Re: RFC: Objdump: Dumping PE specific headers

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Fangrui Song <i@maskray.me>
To: Nick Clifton <nickc@redhat.com>
Cc: Jan Beulich <jbeulich@suse.com>, binutils@sourceware.org
Subject: Re: RFC: Objdump: Dumping PE specific headers
Date: Fri, 26 May 2023 08:44:27 -0700	[thread overview]
Message-ID: <DS7PR12MB576545DC0503D92A5641A941CB479@DS7PR12MB5765.namprd12.prod.outlook.com> (raw)
In-Reply-To: <dc0bc47c-f93b-b5e9-b15c-22245d026b6b@suse.com>

On Thu, May 25, 2023 at 11:20 PM Jan Beulich via Binutils
<binutils@sourceware.org> wrote:
>
> Nick,
>
> On 25.05.2023 18:21, Nick Clifton via Binutils wrote:
> >   Whilst looking at PR 310145, I realised that we currently do not have
> >   a way to display the contents of PE type files in their native
> >   format.  Since objdump does have a --private option which provides
> >   this kind of functionality for other file format types, I thought that
> >   it would be helpful if objdump could also handle PE files.  Hence this
> >   patch.
> >
> >   At the moment it only dumps the file header and section headers, but
> >   this could be extended in the future.  (Especially if someone else is
> >   interested in doing the work...).  The output looks something like
> >   this:
> >
> >     $ objdump -P header,sections test-section-flags.exe --wide
> >
> >     test-section-flags.exe:     file format pei-x86-64
> >
> >     PEI File Header:
> >       Magic:         0x5a4d           - IMAGE_DOS_SIGNATURE
> >       Machine Num:   0x8664           - AMD64
> >       Num sections:  6
> >       Time and date: 0x646f522d               - Thu May 25 13:18:53 2023
> >       Symbols off:   0x00001000
> >       Num symbols:   60
> >       Opt hdr sz:    240
> >       flags:         0x0226           - EXECUTABLE,LINE NUMS STRIPPED,LARGE ADDRESS AWARE,DEBUG STRIPPED
> >
> >     Section headers (at 152+240=0x00000188 to 0x00000278):
> >      # Name     paddr    vaddr    size     scnptr   relptr   lnnoptr  nrel  nlnno   Flags
> >      1 .text    00000030 00001000 00000200 00000400 00000000 00000000 0     0       60000020 EXECUTE,READ,CODE
> >      2 my_sect  00000004 00002000 00000200 00000600 00000000 00000000 0     0       c0000040 READ,WRITE,INITIALIZED DATA
> >      3 .rdata   00000040 00003000 00000200 00000800 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
> >      4 .pdata   0000000c 00004000 00000200 00000a00 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
> >      5 .xdata   00000008 00005000 00000200 00000c00 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
> >      6 .idata   00000014 00006000 00000200 00000e00 00000000 00000000 0     0       c0000040 READ,WRITE,INITIALIZED DATA
> >
> >   Thoughts, comments ?
>
> thanks for doing this; I had been wondering several times in the past
> whether I simply didn't know the right option to pass to have such
> information printed. Just one remark: I don't think printing the
> signature (Magic:) at the beginning of the file is useful here either,
> as without that signature no output would appear anyway (for the file
> being unrecognized), and afaik there are no alternative signatures
> that could be in use. Instead what may be of interest to print is the
> file offset of the PE header/signature, as especially in older
> (bi-modal) binaries this may not be near the beginning of the file. I
> don't see this information being printed by any other option.
>
> Another minor aspect: The nrel and nlnno fields of the section dump
> may read better (if any are non-zero) when padded to the left, not to
> the right.
>
> Jan

objdump -p a.exe also dumps the PE header (enabled by default without
selecting a PE triple in --enable-targets=), but in a different
format.
I wonder whether the -P header output can be made similar to the
existing output...

next prev parent reply	other threads:[~2023-05-26 15:50 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-25 16:21 Nick Clifton
2023-05-26  6:20 ` Jan Beulich
2023-05-26 15:44   ` Fangrui Song [this message]
     [not found]   ` <DS7PR12MB5765E0FC436669802ABB76ABCB479@DS7PR12MB5765.namprd12.prod.outlook.com>
2023-05-30 10:50     ` Nick Clifton
2023-05-30 14:50     ` Nick Clifton
2023-05-30 15:50       ` Fangrui Song
2023-05-26 14:40 ` Nick Clifton
2023-05-28  3:13   ` Alan Modra
2023-05-30 10:48     ` Nick Clifton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DS7PR12MB576545DC0503D92A5641A941CB479@DS7PR12MB5765.namprd12.prod.outlook.com \
    --to=i@maskray.me \
    --cc=binutils@sourceware.org \
    --cc=jbeulich@suse.com \
    --cc=nickc@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).