2 * pedump.c: Dumps the contents of an extended PE/COFF file
5 * Miguel de Icaza (miguel@ximian.com)
7 * (C) 2001 Ximian, Inc.
15 gboolean dump_data = TRUE;
18 hex_dump (char *buffer, int base, int count)
22 for (i = 0; i < count; i++){
24 printf ("\n0x%08x: ", (unsigned char) base + i);
26 printf ("%02x ", (unsigned char) (buffer [i]));
31 hex8 (char *label, unsigned char x)
33 printf ("\t%s: 0x%02x\n", label, (unsigned char) x);
37 hex16 (char *label, guint16 x)
39 printf ("\t%s: 0x%04x\n", label, x);
43 hex32 (char *label, guint32 x)
45 printf ("\t%s: 0x%08x\n", label, x);
49 dump_coff_header (coff_header_t *coff)
51 printf ("\nCOFF Header:\n");
52 hex16 (" Machine", coff->coff_machine);
53 hex16 (" Sections", coff->coff_sections);
54 hex32 (" Time stamp", coff->coff_time);
55 hex32 ("Pointer to Symbol Table", coff->coff_symptr);
56 hex32 (" Symbol Count", coff->coff_symcount);
57 hex16 (" Optional Header Size", coff->coff_opt_header_size);
58 hex16 (" Characteristics", coff->coff_attributes);
63 dump_pe_header (pe_header_t *pe)
65 printf ("\nPE Header:\n");
66 hex16 (" Magic (0x010b)", pe->pe_magic);
67 hex8 (" LMajor (6)", pe->pe_major);
68 hex8 (" LMinor (0)", pe->pe_minor);
69 hex32 (" Code Size", pe->pe_code_size);
70 hex32 (" Initialized Data Size", pe->pe_data_size);
71 hex32 ("Uninitialized Data Size", pe->pe_uninit_data_size);
72 hex32 (" Entry Point RVA", pe->pe_rva_entry_point);
73 hex32 (" Code Base RVA", pe->pe_rva_code_base);
74 hex32 (" Data Base RVA", pe->pe_rva_data_base);
79 dump_nt_header (pe_header_nt_t *nt)
81 printf ("\nNT Header:\n");
83 hex32 (" Image Base (0x400000)", nt->pe_image_base);
84 hex32 ("Section Alignment (8192)", nt->pe_section_align);
85 hex32 (" File Align (512/4096)", nt->pe_file_alignment);
86 hex16 (" OS Major (4)", nt->pe_os_major);
87 hex16 (" OS Minor (0)", nt->pe_os_minor);
88 hex16 (" User Major (0)", nt->pe_user_major);
89 hex16 (" User Minor (0)", nt->pe_user_minor);
90 hex16 (" Subsys major (4)", nt->pe_subsys_major);
91 hex16 (" Subsys minor (0)", nt->pe_subsys_minor);
92 hex32 (" Reserverd", nt->pe_reserved_1);
93 hex32 (" Image Size", nt->pe_image_size);
94 hex32 (" Header Size", nt->pe_header_size);
95 hex32 (" Checksum (0)", nt->pe_checksum);
96 hex16 (" Subsystem", nt->pe_subsys_required);
97 hex16 (" DLL Flags (0)", nt->pe_dll_flags);
98 hex32 (" Stack Reserve Size (1M)", nt->pe_stack_reserve);
99 hex32 ("Stack commit Size (4096)", nt->pe_stack_commit);
100 hex32 (" Heap Reserve Size (1M)", nt->pe_heap_reserve);
101 hex32 (" Heap Commit Size (4096)", nt->pe_heap_commit);
102 hex32 (" Loader flags (0x1)", nt->pe_loader_flags);
103 hex32 (" Data Directories (16)", nt->pe_data_dir_count);
107 dent (const char *label, pe_dir_entry_t de)
109 printf ("\t%s: 0x%08x [0x%08x]\n", label, de.rva, de.size);
113 dump_datadir (pe_datadir_t *dd)
115 printf ("\nData directories:\n");
116 dent (" Export Table", dd->pe_export_table);
117 dent (" Import Table", dd->pe_import_table);
118 dent (" Resource Table", dd->pe_resource_table);
119 dent (" Exception Table", dd->pe_exception_table);
120 dent ("Certificate Table", dd->pe_certificate_table);
121 dent (" Reloc Table", dd->pe_reloc_table);
122 dent (" Debug", dd->pe_debug);
123 dent (" Copyright", dd->pe_copyright);
124 dent (" Global Ptr", dd->pe_global_ptr);
125 dent (" TLS Table", dd->pe_tls_table);
126 dent ("Load Config Table", dd->pe_load_config_table);
127 dent (" Bound Import", dd->pe_bound_import);
128 dent (" IAT", dd->pe_iat);
129 dent ("Delay Import Desc", dd->pe_delay_import_desc);
130 dent (" CLI Header", dd->pe_cli_header);
134 dump_dotnet_header (dotnet_header_t *header)
136 dump_coff_header (&header->coff);
137 dump_pe_header (&header->pe);
138 dump_nt_header (&header->nt);
139 dump_datadir (&header->datadir);
143 dump_section_table (section_table_t *st)
145 guint32 flags = st->st_flags;
147 printf ("\n\tName: %s\n", st->st_name);
148 hex32 (" Virtual Size", st->st_virtual_size);
149 hex32 ("Virtual Address", st->st_virtual_address);
150 hex32 (" Raw Data Size", st->st_raw_data_size);
151 hex32 (" Raw Data Ptr", st->st_raw_data_ptr);
152 hex32 (" Reloc Ptr", st->st_reloc_ptr);
153 hex32 (" LineNo Ptr", st->st_lineno_ptr);
154 hex16 (" Reloc Count", st->st_reloc_count);
155 hex16 (" Line Count", st->st_line_count);
157 printf ("\tFlags: %s%s%s%s%s%s%s%s%s%s\n",
158 (flags & SECT_FLAGS_HAS_CODE) ? "code, " : "",
159 (flags & SECT_FLAGS_HAS_INITIALIZED_DATA) ? "data, " : "",
160 (flags & SECT_FLAGS_HAS_UNINITIALIZED_DATA) ? "bss, " : "",
161 (flags & SECT_FLAGS_MEM_DISCARDABLE) ? "discard, " : "",
162 (flags & SECT_FLAGS_MEM_NOT_CACHED) ? "nocache, " : "",
163 (flags & SECT_FLAGS_MEM_NOT_PAGED) ? "nopage, " : "",
164 (flags & SECT_FLAGS_MEM_SHARED) ? "shared, " : "",
165 (flags & SECT_FLAGS_MEM_EXECUTE) ? "exec, " : "",
166 (flags & SECT_FLAGS_MEM_READ) ? "read, " : "",
167 (flags & SECT_FLAGS_MEM_WRITE) ? "write" : "");
171 dump_sections (cli_image_info_t *iinfo)
173 const int top = iinfo->cli_header.coff.coff_sections;
176 for (i = 0; i < top; i++)
177 dump_section_table (&iinfo->cli_section_tables [i]);
181 dump_cli_header (cli_header_t *ch)
184 printf (" CLI header size: %d\n", ch->ch_size);
185 printf (" Runtime required: %d.%d\n", ch->ch_runtime_major, ch->ch_runtime_minor);
186 printf (" Flags: %s, %s, %s\n",
187 (ch->ch_flags & CLI_FLAGS_ILONLY ? "ilonly" : "contains native"),
188 (ch->ch_flags & CLI_FLAGS_32BITREQUIRED ? "32bits" : "32/64"),
189 (ch->ch_flags & CLI_FLAGS_ILONLY ? "trackdebug" : "no-trackdebug"));
190 dent (" Metadata", ch->ch_metadata);
191 hex32 ("Entry Point Token", ch->ch_entry_point);
192 dent (" Resources at", ch->ch_resources);
193 dent (" Strong Name at", ch->ch_strong_name);
194 dent (" Code Manager at", ch->ch_code_manager_table);
195 dent (" VTableFixups at", ch->ch_vtable_fixups);
196 dent (" EAT jumps at", ch->ch_export_address_table_jumps);
200 dsh (char *label, cli_image_info_t *iinfo, stream_header_t *sh)
202 printf ("%s: 0x%08x - 0x%08x [%d == 0x%08x]\n",
204 sh->sh_offset, sh->sh_offset + sh->sh_size,
205 sh->sh_size, sh->sh_size);
209 dump_metadata_ptrs (cli_image_info_t *iinfo)
211 metadata_t *meta = &iinfo->cli_metadata;
213 printf ("\nMetadata pointers:\n");
214 dsh ("\tTables (#~)", iinfo, &meta->heap_tables);
215 dsh ("\t Strings", iinfo, &meta->heap_strings);
216 dsh ("\t Blob", iinfo, &meta->heap_blob);
217 dsh ("\tUser string", iinfo, &meta->heap_us);
218 dsh ("\t GUID", iinfo, &meta->heap_guid);
222 dump_table (metadata_t *meta, int table)
228 dump_metadata (cli_image_info_t *iinfo)
230 metadata_t *meta = &iinfo->cli_metadata;
233 dump_metadata_ptrs (iinfo);
236 for (table = 0; table < 64; table++){
237 if (meta->tables [table].rows == 0)
239 printf ("Table %s: %p (%d, %d)\n",
240 mono_meta_table_name (table),
241 meta->tables [table].base,
242 meta->tables [table].rows,
243 meta->tables [table].row_size
245 dump_table (meta, table);
250 dump_methoddef (cli_image_info_t *iinfo, guint32 token)
254 loc = mono_metadata_locate_token (&iinfo->cli_metadata, token);
256 printf ("RVA for Entry Point: 0x%08x\n", (*(guint32 *)loc));
260 dump_dotnet_iinfo (cli_image_info_t *iinfo)
262 dump_dotnet_header (&iinfo->cli_header);
263 dump_sections (iinfo);
264 dump_cli_header (&iinfo->cli_cli_header);
265 dump_metadata (iinfo);
267 dump_methoddef (iinfo, iinfo->cli_cli_header.ch_entry_point);
273 printf ("Usage is: pedump file.exe\n");
278 main (int argc, char *argv [])
280 cli_image_info_t *iinfo;
281 MonoAssembly *assembly;
285 for (i = 1; i < argc; i++){
286 if (argv [i][0] != '-'){
291 if (argv [i][1] == 'h')
298 assembly = mono_assembly_open (file, NULL);
300 fprintf (stderr, "Can not open assembly %s\n", file);
303 iinfo = assembly->image_info;
306 dump_dotnet_iinfo (iinfo);
308 mono_assembly_close (assembly);