This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: peflags documentation anywhere?

Please confine questions to the cygwin mailing list.

On 6/9/2013 7:53 PM, Philip Goetz wrote:
I tried but was unable to find any documentation on peflags other than
that provided by

    peflags --help

This documentation indicates that I should be able to do something like this:

    $ peflags --bigaddr `which perl`

but instead of getting a zero or one back, I get this, and have no
idea how to interpret it:

    /usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)

See below.

The documentation also indicates I should be able to do this, but I cannot:

$ peflags --bigaddr 1 `which perl`
1: skipped because nonexistent
/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)

I think you need to say "--bigaddr=1" but I could be wrong there.

Neither does this work:

$ peflags -l1 `which perl`
/usr/bin/perl: skipped because could not open

I have write permission on /usr/bin/perl .

No explanation here, but your followup seems to indicate it was a cygwin version problem.

Can you point me to some documentation that will explain how to use
peflags to view and set this --bigaddr bit?

The existing documentation says:

"For each numerical value, if an argument is given, the specified value will be overwritten; if no argument is given, the numerical value will be displayed in decimal and hexadecimal notation."

The cryptic output "/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)" contains the actual values of the Characteristics fields of the COFF File Header, and the PE OptionalHeader records in the on-disk file, expressed in hex notation.

*coff_characteristics = pep->ntheaderNN->FileHeader.Characteristics;
*pe_characteristics = pep->ntheaderNN->OptionalHeader.DllCharacteristics;

It's really for debugging. By setting a particular flag true then false, and checking the output, you can tell which bit corresponds to that flag AND you can verify that the on-disk file actually got changed.

I had this whole big scheme to extensibly express all the flag values in readable english, but it was a maintenance nightmare and cgf rightly nixed it.

Instead, you get english output for JUST the value(s) you query. If you query -d then the hex output is augmented with a string for dynamic base -- but nothing else. If you query -l, then the hex output is augmented with a string for big address -- but nothing else. There's a "+" if the flag is turned "on", and a "-" if the flag is turned "off".


$ peflags -l /usr/bin/perl
/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)

Means you have bigaddr on.

$ peflags -d /usr/bin/perl
/usr/bin/perl: coff(0x0326) pe(0x8000[-dynamicbase])

Means you have dynamicbase off.

You can combine multiple queries:
$ peflags -d -l /usr/bin/perl
/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000[-dynamicbase])

So, what you do is grep the output for "+bigaddr" -- if that doesn't appear when you query -l, then bigaddr is not set.

$ peflags -l /usr/bin/perl | grep '+bigaddr' >/dev/null &&\
	 echo has_bigaddr

$ peflags -d /usr/bin/perl | grep '+dynamicbase' >/dev/null &&\
	 echo has_dynamicbase



Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]