4 * Copyright 2001 Eric Pouech
11 #include <sys/types.h>
21 static unsigned long total_len;
22 static IMAGE_NT_HEADERS* nt_headers;
24 enum FileSig {SIG_UNKNOWN, SIG_DOS, SIG_PE, SIG_DBG};
26 char* get_time_str(DWORD _t)
28 time_t t = (time_t)_t;
31 /* FIXME: I don't get the same values from MS' pedump running under Wine...
32 * I wonder if Wine isn't broken wrt to GMT settings...
34 strncpy(buf, ctime(&t), sizeof(buf));
35 buf[sizeof(buf) - 1] = '\0';
36 if (buf[strlen(buf)-1] == '\n')
37 buf[strlen(buf)-1] = '\0';
41 static const char* get_machine_str(DWORD mach)
45 case IMAGE_FILE_MACHINE_UNKNOWN: return "Unknown";
46 case IMAGE_FILE_MACHINE_I860: return "i860";
47 case IMAGE_FILE_MACHINE_I386: return "i386";
48 case IMAGE_FILE_MACHINE_R3000: return "R3000";
49 case IMAGE_FILE_MACHINE_R4000: return "R4000";
50 case IMAGE_FILE_MACHINE_R10000: return "R10000";
51 case IMAGE_FILE_MACHINE_ALPHA: return "Alpha";
52 case IMAGE_FILE_MACHINE_POWERPC: return "PowerPC";
57 void* PRD(unsigned long prd, unsigned long len)
59 return (prd + len > total_len) ? NULL : (char*)base + prd;
62 unsigned long Offset(void* ptr)
64 if (ptr < base) {printf("<<<<<ptr below\n");return 0;}
65 if (ptr >= base + total_len) {printf("<<<<<ptr above\n");return 0;}
69 void* RVA(unsigned long rva, unsigned long len)
71 IMAGE_SECTION_HEADER* sectHead;
74 sectHead = (IMAGE_SECTION_HEADER*)((char*)nt_headers + sizeof(DWORD) +
75 sizeof(IMAGE_FILE_HEADER) +
76 nt_headers->FileHeader.SizeOfOptionalHeader);
78 if (rva == 0) return NULL;
80 for (i = nt_headers->FileHeader.NumberOfSections - 1; i >= 0; i--)
82 if (sectHead[i].VirtualAddress <= rva &&
83 rva + len <= (DWORD)sectHead[i].VirtualAddress + sectHead[i].SizeOfRawData)
89 printf("rva not found in any section (%lu)\n", rva);
93 /* return image import directory offset */
94 return PRD(sectHead[i].PointerToRawData + rva - sectHead[i].VirtualAddress, len);
97 static void* get_dir(unsigned idx)
99 if (idx >= nt_headers->OptionalHeader.NumberOfRvaAndSizes)
101 return RVA(nt_headers->OptionalHeader.DataDirectory[idx].VirtualAddress,
102 nt_headers->OptionalHeader.DataDirectory[idx].Size);
105 static const char* DirectoryNames[16] = {
106 "EXPORT", "IMPORT", "RESOURCE", "EXCEPTION",
107 "SECURITY", "BASERELOC", "DEBUG", "ARCHITECTURE",
108 "GLOBALPTR", "TLS", "LOAD_CONFIG", "Bound IAT",
109 "IAT", "Delay IAT", "COM Descript", ""
112 static void dump_pe_header(void)
115 IMAGE_FILE_HEADER *fileHeader;
116 IMAGE_OPTIONAL_HEADER *optionalHeader;
119 printf("File Header\n");
120 fileHeader = &nt_headers->FileHeader;
122 printf(" Machine: %04X (%s)\n",
123 fileHeader->Machine, get_machine_str(fileHeader->Machine));
124 printf(" Number of Sections: %d\n", fileHeader->NumberOfSections);
125 printf(" TimeDateStamp: %08lX (%s) offset %ld\n",
126 fileHeader->TimeDateStamp, get_time_str(fileHeader->TimeDateStamp),
127 Offset(&(fileHeader->TimeDateStamp)));
128 printf(" PointerToSymbolTable: %08lX\n", fileHeader->PointerToSymbolTable);
129 printf(" NumberOfSymbols: %08lX\n", fileHeader->NumberOfSymbols);
130 printf(" SizeOfOptionalHeader: %04X\n", fileHeader->SizeOfOptionalHeader);
131 printf(" Characteristics: %04X\n", fileHeader->Characteristics);
132 #define X(f,s) if (fileHeader->Characteristics & f) printf(" %s\n", s)
133 X(IMAGE_FILE_RELOCS_STRIPPED, "RELOCS_STRIPPED");
134 X(IMAGE_FILE_EXECUTABLE_IMAGE, "EXECUTABLE_IMAGE");
135 X(IMAGE_FILE_LINE_NUMS_STRIPPED, "LINE_NUMS_STRIPPED");
136 X(IMAGE_FILE_LOCAL_SYMS_STRIPPED, "LOCAL_SYMS_STRIPPED");
137 X(IMAGE_FILE_16BIT_MACHINE, "16BIT_MACHINE");
138 X(IMAGE_FILE_BYTES_REVERSED_LO, "BYTES_REVERSED_LO");
139 X(IMAGE_FILE_32BIT_MACHINE, "32BIT_MACHINE");
140 X(IMAGE_FILE_DEBUG_STRIPPED, "DEBUG_STRIPPED");
141 X(IMAGE_FILE_SYSTEM, "SYSTEM");
142 X(IMAGE_FILE_DLL, "DLL");
143 X(IMAGE_FILE_BYTES_REVERSED_HI, "BYTES_REVERSED_HI");
147 /* hope we have the right size */
148 printf("Optional Header\n");
149 optionalHeader = &nt_headers->OptionalHeader;
150 printf(" Magic 0x%-4X %u\n",
151 optionalHeader->Magic, optionalHeader->Magic);
152 printf(" linker version %u.%02u\n",
153 optionalHeader->MajorLinkerVersion, optionalHeader->MinorLinkerVersion);
154 printf(" size of code 0x%-8lx %lu\n",
155 optionalHeader->SizeOfCode, optionalHeader->SizeOfCode);
156 printf(" size of initialized data 0x%-8lx %lu\n",
157 optionalHeader->SizeOfInitializedData, optionalHeader->SizeOfInitializedData);
158 printf(" size of uninitialized data 0x%-8lx %lu\n",
159 optionalHeader->SizeOfUninitializedData, optionalHeader->SizeOfUninitializedData);
160 printf(" entrypoint RVA 0x%-8lx %lu\n",
161 optionalHeader->AddressOfEntryPoint, optionalHeader->AddressOfEntryPoint);
162 printf(" base of code 0x%-8lx %lu\n",
163 optionalHeader->BaseOfCode, optionalHeader->BaseOfCode);
164 printf(" base of data 0x%-8lX %lu\n",
165 optionalHeader->BaseOfData, optionalHeader->BaseOfData);
166 printf(" image base 0x%-8lX %lu\n",
167 optionalHeader->ImageBase, optionalHeader->ImageBase);
168 printf(" section align 0x%-8lx %lu\n",
169 optionalHeader->SectionAlignment, optionalHeader->SectionAlignment);
170 printf(" file align 0x%-8lx %lu\n",
171 optionalHeader->FileAlignment, optionalHeader->FileAlignment);
172 printf(" required OS version %u.%02u\n",
173 optionalHeader->MajorOperatingSystemVersion, optionalHeader->MinorOperatingSystemVersion);
174 printf(" image version %u.%02u\n",
175 optionalHeader->MajorImageVersion, optionalHeader->MinorImageVersion);
176 printf(" subsystem version %u.%02u\n",
177 optionalHeader->MajorSubsystemVersion, optionalHeader->MinorSubsystemVersion);
178 printf(" Win32 Version 0x%lX\n", optionalHeader->Win32VersionValue);
179 printf(" size of image 0x%-8lx %lu\n",
180 optionalHeader->SizeOfImage, optionalHeader->SizeOfImage);
181 printf(" size of headers 0x%-8lx %lu\n",
182 optionalHeader->SizeOfHeaders, optionalHeader->SizeOfHeaders);
183 printf(" checksum 0x%lX\n", optionalHeader->CheckSum);
184 switch (optionalHeader->Subsystem)
187 case IMAGE_SUBSYSTEM_UNKNOWN: str = "Unknown"; break;
188 case IMAGE_SUBSYSTEM_NATIVE: str = "Native"; break;
189 case IMAGE_SUBSYSTEM_WINDOWS_GUI: str = "Windows GUI"; break;
190 case IMAGE_SUBSYSTEM_WINDOWS_CUI: str = "Windows CUI"; break;
191 case IMAGE_SUBSYSTEM_OS2_CUI: str = "OS/2 CUI"; break;
192 case IMAGE_SUBSYSTEM_POSIX_CUI: str = "Posix CUI"; break;
194 printf(" Subsystem 0x%X (%s)\n", optionalHeader->Subsystem, str);
195 printf(" DLL flags 0x%X\n", optionalHeader->DllCharacteristics);
196 printf(" stack reserve size 0x%-8lx %lu\n",
197 optionalHeader->SizeOfStackReserve, optionalHeader->SizeOfStackReserve);
198 printf(" stack commit size 0x%-8lx %lu\n",
199 optionalHeader->SizeOfStackCommit, optionalHeader->SizeOfStackCommit);
200 printf(" heap reserve size 0x%-8lx %lu\n",
201 optionalHeader->SizeOfHeapReserve, optionalHeader->SizeOfHeapReserve);
202 printf(" heap commit size 0x%-8lx %lu\n",
203 optionalHeader->SizeOfHeapCommit, optionalHeader->SizeOfHeapCommit);
204 printf(" loader flags 0x%lX\n", optionalHeader->LoaderFlags);
205 printf(" RVAs & sizes 0x%lX\n", optionalHeader->NumberOfRvaAndSizes);
208 printf("Data Directory\n");
209 printf("%ld\n", optionalHeader->NumberOfRvaAndSizes * sizeof(IMAGE_DATA_DIRECTORY));
211 for (i = 0; i < optionalHeader->NumberOfRvaAndSizes && i < 16; i++)
213 printf(" %-12s rva: 0x%-8lX size: %8lu\n",
214 DirectoryNames[i], optionalHeader->DataDirectory[i].VirtualAddress,
215 optionalHeader->DataDirectory[i].Size);
220 static void dump_sections(void* addr, unsigned num_sect)
222 IMAGE_SECTION_HEADER* sectHead = addr;
225 printf("Section Table\n");
226 for (i = 0; i < num_sect; i++, sectHead++)
228 printf(" %02d %-8s VirtSize: %-8lu VirtAddr: %-8lu 0x%08lx\n",
229 i + 1, sectHead->Name, sectHead->Misc.VirtualSize, sectHead->VirtualAddress,
230 sectHead->VirtualAddress);
231 printf(" raw data offs: %-8lu raw data size: %-8lu\n",
232 sectHead->PointerToRawData, sectHead->SizeOfRawData);
233 printf(" relocation offs: %-8lu relocations: %-8u\n",
234 sectHead->PointerToRelocations, sectHead->NumberOfRelocations);
235 printf(" line # offs: %-8lu line #'s: %-8u\n",
236 sectHead->PointerToLinenumbers, sectHead->NumberOfLinenumbers);
237 printf(" characteristics: 0x$%08lx\n", sectHead->Characteristics);
239 #define X(b,s) if (sectHead->Characteristics & b) printf(s " ")
240 /* #define IMAGE_SCN_TYPE_REG 0x00000000 - Reserved */
241 /* #define IMAGE_SCN_TYPE_DSECT 0x00000001 - Reserved */
242 /* #define IMAGE_SCN_TYPE_NOLOAD 0x00000002 - Reserved */
243 /* #define IMAGE_SCN_TYPE_GROUP 0x00000004 - Reserved */
244 /* #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 - Reserved */
245 /* #define IMAGE_SCN_TYPE_COPY 0x00000010 - Reserved */
247 X(IMAGE_SCN_CNT_CODE, "CODE");
248 X(IMAGE_SCN_CNT_INITIALIZED_DATA, "INITIALIZED_DATA");
249 X(IMAGE_SCN_CNT_UNINITIALIZED_DATA, "UNINITIALIZED_DATA");
251 X(IMAGE_SCN_LNK_OTHER, "LNK_OTHER");
252 X(IMAGE_SCN_LNK_INFO, "LNK_INFO");
253 /* #define IMAGE_SCN_TYPE_OVER 0x00000400 - Reserved */
254 X(IMAGE_SCN_LNK_REMOVE, "LNK_REMOVE");
255 X(IMAGE_SCN_LNK_COMDAT, "LNK_COMDAT");
257 /* 0x00002000 - Reserved */
258 /* #define IMAGE_SCN_MEM_PROTECTED 0x00004000 - Obsolete */
259 X(IMAGE_SCN_MEM_FARDATA, "MEM_FARDATA");
261 /* #define IMAGE_SCN_MEM_SYSHEAP 0x00010000 - Obsolete */
262 X(IMAGE_SCN_MEM_PURGEABLE, "MEM_PURGEABLE");
263 X(IMAGE_SCN_MEM_16BIT, "MEM_16BIT");
264 X(IMAGE_SCN_MEM_LOCKED, "MEM_LOCKED");
265 X(IMAGE_SCN_MEM_PRELOAD, "MEM_PRELOAD");
267 X(IMAGE_SCN_ALIGN_1BYTES, "ALIGN_1BYTES");
268 X(IMAGE_SCN_ALIGN_2BYTES, "ALIGN_2BYTES");
269 X(IMAGE_SCN_ALIGN_4BYTES, "ALIGN_4BYTES");
270 X(IMAGE_SCN_ALIGN_8BYTES, "ALIGN_8BYTES");
271 X(IMAGE_SCN_ALIGN_16BYTES, "ALIGN_16BYTES");
272 X(IMAGE_SCN_ALIGN_32BYTES, "ALIGN_32BYTES");
273 X(IMAGE_SCN_ALIGN_64BYTES, "ALIGN_64BYTES");
274 /* 0x00800000 - Unused */
276 X(IMAGE_SCN_LNK_NRELOC_OVFL, "LNK_NRELOC_OVFL");
278 X(IMAGE_SCN_MEM_DISCARDABLE, "MEM_DISCARDABLE");
279 X(IMAGE_SCN_MEM_NOT_CACHED, "MEM_NOT_CACHED");
280 X(IMAGE_SCN_MEM_NOT_PAGED, "MEM_NOT_PAGED");
281 X(IMAGE_SCN_MEM_SHARED, "MEM_SHARED");
282 X(IMAGE_SCN_MEM_EXECUTE, "MEM_EXECUTE");
283 X(IMAGE_SCN_MEM_READ, "MEM_READ");
284 X(IMAGE_SCN_MEM_WRITE, "MEM_WRITE");
291 static void dump_dir_exported_functions(void)
293 IMAGE_EXPORT_DIRECTORY *exportDir = get_dir(IMAGE_FILE_EXPORT_DIRECTORY);
299 parsed_symbol symbol;
301 if (!exportDir) return;
303 printf("Exports table:\n");
305 printf(" Name: %s\n", (char*)RVA(exportDir->Name, sizeof(DWORD)));
306 printf(" Characteristics: %08lx\n", exportDir->Characteristics);
307 printf(" TimeDateStamp: %08lX %s\n",
308 exportDir->TimeDateStamp, get_time_str(exportDir->TimeDateStamp));
309 printf(" Version: %u.%02u\n", exportDir->MajorVersion, exportDir->MinorVersion);
310 printf(" Ordinal base: %lu\n", exportDir->Base);
311 printf(" # of functions: %lu\n", exportDir->NumberOfFunctions);
312 printf(" # of Names: %lu\n", exportDir->NumberOfNames);
313 printf("Adresses of functions: %08lX\n", exportDir->AddressOfFunctions);
314 printf("Adresses of name ordinals: %08lX\n", exportDir->AddressOfNameOrdinals);
315 printf("Adresses of names: %08lX\n", exportDir->AddressOfNames);
317 printf(" Entry Pt Ordn Name\n");
319 pFunc = RVA(exportDir->AddressOfFunctions, exportDir->NumberOfFunctions * sizeof(DWORD));
320 if (!pFunc) {printf("Can't grab functions' address table\n"); return;}
321 pName = RVA(exportDir->AddressOfNames, exportDir->NumberOfNames * sizeof(DWORD));
322 if (!pName) {printf("Can't grab functions' name table\n"); return;}
323 pOrdl = RVA(exportDir->AddressOfNameOrdinals, exportDir->NumberOfNames * sizeof(WORD));
324 if (!pOrdl) {printf("Can't grab functions' ordinal table\n"); return;}
326 /* bit map of used funcs */
327 map = calloc(((exportDir->NumberOfFunctions + 31) & ~31) / 32, sizeof(DWORD));
328 if (!map) fatal("no memory");
330 for (i = 0; i < exportDir->NumberOfNames; i++, pName++, pOrdl++)
334 map[*pOrdl / 32] |= 1 << (*pOrdl % 32);
336 name = (char*)RVA(*pName, sizeof(DWORD));
337 if (name && globals.do_demangle)
339 printf(" %08lX %4lu ", pFunc[*pOrdl], exportDir->Base + *pOrdl);
341 symbol_init(&symbol, name);
342 if (symbol_demangle(&symbol) == -1)
344 else if (symbol.flags & SYM_DATA)
345 printf(symbol.arg_text[0]);
347 output_prototype(stdout, &symbol);
349 symbol_clear(&symbol);
353 printf(" %08lX %4lu %s\n", pFunc[*pOrdl], exportDir->Base + *pOrdl, name);
356 pFunc = RVA(exportDir->AddressOfFunctions, exportDir->NumberOfFunctions * sizeof(DWORD));
357 if (!pFunc) {printf("Can't grab functions' address table\n"); return;}
358 for (i = 0; i < exportDir->NumberOfFunctions; i++)
360 if (pFunc[i] && !(map[i / 32] & (1 << (i % 32))))
362 printf(" %08lX %4lu <by ordinal>\n", pFunc[i], exportDir->Base + i);
369 static void dump_dir_imported_functions(void)
371 IMAGE_IMPORT_DESCRIPTOR *importDesc = get_dir(IMAGE_FILE_IMPORT_DIRECTORY);
374 if (!importDesc) return;
375 nb_imp = nt_headers->OptionalHeader.DataDirectory[IMAGE_FILE_IMPORT_DIRECTORY].Size /
379 printf("Import Table size: %lu\n",
380 nt_headers->OptionalHeader.DataDirectory[IMAGE_FILE_IMPORT_DIRECTORY].Size);/* FIXME */
382 for (i = 0; i < nb_imp - 1; i++) /* the last descr is set as 0 as a sentinel */
384 IMAGE_THUNK_DATA* il;
385 IMAGE_IMPORT_BY_NAME* iibn;
387 if (!importDesc->Name ||
388 (importDesc->u.OriginalFirstThunk == NULL && importDesc->FirstThunk == NULL))
391 printf("<<<<<<<null entry\n");
394 printf(" offset %lu %s\n", Offset(importDesc), (char*)RVA(importDesc->Name, sizeof(DWORD)));
395 printf(" Hint/Name Table: %08lX\n", (DWORD)importDesc->u.OriginalFirstThunk);
396 printf(" TimeDataStamp: %08lX (%s)\n",
397 importDesc->TimeDateStamp, get_time_str(importDesc->TimeDateStamp));
398 printf(" ForwarderChain: %08lX\n", importDesc->ForwarderChain);
399 printf(" First thunk RVA: %08lX (delta: %u 0x%x)\n",
400 (DWORD)importDesc->FirstThunk, -1, -1); /* FIXME */
402 printf(" Ordn Name\n");
404 il = (importDesc->u.OriginalFirstThunk != 0) ?
405 RVA((DWORD)importDesc->u.OriginalFirstThunk, sizeof(DWORD)) :
406 RVA((DWORD)importDesc->FirstThunk, sizeof(DWORD));
408 if (!il) {printf("Can't grab thunk data, going to next imported DLL\n"); continue;}
410 for (; il->u1.Ordinal; il++)
412 if (IMAGE_SNAP_BY_ORDINAL(il->u1.Ordinal))
414 printf(" %4lu <by ordinal>\n", IMAGE_ORDINAL(il->u1.Ordinal));
418 iibn = RVA((DWORD)il->u1.AddressOfData, sizeof(DWORD));
421 printf("Can't grab import by name info, skipping to next ordinal\n");
425 printf(" %4u %s %lx\n", iibn->Hint, iibn->Name, (DWORD)il->u1.AddressOfData);
435 static void dump_dir_debug_dir(IMAGE_DEBUG_DIRECTORY* idd, int idx)
439 printf("Directory %02u\n", idx + 1);
440 printf(" Characteristics: %08lX\n", idd->Characteristics);
441 printf(" TimeDateStamp: %08lX %s\n",
442 idd->TimeDateStamp, get_time_str(idd->TimeDateStamp));
443 printf(" Version %u.%02u\n", idd->MajorVersion, idd->MinorVersion);
447 case IMAGE_DEBUG_TYPE_UNKNOWN: str = "UNKNOWN"; break;
448 case IMAGE_DEBUG_TYPE_COFF: str = "COFF"; break;
449 case IMAGE_DEBUG_TYPE_CODEVIEW: str = "CODEVIEW"; break;
450 case IMAGE_DEBUG_TYPE_FPO: str = "FPO"; break;
451 case IMAGE_DEBUG_TYPE_MISC: str = "MISC"; break;
452 case IMAGE_DEBUG_TYPE_EXCEPTION: str = "EXCEPTION"; break;
453 case IMAGE_DEBUG_TYPE_FIXUP: str = "FIXUP"; break;
454 case IMAGE_DEBUG_TYPE_OMAP_TO_SRC: str = "OMAP_TO_SRC"; break;
455 case IMAGE_DEBUG_TYPE_OMAP_FROM_SRC:str = "OMAP_FROM_SRC"; break;
456 case IMAGE_DEBUG_TYPE_BORLAND: str = "BORLAND"; break;
457 case IMAGE_DEBUG_TYPE_RESERVED10: str = "RESERVED10"; break;
459 printf(" Type: %lu (%s)\n", idd->Type, str);
460 printf(" SizeOfData: %lu\n", idd->SizeOfData);
461 printf(" AddressOfRawData: %08lX\n", idd->AddressOfRawData);
462 printf(" PointerToRawData: %08lX\n", idd->PointerToRawData);
466 case IMAGE_DEBUG_TYPE_UNKNOWN:
468 case IMAGE_DEBUG_TYPE_COFF:
470 case IMAGE_DEBUG_TYPE_CODEVIEW:
471 dump_codeview(idd->PointerToRawData, idd->SizeOfData);
473 case IMAGE_DEBUG_TYPE_FPO:
475 case IMAGE_DEBUG_TYPE_MISC:
477 IMAGE_DEBUG_MISC* misc = PRD(idd->PointerToRawData, idd->SizeOfData);
478 if (!misc) {printf("Can't get misc debug information\n"); break;}
479 printf(" DataType: %lu (%s)\n",
481 (misc->DataType == IMAGE_DEBUG_MISC_EXENAME) ? "Exe name" : "Unknown");
482 printf(" Length: %lu\n", misc->Length);
483 printf(" Unicode: %s\n", misc->Unicode ? "Yes" : "No");
484 printf(" Data: %s\n", misc->Data);
487 case IMAGE_DEBUG_TYPE_EXCEPTION:
489 case IMAGE_DEBUG_TYPE_FIXUP:
491 case IMAGE_DEBUG_TYPE_OMAP_TO_SRC:
493 case IMAGE_DEBUG_TYPE_OMAP_FROM_SRC:
495 case IMAGE_DEBUG_TYPE_BORLAND:
497 case IMAGE_DEBUG_TYPE_RESERVED10:
503 static void dump_dir_debug(void)
505 IMAGE_DEBUG_DIRECTORY* debugDir = get_dir(IMAGE_FILE_DEBUG_DIRECTORY);
508 if (!debugDir) return;
509 nb_dbg = nt_headers->OptionalHeader.DataDirectory[IMAGE_FILE_DEBUG_DIRECTORY].Size /
513 printf("Debug Table (%u directories)\n", nb_dbg);
515 for (i = 0; i < nb_dbg; i++)
517 dump_dir_debug_dir(debugDir, i);
523 static void dump_separate_dbg(void)
525 IMAGE_SEPARATE_DEBUG_HEADER*separateDebugHead = PRD(0, sizeof(separateDebugHead));
528 IMAGE_DEBUG_DIRECTORY* debugDir;
530 if (!separateDebugHead) {printf("Can't grab the separate header, aborting\n"); return;}
532 printf ("Signature: %.2s (0x%4X)\n",
533 (char*)&separateDebugHead->Signature, separateDebugHead->Signature);
534 printf ("Flags: 0x%04X\n", separateDebugHead->Flags);
535 printf ("Machine: 0x%04X (%s)\n",
536 separateDebugHead->Machine, get_machine_str(separateDebugHead->Machine));
537 printf ("Characteristics: 0x%04X\n", separateDebugHead->Characteristics);
538 printf ("TimeDateStamp: 0x%08lX (%s)\n",
539 separateDebugHead->TimeDateStamp, get_time_str(separateDebugHead->TimeDateStamp));
540 printf ("CheckSum: 0x%08lX\n", separateDebugHead->CheckSum);
541 printf ("ImageBase: 0x%08lX\n", separateDebugHead->ImageBase);
542 printf ("SizeOfImage: 0x%08lX\n", separateDebugHead->SizeOfImage);
543 printf ("NumberOfSections: 0x%08lX\n", separateDebugHead->NumberOfSections);
544 printf ("ExportedNamesSize: 0x%08lX\n", separateDebugHead->ExportedNamesSize);
545 printf ("DebugDirectorySize: 0x%08lX\n", separateDebugHead->DebugDirectorySize);
547 if (!PRD(sizeof(IMAGE_SEPARATE_DEBUG_HEADER),
548 separateDebugHead->NumberOfSections * sizeof(IMAGE_SECTION_HEADER)))
549 {printf("Can't get the sections, aborting\n"); return;}
551 dump_sections(separateDebugHead + 1, separateDebugHead->NumberOfSections);
553 nb_dbg = separateDebugHead->DebugDirectorySize / sizeof(IMAGE_DEBUG_DIRECTORY);
554 debugDir = PRD(sizeof(IMAGE_SEPARATE_DEBUG_HEADER) +
555 separateDebugHead->NumberOfSections * sizeof(IMAGE_SECTION_HEADER) +
556 separateDebugHead->ExportedNamesSize,
557 nb_dbg * sizeof(IMAGE_DEBUG_DIRECTORY));
558 if (!debugDir) {printf("Couldn't get the debug directory info, aborting\n");return;}
560 printf("Debug Table (%u directories)\n", nb_dbg);
562 for (i = 0; i < nb_dbg; i++)
564 dump_dir_debug_dir(debugDir, i);
569 static void dump_unicode_str( const WCHAR *str, int len )
571 if (len == -1) for (len = 0; str[len]; len++) ;
573 while (len-- > 0 && *str)
578 case '\n': printf( "\\n" ); break;
579 case '\r': printf( "\\r" ); break;
580 case '\t': printf( "\\t" ); break;
581 case '"': printf( "\\\"" ); break;
582 case '\\': printf( "\\\\" ); break;
584 if (c >= ' ' && c <= 126) putchar(c);
585 else printf( "\\u%04x",c);
591 static const char *get_resource_type( int id )
593 static const char *types[] =
621 if (id < sizeof(types)/sizeof(types[0])) return types[id];
625 static void dump_data( const unsigned char *ptr, unsigned int size, const char *prefix )
629 printf( "%s", prefix );
630 for (i = 0; i < size; i++)
632 printf( "%02x%c", ptr[i], (i % 16 == 7) ? '-' : ' ' );
636 for (j = 0; j < 16; j++)
637 printf( "%c", isprint(ptr[i-15+j]) ? ptr[i-15+j] : '.' );
638 if (i < size-1) printf( "\n%s", prefix );
643 printf( "%*s ", 3 * (16-(i%16)), "" );
644 for (j = 0; j < i % 16; j++)
645 printf( "%c", isprint(ptr[i-(i%16)+j]) ? ptr[i-(i%16)+j] : '.' );
650 static void dump_dir_resource(void)
652 const IMAGE_RESOURCE_DIRECTORY *root = get_dir(IMAGE_FILE_RESOURCE_DIRECTORY);
653 const IMAGE_RESOURCE_DIRECTORY *namedir;
654 const IMAGE_RESOURCE_DIRECTORY *langdir;
655 const IMAGE_RESOURCE_DIRECTORY_ENTRY *e1, *e2, *e3;
656 const IMAGE_RESOURCE_DIR_STRING_U *string;
657 const IMAGE_RESOURCE_DATA_ENTRY *data;
662 printf( "Resources:" );
664 for (i = 0; i< root->NumberOfNamedEntries + root->NumberOfIdEntries; i++)
666 e1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(root + 1) + i;
667 namedir = (IMAGE_RESOURCE_DIRECTORY *)((char *)root + e1->u2.s3.OffsetToDirectory);
668 for (j = 0; j < namedir->NumberOfNamedEntries + namedir->NumberOfIdEntries; j++)
670 e2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(namedir + 1) + j;
671 langdir = (IMAGE_RESOURCE_DIRECTORY *)((char *)root + e2->u2.s3.OffsetToDirectory);
672 for (k = 0; k < langdir->NumberOfNamedEntries + langdir->NumberOfIdEntries; k++)
674 e3 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(langdir + 1) + k;
677 if (e1->u1.s1.NameIsString)
679 string = (PIMAGE_RESOURCE_DIR_STRING_U)((char *)root + e1->u1.s1.NameOffset);
680 dump_unicode_str( string->NameString, string->Length );
684 const char *type = get_resource_type( e1->u1.s2.Id );
685 if (type) printf( "%s", type );
686 else printf( "%04x", e1->u1.s2.Id );
690 if (e2->u1.s1.NameIsString)
692 string = (PIMAGE_RESOURCE_DIR_STRING_U) ((char *)root + e2->u1.s1.NameOffset);
693 dump_unicode_str( string->NameString, string->Length );
696 printf( "%04x", e2->u1.s2.Id );
698 printf( " Language=%04x:\n", e3->u1.s2.Id );
699 data = (IMAGE_RESOURCE_DATA_ENTRY *)((char *)root + e3->u2.OffsetToData);
700 dump_data( RVA( data->OffsetToData, data->Size ), data->Size, " " );
707 static void do_dump(void)
709 int all = (globals.dumpsect != NULL) && strcmp(globals.dumpsect, "ALL") == 0;
711 if (globals.do_dumpheader)
714 /* FIX%E: should check ptr */
715 dump_sections((char*)nt_headers + sizeof(DWORD) +
716 sizeof(IMAGE_FILE_HEADER) + nt_headers->FileHeader.SizeOfOptionalHeader,
717 nt_headers->FileHeader.NumberOfSections);
719 else if (!globals.dumpsect)
721 /* show at least something here */
725 if (globals.dumpsect)
727 if (all || !strcmp(globals.dumpsect, "import"))
728 dump_dir_imported_functions();
729 if (all || !strcmp(globals.dumpsect, "export"))
730 dump_dir_exported_functions();
731 if (all || !strcmp(globals.dumpsect, "debug"))
733 if (all || !strcmp(globals.dumpsect, "resource"))
736 /* FIXME: not implemented yet */
737 if (all || !strcmp(globals.dumpsect, "reloc"))
743 static enum FileSig check_headers(void)
747 IMAGE_DOS_HEADER* dh;
750 pw = PRD(0, sizeof(WORD));
751 if (!pw) {printf("Can't get main signature, aborting\n"); return 0;}
755 case IMAGE_DOS_SIGNATURE:
757 dh = PRD(0, sizeof(IMAGE_DOS_HEADER));
758 if (dh && dh->e_lfanew >= sizeof(*dh)) /* reasonable DOS header ? */
760 /* the signature is the first DWORD */
761 pdw = PRD(dh->e_lfanew, sizeof(DWORD));
764 if (*pdw == IMAGE_NT_SIGNATURE)
766 nt_headers = PRD(dh->e_lfanew, sizeof(DWORD));
771 printf("No PE Signature found\n");
776 printf("Can't get the extented signature, aborting\n");
780 case 0x4944: /* "DI" */
784 printf("No known main signature (%.2s/%x), aborting\n", (char*)pw, *pw);
791 int pe_analysis(const char* name, void (*fn)(void), enum FileSig wanted_sig)
794 enum FileSig effective_sig;
798 setbuf(stdout, NULL);
800 fd = open(name, O_RDONLY);
801 if (fd == -1) fatal("Can't open file");
803 if (fstat(fd, &s) < 0) fatal("Can't get size");
804 total_len = s.st_size;
806 base = mmap(NULL, total_len, PROT_READ, MAP_PRIVATE, fd, 0);
807 if (base == (void*)-1) fatal("Can't map file");
809 effective_sig = check_headers();
811 if (effective_sig == SIG_UNKNOWN)
813 printf("Can't get a recognized file signature, aborting\n");
816 else if (wanted_sig == SIG_UNKNOWN || wanted_sig == effective_sig)
818 switch (effective_sig)
820 case SIG_UNKNOWN: /* shouldn't happen... */
823 printf("Contents of \"%s\": %ld bytes\n\n", name, total_len);
835 printf("Can't get a suitable file signature, aborting\n");
839 if (ret) printf("Done dumping %s\n", name);
840 munmap(base, total_len);
846 void dump_file(const char* name)
848 pe_analysis(name, do_dump, SIG_UNKNOWN);
852 int main(int argc, char* argv[])
854 if (argc != 2) fatal("usage");
855 pe_analysis(argv[1], do_dump);
859 typedef struct _dll_symbol {
864 static dll_symbol *dll_symbols = NULL;
865 static dll_symbol *dll_current_symbol = NULL;
867 /* Compare symbols by ordinal for qsort */
868 static int symbol_cmp(const void *left, const void *right)
870 return ((dll_symbol *)left)->ordinal > ((dll_symbol *)right)->ordinal;
873 /*******************************************************************
876 * Free resources used by DLL
878 static void dll_close (void)
885 for (ds = dll_symbols; ds->symbol; ds++)
891 static void do_grab_sym(void)
893 IMAGE_EXPORT_DIRECTORY *exportDir = get_dir(IMAGE_FILE_EXPORT_DIRECTORY);
901 if (!exportDir) return;
903 pName = RVA(exportDir->AddressOfNames, exportDir->NumberOfNames * sizeof(DWORD));
904 if (!pName) {printf("Can't grab functions' name table\n"); return;}
905 pOrdl = RVA(exportDir->AddressOfNameOrdinals, exportDir->NumberOfNames * sizeof(WORD));
906 if (!pOrdl) {printf("Can't grab functions' ordinal table\n"); return;}
910 if (!(dll_symbols = (dll_symbol *) malloc((exportDir->NumberOfFunctions + 1) *
911 sizeof (dll_symbol))))
912 fatal ("Out of memory");
913 if (exportDir->AddressOfFunctions != exportDir->NumberOfNames || exportDir->Base > 1)
914 globals.do_ordinals = 1;
916 /* bit map of used funcs */
917 map = calloc(((exportDir->NumberOfFunctions + 31) & ~31) / 32, sizeof(DWORD));
918 if (!map) fatal("no memory");
920 for (j = 0; j < exportDir->NumberOfNames; j++, pOrdl++)
922 map[*pOrdl / 32] |= 1 << (*pOrdl % 32);
923 ptr = RVA(*pName++, sizeof(DWORD));
924 if (!ptr) ptr = "cant_get_function";
925 dll_symbols[j].symbol = strdup(ptr);
926 dll_symbols[j].ordinal = -1; /* indicate non-ordinal symbol */
927 assert(dll_symbols[j].symbol);
929 pFunc = RVA(exportDir->AddressOfFunctions, exportDir->NumberOfFunctions * sizeof(DWORD));
930 if (!pFunc) {printf("Can't grab functions' address table\n"); return;}
932 for (i = 0; i < exportDir->NumberOfFunctions; i++)
934 if (pFunc[i] && !(map[i / 32] & (1 << (i % 32))))
936 char ordinal_text[256];
937 /* Ordinal only entry */
938 snprintf (ordinal_text, sizeof(ordinal_text), "%s_%lu",
939 globals.forward_dll ? globals.forward_dll : OUTPUT_UC_DLL_NAME,
940 exportDir->Base + i);
941 str_toupper(ordinal_text);
942 dll_symbols[j].symbol = strdup(ordinal_text);
943 assert(dll_symbols[j].symbol);
944 dll_symbols[j].ordinal = exportDir->Base + i;
946 assert(j <= exportDir->NumberOfFunctions);
952 printf("%lu named symbols in DLL, %lu total\n",
953 exportDir->NumberOfNames, exportDir->NumberOfFunctions);
955 qsort( dll_symbols, exportDir->NumberOfFunctions, sizeof(dll_symbol), symbol_cmp );
957 dll_symbols[exportDir->NumberOfFunctions].symbol = NULL;
959 dll_current_symbol = dll_symbols;
962 /*******************************************************************
965 * Open a DLL and read in exported symbols
967 void dll_open (const char *dll_name)
969 pe_analysis(dll_name, do_grab_sym, SIG_PE);
972 /*******************************************************************
975 * Get next exported symbol from dll
977 int dll_next_symbol (parsed_symbol * sym)
979 if (!dll_current_symbol->symbol)
982 assert (dll_symbols);
984 sym->symbol = strdup (dll_current_symbol->symbol);
985 sym->ordinal = dll_current_symbol->ordinal;
986 dll_current_symbol++;
projects / wine / blob