Defective "portable executables" distributed/created by Cygwin
Ten Tzen via cygwin
cygwin@cygwin.com
Thu May 10 21:27:00 GMT 2018
+Yongkang
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Steve Carroll (VISUAL STUDIO)
Sent: Thursday, May 10, 2018 3:29:24 PM
To: Stefan Kanthak; cygwin@cygwin.com; Ten Tzen
Cc: Compiler Crash
Subject: RE: Defective "portable executables" distributed/created by Cygwin
@Ten Tzen can you take a look?
-----Original Message-----
From: Stefan Kanthak <stefan.kanthak@nexgo.de>
Sent: Thursday, May 10, 2018 11:30 AM
To: cygwin@cygwin.com
Cc: Compiler Crash <compilercrash@microsoft.com>
Subject: Defective "portable executables" distributed/created by Cygwin
Hi @ll,
the "portable executables" distributed by Cygwin (and of course those created with Cygwin's GCC toolchain too) have INVALID/ILLEGAL headers:
0. Microsoft's DUMPBIN.EXE alias LINK.EXE /DUMP aborts with
"access violation" (see below) on almost all Cygwin binaries!
1. they use INVALID/ILLEGAL section names like "/4" or "/14", upon
which Microsoft's DUMPBIN.EXE alias LINK.EXE /DUMP stops enumerating
the section headers (see below)!
From the PE format specification
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2F%2Fms680547.aspx%23section_table__section_headers_&data=02%7C01%7CSteven.Carroll%40microsoft.com%7C0e2f82b44f0347620dda08d5b6a5bd04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636615745333593092&sdata=FUYwQywfO%2FPDIDeT3%2BQSaVEk7iLj32PRJT4T8mxUKdg%3D&reserved=0>:
| Offset Size Field Description
| 0 8 Name An 8-byte, null-padded UTF-8 encoded string.
| If the string is exactly 8 characters long,
| there is no terminating null. For longer names,
| this field contains a slash (/) that is followed
| by an ASCII representation of a decimal number
| that is an offset into the string table.
| Executable images do not use a string table and
| do
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| not support section names longer than 8 characters.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Long names in object files are truncated if they
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| are emitted to an executable file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2. despite no COFF symbol table and a symbol count of 0 (in words: ZERO!)
they specify the "PointerToSymbolTable" (see below)!
From the PE format specification
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2F%2Fms680547.aspx%23coff_file_header__object_and_image_&data=02%7C01%7CSteven.Carroll%40microsoft.com%7C0e2f82b44f0347620dda08d5b6a5bd04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636615745333593092&sdata=gbNW5KJ5qkGc2IjJf3eEeSQDeqk3iQN5iBQUbf2WNec%3D&reserved=0>:
| Offset Size Field Description
| 8 4 PointerToSymbolTable The file offset of the COFF symbol
| table, or zero if no COFF symbol
| table is present. This value should
| be zero for an image because COFF
| debugging information is deprecated.
Please fix your tools!
regards
Stefan Kanthak
=== output from LINK.EXE /DUMP bash.exe ===
Microsoft (R) COFF/PE Dumper Version 10.00.40219.386 Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file bash.exe
File Type: EXECUTABLE IMAGE
LINK : fatal error LNK1000: Internal error during DumpSections
Version 10.00.40219.386
ExceptionCode = C0000005
ExceptionFlags = 00000000
ExceptionAddress = 00427FE0 (00400000) "C:\Program Files\Microsoft Visual Studio 2010\VC\bin\link.exe"
NumberParameters = 00000002
ExceptionInformation[ 0] = 00000000
ExceptionInformation[ 1] = 00000004
CONTEXT:
Eax = 40000040 Esp = 0012E740
Ebx = 014B53C0 Ebp = 0012E768
Ecx = 00000004 Esi = 00000004
Edx = 00404164 Edi = 0000014C
Eip = 00427FE0 EFlags = 00010246
SegCs = 0000001B SegDs = 00000023
SegSs = 00000023 SegEs = 00000023
SegFs = 0000003B SegGs = 00000000
Dr0 = 00000000 Dr3 = 00000000
Dr1 = 00000000 Dr6 = 00000000
Dr2 = 00000000 Dr7 = 00000000
=== output from LINK.EXE /DUMP /HEADERS bash.exe ===
Microsoft (R) COFF/PE Dumper Version 10.00.40219.386 Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file bash.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
14C machine (x86)
B number of sections
3000 time date stamp Thu Jan 01 04:24:48 1970
C2600 file pointer to symbol table
0 number of symbols
E0 size of optional header
32E characteristics
Executable
Line numbers stripped
Symbols stripped
Application can handle large (>2GB) addresses
32 bit word machine
Debug information stripped
OPTIONAL HEADER VALUES
10B magic # (PE32)
2.25 linker version
7C800 size of code
C2200 size of initialized data
9E00 size of uninitialized data
1000 entry point (00401000)
1000 base of code
7E000 base of data
400000 image base (00400000 to 004D2FFF)
1000 section alignment
200 file alignment
4.00 operating system version
1.00 image version
4.00 subsystem version
0 Win32 version
D3000 size of image
400 size of headers
C85A6 checksum
3 subsystem (Windows CUI)
8000 DLL characteristics
Terminal Server Aware
200000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
BB000 [ A14D] RVA [size] of Export Directory
C6000 [ 2CB4] RVA [size] of Import Directory
C9000 [ 4E8] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
CA000 [ 7680] RVA [size] of Base Relocation Directory
9C000 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
C66B0 [ 624] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
7C704 virtual size
1000 virtual address (00401000 to 0047D703)
7C800 size of raw data
400 file pointer to raw data (00000400 to 0007CBFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60500060 flags
Code
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Execute Read
SECTION HEADER #2
.data name
1B24 virtual size
7E000 virtual address (0047E000 to 0047FB23)
1C00 size of raw data
7CC00 file pointer to raw data (0007CC00 to 0007E7FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0600040 flags
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Read Write
SECTION HEADER #3
.rdata name
1B0C0 virtual size
80000 virtual address (00480000 to 0049B0BF)
1B200 size of raw data
7E800 file pointer to raw data (0007E800 to 000999FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40600040 flags
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Read Only
SECTION HEADER #4
.buildid name
35 virtual size
9C000 virtual address (0049C000 to 0049C034)
200 size of raw data
99A00 file pointer to raw data (00099A00 to 00099BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40300040 flags
Initialized Data
RESERVED - UNKNOWN
RESERVED - UNKNOWN
Read Only
Debug Directories
Time Type Size RVA Pointer
-------- ------ -------- -------- --------
00000000 cv 19 0009C01C 99A1C Format: RSDS, {FD1EEED9-A50C-F670-E4AA-B9EF2C1094CA}, 1,
LINK : fatal error LNK1000: Internal error during DumpDebugDirectory
Version 10.00.40219.386
ExceptionCode = C0000005
ExceptionFlags = 00000000
ExceptionAddress = 00427FE0 (00400000) "C:\Program Files\Microsoft Visual Studio 2010\VC\bin\link.exe"
NumberParameters = 00000002
ExceptionInformation[ 0] = 00000000
ExceptionInformation[ 1] = 00000004
CONTEXT:
Eax = 40000040 Esp = 0012E740
Ebx = 014B53C0 Ebp = 0012E768
Ecx = 00000004 Esi = 00000004
Edx = 00404164 Edi = 0000014C
Eip = 00427FE0 EFlags = 00010246
SegCs = 0000001B SegDs = 00000023
SegSs = 00000023 SegEs = 00000023
SegFs = 0000003B SegGs = 00000000
Dr0 = 00000000 Dr3 = 00000000
Dr1 = 00000000 Dr6 = 00000000
Dr2 = 00000000 Dr7 = 00000000
=== hexdump from offset 099a10 of bash.exe: CV_PDB_INFO70 structure ===
099a10 19 00 00 00 1c c0 09 00 1c 9a 09 00 52 53 44 53 ............RSDS
099a20 d9 ee 1e fd 0c a5 70 f6 e4 aa b9 ef 2c 10 94 ca ......p.....,...
099a30 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
=== hexdump from offset 0c2600 of bash.exe, right before EOF:
COFF symbol table with 0 entries, followed by COFF string table ===
0c2600 1d 00 00 00 2e 65 68 5f 66 72 61 6d 65 00 2e 67 .....eh_frame..g
0c2610 6e 75 5f 64 65 62 75 67 6c 69 6e 6b 00 nu_debuglink.
=== hexdump of first kB from bash.exe ===
000000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............
000010 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@.......
000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000030 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 ................
000040 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 ........!..L.!Th
000050 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f is program canno
000060 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 t be run in DOS
000070 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 mode....$.......
000080 50 45 00 00 4c 01 0b 00 00 30 00 00 00 26 0c 00 PE..L....0...&..
000090 00 00 00 00 e0 00 2e 03 0b 01 02 19 00 c8 07 00 ................
0000a0 00 22 0c 00 00 9e 00 00 00 10 00 00 00 10 00 00 ."..............
0000b0 00 e0 07 00 00 00 40 00 00 10 00 00 00 02 00 00 ......@.........
0000c0 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 ................
0000d0 00 30 0d 00 00 04 00 00 a6 85 0c 00 03 00 00 80 .0..............
0000e0 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 .. .............
0000f0 00 00 00 00 10 00 00 00 00 b0 0b 00 4d a1 00 00 ............M...
000100 00 60 0c 00 b4 2c 00 00 00 90 0c 00 e8 04 00 00 .`...,..........
000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000120 00 a0 0c 00 80 76 00 00 00 c0 09 00 1c 00 00 00 .....v..........
000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000150 00 00 00 00 00 00 00 00 b0 66 0c 00 24 06 00 00 .........f..$...
000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000170 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 .........text...
000180 04 c7 07 00 00 10 00 00 00 c8 07 00 00 04 00 00 ................
000190 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 ............`.P`
0001a0 2e 64 61 74 61 00 00 00 24 1b 00 00 00 e0 07 00 .data...$.......
0001b0 00 1c 00 00 00 cc 07 00 00 00 00 00 00 00 00 00 ................
0001c0 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 ....@.`..rdata..
0001d0 c0 b0 01 00 00 00 08 00 00 b2 01 00 00 e8 07 00 ................
0001e0 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 ............@.`@
0001f0 2e 62 75 69 6c 64 69 64 35 00 00 00 00 c0 09 00 .buildid5.......
000200 00 02 00 00 00 9a 09 00 00 00 00 00 00 00 00 00 ................
000210 00 00 00 00 40 00 30 40 2f 34 00 00 00 00 00 00 ....@.0@/4......
000220 c0 39 01 00 00 d0 09 00 00 3a 01 00 00 9c 09 00 .9.......:......
000230 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 ............@.0@
000240 2e 62 73 73 00 00 00 00 40 9d 00 00 00 10 0b 00 .bss....@.......
000250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000260 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 ......`..edata..
000270 4d a1 00 00 00 b0 0b 00 00 a2 00 00 00 d6 0a 00 M...............
000280 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 ............@.0@
000290 2e 69 64 61 74 61 00 00 b4 2c 00 00 00 60 0c 00 .idata...,...`..
0002a0 00 2e 00 00 00 78 0b 00 00 00 00 00 00 00 00 00 .....x..........
0002b0 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 ....@.0..rsrc...
0002c0 e8 04 00 00 00 90 0c 00 00 06 00 00 00 a6 0b 00 ................
0002d0 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 ............@.0.
0002e0 2e 72 65 6c 6f 63 00 00 80 76 00 00 00 a0 0c 00 .reloc...v......
0002f0 00 78 00 00 00 ac 0b 00 00 00 00 00 00 00 00 00 .x..............
000300 00 00 00 00 40 00 30 42 2f 31 34 00 00 00 00 00 ....@.0B/14.....
000310 14 00 00 00 00 20 0d 00 00 02 00 00 00 24 0c 00 ..... .......$..
000320 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 ............@.0@
000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0003a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0003b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0003c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0003e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0003f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
=== output from an alternative PE dumper which doesn't bail out
when it encounters the illegal section names "/4" and "/14",
and enumerates the COFF string table (although obsolete) ===
.text:
Virtual address and size = 0x00001000, 0x0007C704
File offset and raw size = 0x00000400, 0x0007C800
Characteristics = 0x60500060
.data:
Virtual address and size = 0x0007E000, 0x00001B24
File offset and raw size = 0x0007CC00, 0x00001C00
Characteristics = 0xC0600040
.rdata:
Virtual address and size = 0x00080000, 0x0001B0C0
File offset and raw size = 0x0007E800, 0x0001B200
Characteristics = 0x40600040
.buildid:
Virtual address and size = 0x0009C000, 0x00000035
File offset and raw size = 0x00099A00, 0x00000200
Characteristics = 0x40300040
/4:
Virtual address and size = 0x0009D000, 0x000139C0
File offset and raw size = 0x00099C00, 0x00013A00
Characteristics = 0x40300040
.bss:
Virtual address and size = 0x000B1000, 0x00009D40
File offset and raw size = 0x00000000, 0x00000000
Characteristics = 0xC0600080
.edata:
Virtual address and size = 0x000BB000, 0x0000A14D
File offset and raw size = 0x000AD600, 0x0000A200
Characteristics = 0x40300040
.idata:
Virtual address and size = 0x000C6000, 0x00002CB4
File offset and raw size = 0x000B7800, 0x00002E00
Characteristics = 0xC0300040
.rsrc:
Virtual address and size = 0x000C9000, 0x000004E8
File offset and raw size = 0x000BA600, 0x00000600
Characteristics = 0xC0300040
.reloc:
Virtual address and size = 0x000CA000, 0x00007680
File offset and raw size = 0x000BAC00, 0x00007800
Characteristics = 0x42300040
/14:
Virtual address and size = 0x000D2000, 0x00000014
File offset and raw size = 0x000C2400, 0x00000200
Characteristics = 0x40300040
COFF string table:
/4 = .eh_frame
/14 = .gnu_debuglink
...
Export directory:
Characteristics = 0x00000000
Time/date stamp = 0x588B9AAB
Version = 0.0
Module name = bash.exe
Base of ordinals = 1
Number of functions = 1532
Number of names = 1532
Array of functions = 0x000BB028
Array of names = 0x000BC818
Array of name ordinals = 0x000BE008
Named exports:
1 0 0x000B10F0 EOF_Reached
2 1 0x000B65E0 SB
...
Debug directory:
Debug directory entry:
Characteristics = 0x00000000
Time/date stamp = 0x00000000
Version = 0.0
Type = 2 (Codeview)
Address of data = 0x0009C01C
Offset of data = 0x00099A1C
Size of data = 0x00000019
Format = RSDS
Signature = {FD1EEED9-A50C-F670-E4AA-B9EF2C1094CA}
Age = 1
Filename =
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list