From bb1f750b4a2b6f3e665302d0b7a2adf2066308c4 Mon Sep 17 00:00:00 2001 From: Jakub Konka Date: Mon, 22 Aug 2022 11:55:11 +0200 Subject: [PATCH] Add readme and license info --- LICENSE | 21 ++++++ README.md | 210 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 231 insertions(+) create mode 100644 LICENSE create mode 100644 README.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..78f76f1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Jakub Konka + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..2d9dd99 --- /dev/null +++ b/README.md @@ -0,0 +1,210 @@ +# zcoff + +Like `dumpbin.exe` but cross-platform. + +## Usage + +Available options: + +``` +> zcoff --help +zcoff [--help] [--headers] [--symbols] + --help + Display this help and exit. + + --headers + Print headers. + + --symbols + Print symbol table. +``` + +### Examining COFF object files + +``` +> zcoff simple.obj --headers --symbols +No PE signature found + +File type: COFF OBJECT + +FILE HEADER VALUES + 8664 machine (X64) + 8 number of sections + 0 time date stamp + 1f66 file pointer to symbol table + 15 number of symbols + 0 size of optional header + 0 characteristics + + +SECTION HEADER #0 + .text name + 0 virtual size + 0 virtual address + 36 size of raw data + 154 file pointer to raw data + 18a file pointer to relocation table + 0 file pointer to line numbers + 1 number of relocations + 0 number of line numbers + 60500020 flags + Code + Execute + Read + 16 byte align + +SECTION HEADER #1 + .data name + 0 virtual size + 0 virtual address + 0 size of raw data + 194 file pointer to raw data + 0 file pointer to relocation table + 0 file pointer to line numbers + 0 number of relocations + 0 number of line numbers + c0300040 flags + Initialized data + Read + Write + 4 byte align + +... + +More headers + +... + +COFF SYMBOL TABLE +000 00000000 SECT1 NULL NULL STATIC | .text + Section length 36, #relocs 1, #linenums 0, checksum 9cfaf420 +002 00000000 SECT2 NULL NULL STATIC | .data + Section length 0, #relocs 0, #linenums 0, checksum 0 +004 00000000 SECT3 NULL NULL STATIC | .bss + Section length 0, #relocs 0, #linenums 0, checksum 0 +006 00000000 SECT4 NULL NULL STATIC | .xdata + Section length c, #relocs 0, #linenums 0, checksum a1cf843c +008 00000000 SECT5 NULL NULL STATIC | .debug$S + Section length 1d8, #relocs 8, #linenums 0, checksum b097e5ef +010 00000000 SECT6 NULL NULL STATIC | .debug$T + Section length 1b74, #relocs 0, #linenums 0, checksum d2a84c0b +012 00000000 SECT7 NULL NULL STATIC | .pdata + Section length c, #relocs 3, #linenums 0, checksum 43a25afa +014 00000000 SECT8 NULL NULL STATIC | .llvm_addrsig + Section length 0, #relocs 0, #linenums 0, checksum 0 +016 00000000 ABSOLUTE NULL NULL STATIC | @feat.00 +017 00000000 SECT1 NULL FUNCTION EXTERNAL | main +018 00000000 UNDEFINED NULL NULL EXTERNAL | __main +019 00000000 DEBUG NULL NULL FILE | .file + empty.c + +String table size = 0x12 bytes +``` + +### Examining PE image files + +``` +> zcoff a.exe --headers --symbols +PE signature found + +File type: EXECUTABLE IMAGE + +FILE HEADER VALUES + 8664 machine (X64) + 7 number of sections + 6301da2e time date stamp + 0 file pointer to symbol table + 0 number of symbols + f0 size of optional header + 22 characteristics + Executable + Application can handle > 2-GB addresses + +OPTIONAL HEADER VALUES + 20b magic # (PE32+) + e linker version (major) + 0 linker version (minor) + 13200 size of code + 6400 size of initialized data + 0 size of uninitialized data + 14a0 entry point + 1000 base of code + 140000000 image base + 1000 section alignment + 200 file alignment + 6 OS version (major) + 0 OS version (minor) + 0 image version (major) + 0 image version (minor) + 6 subsystem version (major) + 0 subsystem version (minor) + 0 Win32 version + 21000 size of image + 400 size of headers + 0 checksum + 3 subsystem # (WINDOWS_CUI) + 8160 DLL characteristics + High Entropy Virtual Address + Dynamic base + NX compatible + Terminal Server Aware + 1000000 size of stack reserve + 1000 size of stack commit + 100000 size of heap reserve + 1000 size of heap commit + 0 loader flags + 10 number of directories + 0 [ 0] RVA [size] of Export Directory + 17ff8 [ 3c] RVA [size] of Import Directory + 0 [ 0] RVA [size] of Resource Directory + 1d000 [ 1338] RVA [size] of Exception Directory + 0 [ 0] RVA [size] of Certificates Directory + 20000 [ 74] RVA [size] of Base Relocation Directory + 1a000 [ 1c] RVA [size] of Debug Directory + 0 [ 0] RVA [size] of Architecture Directory + 0 [ 0] RVA [size] of Global Pointer Directory + 150a8 [ 28] RVA [size] of Thread Storage Directory + 0 [ 0] RVA [size] of Load Configuration Directory + 0 [ 0] RVA [size] of Bound Import Directory + 18178 [ 140] RVA [size] of Import Address Table Directory + 0 [ 0] RVA [size] of Delay Import Directory + 0 [ 0] RVA [size] of COM Descriptor Directory + 0 [ 0] RVA [size] of Reserved Directory + +SECTION HEADER #0 + .text name + 130e6 virtual size + 1000 virtual address + 13200 size of raw data + 400 file pointer to raw data + 0 file pointer to relocation table + 0 file pointer to line numbers + 0 number of relocations + 0 number of line numbers + 60000020 flags + Code + Execute + Read + +SECTION HEADER #1 + .rdata name + 4744 virtual size + 15000 virtual address + 4800 size of raw data + 13600 file pointer to raw data + 0 file pointer to relocation table + 0 file pointer to line numbers + 0 number of relocations + 0 number of line numbers + 40000040 flags + Initialized data + Read + +... + +More headers + +... + +No symbol table found. +``` \ No newline at end of file