[Wisp-cvs] wisp/users/dig pedump.py,1.1,1.2

[<di...@us...>]

Update of /cvsroot/wisp/wisp/users/dig
In directory sc8-pr-cvs1:/tmp/cvs-serv4935

Modified Files:
	pedump.py 
Log Message:
parse more of PE headers

Index: pedump.py
===================================================================
RCS file: /cvsroot/wisp/wisp/users/dig/pedump.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- pedump.py	14 Apr 2003 22:38:29 -0000	1.1
+++ pedump.py	14 Apr 2003 23:44:01 -0000	1.2
@@ -11,19 +11,96 @@
 from __future__ import nested_scopes
 
 import sys
-import struct
+import time
 from bindump import *
 from elf import *
+from types import *
 
 args = sys.argv[1:]
 
 if args:
     for filename in args:
         f = open(filename, 'r')
-        mz_magic, bytes_in_last_block, blocks_in_file = \
-            struct.unpack('<HHH', f.read(6))
-        print 'MZ magic: %04x' % mz_magic
-        print 'Bytes in last block: %04x' % bytes_in_last_block
-        print 'Blocks in file: %04x' % blocks_in_file
+        def take (tpl): return ftake(f, tpl)
+        print '=== MZ header ==='
+        print 'MZ magic: %r' % f.read(2)
+        bytes_in_last_block, blocks_in_file, reloc_count = take('www')
+        print '0x%04x blocks in file, last has 0x%04x bytes' % \
+            (blocks_in_file, bytes_in_last_block)
+        print 'Header size: 0x%04x paragraphs' % take('w')
+        print 'Extra paragraphs needed: min 0x%04x, max 0x%04x' % take('ww')
+        print 'Initial SS:SP = %04x:%04x' % take('ww')
+        print 'Checksum: 0x%04x' % take('w')
+        ip, cs, reloc_ofs = take('www')
+        print 'Initial CS:IP = %04x:%04x' % (cs, ip)
+        print 'Relocation table: %i entries at [%04x]' % \
+            (reloc_count, reloc_ofs)
+        f.seek(0x3C); ne_ofs = take('t')
+        print 'New EXE header at [%08x]' % ne_ofs
+        print '=== PE header ==='
+        f.seek(ne_ofs)
+        print 'PE magic: %r' % f.read(4)
+        state_enum('Target machine/a.out magic', take('w'), {
+                        0x0000: 'unknown or platform independent',
+                        0x014C: 'i80386',
+                        0x014D: 'i80486',
+                        0x014E: 'Pentium',
+                        0x0162: 'Mips Mark I (R2000, R3000)',
+                        0x0163: 'Mips Mark II (R6000)',
+                        0x0166: 'Mips Mark III (R4000)',
+                        0x0168: 'R10000',
+                        0x0184: 'Alpha AXP',
+                        0x01A2: 'Hitachi SH3',
+                        0x01A6: 'Hitachi SH4',
+                        0x01C0: 'ARM',
+                        0x01F0: 'PowerPC LittleEndian',
+                        0x0200: 'ia64',
+                        0x0266: 'Mips 16',
+                        0x0268: 'm68k',
+                        0x0284: 'Alpha AXP 64-bit',
+                        0x0366: 'Mips with FPU',
+                        0x0466: 'Mips 16 with FPU'})
+        print 'Section count: %i' % take('w')
+        timestamp = take('t')
+        print 'Timestamp: %i (%s)' % \
+            (timestamp, time.strftime('%Y-%m-%d %H:%M:%S GMT',
+                                      time.gmtime(timestamp)))
+        symbol_table, symbol_count = take('tt')
+        print 'Symbol table: %i entries at [%08x]' % \
+            (symbol_count, symbol_table)
+        print 'Optional header size: 0x%04x bytes' % take('w')
+        print 'Characteristics:',
+        flags_shortly('?uds?iD3??ltSLxR', take('w'))
+        # Flags:
+        #    R - relocations stripped
+        #    x - is executable
+        #    L - line numbers stripped
+        #    S - local symbols stripped
+        #    t - aggressively trim working set (?)
+        #    l - app is large address aware
+        #    3 - machine is based on 32-bit word architecture
+        #    D - debugging information stripped away
+        #    i - if file on removable media, copy and run from swap (?)
+        #    s - is a system file (?)
+        #    d - is a DLL
+        #    u - should only be run on uniprocessor systems
+        print '=== Optional (a.out) header ==='
+        state_enum('Optional header magic', take('w'), {
+                        0x010B: 'PE32',
+                        0x020B: 'PE32+'})
+        print 'Linker version: %i.%i' % take('bb')
+        print 'Text size: 0x%08x  Data size: 0x%08x  BSS size: 0x%08x' % \
+            take('ttt')
+        print 'Entry point (RVA): [%08x]' % take('t')
+        print 'Base of text segment: [%08x]' % take('t')
+        print 'Base of data segment: [%08x]' % take('t')
+        print 'Preferred image base address: [%08x]' % take('t')
+        print 'Alignment:  memory 0x%08x  file 0x%08x' % take('tt')
+        print 'OS version: %i.%i' % take('ww')
+        print 'Image version: %i.%i' % take('ww')
+        print 'Subsystem version: %i.%i' % take('ww')
+        take('t') # reserved
+        print 'Size of image: 0x%08x  headers: 0x%08x' % take('tt')
+        print 'Checksum: 0x%08x' % take('t')
 else:
     print 'Usage: pedump.py file ...'