winedump: Start dumping .NET specific bits from PE executables.

include/winnt.h

@@ -3060,6 +3060,57 @@ typedef struct _IMAGE_DEBUG_DIRECTORY {
 #define IMAGE_DEBUG_TYPE_BORLAND        9
 #define IMAGE_DEBUG_TYPE_RESERVED10    10
 
+typedef enum ReplacesCorHdrNumericDefines
+{
+    COMIMAGE_FLAGS_ILONLY           = 0x00000001,
+    COMIMAGE_FLAGS_32BITREQUIRED    = 0x00000002,
+    COMIMAGE_FLAGS_IL_LIBRARY       = 0x00000004,
+    COMIMAGE_FLAGS_STRONGNAMESIGNED = 0x00000008,
+    COMIMAGE_FLAGS_TRACKDEBUGDATA   = 0x00010000,
+
+    COR_VERSION_MAJOR_V2       = 2,
+    COR_VERSION_MAJOR          = COR_VERSION_MAJOR_V2,
+    COR_VERSION_MINOR          = 0,
+    COR_DELETED_NAME_LENGTH    = 8,
+    COR_VTABLEGAP_NAME_LENGTH  = 8,
+
+    NATIVE_TYPE_MAX_CB = 1,
+    COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE = 0xff,
+
+    IMAGE_COR_MIH_METHODRVA  = 0x01,
+    IMAGE_COR_MIH_EHRVA      = 0x02,
+    IMAGE_COR_MIH_BASICBLOCK = 0x08,
+
+    COR_VTABLE_32BIT             = 0x01,
+    COR_VTABLE_64BIT             = 0x02,
+    COR_VTABLE_FROM_UNMANAGED    = 0x04,
+    COR_VTABLE_CALL_MOST_DERIVED = 0x10,
+
+    IMAGE_COR_EATJ_THUNK_SIZE = 32,
+
+    MAX_CLASS_NAME   = 1024,
+    MAX_PACKAGE_NAME = 1024,
+} ReplacesCorHdrNumericDefines;
+
+typedef struct IMAGE_COR20_HEADER
+{
+    DWORD cb;
+    WORD  MajorRuntimeVersion;
+    WORD  MinorRuntimeVersion;
+
+    IMAGE_DATA_DIRECTORY MetaData;
+    DWORD Flags;
+    DWORD EntryPointToken;
+
+    IMAGE_DATA_DIRECTORY Resources;
+    IMAGE_DATA_DIRECTORY StrongNameSignature;
+    IMAGE_DATA_DIRECTORY CodeManagerTable;
+    IMAGE_DATA_DIRECTORY VTableFixups;
+    IMAGE_DATA_DIRECTORY ExportAddressTableJumps;
+    IMAGE_DATA_DIRECTORY ManagedNativeHeader;
+
+} IMAGE_COR20_HEADER, *PIMAGE_COR20_HEADER;
+
 typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
   DWORD NumberOfSymbols;
   DWORD LvaToFirstSymbol;

tools/winedump/main.c

@@ -221,7 +221,7 @@ static const struct my_option option_table[] = {
   {"-C",    DUMP, 0, do_symdmngl, "-C           Turns on symbol demangling"},
   {"-f",    DUMP, 0, do_dumphead, "-f           Dumps file header information"},
   {"-G",    DUMP, 0, do_rawdebug, "-G           Dumps raw debug information"},
-  {"-j",    DUMP, 1, do_dumpsect, "-j sect_name Dumps only the content of section sect_name (import, export, debug, resource, tls)"},
+  {"-j",    DUMP, 1, do_dumpsect, "-j sect_name Dumps only the content of section sect_name (import, export, debug, resource, tls, clr)"},
   {"-x",    DUMP, 0, do_dumpall,  "-x           Dumps everything"},
   {NULL,    NONE, 0, NULL,        NULL}
 };

tools/winedump/pe.c

@@ -139,7 +139,7 @@ static const char * const DirectoryNames[16] = {
     "EXPORT",		"IMPORT",	"RESOURCE", 	"EXCEPTION",
     "SECURITY", 	"BASERELOC", 	"DEBUG", 	"ARCHITECTURE",
     "GLOBALPTR", 	"TLS", 		"LOAD_CONFIG",	"Bound IAT",
-    "IAT", 		"Delay IAT",	"COM Descript", ""
+    "IAT", 		"Delay IAT",	"CLR Header", ""
 };
 
 static const char *get_magic_type(WORD magic)
@@ -786,6 +786,47 @@ static void	dump_dir_debug(void)
     printf("\n");
 }
 
+static inline void print_clrflags(const char *title, WORD value)
+{
+    printf("  %-34s 0x%X\n", title, value);
+#define X(f,s) if (value & f) printf("    %s\n", s)
+    X(COMIMAGE_FLAGS_ILONLY,           "ILONLY");
+    X(COMIMAGE_FLAGS_32BITREQUIRED,    "32BITREQUIRED");
+    X(COMIMAGE_FLAGS_IL_LIBRARY,       "IL_LIBRARY");
+    X(COMIMAGE_FLAGS_STRONGNAMESIGNED, "STRONGNAMESIGNED");
+    X(COMIMAGE_FLAGS_TRACKDEBUGDATA,   "TRACKDEBUGDATA");
+#undef X
+}
+
+static inline void print_clrdirectory(const char *title, const IMAGE_DATA_DIRECTORY *dir)
+{
+    printf("  %-23s rva: 0x%-8x  size: 0x%-8x\n", title, dir->VirtualAddress, dir->Size);
+}
+
+static void dump_dir_clr_header(void)
+{
+    unsigned int size = 0;
+    const IMAGE_COR20_HEADER *dir = get_dir_and_size(IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, &size);
+
+    if (!dir) return;
+
+    printf( "CLR Header\n" );
+    print_dword( "Header Size", dir->cb );
+    print_ver( "Required runtime version", dir->MajorRuntimeVersion, dir->MinorRuntimeVersion );
+    print_clrflags( "Flags", dir->Flags );
+    print_dword( "EntryPointToken", dir->EntryPointToken );
+    printf("\n");
+    printf( "CLR Data Directory\n" );
+    print_clrdirectory( "MetaData", &dir->MetaData );
+    print_clrdirectory( "Resources", &dir->Resources );
+    print_clrdirectory( "StrongNameSignature", &dir->StrongNameSignature );
+    print_clrdirectory( "CodeManagerTable", &dir->CodeManagerTable );
+    print_clrdirectory( "VTableFixups", &dir->VTableFixups );
+    print_clrdirectory( "ExportAddressTableJumps", &dir->ExportAddressTableJumps );
+    print_clrdirectory( "ManagedNativeHeader", &dir->ManagedNativeHeader );
+    printf("\n");
+}
+
 static void dump_dir_tls(void)
 {
     IMAGE_TLS_DIRECTORY64 dir;
@@ -1227,6 +1268,8 @@ void pe_dump(void)
 	    dump_dir_resource();
 	if (all || !strcmp(globals.dumpsect, "tls"))
 	    dump_dir_tls();
+	if (all || !strcmp(globals.dumpsect, "clr"))
+	    dump_dir_clr_header();
 #if 0
 	/* FIXME: not implemented yet */
 	if (all || !strcmp(globals.dumpsect, "reloc"))

tools/winedump/winedump.man.in

@@ -72,10 +72,10 @@ This option dumps only the standard PE header structures,
 along with the COFF sections available in the file.
 .IP "\fB-j \fIsect_name\fR"
 Dumps only the content of section sect_name (import,
-export, debug).
+export, debug, resource, tls, clr).
 To dump only a given directory, specify them using this
-option. Currently only the import, export and debug
+option. Currently the import, export, debug, resource,
-directories are implemented.
+tls and clr directories are implemented.
 .IP \fB-x\fR
 Dumps everything.
 This command prints all available information about the