winedump: Start dumping .NET specific bits from PE executables.
This commit is contained in:
parent
e5477b35f4
commit
1698c44ed3
|
@ -3060,6 +3060,57 @@ typedef struct _IMAGE_DEBUG_DIRECTORY {
|
|||
#define IMAGE_DEBUG_TYPE_BORLAND 9
|
||||
#define IMAGE_DEBUG_TYPE_RESERVED10 10
|
||||
|
||||
typedef enum ReplacesCorHdrNumericDefines
|
||||
{
|
||||
COMIMAGE_FLAGS_ILONLY = 0x00000001,
|
||||
COMIMAGE_FLAGS_32BITREQUIRED = 0x00000002,
|
||||
COMIMAGE_FLAGS_IL_LIBRARY = 0x00000004,
|
||||
COMIMAGE_FLAGS_STRONGNAMESIGNED = 0x00000008,
|
||||
COMIMAGE_FLAGS_TRACKDEBUGDATA = 0x00010000,
|
||||
|
||||
COR_VERSION_MAJOR_V2 = 2,
|
||||
COR_VERSION_MAJOR = COR_VERSION_MAJOR_V2,
|
||||
COR_VERSION_MINOR = 0,
|
||||
COR_DELETED_NAME_LENGTH = 8,
|
||||
COR_VTABLEGAP_NAME_LENGTH = 8,
|
||||
|
||||
NATIVE_TYPE_MAX_CB = 1,
|
||||
COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE = 0xff,
|
||||
|
||||
IMAGE_COR_MIH_METHODRVA = 0x01,
|
||||
IMAGE_COR_MIH_EHRVA = 0x02,
|
||||
IMAGE_COR_MIH_BASICBLOCK = 0x08,
|
||||
|
||||
COR_VTABLE_32BIT = 0x01,
|
||||
COR_VTABLE_64BIT = 0x02,
|
||||
COR_VTABLE_FROM_UNMANAGED = 0x04,
|
||||
COR_VTABLE_CALL_MOST_DERIVED = 0x10,
|
||||
|
||||
IMAGE_COR_EATJ_THUNK_SIZE = 32,
|
||||
|
||||
MAX_CLASS_NAME = 1024,
|
||||
MAX_PACKAGE_NAME = 1024,
|
||||
} ReplacesCorHdrNumericDefines;
|
||||
|
||||
typedef struct IMAGE_COR20_HEADER
|
||||
{
|
||||
DWORD cb;
|
||||
WORD MajorRuntimeVersion;
|
||||
WORD MinorRuntimeVersion;
|
||||
|
||||
IMAGE_DATA_DIRECTORY MetaData;
|
||||
DWORD Flags;
|
||||
DWORD EntryPointToken;
|
||||
|
||||
IMAGE_DATA_DIRECTORY Resources;
|
||||
IMAGE_DATA_DIRECTORY StrongNameSignature;
|
||||
IMAGE_DATA_DIRECTORY CodeManagerTable;
|
||||
IMAGE_DATA_DIRECTORY VTableFixups;
|
||||
IMAGE_DATA_DIRECTORY ExportAddressTableJumps;
|
||||
IMAGE_DATA_DIRECTORY ManagedNativeHeader;
|
||||
|
||||
} IMAGE_COR20_HEADER, *PIMAGE_COR20_HEADER;
|
||||
|
||||
typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
|
||||
DWORD NumberOfSymbols;
|
||||
DWORD LvaToFirstSymbol;
|
||||
|
|
|
@ -221,7 +221,7 @@ static const struct my_option option_table[] = {
|
|||
{"-C", DUMP, 0, do_symdmngl, "-C Turns on symbol demangling"},
|
||||
{"-f", DUMP, 0, do_dumphead, "-f Dumps file header information"},
|
||||
{"-G", DUMP, 0, do_rawdebug, "-G Dumps raw debug information"},
|
||||
{"-j", DUMP, 1, do_dumpsect, "-j sect_name Dumps only the content of section sect_name (import, export, debug, resource, tls)"},
|
||||
{"-j", DUMP, 1, do_dumpsect, "-j sect_name Dumps only the content of section sect_name (import, export, debug, resource, tls, clr)"},
|
||||
{"-x", DUMP, 0, do_dumpall, "-x Dumps everything"},
|
||||
{NULL, NONE, 0, NULL, NULL}
|
||||
};
|
||||
|
|
|
@ -139,7 +139,7 @@ static const char * const DirectoryNames[16] = {
|
|||
"EXPORT", "IMPORT", "RESOURCE", "EXCEPTION",
|
||||
"SECURITY", "BASERELOC", "DEBUG", "ARCHITECTURE",
|
||||
"GLOBALPTR", "TLS", "LOAD_CONFIG", "Bound IAT",
|
||||
"IAT", "Delay IAT", "COM Descript", ""
|
||||
"IAT", "Delay IAT", "CLR Header", ""
|
||||
};
|
||||
|
||||
static const char *get_magic_type(WORD magic)
|
||||
|
@ -786,6 +786,47 @@ static void dump_dir_debug(void)
|
|||
printf("\n");
|
||||
}
|
||||
|
||||
static inline void print_clrflags(const char *title, WORD value)
|
||||
{
|
||||
printf(" %-34s 0x%X\n", title, value);
|
||||
#define X(f,s) if (value & f) printf(" %s\n", s)
|
||||
X(COMIMAGE_FLAGS_ILONLY, "ILONLY");
|
||||
X(COMIMAGE_FLAGS_32BITREQUIRED, "32BITREQUIRED");
|
||||
X(COMIMAGE_FLAGS_IL_LIBRARY, "IL_LIBRARY");
|
||||
X(COMIMAGE_FLAGS_STRONGNAMESIGNED, "STRONGNAMESIGNED");
|
||||
X(COMIMAGE_FLAGS_TRACKDEBUGDATA, "TRACKDEBUGDATA");
|
||||
#undef X
|
||||
}
|
||||
|
||||
static inline void print_clrdirectory(const char *title, const IMAGE_DATA_DIRECTORY *dir)
|
||||
{
|
||||
printf(" %-23s rva: 0x%-8x size: 0x%-8x\n", title, dir->VirtualAddress, dir->Size);
|
||||
}
|
||||
|
||||
static void dump_dir_clr_header(void)
|
||||
{
|
||||
unsigned int size = 0;
|
||||
const IMAGE_COR20_HEADER *dir = get_dir_and_size(IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, &size);
|
||||
|
||||
if (!dir) return;
|
||||
|
||||
printf( "CLR Header\n" );
|
||||
print_dword( "Header Size", dir->cb );
|
||||
print_ver( "Required runtime version", dir->MajorRuntimeVersion, dir->MinorRuntimeVersion );
|
||||
print_clrflags( "Flags", dir->Flags );
|
||||
print_dword( "EntryPointToken", dir->EntryPointToken );
|
||||
printf("\n");
|
||||
printf( "CLR Data Directory\n" );
|
||||
print_clrdirectory( "MetaData", &dir->MetaData );
|
||||
print_clrdirectory( "Resources", &dir->Resources );
|
||||
print_clrdirectory( "StrongNameSignature", &dir->StrongNameSignature );
|
||||
print_clrdirectory( "CodeManagerTable", &dir->CodeManagerTable );
|
||||
print_clrdirectory( "VTableFixups", &dir->VTableFixups );
|
||||
print_clrdirectory( "ExportAddressTableJumps", &dir->ExportAddressTableJumps );
|
||||
print_clrdirectory( "ManagedNativeHeader", &dir->ManagedNativeHeader );
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
static void dump_dir_tls(void)
|
||||
{
|
||||
IMAGE_TLS_DIRECTORY64 dir;
|
||||
|
@ -1227,6 +1268,8 @@ void pe_dump(void)
|
|||
dump_dir_resource();
|
||||
if (all || !strcmp(globals.dumpsect, "tls"))
|
||||
dump_dir_tls();
|
||||
if (all || !strcmp(globals.dumpsect, "clr"))
|
||||
dump_dir_clr_header();
|
||||
#if 0
|
||||
/* FIXME: not implemented yet */
|
||||
if (all || !strcmp(globals.dumpsect, "reloc"))
|
||||
|
|
|
@ -72,10 +72,10 @@ This option dumps only the standard PE header structures,
|
|||
along with the COFF sections available in the file.
|
||||
.IP "\fB-j \fIsect_name\fR"
|
||||
Dumps only the content of section sect_name (import,
|
||||
export, debug).
|
||||
export, debug, resource, tls, clr).
|
||||
To dump only a given directory, specify them using this
|
||||
option. Currently only the import, export and debug
|
||||
directories are implemented.
|
||||
option. Currently the import, export, debug, resource,
|
||||
tls and clr directories are implemented.
|
||||
.IP \fB-x\fR
|
||||
Dumps everything.
|
||||
This command prints all available information about the
|
||||
|
|
Loading…
Reference in New Issue