format of object files[from internet]

Here is the format of object files generated by the macro assembler
and Microsoft C Compiler.

+---------------------------------------+
| BYTE Record type |
| 80 Module name |
| 82 |
| 84 |
| 86 |
| 88 |
| 8A End of module |
| 8C External symbols |
| 8E |
| 90 Public symbols |
| 92 |
| 94 Line number info |
| 96 Segment/Group symbols |
| 98 Info for specific seg |
| 9A Info for specific group |
| 9C Relocation list |
| 9E |
| A0 Segment data |
| A2 Duplicated Segment Data |
+---------------------------------------+
| WORD Count of bytes in record, inc- |
| luding the record checksum, but |
| not including record type or |
| byte count |
+---------------------------------------+
| .... Record Data .... |
| See specific record for details |
+---------------------------------------+
| BYTE Checksum of all characters in |
| record, including record type |
+---------------------------------------+

Now for each one of the record types. In the following descriptions,
certain terminology will be used. Many of these record use a number
which relates some particular field to a value. These numbers range
from 1-255. In some cases, this number will relate an instantiation
of a symbol to the name of the symbol. In other cases, this number
will relate the segment or group instance with the actual segment or
group of the instantiation.

Module Name record (80) This record specifies the name of the module.
The record data field will be filled in as follows:
+---------------------------------------+
| BYTE Length of Module name |
+---------------------------------------+
| (Length) BYTES Module Name |
+---------------------------------------+

End of Module record (8A)
This record specifies the end of the module. The record data field
will be filled with a zero byte
+---------------------------------------+
| BYTE Zero |
+---------------------------------------+

External Symbols Record (8C)
This record specifies the names of the external symbols. The record
data field is filled in as follows, and record data fields defining
the symbols may appear more than once.
+---------------------------------------+
| BYTE Length of external symbol |
+---------------------------------------+
| (Length) BYTES External symbol name|
+---------------------------------------+
| BYTE Zero |
+---------------------------------------+

Public Symbols Record (90)
This record defines the symbols declared as public symbols. Only one
symbol will appear per record data field. The record data field is
defined as follows:
+---------------------------------------+
| BYTE Zero |
+---------------------------------------+
| BYTE Segment number in which symbol |
| is defined |
+---------------------------------------+
| BYTE Length of symbol |
+---------------------------------------+
| (Length) BYTES Public Symbol Name |
+---------------------------------------+
| WORD Offset where symbol defined |
+---------------------------------------+
| BYTE Zero |
+---------------------------------------+

Line Number Information Record (94)
This record defines line number debugging information. This
information is in the form of the line number of the source file, and
the address at which the code corresponding to that line number
starts. The record data field will be filled in as follows:
+---------------------------------------+
| BYTE Zero |
+---------------------------------------+
| BYTE Segment number |
+---------------------------------------+
| WORD Line number in source file |
+---------------------------------------+
| WORD Offset of start of line |
+---------------------------------------+

For this record, the last two field may be repeated any number of
times.

Segment/Group Symbols Record (96)
This record defines the names of the symbols used in the module name,
segment names, and group names. The segment symbol numbers the relate
the segment numbers to this name. The record data field will be
filled in as follows:
+---------------------------------------+
| BYTE Zero |
+---------------------------------------+
| BYTE Length of symbol name |
+---------------------------------------+
| (Length) BYTES Symbol Name |
+---------------------------------------+

The last two field may be repeated any number of times.

Segment Specific Information Record (98)
This record defines the combine and alignment classes of a specific
segment. Segment numbers are assigned in the order in which these
records may appear. The first occurrence of this record defines the
first memory segment, and so on. The record data field will be filled
in as follows:
+---------------------------------------+
| BYTE Combine/Alignment Class: |
| is defined as 0AAXPS00 |
| where AA is the alignment class |
| 00=AT (Specific segment |
| alignment) |
| 01=BYTE boundary |
| 10=WORD boundary |
| 11=PARAGRAPH boundary |
| X is unknown: used in stk |
| P is a public segment |
| S is a stack segment |
+---------------------------------------+
| WORD Segment size in bytes |
+---------------------------------------+
| BYTE Segment/Group Symbol Number |
+---------------------------------------+
| BYTE Not sure just yet. |
+---------------------------------------+
| BYTE Not sure just yet: usually 1 |
+---------------------------------------+

Group Specific Information Record (9A)
This record defines the memory segments which will be contained in a
group. The format of the record data field is defines as follows:
+---------------------------------------+
| BYTE Segment/Group Symbol Number |
+---------------------------------------+
| BYTE FF |
+---------------------------------------+
| BYTE Segment number |
+---------------------------------------+

The last two field will be repeated for every segment in a group.

Relocation List Record (9C)
This record defines the offsets in the just previously defined memory
segment which need fixing up. Multiple fixups may occur in the data
record field, and is defined as follows:
+---------------------------------------+
| BYTE Attributes needed/Relocation |
| offset MSB and is defined as: |
| 1A00SOFFF where |
| A means absolute address needed |
| S means segment number needed |
| O means offset needed |
| FFF is the 3 Least Significant |
| bits of the MSB of fixup |
| offset |
+---------------------------------------+
| BYTE LSB of fixup offset |
+---------------------------------------+
| BYTE Relocation type and is defined |
| as 00LG0AE0 where |
| L means length of symbol needed |
| G means group override |
| A means the address is needed |
| E means the symbol is external |
+---------------------------------------+
| BYTE Group/Segment number. If Bit 4 |
| of the previous byte was set, |
| this will be a group number, |
| otherwise it is segment number |
+---------------------------------------+
| BYTE Destination Segment Number |
+---------------------------------------+
| BYTE Source Symbol/Segment Number |
+---------------------------------------+
| WORD Destination offset if Relocation|
| type byte is zero, otherwise |
| nonexistant. |
+---------------------------------------+

Memory Segment Information Record (A0)
This record defines the contents of a memory segment. One record
for each segment will appear for each segment which has locations to
be defined. For program code, this will be the actual code. For
data, this will be the initial contents of the data. No memory
segment record will exceed 1024 bytes, because of the relocation list
which may follow. The format of the data record field is defined as
follows:
+---------------------------------------+
| BYTE Memory segment number |
+---------------------------------------+
| WORD Origin in segment |
+---------------------------------------+
| ..... Data for Segment ..... |
+---------------------------------------+

Duplicate Memory Segment Information Record (A2)
This record defines the contents of duplicated memory segment, such as
when the assembler encounters a DUP in DB directive. The format of
the data record field is defines as follows:
+---------------------------------------+
| BYTE Memory Segment Number |
+---------------------------------------+
| WORD Origin in Segment |
+---------------------------------------+
| WORD Number of Duplication times |
+---------------------------------------+
| WORD 1 |
+---------------------------------------+
| WORD 1 |
+---------------------------------------+
| WORD 0 |
+---------------------------------------+
| BYTE Length of DUP item |
+---------------------------------------+
| (Length) BYTES DUP data |
+---------------------------------------+
±S

posted on 2010-02-05 09:35 Tim 阅读(406) 评论(0) 编辑收藏引用所属分类: 逆向工程

只有注册用户登录后才能发表评论。
【推荐】100%开源！大型工业跨平台软件C++源码提供，建模，组态！

相关文章: 线程本地存储TLS(Thread Local Storage)的原理和实现——实现探究线程本地存储TLS(Thread Local Storage)的原理和实现——分类和原理【转】pe/elf 文件加壳时的处理 [转]TLS callback科普小知识 format of object files[from internet]

网站导航: 博客园 IT新闻 BlogJava 知识库博问管理

无我

format of object files[from internet]

导航

统计

公告

留言簿(9)

随笔分类(173)

IT

Life

搜索

积分与排名

最新随笔

最新评论

阅读排行榜