From: Fangrui Song <i@maskray.me>
To: Nick Clifton <nickc@redhat.com>
Cc: Jan Beulich <jbeulich@suse.com>, binutils@sourceware.org
Subject: Re: RFC: Objdump: Dumping PE specific headers
Date: Fri, 26 May 2023 08:44:27 -0700 [thread overview]
Message-ID: <DS7PR12MB576545DC0503D92A5641A941CB479@DS7PR12MB5765.namprd12.prod.outlook.com> (raw)
In-Reply-To: <dc0bc47c-f93b-b5e9-b15c-22245d026b6b@suse.com>
On Thu, May 25, 2023 at 11:20 PM Jan Beulich via Binutils
<binutils@sourceware.org> wrote:
>
> Nick,
>
> On 25.05.2023 18:21, Nick Clifton via Binutils wrote:
> > Whilst looking at PR 310145, I realised that we currently do not have
> > a way to display the contents of PE type files in their native
> > format. Since objdump does have a --private option which provides
> > this kind of functionality for other file format types, I thought that
> > it would be helpful if objdump could also handle PE files. Hence this
> > patch.
> >
> > At the moment it only dumps the file header and section headers, but
> > this could be extended in the future. (Especially if someone else is
> > interested in doing the work...). The output looks something like
> > this:
> >
> > $ objdump -P header,sections test-section-flags.exe --wide
> >
> > test-section-flags.exe: file format pei-x86-64
> >
> > PEI File Header:
> > Magic: 0x5a4d - IMAGE_DOS_SIGNATURE
> > Machine Num: 0x8664 - AMD64
> > Num sections: 6
> > Time and date: 0x646f522d - Thu May 25 13:18:53 2023
> > Symbols off: 0x00001000
> > Num symbols: 60
> > Opt hdr sz: 240
> > flags: 0x0226 - EXECUTABLE,LINE NUMS STRIPPED,LARGE ADDRESS AWARE,DEBUG STRIPPED
> >
> > Section headers (at 152+240=0x00000188 to 0x00000278):
> > # Name paddr vaddr size scnptr relptr lnnoptr nrel nlnno Flags
> > 1 .text 00000030 00001000 00000200 00000400 00000000 00000000 0 0 60000020 EXECUTE,READ,CODE
> > 2 my_sect 00000004 00002000 00000200 00000600 00000000 00000000 0 0 c0000040 READ,WRITE,INITIALIZED DATA
> > 3 .rdata 00000040 00003000 00000200 00000800 00000000 00000000 0 0 40000040 READ,INITIALIZED DATA
> > 4 .pdata 0000000c 00004000 00000200 00000a00 00000000 00000000 0 0 40000040 READ,INITIALIZED DATA
> > 5 .xdata 00000008 00005000 00000200 00000c00 00000000 00000000 0 0 40000040 READ,INITIALIZED DATA
> > 6 .idata 00000014 00006000 00000200 00000e00 00000000 00000000 0 0 c0000040 READ,WRITE,INITIALIZED DATA
> >
> > Thoughts, comments ?
>
> thanks for doing this; I had been wondering several times in the past
> whether I simply didn't know the right option to pass to have such
> information printed. Just one remark: I don't think printing the
> signature (Magic:) at the beginning of the file is useful here either,
> as without that signature no output would appear anyway (for the file
> being unrecognized), and afaik there are no alternative signatures
> that could be in use. Instead what may be of interest to print is the
> file offset of the PE header/signature, as especially in older
> (bi-modal) binaries this may not be near the beginning of the file. I
> don't see this information being printed by any other option.
>
> Another minor aspect: The nrel and nlnno fields of the section dump
> may read better (if any are non-zero) when padded to the left, not to
> the right.
>
> Jan
objdump -p a.exe also dumps the PE header (enabled by default without
selecting a PE triple in --enable-targets=), but in a different
format.
I wonder whether the -P header output can be made similar to the
existing output...
next prev parent reply other threads:[~2023-05-26 15:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-25 16:21 Nick Clifton
2023-05-26 6:20 ` Jan Beulich
2023-05-26 15:44 ` Fangrui Song [this message]
[not found] ` <DS7PR12MB5765E0FC436669802ABB76ABCB479@DS7PR12MB5765.namprd12.prod.outlook.com>
2023-05-30 10:50 ` Nick Clifton
2023-05-30 14:50 ` Nick Clifton
2023-05-30 15:50 ` Fangrui Song
2023-05-26 14:40 ` Nick Clifton
2023-05-28 3:13 ` Alan Modra
2023-05-30 10:48 ` Nick Clifton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DS7PR12MB576545DC0503D92A5641A941CB479@DS7PR12MB5765.namprd12.prod.outlook.com \
--to=i@maskray.me \
--cc=binutils@sourceware.org \
--cc=jbeulich@suse.com \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).