Web lists-archives.com

Re: Defective "portable executables" distributed/created by Cygwin




+Yongkang

Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Steve Carroll (VISUAL STUDIO)
Sent: Thursday, May 10, 2018 3:29:24 PM
To: Stefan Kanthak; cygwin@xxxxxxxxxx; Ten Tzen
Cc: Compiler Crash
Subject: RE: Defective "portable executables" distributed/created by Cygwin

@Ten Tzen can you take a look?

-----Original Message-----
From: Stefan Kanthak <stefan.kanthak@xxxxxxxx>
Sent: Thursday, May 10, 2018 11:30 AM
To: cygwin@xxxxxxxxxx
Cc: Compiler Crash <compilercrash@xxxxxxxxxxxxx>
Subject: Defective "portable executables" distributed/created by Cygwin

Hi @ll,

the "portable executables" distributed by Cygwin (and of course those created with Cygwin's GCC toolchain too) have INVALID/ILLEGAL headers:

0. Microsoft's DUMPBIN.EXE alias LINK.EXE /DUMP aborts with
   "access violation" (see below) on almost all Cygwin binaries!

1. they use INVALID/ILLEGAL section names like "/4" or "/14", upon
   which Microsoft's DUMPBIN.EXE alias LINK.EXE /DUMP stops enumerating
   the section headers (see below)!

   From the PE format specification
   <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2F%2Fms680547.aspx%23section_table__section_headers_&data=02%7C01%7CSteven.Carroll%40microsoft.com%7C0e2f82b44f0347620dda08d5b6a5bd04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636615745333593092&sdata=FUYwQywfO%2FPDIDeT3%2BQSaVEk7iLj32PRJT4T8mxUKdg%3D&reserved=0>:

| Offset  Size  Field  Description
|      0     8  Name   An 8-byte, null-padded UTF-8 encoded string.
|                      If the string is exactly 8 characters long,
|                      there is no terminating null. For longer names,
|                      this field contains a slash (/) that is followed
|                      by an ASCII representation of a decimal number
|                      that is an offset into the string table.
|                      Executable images do not use a string table and
| do
                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|                      not support section names longer than 8 characters.
                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|                      Long names in object files are truncated if they
                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|                      are emitted to an executable file.
                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. despite no COFF symbol table and a symbol count of 0 (in words: ZERO!)
   they specify the "PointerToSymbolTable" (see below)!

   From the PE format specification
   <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2F%2Fms680547.aspx%23coff_file_header__object_and_image_&data=02%7C01%7CSteven.Carroll%40microsoft.com%7C0e2f82b44f0347620dda08d5b6a5bd04%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636615745333593092&sdata=gbNW5KJ5qkGc2IjJf3eEeSQDeqk3iQN5iBQUbf2WNec%3D&reserved=0>:

| Offset  Size  Field                 Description
|      8     4  PointerToSymbolTable  The file offset of the COFF symbol
|                                     table, or zero if no COFF symbol
|                                     table is present. This value should
|                                     be zero for an image because COFF
|                                     debugging information is deprecated.

Please fix your tools!

regards
Stefan Kanthak

=== output from LINK.EXE /DUMP bash.exe ===

Microsoft (R) COFF/PE Dumper Version 10.00.40219.386 Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file bash.exe

File Type: EXECUTABLE IMAGE

LINK : fatal error LNK1000: Internal error during DumpSections

  Version 10.00.40219.386

  ExceptionCode            = C0000005
  ExceptionFlags           = 00000000
  ExceptionAddress         = 00427FE0 (00400000) "C:\Program Files\Microsoft Visual Studio 2010\VC\bin\link.exe"
  NumberParameters         = 00000002
  ExceptionInformation[ 0] = 00000000
  ExceptionInformation[ 1] = 00000004

CONTEXT:
  Eax    = 40000040  Esp    = 0012E740
  Ebx    = 014B53C0  Ebp    = 0012E768
  Ecx    = 00000004  Esi    = 00000004
  Edx    = 00404164  Edi    = 0000014C
  Eip    = 00427FE0  EFlags = 00010246
  SegCs  = 0000001B  SegDs  = 00000023
  SegSs  = 00000023  SegEs  = 00000023
  SegFs  = 0000003B  SegGs  = 00000000
  Dr0    = 00000000  Dr3    = 00000000
  Dr1    = 00000000  Dr6    = 00000000
  Dr2    = 00000000  Dr7    = 00000000

=== output from LINK.EXE /DUMP /HEADERS bash.exe ===

Microsoft (R) COFF/PE Dumper Version 10.00.40219.386 Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file bash.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
             14C machine (x86)
               B number of sections
            3000 time date stamp Thu Jan 01 04:24:48 1970
           C2600 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
             32E characteristics
                   Executable
                   Line numbers stripped
                   Symbols stripped
                   Application can handle large (>2GB) addresses
                   32 bit word machine
                   Debug information stripped

OPTIONAL HEADER VALUES
             10B magic # (PE32)
            2.25 linker version
           7C800 size of code
           C2200 size of initialized data
            9E00 size of uninitialized data
            1000 entry point (00401000)
            1000 base of code
           7E000 base of data
          400000 image base (00400000 to 004D2FFF)
            1000 section alignment
             200 file alignment
            4.00 operating system version
            1.00 image version
            4.00 subsystem version
               0 Win32 version
           D3000 size of image
             400 size of headers
           C85A6 checksum
               3 subsystem (Windows CUI)
            8000 DLL characteristics
                   Terminal Server Aware
          200000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
           BB000 [    A14D] RVA [size] of Export Directory
           C6000 [    2CB4] RVA [size] of Import Directory
           C9000 [     4E8] RVA [size] of Resource Directory
               0 [       0] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
           CA000 [    7680] RVA [size] of Base Relocation Directory
           9C000 [      1C] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
               0 [       0] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
           C66B0 [     624] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory


SECTION HEADER #1
   .text name
   7C704 virtual size
    1000 virtual address (00401000 to 0047D703)
   7C800 size of raw data
     400 file pointer to raw data (00000400 to 0007CBFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60500060 flags
         Code
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Execute Read

SECTION HEADER #2
   .data name
    1B24 virtual size
   7E000 virtual address (0047E000 to 0047FB23)
    1C00 size of raw data
   7CC00 file pointer to raw data (0007CC00 to 0007E7FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0600040 flags
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Read Write

SECTION HEADER #3
  .rdata name
   1B0C0 virtual size
   80000 virtual address (00480000 to 0049B0BF)
   1B200 size of raw data
   7E800 file pointer to raw data (0007E800 to 000999FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40600040 flags
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Read Only

SECTION HEADER #4
.buildid name
      35 virtual size
   9C000 virtual address (0049C000 to 0049C034)
     200 size of raw data
   99A00 file pointer to raw data (00099A00 to 00099BFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40300040 flags
         Initialized Data
         RESERVED - UNKNOWN
         RESERVED - UNKNOWN
         Read Only

  Debug Directories

        Time Type       Size      RVA  Pointer
    -------- ------ -------- -------- --------
    00000000 cv           19 0009C01C    99A1C    Format: RSDS, {FD1EEED9-A50C-F670-E4AA-B9EF2C1094CA}, 1,

LINK : fatal error LNK1000: Internal error during DumpDebugDirectory

  Version 10.00.40219.386

  ExceptionCode            = C0000005
  ExceptionFlags           = 00000000
  ExceptionAddress         = 00427FE0 (00400000) "C:\Program Files\Microsoft Visual Studio 2010\VC\bin\link.exe"
  NumberParameters         = 00000002
  ExceptionInformation[ 0] = 00000000
  ExceptionInformation[ 1] = 00000004

CONTEXT:
  Eax    = 40000040  Esp    = 0012E740
  Ebx    = 014B53C0  Ebp    = 0012E768
  Ecx    = 00000004  Esi    = 00000004
  Edx    = 00404164  Edi    = 0000014C
  Eip    = 00427FE0  EFlags = 00010246
  SegCs  = 0000001B  SegDs  = 00000023
  SegSs  = 00000023  SegEs  = 00000023
  SegFs  = 0000003B  SegGs  = 00000000
  Dr0    = 00000000  Dr3    = 00000000
  Dr1    = 00000000  Dr6    = 00000000
  Dr2    = 00000000  Dr7    = 00000000

=== hexdump from offset 099a10 of bash.exe: CV_PDB_INFO70 structure ===

099a10 19 00 00 00 1c c0 09 00  1c 9a 09 00 52 53 44 53   ............RSDS
099a20 d9 ee 1e fd 0c a5 70 f6  e4 aa b9 ef 2c 10 94 ca   ......p.....,...
099a30 01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................

=== hexdump from offset 0c2600 of bash.exe, right before EOF:
    COFF symbol table with 0 entries, followed by COFF string table ===

0c2600 1d 00 00 00 2e 65 68 5f  66 72 61 6d 65 00 2e 67   .....eh_frame..g
0c2610 6e 75 5f 64 65 62 75 67  6c 69 6e 6b 00            nu_debuglink.

=== hexdump of first kB from bash.exe ===

000000 4d 5a 90 00 03 00 00 00  04 00 00 00 ff ff 00 00   MZ..............
000010 b8 00 00 00 00 00 00 00  40 00 00 00 00 00 00 00   ........@.......
000020 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000030 00 00 00 00 00 00 00 00  00 00 00 00 80 00 00 00   ................
000040 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68   ........!..L.!Th
000050 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f   is program canno
000060 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20   t be run in DOS
000070 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00   mode....$.......
000080 50 45 00 00 4c 01 0b 00  00 30 00 00 00 26 0c 00   PE..L....0...&..
000090 00 00 00 00 e0 00 2e 03  0b 01 02 19 00 c8 07 00   ................
0000a0 00 22 0c 00 00 9e 00 00  00 10 00 00 00 10 00 00   ."..............
0000b0 00 e0 07 00 00 00 40 00  00 10 00 00 00 02 00 00   ......@.........
0000c0 04 00 00 00 01 00 00 00  04 00 00 00 00 00 00 00   ................
0000d0 00 30 0d 00 00 04 00 00  a6 85 0c 00 03 00 00 80   .0..............
0000e0 00 00 20 00 00 10 00 00  00 00 10 00 00 10 00 00   .. .............
0000f0 00 00 00 00 10 00 00 00  00 b0 0b 00 4d a1 00 00   ............M...
000100 00 60 0c 00 b4 2c 00 00  00 90 0c 00 e8 04 00 00   .`...,..........
000110 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000120 00 a0 0c 00 80 76 00 00  00 c0 09 00 1c 00 00 00   .....v..........
000130 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000140 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000150 00 00 00 00 00 00 00 00  b0 66 0c 00 24 06 00 00   .........f..$...
000160 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000170 00 00 00 00 00 00 00 00  2e 74 65 78 74 00 00 00   .........text...
000180 04 c7 07 00 00 10 00 00  00 c8 07 00 00 04 00 00   ................
000190 00 00 00 00 00 00 00 00  00 00 00 00 60 00 50 60   ............`.P`
0001a0 2e 64 61 74 61 00 00 00  24 1b 00 00 00 e0 07 00   .data...$.......
0001b0 00 1c 00 00 00 cc 07 00  00 00 00 00 00 00 00 00   ................
0001c0 00 00 00 00 40 00 60 c0  2e 72 64 61 74 61 00 00   ....@.`..rdata..
0001d0 c0 b0 01 00 00 00 08 00  00 b2 01 00 00 e8 07 00   ................
0001e0 00 00 00 00 00 00 00 00  00 00 00 00 40 00 60 40   ............@.`@
0001f0 2e 62 75 69 6c 64 69 64  35 00 00 00 00 c0 09 00   .buildid5.......
000200 00 02 00 00 00 9a 09 00  00 00 00 00 00 00 00 00   ................
000210 00 00 00 00 40 00 30 40  2f 34 00 00 00 00 00 00   ....@.0@/4......
000220 c0 39 01 00 00 d0 09 00  00 3a 01 00 00 9c 09 00   .9.......:......
000230 00 00 00 00 00 00 00 00  00 00 00 00 40 00 30 40   ............@.0@
000240 2e 62 73 73 00 00 00 00  40 9d 00 00 00 10 0b 00   .bss....@.......
000250 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000260 00 00 00 00 80 00 60 c0  2e 65 64 61 74 61 00 00   ......`..edata..
000270 4d a1 00 00 00 b0 0b 00  00 a2 00 00 00 d6 0a 00   M...............
000280 00 00 00 00 00 00 00 00  00 00 00 00 40 00 30 40   ............@.0@
000290 2e 69 64 61 74 61 00 00  b4 2c 00 00 00 60 0c 00   .idata...,...`..
0002a0 00 2e 00 00 00 78 0b 00  00 00 00 00 00 00 00 00   .....x..........
0002b0 00 00 00 00 40 00 30 c0  2e 72 73 72 63 00 00 00   ....@.0..rsrc...
0002c0 e8 04 00 00 00 90 0c 00  00 06 00 00 00 a6 0b 00   ................
0002d0 00 00 00 00 00 00 00 00  00 00 00 00 40 00 30 c0   ............@.0.
0002e0 2e 72 65 6c 6f 63 00 00  80 76 00 00 00 a0 0c 00   .reloc...v......
0002f0 00 78 00 00 00 ac 0b 00  00 00 00 00 00 00 00 00   .x..............
000300 00 00 00 00 40 00 30 42  2f 31 34 00 00 00 00 00   ....@.0B/14.....
000310 14 00 00 00 00 20 0d 00  00 02 00 00 00 24 0c 00   ..... .......$..
000320 00 00 00 00 00 00 00 00  00 00 00 00 40 00 30 40   ............@.0@
000330 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000340 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000350 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000360 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000370 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000380 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
000390 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0003a0 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0003b0 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0003c0 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0003d0 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0003e0 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
0003f0 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................

=== output from an alternative PE dumper which doesn't bail out
    when it encounters the illegal section names "/4" and "/14",
    and enumerates the COFF string table (although obsolete) ===

.text:
        Virtual address and size = 0x00001000, 0x0007C704
        File offset and raw size = 0x00000400, 0x0007C800
        Characteristics          = 0x60500060
.data:
        Virtual address and size = 0x0007E000, 0x00001B24
        File offset and raw size = 0x0007CC00, 0x00001C00
        Characteristics          = 0xC0600040
.rdata:
        Virtual address and size = 0x00080000, 0x0001B0C0
        File offset and raw size = 0x0007E800, 0x0001B200
        Characteristics          = 0x40600040
.buildid:
        Virtual address and size = 0x0009C000, 0x00000035
        File offset and raw size = 0x00099A00, 0x00000200
        Characteristics          = 0x40300040
/4:
        Virtual address and size = 0x0009D000, 0x000139C0
        File offset and raw size = 0x00099C00, 0x00013A00
        Characteristics          = 0x40300040
.bss:
        Virtual address and size = 0x000B1000, 0x00009D40
        File offset and raw size = 0x00000000, 0x00000000
        Characteristics          = 0xC0600080
.edata:
        Virtual address and size = 0x000BB000, 0x0000A14D
        File offset and raw size = 0x000AD600, 0x0000A200
        Characteristics          = 0x40300040
.idata:
        Virtual address and size = 0x000C6000, 0x00002CB4
        File offset and raw size = 0x000B7800, 0x00002E00
        Characteristics          = 0xC0300040
.rsrc:
        Virtual address and size = 0x000C9000, 0x000004E8
        File offset and raw size = 0x000BA600, 0x00000600
        Characteristics          = 0xC0300040
.reloc:
        Virtual address and size = 0x000CA000, 0x00007680
        File offset and raw size = 0x000BAC00, 0x00007800
        Characteristics          = 0x42300040
/14:
        Virtual address and size = 0x000D2000, 0x00000014
        File offset and raw size = 0x000C2400, 0x00000200
        Characteristics          = 0x40300040

COFF string table:
        /4 = .eh_frame
        /14 = .gnu_debuglink
...
Export directory:
        Characteristics        = 0x00000000
        Time/date stamp        = 0x588B9AAB
        Version                = 0.0
        Module name            = bash.exe
        Base of ordinals       = 1
        Number of functions    = 1532
        Number of names        = 1532
        Array of functions     = 0x000BB028
        Array of names         = 0x000BC818
        Array of name ordinals = 0x000BE008
        Named exports:
                1       0       0x000B10F0      EOF_Reached
                2       1       0x000B65E0      SB
...
Debug directory:
        Debug directory entry:
                Characteristics = 0x00000000
                Time/date stamp = 0x00000000
                Version         = 0.0
                Type            = 2 (Codeview)
                Address of data = 0x0009C01C
                Offset of data  = 0x00099A1C
                Size of data    = 0x00000019
                        Format    = RSDS
                        Signature = {FD1EEED9-A50C-F670-E4AA-B9EF2C1094CA}
                        Age       = 1
                        Filename  =

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple