26 Jan
2005
26 Jan
'05
7:15 p.m.
From: Hartmut Birr
the coff format is very simple if no relocation and debug infos are
needed. A good starting point is http://www.delorie.com/djgpp/doc/coff.
I've add a little diff. Rsym puts each symbol info in a file named
symbol.coff. Ntoskrnl is build with the symbol section.
Thanks, your code works great for ntoskrnl.exe. However, I'm having trouble
getting it right in other executables. If I set scnhdr.s_flags to "CONTENTS,
ALLOC, LOAD, DATA" (0xc0000040, like .rsrc) symbol.coff is properly linked
into the final executable, but it will take up space in the loaded image. If
I set scnhdr.s_flags to "CONTENTS, READONLY, DEBUGGING, NEVER_LOAD, EXCLUDE"
(0x42000802, like .stab) then the final executable does not include the
.rossym section.
While inspecting ntoskrnl.exe, I've found some
other bugs.
Ntoskrnl.exe contains always a .stab and a .stabstr section.
There exist relocation entries for the .stab and .stabstr
section. There exist relocation entries for addresses
after the end of the image.
Yes, I noticed that too. There's another problem: at the moment, we do 2
separate links, one to get driver.nostrip.sys, and then another one to get
driver.sys. We use the symbolic information from driver.nostrip.sys but
execute driver.sys. Unfortunately, it seems the code in driver.sys and
driver.nostrip.sys can differ in small but subtle ways. This seems to happen
when static libraries are used, like in tcpip.sys. Since this makes the
symbolic info not match the executable code, the symbolic info is useless.
So, I'm thinking about changing rsym to take driver.nostrip.sys as input and
produce a driver.sys as output, by stripping the .stab and .stabstr
sections, removing no longer needed relocation entries and removing symbolic
information. While it's at it, it can add the .rossym section too. It should
speed up the build a little bit too, since the second link is replace by
some chopping.
Gé van Geldorp.