Module: COFF

Defined in:

lib/rmasm/bincoff.rb

Defined Under Namespace

Classes: SCOFF_BaseRelocation, SCOFF_BaseRelocationBlock, SCOFF_ExportDirectory, SCOFF_FileHeader, SCOFF_IMAGE_DATA_DIRECTORY, SCOFF_IMAGE_DATA_DIRECTORY_32, SCOFF_IMAGE_DATA_DIRECTORY_64, SCOFF_ImportDirectory, SCOFF_ImportHintName, SCOFF_LineNumbers, SCOFF_Relocation, SCOFF_SectionHeader, SCOFF_SymTableEntry

Constant Summary

PE_MACHINE_I386 =

Values of Machine:

0x014c

PE_MACHINE_X8664 =

0x8664

PE_F_RELFLG =

Bits for Flags:

0x0001

PE_F_EXEC =

relocation info stripped from file

0x0002

PE_F_LNNO =

file is executable (no unresolved external references)

0x0004

PE_F_LSYMS =

line numbers stripped from file

0x0008

COFF_Magic_PE32 =

Value of Magic for optional header

0x10B

COFF_Magic_PE64 =

0x20B

COFF_REL_BASED_ABSOLUTE =

Base relocation types

0

COFF_REL_BASED_HIGH =

Ignore

1

COFF_REL_BASED_LOW =

High 16 bits

2

COFF_REL_BASED_HIGHLOW =

Low 16 bits

3

COFF_REL_BASED_HIGHADJ =

32 bits

4

COFF_REL_BASED_DIR64 =

Two consecutive records: 16 bits high, 16 bits low

10

PE_SCN_CNT_CODE =

Section flags values

0x00000020

PE_SCN_CNT_INIT_DATA =

section contains executable code

0x00000040

PE_SCN_CNT_UNINIT_DATA =

section contains initialized data

0x00000080

PE_SCN_LNK_INFO =

section contains unintialized data

0x00000200

PE_SCN_LNK_REMOVE =

section contains comments or .drectve

0x00000800

PE_SCN_LNK_COMDAT =

will not be part of the image. object files only

0x00001000

PE_SCN_ALIGN_1 =

section contains communal data

0x00100000

PE_SCN_ALIGN_2 =

Align data by 1

0x00200000

PE_SCN_ALIGN_4 =

Align data by 2

0x00300000

PE_SCN_ALIGN_8 =

Align data by 4

0x00400000

PE_SCN_ALIGN_16 =

Align data by 8

0x00500000

PE_SCN_ALIGN_32 =

Align data by 16

0x00600000

PE_SCN_ALIGN_64 =

Align data by 32

0x00700000

PE_SCN_ALIGN_128 =

Align data by 64

0x00800000

PE_SCN_ALIGN_256 =

Align data by 128

0x00900000

PE_SCN_ALIGN_512 =

Align data by 256

0x00a00000

PE_SCN_ALIGN_1024 =

Align data by 512

0x00b00000

PE_SCN_ALIGN_2048 =

Align data by 1024

0x00c00000

PE_SCN_ALIGN_4096 =

Align data by 2048

0x00d00000

PE_SCN_ALIGN_8192 =

Align data by 4096

0x00e00000

PE_SCN_ALIGN_MASK =

Align data by 8192

0x00f00000

PE_SCN_LNK_NRELOC_OVFL =

Mask for extracting alignment info

0x01000000

PE_SCN_MEM_DISCARDABLE =

section contains extended relocations

0x02000000

PE_SCN_MEM_NOT_CACHED =

section is discardable

0x04000000

PE_SCN_MEM_NOT_PAGED =

section cannot be cached

0x08000000

PE_SCN_MEM_SHARED =

section is not pageable

0x10000000

PE_SCN_MEM_EXECUTE =

section can be shared

0x20000000

PE_SCN_MEM_READ =

section is executable

0x40000000

PE_SCN_MEM_WRITE =

section is readable

0x80000000

MAP_PE_SCN_TO_STRING =

section is writeable

{
   PE_SCN_CNT_CODE =>       "Text",
   PE_SCN_CNT_INIT_DATA =>   "Data",
   PE_SCN_CNT_UNINIT_DATA=> "BSS",
   PE_SCN_LNK_INFO=>        "Comments",
   PE_SCN_LNK_REMOVE=>      "Remove",
   PE_SCN_LNK_COMDAT=>      "Comdat",
#   {PE_SCN_ALIGN_1,         "Align by 1"},
#   {PE_SCN_ALIGN_2,         "Align by 2"},
#   {PE_SCN_ALIGN_4,         "Align by 4"},
#   {PE_SCN_ALIGN_8,         "Align by 8"},
#   {PE_SCN_ALIGN_16,        "Align by 16"},
#   {PE_SCN_ALIGN_32,        "Align by 32"},
#   {PE_SCN_ALIGN_64,        "Align by 64"},
#   {PE_SCN_ALIGN_128,       "Align by 128"},
#   {PE_SCN_ALIGN_256,       "Align by 256"},
#   {PE_SCN_ALIGN_512,       "Align by 512"},
#   {PE_SCN_ALIGN_1024,      "Align by 1024"},
#   {PE_SCN_ALIGN_2048,      "Align by 2048"},
#   {PE_SCN_ALIGN_4096,      "Align by 4096"},
#  {PE_SCN_ALIGN_8192,      "Align by 8192"}, */
   PE_SCN_LNK_NRELOC_OVFL=> "extended relocations",
   PE_SCN_MEM_DISCARDABLE=> "Discardable",
   PE_SCN_MEM_NOT_CACHED=>  "Cannot be cached",
   PE_SCN_MEM_NOT_PAGED=>   "Not pageable",
   PE_SCN_MEM_SHARED =>     "Can be shared",
   PE_SCN_MEM_EXECUTE =>     "Executable",
   PE_SCN_MEM_READ =>        "Readable",
   PE_SCN_MEM_WRITE =>       "Writeable"
}

SIZE_SCOFF_LineNumbers =

Warning: Size does not fit standard alignment! Use SIZE_SCOFF_LineNumbers instead of sizeof(SCOFF_LineNumbers)

6

SIZE_SCOFF_SymTableEntry =

Warning: Size does not fit standard alignment! Use SIZE_SCOFF_SymTableEntry instead of sizeof(SCOFF_SymTableEntry)

18

COFF_SECTION_UNDEF =

/********************** Section number values for symbol table entries **********************/

0

COFF_SECTION_ABSOLUTE =

external symbol

-1 # value of symbol is absolute

COFF_SECTION_DEBUG =

value of symbol is absolute

-2 # debugging symbol - value is meaningless

COFF_SECTION_N_TV =

debugging symbol - value is meaningless

-3 # indicates symbol needs preload transfer vector

COFF_SECTION_P_TV =

indicates symbol needs preload transfer vector

-4 # indicates symbol needs postload transfer vector

COFF_SECTION_REMOVE_ME =

indicates symbol needs postload transfer vector

-99 # Specific for objconv program: Debug or exception section being removed

IMAGE_SYM_TYPE_NULL =

/*

• Type of a symbol, in low N bits of the word

T_NULL = 0 T_VOID = 1 # function argument (only used by compiler) T_CHAR = 2 # character T_SHORT = 3 # short integer T_INT = 4 # integer T_LONG = 5 # long integer T_FLOAT = 6 # floating point T_DOUBLE = 7 # double word T_STRUCT = 8 # structure T_UNION = 9 # union T_ENUM = 10 # enumeration T_MOE = 11 # member of enumeration T_UCHAR = 12 # unsigned character T_USHORT = 13 # uint16 T_UINT = 14 # unsigned integer T_ULONG = 15 # uint32 T_LNGDBL = 16 # long double */

0

IMAGE_SYM_TYPE_VOID =

1

IMAGE_SYM_TYPE_CHAR =

2

IMAGE_SYM_TYPE_SHORT =

3

IMAGE_SYM_TYPE_INT =

4

IMAGE_SYM_TYPE_LONG =

5

IMAGE_SYM_TYPE_FLOAT =

6

IMAGE_SYM_TYPE_DOUBLE =

7

IMAGE_SYM_TYPE_STRUCT =

8

IMAGE_SYM_TYPE_UNION =

9

IMAGE_SYM_TYPE_ENUM =

10

IMAGE_SYM_TYPE_MOE =

11

IMAGE_SYM_TYPE_BYTE =

12

IMAGE_SYM_TYPE_WORD =

13

IMAGE_SYM_TYPE_UINT =

14

IMAGE_SYM_TYPE_DWORD =

15

IMAGE_SYM_TYPE_LONG_DOUBLE =

16

MAP_SYM_TYPE_TO_STRING =

{
  IMAGE_SYM_TYPE_NULL => "null",
  IMAGE_SYM_TYPE_VOID => "void",
  IMAGE_SYM_TYPE_CHAR => "char",
  IMAGE_SYM_TYPE_SHORT => "short",
  IMAGE_SYM_TYPE_INT => "int",
  IMAGE_SYM_TYPE_LONG => "long",
  IMAGE_SYM_TYPE_FLOAT => "float",
  IMAGE_SYM_TYPE_DOUBLE => "double",
  IMAGE_SYM_TYPE_STRUCT => "struct",
  IMAGE_SYM_TYPE_UNION => "union",
  IMAGE_SYM_TYPE_ENUM => "enum",
  IMAGE_SYM_TYPE_MOE => "moe",
  IMAGE_SYM_TYPE_BYTE => "byte",
  IMAGE_SYM_TYPE_WORD => "word",
  IMAGE_SYM_TYPE_UINT => "uint",
  IMAGE_SYM_TYPE_DWORD => "dword",
  IMAGE_SYM_TYPE_LONG_DOUBLE => "long double",
}

IMAGE_SYM_DTYPE_NULL =

0

IMAGE_SYM_DTYPE_POINTER =

1

IMAGE_SYM_DTYPE_FUNCTION =

2

IMAGE_SYM_DTYPE_ARRAY =

3

MAP_SYM_DTYPE_TO_STRING =

{
  IMAGE_SYM_DTYPE_NULL => "null",
  IMAGE_SYM_DTYPE_POINTER => "ptr",
  IMAGE_SYM_DTYPE_FUNCTION => "function",
  IMAGE_SYM_DTYPE_ARRAY => "array",
}

COFF_CLASS_NULL =

/*

• derived types, in n_type

DT_NON = (0) # no derived type DT_PTR = (1) # pointer DT_FCN = (2) # function DT_ARY = (3) # array

BTYPE(x) = ((x) & N_BTMASK)

ISPTR(x) = (((x) & N_TMASK) == (DT_PTR << N_BTSHFT)) ISFCN(x) = (((x) & N_TMASK) == (DT_FCN << N_BTSHFT)) ISARY(x) = (((x) & N_TMASK) == (DT_ARY << N_BTSHFT)) ISTAG(x) = ((x)==C_STRTAG||(x)==C_UNTAG||(x)==C_ENTAG) DECREF(x) = ((((x)>>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK)) */ /********************** Storage classes for symbol table entries **********************/

0

COFF_CLASS_AUTOMATIC =

automatic variable

1

COFF_CLASS_EXTERNAL =

external symbol

2

COFF_CLASS_STATIC =

static

3

COFF_CLASS_REGISTER =

register variable

4

COFF_CLASS_EXTERNAL_DEF =

external definition

5

COFF_CLASS_LABEL =

label

6

COFF_CLASS_UNDEFINED_LABEL =

undefined label

7

COFF_CLASS_MEMBER_OF_STRUCTURE =

member of structure

8

COFF_CLASS_ARGUMENT =

function argument

9

COFF_CLASS_STRUCTURE_TAG =

structure tag

10

COFF_CLASS_MEMBER_OF_UNION =

member of union

11

COFF_CLASS_UNION_TAG =

union tag

12

COFF_CLASS_TYPE_DEFINITION =

type definition

13

COFF_CLASS_UNDEFINED_STATIC =

undefined static

14

COFF_CLASS_ENUM_TAG =

enumeration tag

15

COFF_CLASS_MEMBER_OF_ENUM =

member of enumeration

16

COFF_CLASS_REGISTER_PARAM =

register parameter

17

COFF_CLASS_BIT_FIELD =

bit field

18

COFF_CLASS_AUTO_ARGUMENT =

auto argument

19

COFF_CLASS_LASTENTRY =

dummy entry (end of block)

20

COFF_CLASS_BLOCK =

“.bb” or “.eb”

100

COFF_CLASS_FUNCTION =

“.bf” or “.ef”

101

COFF_CLASS_END_OF_STRUCT =

end of structure

102

COFF_CLASS_FILE =

file name

103

COFF_CLASS_LINE =

line # reformatted as symbol table entry

104

COFF_CLASS_SECTION =

line # reformatted as symbol table entry

104

COFF_CLASS_ALIAS =

duplicate tag

105

COFF_CLASS_WEAK_EXTERNAL =

duplicate tag

105

COFF_CLASS_HIDDEN =

ext symbol in dmert public lib

106

COFF_CLASS_END_OF_FUNCTION =

physical end of function

0xff

MAP_COFF_CLASS_TO_STRING =

{
  COFF_CLASS_END_OF_FUNCTION=> "EndOfFunc",
  COFF_CLASS_AUTOMATIC=> "AutoVariable",
  COFF_CLASS_EXTERNAL=> "External/Public",
  COFF_CLASS_STATIC=> "Static/Nonpublic",
  COFF_CLASS_REGISTER=> "Register",
  COFF_CLASS_EXTERNAL_DEF=> "ExternalDef",
  COFF_CLASS_LABEL=> "Label",
  COFF_CLASS_UNDEFINED_LABEL=> "UndefLabel",
  COFF_CLASS_MEMBER_OF_STRUCTURE=> "StructMem",
  COFF_CLASS_ARGUMENT=> "FuncArgument",
  COFF_CLASS_STRUCTURE_TAG=> "StructTag",
  COFF_CLASS_MEMBER_OF_UNION=> "UnionMember",
  COFF_CLASS_UNION_TAG=> "UnionTag",
  COFF_CLASS_TYPE_DEFINITION=> "TypeDef",
  COFF_CLASS_UNDEFINED_STATIC=> "UndefStatic",
  COFF_CLASS_ENUM_TAG=> "EnumTag",
  COFF_CLASS_MEMBER_OF_ENUM=> "EnumMem",
  COFF_CLASS_REGISTER_PARAM=> "RegisterParameter",
  COFF_CLASS_BIT_FIELD=> "BitField",
  COFF_CLASS_AUTO_ARGUMENT=> "AutoArgument",
  COFF_CLASS_LASTENTRY=> "DummyLastEntry",
  COFF_CLASS_BLOCK=> "bb/eb_block",
  COFF_CLASS_FUNCTION=> "Function_bf/ef",
  COFF_CLASS_END_OF_STRUCT=> "EndOfStruct",
  COFF_CLASS_FILE=> "FileName",
  COFF_CLASS_LINE=> "LineNumber",
  COFF_CLASS_SECTION=> "SectionLineNumber",
  COFF_CLASS_ALIAS=> "Alias",
  COFF_CLASS_WEAK_EXTERNAL=> "WeakExternal",
  COFF_CLASS_HIDDEN=> "Hidden"
}

COFF_TYPE_FUNCTION =

/********************** Type for symbol table entries **********************/

0x20

COFF_TYPE_NOT_FUNCTION =

Symbol is function

0x00

SIZE_SCOFF_Relocation =

Size of SCOFF_Relocation packed

10

COFF32_RELOC_ABS =

/********************** Relocation types for 32-bit COFF **********************/

0x00

COFF32_RELOC_DIR16 =

Ignored

0x01

COFF32_RELOC_REL16 =

Not supported

0x02

COFF32_RELOC_DIR32 =

Not supported

0x06

COFF32_RELOC_IMGREL =

32-bit absolute virtual address

0x07

COFF32_RELOC_SEG12 =

32-bit image relative virtual address

0x09

COFF32_RELOC_SECTION =

not supported

0x0A

COFF32_RELOC_SECREL =

16-bit section index in file

0x0B

COFF32_RELOC_SECREL7 =

32-bit section-relative

0x0D

COFF32_RELOC_TOKEN =

7-bit section-relative

0x0C

COFF32_RELOC_REL32 =

CLR token

0x14

COFF64_RELOC_ABS =

/********************** Relocation types for 64-bit COFF **********************/ Note: These values are obtained by my own testing. I haven’t found any official values

0x00

COFF64_RELOC_ABS64 =

Ignored

0x01

COFF64_RELOC_ABS32 =

64 bit absolute virtual address

0x02

COFF64_RELOC_IMGREL =

32 bit absolute virtual address

0x03

COFF64_RELOC_REL32 =

32 bit image-relative

0x04

COFF64_RELOC_REL32_1 =

32 bit, RIP-relative

0x05

COFF64_RELOC_REL32_2 =

32 bit, relative to RIP - 1. For instruction with immediate byte operand

0x06

COFF64_RELOC_REL32_3 =

32 bit, relative to RIP - 2. For instruction with immediate word operand

0x07

COFF64_RELOC_REL32_4 =

32 bit, relative to RIP - 3. (useless)

0x08

COFF64_RELOC_REL32_5 =

32 bit, relative to RIP - 4. For instruction with immediate dword operand

0x09

COFF64_RELOC_SECTION =

32 bit, relative to RIP - 5. (useless)

0x0A

COFF64_RELOC_SECREL =

16-bit section index in file. For debug purpose

0x0B

COFF64_RELOC_SECREL7 =

32-bit section-relative

0x0C

COFF64_RELOC_TOKEN =

7-bit section-relative

0x0D

COFF64_RELOC_SREL32 =

CLR token = 64 bit absolute virtual address. Inline addend ignored

0x0E

COFF64_RELOC_PAIR =

32 bit signed span dependent

0x0F

COFF64_RELOC_PPC_REFHI =

pair after span dependent

0x10

COFF64_RELOC_PPC_REFLO =

high 16 bits of 32 bit abs addr

0x11

COFF64_RELOC_PPC_PAIR =

low 16 bits of 32 bit abs addr

0x12

COFF64_RELOC_PPC_SECRELO =

pair after REFHI

0x13

COFF64_RELOC_PPC_GPREL =

low 16 bits of section relative

0x15

COFF64_RELOC_PPC_TOKEN =

16 bit signed relative to GP

0x16

COFF_CONSTRUCTOR_NAME =

/********************** Strings **********************/

".CRT$XCU"

Class Method Summary

• .FlagsToStr(flags) ⇒ Object

  /********************** SECTION HEADER **********************/.

Class Method Details

.FlagsToStr(flags) ⇒ Object

/********************** SECTION HEADER **********************/

# File 'lib/rmasm/bincoff.rb', line 256

def self.FlagsToStr(flags)
  str = ""
  n = 0
  flags_no_aligned = flags & (~PE_SCN_ALIGN_MASK)
  i = 1
  32.times do
    if (i & flags_no_aligned) != 0
      value = MAP_PE_SCN_TO_STRING[ i & flags_no_aligned ]
      str += " | " if n > 0
      str += "#{value}"
      n += 1
    end
    i = i << 1
  end

  if (flags & PE_SCN_ALIGN_MASK)
    a = 1 << (((flags & PE_SCN_ALIGN_MASK) / PE_SCN_ALIGN_1) - 1);
    str += " Align by 0x%4X" % a
    n += 1
  end

  if n == 0
    str = "None"
  end
  str
end