+#!/usr/bin/python
+#
+# Copyright (c) 2013 - 2016 Apple Inc. All rights reserved
+#
+# Dump out a PE/COFF, PE/COFF+, or TE file using the EfiPeCoff class
+#
+# Read from memory in lldb
+# T=pecoff.EfiPeCoff(lldb.target, 0x86c7d000)
+#
+# Read from a Python file object
+# T=pecoff.EfiPeCoff(file)
+#
+# Read from a Python string
+# T=pecoff.EfiPeCoff(file.read())
+#
+
+import sys
+import struct
+import collections
+import optparse
+import commands
+import os
+import platform
+
+#----------------------------------------------------------------------
+# Code that auto imports LLDB
+#----------------------------------------------------------------------
+try:
+ # Just try for LLDB in case PYTHONPATH is already correctly setup
+ import lldb
+except ImportError:
+ lldb_python_dirs = list()
+ # lldb is not in the PYTHONPATH, try some defaults for the current platform
+ platform_system = platform.system()
+ if platform_system == 'Darwin':
+ # On Darwin, try the currently selected Xcode directory
+ xcode_dir = commands.getoutput("xcode-select --print-path")
+ if xcode_dir:
+ lldb_python_dirs.append(os.path.realpath(xcode_dir + '/../SharedFrameworks/LLDB.framework/Resources/Python'))
+ lldb_python_dirs.append(xcode_dir + '/Library/PrivateFrameworks/LLDB.framework/Resources/Python')
+ lldb_python_dirs.append('/System/Library/PrivateFrameworks/LLDB.framework/Resources/Python')
+ success = False
+ for lldb_python_dir in lldb_python_dirs:
+ if os.path.exists(lldb_python_dir):
+ if not (sys.path.__contains__(lldb_python_dir)):
+ sys.path.append(lldb_python_dir)
+ try:
+ import lldb
+ except ImportError:
+ pass
+ else:
+ success = True
+ break
+ if not success:
+ print "error: couldn't locate the 'lldb' module, please set PYTHONPATH correctly"
+ sys.exit(1)
+
+class ReadOnlyFile:
+ '''Abstract reading data from an object:
+ Duck type an lldb.SBTarget, string (output of file.read()), or Python File object.
+ '''
+ def __init__(self, readAbstraction, address = 0):
+ # Python file object
+ self.file = None
+ # offset for FAT binaries.
+ self.offset = None
+
+ # lldb SBTarget
+ self.address = None
+ self.startingAddress = None
+ self.SBTarget = None
+ self.SBError = None
+
+ # Python string (file.read())
+ self.data = None
+ self.dataIndex = 0
+
+ if isinstance(readAbstraction, lldb.SBTarget):
+ # duck type lldb memory reads
+ self.address = address
+ self.startingAddress = address
+ self.SBTarget = readAbstraction
+ self.SBError = lldb.SBError()
+ elif isinstance(readAbstraction, file):
+ # duck type to a Python file
+ self.file = readAbstraction
+ self.offset = address
+ elif isinstance(readAbstraction, str):
+ # string, like the result of reading the file in via Python
+ self.data = readAbstraction
+ self.dataIndex = 0
+ else:
+ raise SyntaxError('Unsupported type for readAbstraction')
+
+ def Read (self, size, offset=None):
+ if offset is not None:
+ self.Seek (offset)
+
+ if self.file:
+ return self.file.read(size)
+
+ if self.address:
+ data = self.SBTarget.process.ReadMemory (self.address, size, self.SBError)
+ self.address += size
+ return bytearray(data)
+
+ if self.data:
+ data = self.data[self.dataIndex:self.dataIndex+size]
+ self.dataIndex += size
+ return data
+
+ def ReadCString (self, offset=None, maxSize=512):
+ if offset:
+ self.Seek (offset)
+
+ if self.file:
+ data = self.file.read(maxSize)
+ str = data.split('\x00')[0]
+ # seek to end of string
+ self.file.seek (-(maxSize - len(str)), os.SEEK_CUR)
+ return data
+
+ if self.address:
+ data = self.SBTarget.process.ReadCStringFromMemory (self.address, maxSize, self.SBError)
+ self.address += len(data)
+ return data
+
+ if self.data:
+ data = self.data[self.dataIndex:self.dataIndex+maxSize]
+ str = data.split('\x00')[0]
+ self.dataIndex += len(str)
+ return str
+
+
+ def Seek (self, offset, whence = os.SEEK_SET):
+ if self.file:
+ return self.file.seek(offset, whence)
+
+ if self.address:
+ if whence == os.SEEK_SET:
+ self.address = self.startingAddress + offset
+ elif whence == os.SEEK_CUR:
+ self.address = self.address + offset
+ elif whence == os.SEEK_END:
+ raise SyntaxError('whence does not support SEEK_END due to memory not having an end')
+ else:
+ raise SyntaxError('illegal whence value')
+
+ if self.data:
+ if whence == os.SEEK_SET:
+ self.dataIndex = offset
+ elif whence == os.SEEK_CUR:
+ self.dataIndex = self.dataIndex + offset
+ elif whence == os.SEEK_END:
+ raise SyntaxError('whence does not support SEEK_END due to memory not having an end')
+ else:
+ raise SyntaxError('illegal whence value')
+
+ def Tell (self):
+ if self.file:
+ return self.file.tell()
+
+ if self.address:
+ return self.address
+
+ if self.data:
+ return self.dataIndex
+
+
+ def __del__(self):
+ if self.file:
+ self.file.close()
+
+class EfiPeCoff:
+ ''' class to abstract PE/COFF walking'''
+
+ # PE/COFF class definitions
+
+ #
+ # typedef struct {
+ # UINT32 VirtualAddress;
+ # UINT32 Size;
+ # } EFI_IMAGE_DATA_DIRECTORY;
+ #
+ # typedef struct {
+ # UINT16 Signature; ///< The signature for TE format = "VZ".
+ # UINT16 Machine; ///< From the original file header.
+ # UINT8 NumberOfSections; ///< From the original file header.
+ # UINT8 Subsystem; ///< From original optional header.
+ # UINT16 StrippedSize; ///< Number of bytes we removed from the header.
+ # UINT32 AddressOfEntryPoint; ///< Offset to entry point -- from original optional header.
+ # UINT32 BaseOfCode; ///< From original image -- required for ITP debug.
+ # UINT64 ImageBase; ///< From original file header.
+ # EFI_IMAGE_DATA_DIRECTORY DataDirectory[2]; ///< Only base relocation and debug directory.
+ # } EFI_TE_IMAGE_HEADER;
+ #
+
+ EFI_TE_IMAGE_HEADER_fmt = '<HHBBHLLQLLLL'
+ TeHdrLength = struct.calcsize(EFI_TE_IMAGE_HEADER_fmt)
+ EFI_TE_IMAGE_HEADER_tuple = 'Signature Machine NumberOfSections Subsystem StrippedSize AddressOfEntryPoint BaseOfCode ImageBase DataDirVirt_Reloc DataDirSize_Reloc DataDirVirt_Debug DataDirSize_Debug'
+ EFI_TE_IMAGE_HEADER = collections.namedtuple ('EFI_TE_IMAGE_HEADER', EFI_TE_IMAGE_HEADER_tuple)
+
+ EFI_IMAGE_NT_SIGNATURE = 0x00004550
+ #
+ # ///
+ # /// PE images can start with an optional DOS header, so if an image is run
+ # /// under DOS it can print an error message.
+ # ///
+ # typedef struct {
+ # UINT16 e_magic; ///< Magic number.
+ # UINT16 e_cblp; ///< Bytes on last page of file.
+ # UINT16 e_cp; ///< Pages in file.
+ # UINT16 e_crlc; ///< Relocations.
+ # UINT16 e_cparhdr; ///< Size of header in paragraphs.
+ # UINT16 e_minalloc; ///< Minimum extra paragraphs needed.
+ # UINT16 e_maxalloc; ///< Maximum extra paragraphs needed.
+ # UINT16 e_ss; ///< Initial (relative) SS value.
+ # UINT16 e_sp; ///< Initial SP value.
+ # UINT16 e_csum; ///< Checksum.
+ # UINT16 e_ip; ///< Initial IP value.
+ # UINT16 e_cs; ///< Initial (relative) CS value.
+ # UINT16 e_lfarlc; ///< File address of relocation table.
+ # UINT16 e_ovno; ///< Overlay number.
+ # UINT16 e_res[4]; ///< Reserved words.
+ # UINT16 e_oemid; ///< OEM identifier (for e_oeminfo).
+ # UINT16 e_oeminfo; ///< OEM information; e_oemid specific.
+ # UINT16 e_res2[10]; ///< Reserved words.
+ # UINT32 e_lfanew; ///< File address of new exe header.
+ # } EFI_IMAGE_DOS_HEADER;
+ #
+
+ # cheat as 58s is really e_cblp -> e_res2[10]
+ EFI_IMAGE_DOS_HEADER_fmt = '<H58sI'
+ DosHdrLength = struct.calcsize(EFI_IMAGE_DOS_HEADER_fmt)
+ EFI_IMAGE_DOS_HEADER_tuple = 'e_magic e_ignore e_lfanew'
+ EFI_IMAGE_DOS_HEADER = collections.namedtuple ('EFI_IMAGE_DOS_HEADER', EFI_IMAGE_DOS_HEADER_tuple)
+
+ #define EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES 16
+ #
+ # ///
+ # /// @attention
+ # /// EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC means PE32 and
+ # /// EFI_IMAGE_OPTIONAL_HEADER32 must be used. The data structures only vary
+ # /// after NT additional fields.
+ # ///
+ EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10b
+ #
+ # UINT32 Signature;
+ # typedef struct {
+ # UINT16 Machine;
+ # UINT16 NumberOfSections;
+ # UINT32 TimeDateStamp;
+ # UINT32 PointerToSymbolTable;
+ # UINT32 NumberOfSymbols;
+ # UINT16 SizeOfOptionalHeader;
+ # UINT16 Characteristics;
+ # } EFI_IMAGE_FILE_HEADER;
+ # ///
+ # /// Optional Header Standard Fields for PE32.
+ # ///
+ # typedef struct {
+ # ///
+ # /// Standard fields.
+ # ///
+ # UINT16 Magic;
+ # UINT8 MajorLinkerVersion;
+ # UINT8 MinorLinkerVersion;
+ # UINT32 SizeOfCode;
+ # UINT32 SizeOfInitializedData;
+ # UINT32 SizeOfUninitializedData;
+ # UINT32 AddressOfEntryPoint;
+ # UINT32 BaseOfCode;
+ # UINT32 BaseOfData; ///< PE32 contains this additional field, which is absent in PE32+.
+ # ///
+ # /// Optional Header Windows-Specific Fields.
+ # ///
+ # UINT32 ImageBase;
+ # UINT32 SectionAlignment;
+ # UINT32 FileAlignment;
+ # UINT16 MajorOperatingSystemVersion;
+ # UINT16 MinorOperatingSystemVersion;
+ # UINT16 MajorImageVersion;
+ # UINT16 MinorImageVersion;
+ # UINT16 MajorSubsystemVersion;
+ # UINT16 MinorSubsystemVersion;
+ # UINT32 Win32VersionValue;
+ # UINT32 SizeOfImage;
+ # UINT32 SizeOfHeaders;
+ # UINT32 Checksum;
+ # UINT16 Subsystem;
+ # UINT16 DllCharacteristics;
+ # UINT32 SizeOfStackReserve;
+ # UINT32 SizeOfStackCommit;
+ # UINT32 SizeOfHeapReserve;
+ # UINT32 SizeOfHeapCommit;
+ # UINT32 LoaderFlags;
+ # UINT32 NumberOfRvaAndSizes;
+ # EFI_IMAGE_DATA_DIRECTORY DataDirectory[EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES];
+ # } EFI_IMAGE_OPTIONAL_HEADER32;
+ #
+
+ EFI_IMAGE_DATA_DIRECTORY_tuple = '''
+ DataDirVirt_Export DataDirSize_Export
+ DataDirVirt_Import DataDirSize_Import
+ DataDirVirt_Resource DataDirSize_Resource
+ DataDirVirt_Exception DataDirSize_Exception
+ DataDirVirt_Security DataDirSize_Security
+ DataDirVirt_Reloc DataDirSize_Reloc
+ DataDirVirt_Debug DataDirSize_Debug
+ DataDir7Virt DataDir7Size
+ DataDir8Virt DataDir8Size
+ DataDir9Virt DataDir9Size
+ DataDir10Virt DataDir10Size
+ DataDir11Virt DataDir11Size
+ DataDir12Virt DataDir12Size
+ DataDir13Virt DataDir13Size
+ DataDir14Virt DataDir14Size
+ DataDir15Virt DataDir15Size
+ '''
+
+
+ EFI_IMAGE_OPTIONAL_HEADER32_fmt = '<IHHIIIHHHBBIIIIIIIIIHHHHHHIIIIHHIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII'
+ OptionalHeader32Length = struct.calcsize(EFI_IMAGE_OPTIONAL_HEADER32_fmt)
+ EFI_IMAGE_OPTIONAL_HEADER32_tuple = '''
+ Signature
+ Machine
+ NumberOfSections
+ TimeDateStamp
+ PointerToSymbolTable
+ NumberOfSymbols
+ SizeOfOptionalHeader
+ Characteristics
+ Magic
+ MajorLinkerVersion
+ MinorLinkerVersion
+ SizeOfCode
+ SizeOfInitializedData
+ SizeOfUninitializedData
+ AddressOfEntryPoint
+ BaseOfCode
+ BaseOfData
+ ImageBase
+ SectionAlignment
+ FileAlignment
+ MajorOperatingSystemVersion
+ MinorOperatingSystemVersion
+ MajorImageVersion
+ MinorImageVersion
+ MajorSubsystemVersion
+ MinorSubsystemVersion
+ Win32VersionValue
+ SizeOfImage
+ SizeOfHeaders
+ Checksum
+ Subsystem
+ DllCharacteristics
+ SizeOfStackReserve
+ SizeOfStackCommit
+ SizeOfHeapReserve
+ SizeOfHeapCommit
+ LoaderFlags
+ NumberOfRvaAndSizes
+ ''' + EFI_IMAGE_DATA_DIRECTORY_tuple
+ EFI_IMAGE_OPTIONAL_HEADER32 = collections.namedtuple ('EFI_IMAGE_OPTIONAL_HEADER32', EFI_IMAGE_OPTIONAL_HEADER32_tuple)
+
+
+ #
+ # ///
+ # /// @attention
+ # /// EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC means PE32+ and
+ # /// EFI_IMAGE_OPTIONAL_HEADER64 must be used. The data structures only vary
+ # /// after NT additional fields.
+ # ///
+ EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20b
+ #
+ # ///
+ # /// Optional Header Standard Fields for PE32+.
+ # ///
+
+
+ # UINT32 Signature;
+ # typedef struct {
+ # UINT16 Machine;
+ # UINT16 NumberOfSections;
+ # UINT32 TimeDateStamp;
+ # UINT32 PointerToSymbolTable;
+ # UINT32 NumberOfSymbols;
+ # UINT16 SizeOfOptionalHeader;
+ # UINT16 Characteristics;
+ # } EFI_IMAGE_FILE_HEADER;
+ # ///
+ # /// COFF File Header (Object and Image).
+ # ///
+ # typedef struct {
+ # ///
+ # /// Standard fields.
+ # ///
+ # UINT16 Magic;
+ # UINT8 MajorLinkerVersion;
+ # UINT8 MinorLinkerVersion;
+ # UINT32 SizeOfCode;
+ # UINT32 SizeOfInitializedData;
+ # UINT32 SizeOfUninitializedData;
+ # UINT32 AddressOfEntryPoint;
+ # UINT32 BaseOfCode;
+ # ///
+ # /// Optional Header Windows-Specific Fields.
+ # ///
+ # UINT64 ImageBase;
+ # UINT32 SectionAlignment;
+ # UINT32 FileAlignment;
+ # UINT16 MajorOperatingSystemVersion;
+ # UINT16 MinorOperatingSystemVersion;
+ # UINT16 MajorImageVersion;
+ # UINT16 MinorImageVersion;
+ # UINT16 MajorSubsystemVersion;
+ # UINT16 MinorSubsystemVersion;
+ # UINT32 Win32VersionValue;
+ # UINT32 SizeOfImage;
+ # UINT32 SizeOfHeaders;
+ # UINT32 Checksum;
+ # UINT16 Subsystem;
+ # UINT16 DllCharacteristics;
+ # UINT64 SizeOfStackReserve;
+ # UINT64 SizeOfStackCommit;
+ # UINT64 SizeOfHeapReserve;
+ # UINT64 SizeOfHeapCommit;
+ # UINT32 LoaderFlags;
+ # UINT32 NumberOfRvaAndSizes;
+ # EFI_IMAGE_DATA_DIRECTORY DataDirectory[EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES];
+ # } EFI_IMAGE_OPTIONAL_HEADER64;
+ #
+
+ EFI_IMAGE_OPTIONAL_HEADER64_fmt = '<IHHIIIHHHBBIIIIIQIIHHHHHHIIIIHHQQQQIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII'
+ OptionalHeader64Length = struct.calcsize(EFI_IMAGE_OPTIONAL_HEADER64_fmt)
+ EFI_IMAGE_OPTIONAL_HEADER64_tuple = '''
+ Signature
+ Machine
+ NumberOfSections
+ TimeDateStamp
+ PointerToSymbolTable
+ NumberOfSymbols
+ SizeOfOptionalHeader
+ Characteristics
+ Magic
+ MajorLinkerVersion
+ MinorLinkerVersion
+ SizeOfCode
+ SizeOfInitializedData
+ SizeOfUninitializedData
+ AddressOfEntryPoint
+ BaseOfCode
+ ImageBase
+ SectionAlignment
+ FileAlignment
+ MajorOperatingSystemVersion
+ MinorOperatingSystemVersion
+ MajorImageVersion
+ MinorImageVersion
+ MajorSubsystemVersion
+ MinorSubsystemVersion
+ Win32VersionValue
+ SizeOfImage
+ SizeOfHeaders
+ Checksum
+ Subsystem
+ DllCharacteristics
+ SizeOfStackReserve
+ SizeOfStackCommit
+ SizeOfHeapReserve
+ SizeOfHeapCommit
+ LoaderFlags
+ NumberOfRvaAndSizes
+ ''' + EFI_IMAGE_DATA_DIRECTORY_tuple
+ EFI_IMAGE_OPTIONAL_HEADER64 = collections.namedtuple ('EFI_IMAGE_OPTIONAL_HEADER64', EFI_IMAGE_OPTIONAL_HEADER64_tuple)
+
+ #
+ # #define EFI_IMAGE_SIZEOF_SHORT_NAME 8
+ #
+ # ///
+ # /// Section Table. This table immediately follows the optional header.
+ # ///
+ # typedef struct {
+ # UINT8 Name[EFI_IMAGE_SIZEOF_SHORT_NAME];
+ # union {
+ # UINT32 PhysicalAddress;
+ # UINT32 VirtualSize;
+ # } Misc;
+ # UINT32 VirtualAddress;
+ # UINT32 SizeOfRawData;
+ # UINT32 PointerToRawData;
+ # UINT32 PointerToRelocations;
+ # UINT32 PointerToLinenumbers;
+ # UINT16 NumberOfRelocations;
+ # UINT16 NumberOfLinenumbers;
+ # UINT32 Characteristics;
+ # } EFI_IMAGE_SECTION_HEADER;
+ #
+
+ EFI_IMAGE_SECTION_HEADER_fmt = '<QIIIIIIHHI'
+ PeCoffSectionLength = struct.calcsize(EFI_IMAGE_SECTION_HEADER_fmt)
+ EFI_IMAGE_SECTION_HEADER_tuple = 'Name VirtualSize VirtualAddress SizeOfRawData PointerToRawData PointerToRelocations PointerToLinenumbers NumberOfRelocations NumberOfLinenumbers Characteristics'
+ EFI_IMAGE_SECTION_HEADER = collections.namedtuple ('EFI_IMAGE_SECTION_HEADER', EFI_IMAGE_SECTION_HEADER_tuple)
+
+ #
+ # ///
+ # /// Debug Directory Format.
+ # ///
+ # typedef struct {
+ # UINT32 Characteristics;
+ # UINT32 TimeDateStamp;
+ # UINT16 MajorVersion;
+ # UINT16 MinorVersion;
+ # UINT32 Type;
+ # UINT32 SizeOfData;
+ # UINT32 RVA; ///< The address of the debug data when loaded, relative to the image base.
+ # UINT32 FileOffset; ///< The file pointer to the debug data.
+ # } EFI_IMAGE_DEBUG_DIRECTORY_ENTRY;
+ #
+
+ EFI_IMAGE_DEBUG_DIRECTORY_ENTRY_fmt = '<IIHHIIII'
+ EFI_IMAGE_DEBUG_DIRECTORY_ENTRY_tuple = 'Characteristics TimeDateStamp MajorVersion MinorVersion Type SizeOfData RVA FileOffset'
+ EFI_IMAGE_DEBUG_DIRECTORY_ENTRY = collections.namedtuple ('EFI_IMAGE_DEBUG_DIRECTORY_ENTRY', EFI_IMAGE_DEBUG_DIRECTORY_ENTRY_tuple)
+
+ ##define CODEVIEW_SIGNATURE_MTOC SIGNATURE_32('M', 'T', 'O', 'C')
+ #typedef struct {
+ # UINT32 Signature; ///< "MTOC".
+ # GUID MachOUuid;
+ # //
+ # // Filename of .DLL (Mach-O with debug info) goes here
+ # //
+ #} EFI_IMAGE_DEBUG_CODEVIEW_MTOC_ENTRY;
+
+ #typedef struct {
+ # UINT32 Data1;
+ # UINT16 Data2;
+ # UINT16 Data3;
+ # UINT8 Data4[8];
+ #} GUID;
+
+ EFI_GUID_fmt = '<IHHBBBBBBBB'
+
+ # typedef struct {
+ # UINT32 VirtualAddress;
+ # UINT32 SizeOfBlock;
+ # } EFI_IMAGE_BASE_RELOCATION;
+
+ EFI_IMAGE_BASE_RELOCATION_fmt = '<II'
+ BaseRelocationLength = struct.calcsize(EFI_IMAGE_BASE_RELOCATION_fmt)
+
+ # ///
+ # /// The WIN_CERTIFICATE structure is part of the PE/COFF specification.
+ # ///
+ # typedef struct {
+ # ///
+ # /// The length of the entire certificate,
+ # /// including the length of the header, in bytes.
+ # ///
+ # UINT32 dwLength;
+ # ///
+ # /// The revision level of the WIN_CERTIFICATE
+ # /// structure. The current revision level is 0x0200.
+ # ///
+ # UINT16 wRevision;
+ # ///
+ # /// The certificate type. See WIN_CERT_TYPE_xxx for the UEFI
+ # /// certificate types. The UEFI specification reserves the range of
+ # /// certificate type values from 0x0EF0 to 0x0EFF.
+ # ///
+ # UINT16 wCertificateType;
+ # ///
+ # /// The following is the actual certificate. The format of
+ # /// the certificate depends on wCertificateType.
+ # ///
+ # /// UINT8 bCertificate[ANYSIZE_ARRAY];
+ # ///
+ # } WIN_CERTIFICATE;
+
+ WIN_CERTIFICATE_fmt = "<IHH"
+ WinCertLength = struct.calcsize(WIN_CERTIFICATE_fmt)
+
+ def __init__(self, readAbstraction, address = 0):
+ self.f = ReadOnlyFile(readAbstraction, address)
+ # ( ImageType: 'TE'/'PE32'/'PE32+'
+ # OptionalHeaderCollection: Optional Header and Data Directory
+ # HeaderFormat: in struct.Struct() form
+ # TeOffset
+ # HeaderSize)
+ self.PeHdr = None
+ self.TeHdr = None
+ self.TeAdjust = 0
+
+ self.PeCoffType = ''
+ self.MachineType = ''
+ self.PeHdrFmt = None
+ self.PeSections = 0
+ self.FvSection = False
+ self.ZeroList = []
+ self.PeCoffHdrRead ()
+
+ def TeHdrTuple (self, offset=0):
+ data = self.f.Read (EfiPeCoff.TeHdrLength,offset)
+ TeHdr = EfiPeCoff.EFI_TE_IMAGE_HEADER._make (struct.Struct(EfiPeCoff.EFI_TE_IMAGE_HEADER_fmt).unpack_from (data))
+ return (TeHdr, EfiPeCoff.TeHdrLength - TeHdr.StrippedSize)
+
+ def DosHdrTuple (self, offset=0):
+ data = self.f.Read(EfiPeCoff.DosHdrLength,offset)
+ return EfiPeCoff.EFI_IMAGE_DOS_HEADER._make (struct.unpack_from(EfiPeCoff.EFI_IMAGE_DOS_HEADER_fmt, data))
+
+ ImageFileMachine = {
+ 0x014c : "IA32",
+ 0x0200 : "IPF",
+ 0x0EBC : "EBC",
+ 0x8664 : "X64",
+ 0x01c2 : "ARM",
+ 0xAA64 : "AArch64",
+ }
+
+ def PeCoffHdrRead (self):
+ # Test for FV Section (*.te build output)
+ image = self.f.Read(4, 0)
+ if image[0:2] == 'MZ' or image[0:2] == 'VZ' or image[0:4] == 'PE\0\0':
+ offset = 0
+ else:
+ offset = 4
+ self.FvSection = True
+
+ image = self.f.Read(2, offset)
+ if image[0:2] == 'MZ':
+ # PE/COFF starts with DOS Header
+ DosHdr = self.DosHdrTuple (offset)
+ offset += DosHdr.e_lfanew
+ elif image[0:2] == 'VZ':
+ # PE/COFF starts with TE Header
+ self.TeHdr, self.TeAdjust = self.TeHdrTuple (offset)
+ self.PeCoffType = "TE"
+ self.MachineType = self.ImageFileMachine.get (self.TeHdr.Machine, 'Unknown')
+ self.PeSections = EfiPeCoff.TeHdrLength
+
+ data = self.f.Read(EfiPeCoff.TeHdrLength, offset)
+ self.PeHdrFmt = EfiPeCoff.EFI_TE_IMAGE_HEADER_fmt
+ return
+ else:
+ # PE/COFF starts with PE/COFF header
+ offset = 0
+
+ image = self.f.Read(4, offset)
+ if image[0:4] != 'PE\0\0':
+ print "Bad PE/COFF Signature = %4s" % image
+ return ("Unknown", None, "", 0, 0)
+
+ # Check the magic to figure out if 32 or 64 bit PE/COFF
+ (Magic,) = struct.unpack_from ('<H', self.f.Read(2, offset+24))
+ if Magic == EfiPeCoff.EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC:
+ data = self.f.Read(EfiPeCoff.OptionalHeader32Length, offset)
+ self.PeHdr = EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER32._make (struct.Struct(EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER32_fmt).unpack_from (data))
+ self.PeCoffType = "PE32"
+ self.PeHdrFmt = EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER32_fmt
+
+ # TimeDateStamp: Offset, size
+ self.ZeroList.append([offset + struct.calcsize(EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER32_fmt[0:4]), 4])
+ # Checksum: Offset, size
+ self.ZeroList.append([offset + struct.calcsize(EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER32_fmt[0:29]), 4])
+ elif Magic == EfiPeCoff.EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC:
+ data = self.f.Read(EfiPeCoff.OptionalHeader64Length, offset)
+ self.PeHdr = EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER64._make (struct.Struct(EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER64_fmt).unpack_from (data))
+ self.PeCoffType = "PE32+"
+ self.PeHdrFmt = EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER64_fmt
+
+ # TimeDateStamp: Offset, size
+ self.ZeroList.append([offset + struct.calcsize(EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER64_fmt[0:4]), 4])
+ # Checksum: Offset, size
+ self.ZeroList.append([offset + struct.calcsize(EfiPeCoff.EFI_IMAGE_OPTIONAL_HEADER64_fmt[0:29]), 4])
+ else:
+ print "Unknown Magic 0x%02x" % Magic
+ return ("Unknown", None, "", 0, 0)
+
+ self.MachineType = self.ImageFileMachine.get (self.PeHdr.Machine, 'Unknown')
+
+ # ImageContext->PeCoffHeaderOffset + sizeof (UINT32) + sizeof (EFI_IMAGE_FILE_HEADER) + Hdr.Pe32->FileHeader.SizeOfOptionalHeader;
+ self.PeSections = offset + 4 + 20 + self.PeHdr.SizeOfOptionalHeader
+
+ def PeCoffDumpHdr (self):
+ PeHdr = self.PeHdr if self.TeHdr is None else self.TeHdr
+ Width = max (len (s) for s in PeHdr._fields)
+ return "\n".join('{0} = {1:#0{2}x}'.format(s.ljust(Width), getattr(PeHdr, s), FmtStrToWidth(self.PeHdrFmt[i+1])+2) for i, s in enumerate (PeHdr._fields))
+
+ def PeCoffZeroInfo (self):
+ # Return the files offsets and number of bytes that need to get zero'ed
+ return self.ZeroList
+
+ def NumberOfSections (self):
+ if self.PeHdr is not None:
+ return self.PeHdr.NumberOfSections
+ elif self.TeHdr is not None:
+ return self.TeHdr.NumberOfSections
+ else:
+ return 0
+
+ def PeCoffGetSection (self, index):
+ offset = self.PeSections + (index * EfiPeCoff.PeCoffSectionLength)
+ data = self.f.Read(EfiPeCoff.PeCoffSectionLength, offset)
+ return (data[0:8].split('\x00')[0], EfiPeCoff.EFI_IMAGE_SECTION_HEADER._make (struct.Struct(EfiPeCoff.EFI_IMAGE_SECTION_HEADER_fmt).unpack_from (data)))
+
+ def PeCoffDumpSectionHdr (self, Name, Section):
+ Width = max (len (s) for s in Section._fields)
+ result = ''
+ for i, s in enumerate (Section._fields):
+ result += '{0} = '.format(s.ljust(Width))
+ if i == 0 and Name != '':
+ # print name as a string, not a hex value
+ result += Name + '\n'
+ else:
+ result += '{0:#0{1}x}\n'.format(getattr(Section, s), FmtStrToWidth(EfiPeCoff.EFI_IMAGE_SECTION_HEADER_fmt[i+1])+2)
+
+ return result
+
+ def PeCoffDumpSection (self, Name, Section):
+ data = self.f.Read (Section.SizeOfRawData, Section.VirtualAddress)
+ result = []
+ Address = Section.VirtualAddress
+ for i in xrange (0, Section.SizeOfRawData, 16):
+ HexStr = ' '.join(["%02X"%ord(x) for x in data[i:i+16]])
+ TextStr = ''.join([x if 0x20 <= ord(x) < 0x7F else b'.' for x in data[i:i+16]])
+ result.append("%08X %-*s |%s|\n" % (Address + i, 16*3, HexStr, TextStr))
+
+ return ''.join(result)
+
+
+ def PeCoffGetPdePointer (self, DebugEntry = 0, DebugEntrySize = 0, adjust = 0):
+ #
+ if DebugEntrySize == 0:
+ if self.PeHdr is not None:
+ DebugEntry = self.PeHdr.DataDirVirt_Debug
+ DebugEntrySize = self.PeHdr.DataDirSize_Debug
+ elif self.TeHdr is not None:
+ DebugEntry = self.TeHdr.DataDirVirt_Debug
+ DebugEntrySize = self.TeHdr.DataDirSize_Debug
+ adjust = self.TeAdjust
+ else:
+ return ('','')
+
+ offset = DebugEntry + adjust
+ data = self.f.Read(DebugEntrySize, offset)
+ DirectoryEntry = EfiPeCoff.EFI_IMAGE_DEBUG_DIRECTORY_ENTRY._make (struct.Struct(EfiPeCoff.EFI_IMAGE_DEBUG_DIRECTORY_ENTRY_fmt).unpack_from (data))
+ offset = DirectoryEntry.FileOffset + adjust
+
+ data = self.f.Read(4, offset)
+ guid = ''
+ if data == 'MTOC':
+ data = self.f.Read(16)
+ tup = struct.unpack (EfiPeCoff.EFI_GUID_fmt, data)
+ guid = '{:08X}-{:04X}-{:04X}-{:02X}{:02X}-{:02X}{:02X}{:02X}{:02X}{:02X}{:02X}'.format(*tup)
+ Str = self.f.ReadCString ()
+ elif data == 'NB10':
+ Str = self.f.ReadCString (offset + 16)
+ elif data == 'RSDS':
+ Str = self.f.ReadCString (offset + 24)
+ else:
+ Str = "\x00"
+
+
+ # Python is more that happy to print out a NULL
+ return (Str.split('\x00')[0], guid)
+
+ def PeCoffDumpRelocations (self, offset, size):
+ data = self.f.Read(size, offset)
+ base = 0
+ baseEnd = size - EfiPeCoff.BaseRelocationLength
+ value = ''
+ while base < baseEnd:
+ (VirtualAddress, SizeOfBlock) = struct.unpack_from (EfiPeCoff.EFI_IMAGE_BASE_RELOCATION_fmt, data[base:base + EfiPeCoff.BaseRelocationLength])
+ if SizeOfBlock == 0 or SizeOfBlock > size:
+ break
+ reloc = base + EfiPeCoff.BaseRelocationLength
+ relocEnd = base + SizeOfBlock
+ value += '0x%08x SizeOfBlock 0x%x\n' % (VirtualAddress, SizeOfBlock)
+ while reloc < relocEnd:
+ rel, = struct.unpack_from ('<H', data[reloc:reloc+2])
+ value += ' 0x%04x 0x%x\n' % ((rel & 0xFFF), rel >> 12, )
+ reloc += 2
+
+ base = relocEnd
+ return value
+
+ def PeCoffDumpCert (self, offset, size):
+ data = self.f.Read(size, offset)
+ value = '\n'
+ if size > 8:
+ (dwLength, wRevision, wCertificateType) = struct.unpack_from (EfiPeCoff.WIN_CERTIFICATE_fmt, data)
+ value += "dwLength = 0x%04x wRevision = 0x%02x wCertificateType = 0x%02x\n" % (dwLength, wRevision, wCertificateType)
+ # UEFI Scheme
+ for i in range(struct.calcsize(EfiPeCoff.WIN_CERTIFICATE_fmt), size, 0x10):
+ value += "0x{:04x}:".format(i),
+ value += " ".join("{:02x}".format(ord(c)) for c in data[i:i+0x10])
+ value += '\n'
+ else:
+ # Loki Scheme
+ start = 0
+ while start < size:
+ (VirtualAddress, SizeOfBlock) = struct.unpack_from (EfiPeCoff.EFI_IMAGE_BASE_RELOCATION_fmt, data[start: start + struct.calcsize(EfiPeCoff.EFI_IMAGE_BASE_RELOCATION_fmt)])
+ start += struct.calcsize(EfiPeCoff.EFI_IMAGE_BASE_RELOCATION_fmt)
+ value += "CERT: 0x%X size 0x%x\n" % (VirtualAddress, SizeOfBlock)
+ cert = self.f.Read(SizeOfBlock, VirtualAddress)
+ for i in range(0, SizeOfBlock, 0x10):
+ value += "0x{:04x}:".format(i)
+ value += " ".join("{:02x}".format(ord(c)) for c in cert[i:i+0x10])
+ value += '\n'
+ return value
+
+ def __str__(self):
+ return self.PeCoffDumpHdr()
+
+def FmtStrToWidth (c):
+ c = c.upper()
+ if c== 'B':
+ return 1*2
+ if c== 'H':
+ return 2*2
+ if c== 'I' or c=='L':
+ return 4*2
+ if c== 'Q':
+ return 8*2
+ return 0
+
+#define EFI_FAT_BINARY_MAGIC 0x0ef1fab9
+
+# typedef struct _EFI_FAT_BINARY_HEADER {
+# UINT32 magic; /* FAT_MAGIC */
+# UINT32 nfat_arch; /* number of structs that follow */
+# } EFI_FAT_BINARY_HEADER;
+
+# typedef struct _EFI_FAT_BINARY_ARCH {
+# UINT32 cputype; /* cpu specifier (int) */
+# UINT32 cpusubtype; /* machine specifier (int) */
+# UINT32 offset; /* file offset to this object file */
+# UINT32 size; /* size of this object file */
+# UINT32 align; /* alignment as a power of 2 */
+# } EFI_FAT_BINARY_ARCH;
+
+EFI_FAT_BINARY_ARCH_fmt = '<IIIII'
+
+fatCpuType = {
+ 0x01000007: 'x86_64 (X64)',
+ 0x00000007: 'i386 (Ia32)',
+ 0x0000000C: 'ARM (Arm)',
+ 0x0100000C: 'ARM64 (AArch64)',
+}
+
+def CheckForFatBinary (f):
+ '''Return a list of PE/COFF binary objects, from a file object.
+ '''
+ fatEntry = 4 + 4
+ data = f.read(fatEntry)
+ (magic, nfat_arch) = struct.unpack_from ('<II', data)
+ if magic == 0x0ef1fab9:
+ res = []
+ for i in range (nfat_arch):
+ f.seek(fatEntry)
+ fatEntry += struct.calcsize(EFI_FAT_BINARY_ARCH_fmt)
+ data = f.read(struct.calcsize(EFI_FAT_BINARY_ARCH_fmt))
+ (cputype, cpusubtype, offset, size, align) = struct.unpack_from (EFI_FAT_BINARY_ARCH_fmt, data)
+ f.seek(offset)
+ res.append((EfiPeCoff(f.read (size)), "FAT Binary of type %s: offset 0x%x size 0x%x alignment 0x%x" % (fatCpuType.get(cputype, 'Unknown'), offset, size, align)))
+ else:
+ # entire file is a PE/COFF image
+ f.seek(0)
+ res = [(EfiPeCoff(f.read()), "")]
+ return res
+
+if __name__ == "__main__":
+ usage = "usage: %prog [options] PECOFF_FILE"
+ parser = optparse.OptionParser(usage=usage)
+ parser.add_option('-r', '--relocations', action='store_true', dest='relocation', help='display relocation info', default=False)
+ parser.add_option('-c', '--cert', action='store_true', dest='cert', help='display security cert info', default=False)
+ parser.add_option('-s', '--section', type=str, dest='section', help='dump info on a section', default='')
+ parser.add_option('-z', '--zero', action='store_true', dest='zero', help='Zero out fields to enable build reproducibility', default=False)
+ (options, args) = parser.parse_args(sys.argv)
+
+ if len(args) <= 1:
+ parser.print_help()
+ sys.exit(-1)
+
+ with open(args[1], "rb" if not options.zero else "r+b") as f:
+ for (pecoff, description) in CheckForFatBinary (f):
+ if not options.zero:
+ if description != '':
+ print description
+
+ print "%s is a %s:%s image%s" % (args[1], pecoff.PeCoffType, pecoff.MachineType, ' wrapped in FV Section:' if pecoff.FvSection else ':')
+ if pecoff.PeCoffType == '':
+ sys.exit(-1)
+
+ # print header
+ print pecoff.PeCoffDumpHdr()
+ print
+ print "\nSections:"
+ for i in range (0, pecoff.NumberOfSections()):
+ (Name, Section) = pecoff.PeCoffGetSection (i)
+ print pecoff.PeCoffDumpSectionHdr (Name, Section)
+ print
+
+ if '.reloc' in Name and options.relocation:
+ print pecoff.PeCoffDumpRelocations (Section.PointerToRawData, Section.VirtualSize)
+
+ elif '.debug' in Name:
+ (PdbPointer, Guid) = pecoff.PeCoffGetPdePointer ()
+ if Guid == '':
+ print "PdbPointer:{0}\n".format(PdbPointer)
+ else:
+ print "PdbPointer (Mach-O symbol file):{0}\n (Mach-O UUID): {1}".format(PdbPointer, Guid)
+
+ if options.section in Name and options.section != '':
+ print pecoff.PeCoffDumpSection(Name, Section)
+
+ if options.cert:
+ print pecoff.PeCoffDumpCert (pecoff.PeHdr.DataDirVirt_Security, pecoff.PeHdr.DataDirSize_Security)
+
+ else:
+ # this is necessary to find the 'zero list' entries for the debug section
+ for i in range (0, pecoff.NumberOfSections()):
+ (Name, Section) = pecoff.PeCoffGetSection (i)
+
+ if Section.SizeOfRawData > Section.VirtualSize:
+ sizeDiff = Section.SizeOfRawData - Section.VirtualSize
+ offset = pecoff.TeAdjust + Section.PointerToRawData + Section.SizeOfRawData - sizeDiff
+ pecoff.ZeroList.append( [offset, sizeDiff] )
+
+ # The .debug section also contains a timestamp
+ if '.debug' in Name:
+ pecoff.ZeroList.append([pecoff.TeAdjust + Section.PointerToRawData + struct.calcsize(EfiPeCoff.EFI_IMAGE_DEBUG_DIRECTORY_ENTRY_fmt[0:2]), 4])
+
+ for patch, size in pecoff.PeCoffZeroInfo():
+ #print 'patching 0x%x for 0x%x bytes' % (patch, size)
+ if patch != 0:
+ if size == -1:
+ # -1 means to the end of the file
+ f.seek(0,2)
+ size = f.tell() - patch
+ f.seek(patch)
+ f.write(bytearray(size))
+
projects / apple / ld64.git / commitdiff
