Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support MinGW PE DWARF sections #1267

Closed
aerosoul94 opened this issue Nov 20, 2019 · 2 comments
Closed

Support MinGW PE DWARF sections #1267

aerosoul94 opened this issue Nov 20, 2019 · 2 comments
Assignees
@dev747368
Labels
Feature: DWARF Feature: Loader/PE
Milestone
10.1

Comments

@aerosoul94
Copy link
Contributor

aerosoul94 commented Nov 20, 2019
edited

Is your feature request related to a problem? Please describe.
MinGW produces PE's with DWARF debug information. The DWARF analyzer is unable to detect those sections and thus the analyzer is made unavailable under the list of analyzers.

Describe the solution you'd like
Enable DWARF analyzer for MinGW PE's.

Describe alternatives you've considered
I was able to get the DWARF analyzer to detect and fully parse the DWARF debug information, however it may need some more work, so I decided to create an issue for it instead.

Additional context

  • The DWARF analyzer cannot find the debug sections as it relies on finding sections matching those of DWARFSectionNames.MINIMAL_DWARF_SECTIONS. The PE does contain those sections however they are not found as the current PE loader does not correctly handle section names. Currently it only reads the name stored in the Name field in the SectionHeader structure (e.g. /14, /29), when it needs to also handle reading names from the string table. Here is a quote from Microsoft's documentation on the PE file format:

    For longer names, this field contains a slash (/) that is followed by an ASCII representation of a decimal number that is an offset into the string table.

    Source: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#section-table-section-headers

  • The DWARF parser uses the memory block size to determine the ending of the debug info in the .debug_info section. The problem is that the PE loader aligns memory blocks with padding while the actual size of the debug info is that of VirtualSize. Once the DWARF parser reaches the padding, it mistakenly reads it as a compilation unit, and then reads into the next memory block, eventually throwing an exception in DWARFCompilationUnit.readCompilationUnit(). This may conflict with #418.

Sample: helloworld.zip
@aerosoul94 aerosoul94 changed the title Support MinGW DWARF sections Support MinGW PE DWARF sections Nov 20, 2019
@astrelsky
Copy link
Contributor

It seems most of the windows analyzers canAnalyze methods are a bit faulty. They assume they can work just because it is a PE binary. The two I know of off the top of my head are PDB and the Windows RTTI Analyzer. These should only be available if the compiler was determined to be visual studio.

@dev747368 dev747368 self-assigned this Nov 21, 2019
@ryanmkurtz ryanmkurtz added this to the 10.1 milestone Aug 5, 2021
@dev747368
Copy link
Collaborator

reopening, c60e595 only addresses a portion of this issue.

@dev747368 dev747368 reopened this Aug 9, 2021
@ryanmkurtz ryanmkurtz mentioned this issue Feb 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dev747368 dev747368

Labels
Feature: DWARF Feature: Loader/PE
Projects
None yet
Milestone
10.1
Development

No branches or pull requests
4 participants
@ryanmkurtz @aerosoul94 @astrelsky @dev747368