Defective "portable executables" distributed/created by Cygwin

Marco Atzeri marco.atzeri@gmail.com
Thu May 10 21:26:00 GMT 2018


On 5/10/2018 8:30 PM, Stefan Kanthak wrote:
> Hi @ll,
> 
> the "portable executables" distributed by Cygwin (and of course those
> created with Cygwin's GCC toolchain too) have INVALID/ILLEGAL headers:
> 
> 0. Microsoft's DUMPBIN.EXE alias LINK.EXE /DUMP aborts with
>     "access violation" (see below) on almost all Cygwin binaries!

A program should never fail in such way. It seems the program is NOT
validating properly its input and it is probably expecting the
organization of the data as used by Microsoft Visual Studio 2010.
As it fails probably you can not fully trust its output
for program built from other compilers.


> 1. they use INVALID/ILLEGAL section names like "/4" or "/14", upon
>     which Microsoft's DUMPBIN.EXE alias LINK.EXE /DUMP stops enumerating
>     the section headers (see below)!

It seems Cygwin tools disagree with such interpretation

$ objdump -h /usr/bin/bash.exe

/usr/bin/bash.exe:     file format pei-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off 
  Algn
   0 .text         0007ce08  0000000100401000  0000000100401000 
00000400  2**4
                   CONTENTS, ALLOC, LOAD, READONLY, CODE, DATA
   1 .data         000033c8  000000010047e000  000000010047e000 
0007d400  2**5
                   CONTENTS, ALLOC, LOAD, DATA
   2 .rdata        0001caf8  0000000100482000  0000000100482000 
00080800  2**5
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
   3 .buildid      00000035  000000010049f000  000000010049f000 
0009d400  2**2
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
   4 .pdata        0000492c  00000001004a0000  00000001004a0000 
0009d600  2**2
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
   5 .xdata        0000459c  00000001004a5000  00000001004a5000 
000a2000  2**2
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
   6 .bss          0000a980  00000001004aa000  00000001004aa000 
00000000  2**5
                   ALLOC
   7 .edata        00009722  00000001004b5000  00000001004b5000 
000a6600  2**2
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
   8 .idata        000035c8  00000001004bf000  00000001004bf000 
000afe00  2**2
                   CONTENTS, ALLOC, LOAD, DATA
   9 .rsrc         000004e8  00000001004c3000  00000001004c3000 
000b3400  2**2
                   CONTENTS, ALLOC, LOAD, DATA
  10 .reloc        00000c70  00000001004c4000  00000001004c4000 
000b3a00  2**2
                   CONTENTS, ALLOC, LOAD, READONLY, DATA
  11 .gnu_debuglink 00000014  00000001004c5000  00000001004c5000 
000b4800  2**2
                   CONTENTS, ALLOC, LOAD, READONLY, DATA


As bash.exe is working fine, I doubt it is using a invalid structure.


>     From the PE format specification
>     <https://msdn.microsoft.com/en-us/library//ms680547.aspx#section_table__section_headers_>:

Have you also noted:
"Note  This document is provided to aid in the development of tools and 
applications for Windows but is not guaranteed to be a complete 
specification in all respects. Microsoft reserves the right to alter 
this document without notice."

Regards
Marco

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list