RFC: Objdump: Dumping PE specific headers

Jan Beulich jbeulich@suse.com
Fri May 26 06:20:36 GMT 2023 

Nick,

On 25.05.2023 18:21, Nick Clifton via Binutils wrote:
>   Whilst looking at PR 310145, I realised that we currently do not have
>   a way to display the contents of PE type files in their native
>   format.  Since objdump does have a --private option which provides
>   this kind of functionality for other file format types, I thought that
>   it would be helpful if objdump could also handle PE files.  Hence this
>   patch.
> 
>   At the moment it only dumps the file header and section headers, but
>   this could be extended in the future.  (Especially if someone else is
>   interested in doing the work...).  The output looks something like
>   this:
> 
>     $ objdump -P header,sections test-section-flags.exe --wide
> 
>     test-section-flags.exe:     file format pei-x86-64
> 
>     PEI File Header:
>       Magic:         0x5a4d		- IMAGE_DOS_SIGNATURE
>       Machine Num:   0x8664		- AMD64
>       Num sections:  6
>       Time and date: 0x646f522d		- Thu May 25 13:18:53 2023
>       Symbols off:   0x00001000
>       Num symbols:   60
>       Opt hdr sz:    240
>       flags:         0x0226		- EXECUTABLE,LINE NUMS STRIPPED,LARGE ADDRESS AWARE,DEBUG STRIPPED
> 
>     Section headers (at 152+240=0x00000188 to 0x00000278):
>      # Name     paddr    vaddr    size     scnptr   relptr   lnnoptr  nrel  nlnno   Flags
>      1 .text    00000030 00001000 00000200 00000400 00000000 00000000 0     0       60000020 EXECUTE,READ,CODE
>      2 my_sect  00000004 00002000 00000200 00000600 00000000 00000000 0     0       c0000040 READ,WRITE,INITIALIZED DATA
>      3 .rdata   00000040 00003000 00000200 00000800 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
>      4 .pdata   0000000c 00004000 00000200 00000a00 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
>      5 .xdata   00000008 00005000 00000200 00000c00 00000000 00000000 0     0       40000040 READ,INITIALIZED DATA
>      6 .idata   00000014 00006000 00000200 00000e00 00000000 00000000 0     0       c0000040 READ,WRITE,INITIALIZED DATA
> 
>   Thoughts, comments ?

thanks for doing this; I had been wondering several times in the past
whether I simply didn't know the right option to pass to have such
information printed. Just one remark: I don't think printing the
signature (Magic:) at the beginning of the file is useful here either,
as without that signature no output would appear anyway (for the file
being unrecognized), and afaik there are no alternative signatures
that could be in use. Instead what may be of interest to print is the
file offset of the PE header/signature, as especially in older
(bi-modal) binaries this may not be near the beginning of the file. I
don't see this information being printed by any other option.

Another minor aspect: The nrel and nlnno fields of the section dump
may read better (if any are non-zero) when padded to the left, not to
the right.

Jan

More information about the Binutils mailing list