peflags documentation anywhere?

Charles Wilson cygwin@cwilson.fastmail.fm
Mon Jun 10 16:50:00 GMT 2013 

Please confine questions to the cygwin mailing list.

On 6/9/2013 7:53 PM, Philip Goetz wrote:
> I tried but was unable to find any documentation on peflags other than
> that provided by
>
>     peflags --help
>
> This documentation indicates that I should be able to do something like this:
>
>     $ peflags --bigaddr `which perl`
>
> but instead of getting a zero or one back, I get this, and have no
> idea how to interpret it:
>
>     /usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)

See below.

> The documentation also indicates I should be able to do this, but I cannot:
>
> $ peflags --bigaddr 1 `which perl`
> 1: skipped because nonexistent
> /usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)

I think you need to say "--bigaddr=1" but I could be wrong there.

> Neither does this work:
>
> $ peflags -l1 `which perl`
> /usr/bin/perl: skipped because could not open
>
> I have write permission on /usr/bin/perl .

No explanation here, but your followup seems to indicate it was a cygwin 
version problem.

> Can you point me to some documentation that will explain how to use
> peflags to view and set this --bigaddr bit?

The existing documentation says:

"For each numerical value, if an argument is given, the specified value 
will be overwritten; if no argument is given, the numerical value will 
be displayed in decimal and hexadecimal notation."


The cryptic output "/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)" 
contains the actual values of the Characteristics fields of the COFF 
File Header, and the PE OptionalHeader records in the on-disk file, 
expressed in hex notation.

*coff_characteristics = pep->ntheaderNN->FileHeader.Characteristics;
*pe_characteristics = pep->ntheaderNN->OptionalHeader.DllCharacteristics;

It's really for debugging. By setting a particular flag true then false, 
and checking the output, you can tell which bit corresponds to that flag 
AND you can verify that the on-disk file actually got changed.

I had this whole big scheme to extensibly express all the flag values in 
readable english, but it was a maintenance nightmare and cgf rightly 
nixed it.

Instead, you get english output for JUST the value(s) you query. If you 
query -d then the hex output is augmented with a string for dynamic base 
-- but nothing else. If you query -l, then the hex output is augmented 
with a string for big address -- but nothing else.  There's a "+" if the 
flag is turned "on", and a "-" if the flag is turned "off".

E.g.

$ peflags -l /usr/bin/perl
/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000)

Means you have bigaddr on.


$ peflags -d /usr/bin/perl
/usr/bin/perl: coff(0x0326) pe(0x8000[-dynamicbase])

Means you have dynamicbase off.

You can combine multiple queries:
$ peflags -d -l /usr/bin/perl
/usr/bin/perl: coff(0x0326[+bigaddr]) pe(0x8000[-dynamicbase])



So, what you do is grep the output for "+bigaddr" -- if that doesn't 
appear when you query -l, then bigaddr is not set.

$ peflags -l /usr/bin/perl | grep '+bigaddr' >/dev/null &&\
	 echo has_bigaddr
has_bigaddr

$ peflags -d /usr/bin/perl | grep '+dynamicbase' >/dev/null &&\
	 echo has_dynamicbase

$

--
Chuck


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

More information about the Cygwin mailing list