New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
debug/pe: unable to parse most windows files at tip #16084
Comments
PsService.exe test file. |
Go test program:
|
Found an example that is readable by 1.6.2 but not readable by 1.7:
|
All these executables have no symbol table and no string table. I will try and send a fix sometime today. Alex |
@mirtchovski please try https://go-review.googlesource.com/24200 to see if it fixes your problem. Thank you. Alex |
CL https://golang.org/cl/24200 mentions this issue. |
@alexbrainman, while this makes 1.7 print the imported symbols for test.exe I still don't see any imported symbols for the first binary I attached: PsService.exe. According to https://github.com/erocarrera/pefile I expect to see (in different format, but still):
|
I filled #16103 for that. I am pretty sure it is always been like that. Alex |
Please answer these questions before submitting your issue. Thanks!
go version
)?1.6.2 and 1.7
go env
)?$ go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/aam"
GORACE=""
GOROOT="/Users/aam/go1.6.2"
GOTOOLDIR="/Users/aam/go1.6.2/pkg/tool/darwin_amd64"
GO15VENDOREXPERIMENT="1"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fno-common"
CXX="clang++"
CGO_ENABLED="1"
and:
$ go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/aam"
GORACE=""
GOROOT="/Users/aam/go"
GOTOOLDIR="/Users/aam/go/pkg/tool/darwin_amd64"
CC="clang"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -gno-record-gcc-switches -fno-common"
CXX="clang++"
CGO_ENABLED="1"
Compiled the attached simple program (cross-compiled for windows too). The PE binary is readable by debug/pe:
$ ./t1.6.2 t.exe
timeBeginPeriod:winmm.dll
WSAGetOverlappedResult:ws2_32.dll
NtWaitForSingleObject:ntdll.dll
CryptReleaseContext:advapi32.dll
[...]
$ ./t1.7 t.exe
timeBeginPeriod:winmm.dll
WSAGetOverlappedResult:ws2_32.dll
NtWaitForSingleObject:ntdll.dll
CryptReleaseContext:advapi32.dll
[...]
Unfortunately other binaries (attached) do not work:
$ ./t1.6.2 PsService.exe
$ ./t1.7 PsService.exe
can not create PE structure for PsService.exe: fail to read string table: unexpected EOF
$
The nascent Go port of the pefile python script (https://github.com/erocarrera/pefile) available here: https://github.com/soluwalana/pefile-go is able to parse more from the file:
$ pefile-go PsService.exe
2016/06/16 10:58:13 Size of OptionalHeader
2016/06/16 10:58:13 0x26e7e == VERSION.dll
2016/06/16 10:58:13 0x26e8a == WS2_32.dll
2016/06/16 10:58:13 0x26eba == NETAPI32.dll
2016/06/16 10:58:13 0x26ef8 == MPR.dll
2016/06/16 10:58:13 0x2712c == KERNEL32.dll
2016/06/16 10:58:13 0x271d8 == USER32.dll
2016/06/16 10:58:13 0x2722e == GDI32.dll
2016/06/16 10:58:13 0x27244 == COMDLG32.dll
2016/06/16 10:58:13 0x274dc == ADVAPI32.dll
2016/06/16 10:58:13 0x0 == MZ?
2016/06/16 10:58:13 PsService.exe
2016/06/16 10:58:13 [IMAGE_DOS_HEADER]
0x0 0x0 E_magic 0x5A4D
0x2 0x2 E_cblp 0x90
0x4 0x4 E_cp 0x3
0x6 0x6 E_crlc 0x0
0x8 0x8 E_cparhd 0x4
0xA 0xA E_minalloc 0x0
0xC 0xC E_maxalloc 0xFFFF
0xE 0xE E_ss 0x0
0x10 0x10 E_sp 0xB8
0x12 0x12 E_csum 0x0
0x14 0x14 E_ip 0x0
0x16 0x16 E_cs 0x0
0x18 0x18 E_lfarlc 0x40
0x1A 0x1A E_ovno 0x0
0x1C 0x1C E_res
0x24 0x24 E_oemid 0x0
0x26 0x26 E_oeminfo 0x0
0x28 0x28 E_res2
0x3C 0x3C E_lfanew 0xE0
[...]
The text was updated successfully, but these errors were encountered: