I have written a routine to dump the symbols and sections from a DLL loaded with LoadLibrary
but not sure how to decode MinGW DLLs that have section names that are longer than IMAGE_SIZEOF_SHORT_NAME
For example, a MinGW DLL outputs the follwing sections if I print them as strings:
[".text", ".data", ".rdata", ".pdata", ".xdata", ".bss", ".edata", ".idata",
".CRT", ".tls", ".reloc", "/4", "/19", "/31", "/45", "/57", "/70", "/81",
"/92"]
The other sections as objdump.exe
gets them:
.debug_aranges
.debug_info
.debug_abbrev
.debug_line
.debug_frame
.debug_str
.debug_loc
.debug_ranges
Which are all longer than IMAGE_SIZEOF_SHORT_NAME
. MSDN explains that:
For longer names, this member contains a forward slash (/) followed by an ASCII representation of a decimal number that is an offset into the string table.
So I have the following code:
Char buffer[IMAGE_SIZEOF_SHORT_NAME + 1];
std::strncpy(buffer, reinterpret_cast<const Char * const>(section_header_ptr[i].Name), IMAGE_SIZEOF_SHORT_NAME);
buffer[IMAGE_SIZEOF_SHORT_NAME] = '\0';
const Char * name = buffer;
if (name[0] == '/') {
const Long rva = std::strtol(name + 1, NULL, 10);
if ((LONG_MAX == rva) || (LONG_MIN == rva) || ((0 == rva) && (name[0] != '0'))) {
static const Char * const failure = "failed to convert offset";
name = failure;
}
// -- How do I get the string table here? and use the offset? --
}
Reading the COFF spec I see that the string table is after the symbol entries so it should be
HMODULE handle = LoadLibrary("some_mingw_library.dll");
PIMAGE_DOS_HEADER idh = (PIMAGE_DOS_HEADER)(handle);
PIMAGE_NT_HEADERS inh = (PIMAGE_NT_HEADERS)(((const uint8_t*)(idh)) + idh->e_lfanew)
PIMAGE_FILE_HEADER ifh = &inh->FileHeader;
PIMAGE_SYMBOL is = (PIMAGE_SYMBOL)(((const uint8_t*)(idh)) + ifh->PointerToSymbolTable)
const char * const string_table = &is[ifh->NumberOfSymbols];
But I get something that is definitely not the string table. I can see the string table in my hex editor. Where is the string table in a portable executable?