Re: RFC: Objdump: Dumping PE specific headers

public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed

From: Jan Beulich <jbeulich@suse.com>
To: Nick Clifton <nickc@redhat.com>
Cc: binutils@sourceware.org
Subject: Re: RFC: Objdump: Dumping PE specific headers
Date: Fri, 26 May 2023 08:20:36 +0200	[thread overview]
Message-ID: <dc0bc47c-f93b-b5e9-b15c-22245d026b6b@suse.com> (raw)
In-Reply-To: <871qj41iw5.fsf@redhat.com>

Nick,

On 25.05.2023 18:21, Nick Clifton via Binutils wrote:
>   Whilst looking at PR 310145, I realised that we currently do not have
>   a way to display the contents of PE type files in their native
>   format.  Since objdump does have a --private option which provides
>   this kind of functionality for other file format types, I thought that
>   it would be helpful if objdump could also handle PE files.  Hence this
>   patch.
> 
>   At the moment it only dumps the file header and section headers, but
>   this could be extended in the future.  (Especially if someone else is
>   interested in doing the work...).  The output looks something like
>   this:
> 
>     $ objdump -P header,sections test-section-flags.exe --wide
> 
>     test-section-flags.exe:     file format pei-x86-64
> 
>     PEI File Header:
>       Magic:         0x5a4d		- IMAGE_DOS_SIGNATURE
>       Machine Num:   0x8664		- AMD64
>       Num sections:  6
>       Time and date: 0x646f522d		- Thu May 25 13:18:53 2023
>       Symbols off:   0x00001000
>       Num symbols:   60
>       Opt hdr sz:    240
>       flags:         0x0226		- EXECUTABLE,LINE NUMS STRIPPED,LARGE ADDRESS AWARE,DEBUG STRIPPED
> 
>     Section headers (at 152+240=0x00000188 to 0x00000278):
>      # Name     paddr    vaddr    size     scnptr   relptr   lnnoptr  nrel  nlnno   Flags
>      1 .text    00000030 00001000 00000200 00000400 00000000 00000000 0     0       60000020 EXECUTE,READ,CODE
>      2 my_sect  00000004 00002000 00000200 00000600 00000000 00000000 0     0       c0000040 READ,WRITE,INITIALIZED DATA
>      3 .rdata   00000040 00003000 00000200 00000800 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
>      4 .pdata   0000000c 00004000 00000200 00000a00 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
>      5 .xdata   00000008 00005000 00000200 00000c00 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
>      6 .idata   00000014 00006000 00000200 00000e00 00000000 00000000 0     0       c0000040 READ,WRITE,INITIALIZED DATA
> 
>   Thoughts, comments ?

thanks for doing this; I had been wondering several times in the past
whether I simply didn't know the right option to pass to have such
information printed. Just one remark: I don't think printing the
signature (Magic:) at the beginning of the file is useful here either,
as without that signature no output would appear anyway (for the file
being unrecognized), and afaik there are no alternative signatures
that could be in use. Instead what may be of interest to print is the
file offset of the PE header/signature, as especially in older
(bi-modal) binaries this may not be near the beginning of the file. I
don't see this information being printed by any other option.

Another minor aspect: The nrel and nlnno fields of the section dump
may read better (if any are non-zero) when padded to the left, not to
the right.

Jan

next prev parent reply	other threads:[~2023-05-26  6:20 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-25 16:21 Nick Clifton
2023-05-26  6:20 ` Jan Beulich [this message]
2023-05-26 15:44   ` Fangrui Song
     [not found]   ` <DS7PR12MB5765E0FC436669802ABB76ABCB479@DS7PR12MB5765.namprd12.prod.outlook.com>
2023-05-30 10:50     ` Nick Clifton
2023-05-30 14:50     ` Nick Clifton
2023-05-30 15:50       ` Fangrui Song
2023-05-26 14:40 ` Nick Clifton
2023-05-28  3:13   ` Alan Modra
2023-05-30 10:48     ` Nick Clifton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dc0bc47c-f93b-b5e9-b15c-22245d026b6b@suse.com \
    --to=jbeulich@suse.com \
    --cc=binutils@sourceware.org \
    --cc=nickc@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).