Update of /cvsroot/wisp/wisp/users/dig
In directory sc8-pr-cvs1:/tmp/cvs-serv4935
Modified Files:
pedump.py
Log Message:
parse more of PE headers
Index: pedump.py
===================================================================
RCS file: /cvsroot/wisp/wisp/users/dig/pedump.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- pedump.py 14 Apr 2003 22:38:29 -0000 1.1
+++ pedump.py 14 Apr 2003 23:44:01 -0000 1.2
@@ -11,19 +11,96 @@
from __future__ import nested_scopes
import sys
-import struct
+import time
from bindump import *
from elf import *
+from types import *
args = sys.argv[1:]
if args:
for filename in args:
f = open(filename, 'r')
- mz_magic, bytes_in_last_block, blocks_in_file = \
- struct.unpack('<HHH', f.read(6))
- print 'MZ magic: %04x' % mz_magic
- print 'Bytes in last block: %04x' % bytes_in_last_block
- print 'Blocks in file: %04x' % blocks_in_file
+ def take (tpl): return ftake(f, tpl)
+ print '=== MZ header ==='
+ print 'MZ magic: %r' % f.read(2)
+ bytes_in_last_block, blocks_in_file, reloc_count = take('www')
+ print '0x%04x blocks in file, last has 0x%04x bytes' % \
+ (blocks_in_file, bytes_in_last_block)
+ print 'Header size: 0x%04x paragraphs' % take('w')
+ print 'Extra paragraphs needed: min 0x%04x, max 0x%04x' % take('ww')
+ print 'Initial SS:SP = %04x:%04x' % take('ww')
+ print 'Checksum: 0x%04x' % take('w')
+ ip, cs, reloc_ofs = take('www')
+ print 'Initial CS:IP = %04x:%04x' % (cs, ip)
+ print 'Relocation table: %i entries at [%04x]' % \
+ (reloc_count, reloc_ofs)
+ f.seek(0x3C); ne_ofs = take('t')
+ print 'New EXE header at [%08x]' % ne_ofs
+ print '=== PE header ==='
+ f.seek(ne_ofs)
+ print 'PE magic: %r' % f.read(4)
+ state_enum('Target machine/a.out magic', take('w'), {
+ 0x0000: 'unknown or platform independent',
+ 0x014C: 'i80386',
+ 0x014D: 'i80486',
+ 0x014E: 'Pentium',
+ 0x0162: 'Mips Mark I (R2000, R3000)',
+ 0x0163: 'Mips Mark II (R6000)',
+ 0x0166: 'Mips Mark III (R4000)',
+ 0x0168: 'R10000',
+ 0x0184: 'Alpha AXP',
+ 0x01A2: 'Hitachi SH3',
+ 0x01A6: 'Hitachi SH4',
+ 0x01C0: 'ARM',
+ 0x01F0: 'PowerPC LittleEndian',
+ 0x0200: 'ia64',
+ 0x0266: 'Mips 16',
+ 0x0268: 'm68k',
+ 0x0284: 'Alpha AXP 64-bit',
+ 0x0366: 'Mips with FPU',
+ 0x0466: 'Mips 16 with FPU'})
+ print 'Section count: %i' % take('w')
+ timestamp = take('t')
+ print 'Timestamp: %i (%s)' % \
+ (timestamp, time.strftime('%Y-%m-%d %H:%M:%S GMT',
+ time.gmtime(timestamp)))
+ symbol_table, symbol_count = take('tt')
+ print 'Symbol table: %i entries at [%08x]' % \
+ (symbol_count, symbol_table)
+ print 'Optional header size: 0x%04x bytes' % take('w')
+ print 'Characteristics:',
+ flags_shortly('?uds?iD3??ltSLxR', take('w'))
+ # Flags:
+ # R - relocations stripped
+ # x - is executable
+ # L - line numbers stripped
+ # S - local symbols stripped
+ # t - aggressively trim working set (?)
+ # l - app is large address aware
+ # 3 - machine is based on 32-bit word architecture
+ # D - debugging information stripped away
+ # i - if file on removable media, copy and run from swap (?)
+ # s - is a system file (?)
+ # d - is a DLL
+ # u - should only be run on uniprocessor systems
+ print '=== Optional (a.out) header ==='
+ state_enum('Optional header magic', take('w'), {
+ 0x010B: 'PE32',
+ 0x020B: 'PE32+'})
+ print 'Linker version: %i.%i' % take('bb')
+ print 'Text size: 0x%08x Data size: 0x%08x BSS size: 0x%08x' % \
+ take('ttt')
+ print 'Entry point (RVA): [%08x]' % take('t')
+ print 'Base of text segment: [%08x]' % take('t')
+ print 'Base of data segment: [%08x]' % take('t')
+ print 'Preferred image base address: [%08x]' % take('t')
+ print 'Alignment: memory 0x%08x file 0x%08x' % take('tt')
+ print 'OS version: %i.%i' % take('ww')
+ print 'Image version: %i.%i' % take('ww')
+ print 'Subsystem version: %i.%i' % take('ww')
+ take('t') # reserved
+ print 'Size of image: 0x%08x headers: 0x%08x' % take('tt')
+ print 'Checksum: 0x%08x' % take('t')
else:
print 'Usage: pedump.py file ...'
|
