Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Would PE-COFF be considered? #46

Open
lygstate opened this issue Aug 25, 2018 · 12 comments
Open

Would PE-COFF be considered? #46

lygstate opened this issue Aug 25, 2018 · 12 comments

Comments

@lygstate
Copy link

No description provided.

@sunfishcode
Copy link
Collaborator

Yes, PE-COFF support is something that people have been thinking about, as can be seen in some comments.

@m4b
Copy link
Owner

m4b commented Aug 25, 2018

@lygstate I would love to add PE-COFF! I meant to add one, but I simply don't have the bandwidth at the moment.

Note, I would prefer to do this in a principled manner, and have goblin add the scroll based writers for the various structs (this shouldn't be hard itself, just tedious).

This commit is an example of adding the TryIntoCtx for some mach structs: m4b/goblin@0a6a54b#diff-df15384869d381a0999884ce946dda88R237

So two things need to be done:

  1. Determine which structs are used in an PE object file (i'm sure we can find documentation somewhere), and implement TryIntoCtx in goblin for those structs.
  2. The fun (but harder part), add a PE object file backend, by writing out the object file in the correct order, with symbols, etc. If we've architected the abstract artifact layer properly, it shouldn't require any changes at all, but one can simply turn on PE object file backend by just adding the backend :)

So for 1., I or probably anyone in goblin repo (@philipc, @willglynn) can give guidance on proper implementations there; even just a PR adding them would get the ball rolling. Write implementations never really hurt :)

For 2., I don't know much about PE object file formats, but it shouldn't be too bad. Maybe @sunfishcode can help, or , or @tathanhdinh, who has been doing a lot of great work on PE stuff lately in goblin repo could help or add pointers, etc.

I'd also highly recommend a workflow like:

#include<stdio.h>
int main() {
  printf("Hello, world\n");
  return 0;
}

and then using clang -I/usr/include -c -target x86_64-windows-windows-msvc hello.c, and then comparing clang's output with faerie's prototype output (you'll need to add a new --pe target, etc.), by running in faerie repo with something like: cargo run -- --pe pe.o

Rustc also has a nice cross compilation situation, so a simple hello.rs with rustc --emit=obj --target x86_64-pc-windows-msvc hello.rs should also give you some good comparisons (though rustc object file will be more complicated).

@skull-squadron
Copy link

Anyone working on this might want to BB||S||buy the usual reversing tools.

@philipc
Copy link
Collaborator

philipc commented Apr 21, 2019

I am working on the goblin support for this.

@Cr0a3
Copy link
Contributor

Cr0a3 commented Mar 24, 2024

Hi, i wanted to ask if there is any update on adding Coff support. I am currently making a code generation libary (like LLVM) named CodeGenLib. But it can currently only generate Object-Files for Linux because there is no Coff support only Elf.
Are you still on adding Coff support?

Without your crate my libary wouldn't exists big thanks

@bjorn3
Copy link
Contributor

bjorn3 commented Mar 24, 2024

Maybe the object crate would be of help? It supports emitting ELF, Mach-O, COFF and XCOFF using a single unified api: https://docs.rs/object/latest/object/write/struct.Object.html Cranelift uses it for writing object files too.

@Cr0a3
Copy link
Contributor

Cr0a3 commented Mar 24, 2024

Is it as easy to use as this crate? (I mean the creation of functions, data, linking, etc..)

@bjorn3
Copy link
Contributor

bjorn3 commented Mar 24, 2024

Imho it is fairly easy to use.

@m4b
Copy link
Owner

m4b commented Mar 25, 2024

@Toni-Graphics i know raito has been working on pe related writer stuff in goblin, and has a crate https://github.com/RaitoBezarius/ifrit/blob/master/README.md for pe writers, but i don't know if it will support your usecases

@Cr0a3
Copy link
Contributor

Cr0a3 commented Mar 29, 2024

Thanks, for your recommendation, but sadly i cannot use the libary for my usecase

@Cr0a3
Copy link
Contributor

Cr0a3 commented Apr 2, 2024

I think the question can be closed now

@Cr0a3
Copy link
Contributor

Cr0a3 commented Apr 2, 2024

@lygstate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants