEM_NOT_CACHED, "NOT CACHED" },
+ { IMAGE_SCN_MEM_NOT_PAGED, "NOT PAGED" },
+ { IMAGE_SCN_MEM_SHARED, "SHARED" },
+ { 0, NULL }
+};
+
+
+/* Display help. */
+
+static void
+pe_help (FILE *stream)
+{
+ fprintf (stream, _("\
+For PE files:\n\
+ header Display the file header\n\
+ sections Display the section headers\n\
+"));
+}
+
+/* Return true if ABFD is handled. */
+
+static int
+pe_filter (bfd *abfd)
+{
+ return bfd_get_flavour (abfd) == bfd_target_coff_flavour;
+}
+
+/* Display the list of name (from TABLE) for FLAGS, using comma to
+ separate them. A name is displayed if FLAGS & VAL is not 0. */
+
+static void
+dump_flags (const struct xlat_table * table, unsigned int flags)
+{
+ unsigned int r = flags;
+ bool first = true;
+ const struct xlat_table *t;
+
+ for (t = table; t->name; t++)
+ if ((flags & t->val) != 0)
+ {
+ r &= ~t->val;
+
+ if (first)
+ first = false;
+ else
+ putchar (',');
+ fputs (t->name, stdout);
+ }
+
+ /* Undecoded flags. */
+ if (r != 0)
+ {
+ if (!first)
+ putchar (',');
+ printf (_("unknown: 0x%x"), r);
+ }
+}
+
+static const char *
+decode_machine_number (unsigned int machine)
+{
+ switch (machine)
+ {
+ case IMAGE_FILE_MACHINE_ALPHA: return "ALPHA";
+ case IMAGE_FILE_MACHINE_AMD64: return "AMD64";
+ case IMAGE_FILE_MACHINE_ARM: return "ARM";
+ case IMAGE_FILE_MACHINE_ARM64: return "ARM64";
+ case IMAGE_FILE_MACHINE_I386: return "I386";
+ case IMAGE_FILE_MACHINE_IA64: return "IA64";
+ case IMAGE_FILE_MACHINE_LOONGARCH64: return "LOONGARCH64";
+ case IMAGE_FILE_MACHINE_POWERPC: return "POWERPC";
+ case 0x0500: return "SH (big endian)";
+ case 0x0550: return "SH (little endian)";
+ case 0x0b00: return "MCore";
+ case 0x0093: return "TI C4X";
+ // FIXME: Add more machine numbers.
+ default: return N_("unknown");
+ }
+}
+
+/* Dump the file header. */
+
+static void
+dump_pe_file_header (bfd * abfd,
+ struct external_PEI_filehdr * fhdr,
+ struct external_PEI_IMAGE_hdr * ihdr)
+{
+ unsigned long ihdr_off = 0;
+
+ if (fhdr != NULL)
+ {
+ printf (_("\nFile Header:\n"));
+
+ /* FIXME: The fields in the file header are boring an generally have
+ fixed values. Is there any benefit in displaying them ? */
+
+ /* Display the first string found in the stub.
+ FIXME: Look for more than one string ?
+ FIXME: Strictly speaking we may not have read the full stub, since
+ it can be longer than the dos_message array in the PEI_fileheader
+ structure. */
+ const unsigned char * message = (const unsigned char *) fhdr->dos_message;
+ unsigned int len = sizeof (fhdr->dos_message);
+ unsigned int i;
+ unsigned int seen_count = 0;
+ unsigned int string_start = 0;
+
+ for (i = 0; i < len; i++)
+ {
+ if (ISPRINT (message[i]))
+ {
+ if (string_start == 0)
+ string_start = i;
+ ++ seen_count;
+ if (seen_count > 4)
+ break;
+ }
+ else
+ {
+ seen_count = string_start = 0;
+ }
+ }
+
+ if (seen_count > 4)
+ {
+ printf (_(" Stub message: "));
+ while (string_start < len)
+ {
+ char c = message[string_start ++];
+ if (! ISPRINT (c))
+ break;
+ putchar (c);
+ }
+ putchar ('\n');
+ }
+
+ ihdr_off = (long) bfd_h_get_32 (abfd, fhdr->e_lfanew);
+ }
+
+ printf (_("\nImage Header (at offset %#lx):\n"), ihdr_off);
+
+ unsigned int machine = (int) bfd_h_get_16 (abfd, ihdr->f_magic);
+ printf (_(" Machine Num: %#x\t\t- %s\n"), machine,
+ decode_machine_number (machine));
+
+ printf (_(" Num sections: %d\n"), (int) bfd_h_get_16 (abfd, ihdr->f_nscns));
+
+ long timedat = bfd_h_get_32 (abfd, ihdr->f_timdat);
+ printf (_(" Time and date: %#08lx\t- "), timedat);
+ if (timedat == 0)
+ printf (_("not set\n"));
+ else
+ {
+ /* Not correct on all platforms, but works on unix. */
+ time_t t = timedat;
+ fputs (ctime (& t), stdout);
+ }
+
+ printf (_(" Symbols off: %#08lx\n"),
+ (long) bfd_h_get_32 (abfd, ihdr->f_symptr));
+ printf (_(" Num symbols: %ld\n"),
+ (long) bfd_h_get_32 (abfd, ihdr->f_nsyms));
+
+ unsigned int opt_header_size = (int) bfd_h_get_16 (abfd, ihdr->f_opthdr);
+ printf (_(" Opt hdr sz: %#x\n"), opt_header_size);
+
+ unsigned int flags = (int) bfd_h_get_16 (abfd, ihdr->f_flags);
+ printf (_(" Flags: 0x%04x\t\t- "), flags);
+ dump_flags (file_flag_xlat, flags);
+ putchar ('\n');
+
+ if (opt_header_size == PEPAOUTSZ)
+ {
+ PEPAOUTHDR xhdr;
+
+ printf (_("\nOptional PE+ Header (at offset %#lx):\n"),
+ ihdr_off + sizeof (* ihdr));
+
+ if (bfd_seek (abfd, ihdr_off + sizeof (* ihdr), SEEK_SET) != 0
+ || bfd_bread (& xhdr, sizeof (xhdr), abfd) != sizeof (xhdr))
+ printf ("error: unable to read PE+ header\n");
+ else
+ {
+ /* FIXME: Check that the magic number is 0x020b ? */
+ printf (_(" Magic: %x\n"),
+ (int) bfd_h_get_16 (abfd, xhdr.standard.magic));
+ printf (_(" Image Base: %lx\n"),
+ (long) bfd_h_get_64 (abfd, xhdr.ImageBase));
+ /* FIXME: Print more fields. */
+ }
+ }
+ else if (opt_header_size == AOUTSZ)
+ {
+ PEAOUTHDR xhdr;
+
+ printf (_("\nOptional PE Header (at offset %#lx):\n"),
+ ihdr_off + sizeof (* ihdr));
+
+ if (bfd_seek (abfd, ihdr_off + sizeof (* ihdr), SEEK_SET) != 0
+ || bfd_bread (& xhdr, sizeof (xhdr), abfd) != sizeof (xhdr))
+ printf ("error: unable to read PE+ header\n");
+ else
+ {
+ /* FIXME: Check that the magic number is 0x010b ? */
+ printf (_(" Magic: %x\n"),
+ (int) bfd_h_get_16 (abfd, xhdr.standard.magic));
+ printf (_(" Image Base: %lx\n"),
+ (long) bfd_h_get_32 (abfd, xhdr.ImageBase));
+ /* FIXME: Print more fields. */
+ }
+ }
+ else if (opt_header_size != 0)
+ {
+ printf (_("\nUnsupported size of Optional Header\n"));
+ }
+}
+
+/* Dump the sections header. */
+
+static void
+dump_pe_sections_header (bfd * abfd,
+ struct external_PEI_filehdr * fhdr,
+ struct external_PEI_IMAGE_hdr * ihdr)
+{
+ unsigned int opthdr = (int) bfd_h_get_16 (abfd, ihdr->f_opthdr);
+ unsigned int n_scns = (int) bfd_h_get_16 (abfd, ihdr->f_nscns);
+ unsigned int off;
+
+ /* The section header starts after the file, image and optional headers. */
+ if (fhdr == NULL)
+ off = sizeof (struct external_filehdr) + opthdr;
+ else
+ off = (int) bfd_h_get_16 (abfd, fhdr->e_lfanew) + sizeof (* ihdr) + opthdr;
+
+ printf (_("\nSection headers (at offset 0x%08x):\n"), off);
+
+ if (n_scns == 0)
+ {
+ printf (_(" No section headers\n"));
+ return;
+ }
+ if (bfd_seek (abfd, off, SEEK_SET) != 0)
+ {
+ non_fatal (_("cannot seek to section headers start\n"));
+ return;
+ }
+
+ /* We don't translate this string as it consists of field names. */
+ if (wide_output)
+ printf (" # Name paddr vaddr size scnptr relptr lnnoptr nrel nlnno Flags\n");
+ else
+ printf (" # Name paddr vaddr size scnptr relptr lnnoptr nrel nlnno\n");
+
+ unsigned int i;
+ for (i = 0; i < n_scns; i++)
+ {
+ struct external_scnhdr scn;
+ unsigned int flags;
+
+ if (bfd_bread (& scn, sizeof (scn), abfd) != sizeof (scn))
+ {
+ non_fatal (_("cannot read section header"));
+ return;
+ }
+
+ printf ("%2d %-8.8s %08x %08x %08x %08x %08x %08x %5d %5d",
+ i + 1, scn.s_name,
+ (unsigned int) bfd_h_get_32 (abfd, scn.s_paddr),
+ (unsigned int) bfd_h_get_32 (abfd, scn.s_vaddr),
+ (unsigned int) bfd_h_get_32 (abfd, scn.s_size),
+ (unsigned int) bfd_h_get_32 (abfd, scn.s_scnptr),
+ (unsigned int) bfd_h_get_32 (abfd, scn.s_relptr),
+ (unsigned int) bfd_h_get_32 (abfd, scn.s_lnnoptr),
+ (unsigned int) bfd_h_get_16 (abfd, scn.s_nreloc),
+ (unsigned int) bfd_h_get_16 (abfd, scn.s_nlnno));
+
+ flags = bfd_h_get_32 (abfd, scn.s_flags);
+ if (wide_output)
+ printf (_(" %08x "), flags);
+ else
+ printf (_("\n Flags: %08x: "), flags);
+
+ if (flags != 0)
+ {
+ /* Skip the alignment bits. */
+ flags &= ~ IMAGE_SCN_ALIGN_POWER_BIT_MASK;
+ dump_flags (section_flag_xlat, flags);
+ }
+
+ putchar ('\n');
+ }
+}
+
+/* Handle a PE format file. */
+
+static void
+dump_pe (bfd * abfd,
+ struct external_PEI_filehdr * fhdr,
+ struct external_PEI_IMAGE_hdr * ihdr)
+{
+ if (options[OPT_FILE_HEADER].selected)
+ dump_pe_file_header (abfd, fhdr, ihdr);
+
+ if (options[OPT_SECTIONS].selected)
+ dump_pe_sections_header (abfd, fhdr, ihdr);
+}
+
+static bool
+is_pe_object_magic (unsigned short magic)
+{
+ switch (magic)
+ {
+ case IMAGE_FILE_MACHINE_ALPHA:
+ case IMAGE_FILE_MACHINE_ARM:
+ case IMAGE_FILE_MACHINE_ARM64:
+ case IMAGE_FILE_MACHINE_I386:
+ case IMAGE_FILE_MACHINE_IA64:
+ case IMAGE_FILE_MACHINE_POWERPC:
+ case IMAGE_FILE_MACHINE_LOONGARCH64:
+ case IMAGE_FILE_MACHINE_AMD64:
+ // FIXME: Add more machine numbers.
+ return true;
+ case 0x0500: /* SH_ARCH_MAGIC_BIG */
+ case 0x0550: /* SH_ARCH_MAGIC_LITTLE */
+ case 0x0b00: /* MCore */
+ case 0x0093: /* TI C4x */
+ return true;
+ default:
+ return false;
+ }
+}
+
+/* Dump ABFD (according to the options[] array). */
+
+static void
+pe_dump_obj (bfd *abfd)
+{
+ struct external_PEI_filehdr fhdr;
+
+ /* Read file header. */
+ if (bfd_seek (abfd, 0, SEEK_SET) != 0
+ || bfd_bread (& fhdr, sizeof (fhdr), abfd) != sizeof (fhdr))
+ {
+ non_fatal (_("cannot seek to/read file header"));
+ return;
+ }
+
+ unsigned short magic = bfd_h_get_16 (abfd, fhdr.e_magic);
+
+ /* PE format executable files have a full external_PEI_filehdr structure
+ at the start. PE format object files just have an external_filehdr
+ structure at the start. */
+ if (magic == IMAGE_DOS_SIGNATURE)
+ {
+ unsigned int ihdr_offset = (int) bfd_h_get_16 (abfd, fhdr.e_lfanew);
+
+ /* FIXME: We could reuse the fields in fhdr, but that might
+ confuse various sanitization and memory checker tools. */
+ struct external_PEI_IMAGE_hdr ihdr;
+
+ if (bfd_seek (abfd, ihdr_offset, SEEK_SET) != 0
+ || bfd_bread (& ihdr, sizeof (ihdr), abfd) != sizeof (ihdr))
+ {
+ non_fatal (_("cannot seek to/read image header at offset %#x"),
+ ihdr_offset);
+ return;
+ }
+
+ unsigned int signature = (int) bfd_h_get_16 (abfd, ihdr.nt_signature);
+ if (signature != IMAGE_NT_SIGNATURE)
+ {
+ non_fatal ("file does not have an NT format signature: %#x",
+ signature);
+ return;
+ }
+
+ dump_pe (abfd, & fhdr, & ihdr);
+ }
+ else if (is_pe_object_magic (magic))
+ {
+ struct external_filehdr ehdr;
+
+ if (bfd_seek (abfd, 0, SEEK_SET) != 0
+ || bfd_bread (& ehdr, sizeof (ehdr), abfd) != sizeof (ehdr))
+ {
+ non_fatal (_("cannot seek to/read image header"));
+ return;
+ }
+
+ struct external_PEI_IMAGE_hdr ihdr;
+ memcpy (& ihdr.f_magic, & ehdr, sizeof (ehdr));
+ dump_pe (abfd, NULL, & ihdr);
+ }
+ else
+ {
+ non_fatal ("not a PE format binary - unexpected magic number: %#x",
+ magic);
+ return;
+ }
+}
+
+/* Dump a PE file. */
+
+static void
+pe_dump (bfd *abfd)
+{
+ /* We rely on BFD to decide if the file is a core file. Note that core
+ files are only supported on native environment by BFD. */
+ switch (bfd_get_format (abfd))
+ {
+ case bfd_core:
+ // FIXME: Handle PE format core files ?
+ break;
+ default:
+ pe_dump_obj (abfd);
+ break;
+ }
+}
+
+/* Vector for pe. */
+
+const struct objdump_private_desc objdump_private_desc_pe =
+{
+ pe_help,
+ pe_filter,
+ pe_dump,
+ options
+};
next prev parent reply other threads:[~2023-05-26 14:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-25 16:21 Nick Clifton
2023-05-26 6:20 ` Jan Beulich
2023-05-26 15:44 ` Fangrui Song
[not found] ` <DS7PR12MB5765E0FC436669802ABB76ABCB479@DS7PR12MB5765.namprd12.prod.outlook.com>
2023-05-30 10:50 ` Nick Clifton
2023-05-30 14:50 ` Nick Clifton
2023-05-30 15:50 ` Fangrui Song
2023-05-26 14:40 ` Nick Clifton [this message]
2023-05-28 3:13 ` Alan Modra
2023-05-30 10:48 ` Nick Clifton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9add4711-4efb-66af-387e-e7b2902af5e8@redhat.com \
--to=nickc@redhat.com \
--cc=binutils@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).