Skip to content

Commit 4bba210

Browse files
committed
[PE] Do not create symbols for debugging metadata symbol entries
1 parent f93512c commit 4bba210

1 file changed

Lines changed: 65 additions & 20 deletions

File tree

view/pe/peview.cpp

Lines changed: 65 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1348,7 +1348,7 @@ bool PEView::Init()
13481348
}
13491349

13501350
vector<pair<BNRelocationInfo, string>> relocs;
1351-
1351+
13521352
BulkSymbolModification bulkSymbolModification(this);
13531353
m_symbolQueue = new SymbolQueue();
13541354
m_symExternMappingMetadata = new Metadata(KeyValueDataType);
@@ -1426,34 +1426,79 @@ bool PEView::Init()
14261426
// + m_imageBase, e_scnum, e_value);
14271427

14281428
uint8_t baseType = (e_type >> 4) & 0x3;
1429-
switch (baseType)
1429+
1430+
bool createSymbol = true;
1431+
1432+
// Some records are just providing debugging information and we should ignore them
1433+
// TODO: can we recover any useful information from the aux records?
1434+
// See https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-symbol-records for info provided by aux records
1435+
if (e_sclass == IMAGE_SYM_CLASS_EXTERNAL && baseType == IMAGE_SYM_DTYPE_FUNCTION)
14301436
{
1431-
case IMAGE_SYM_DTYPE_NULL: // no derived type
1432-
{
1433-
if (virtualAddress)
1434-
AddPESymbol(DataSymbol, "", symbolName, virtualAddress, binding);
1435-
break;
1436-
}
1437-
case IMAGE_SYM_DTYPE_POINTER: // pointer to base type
1437+
// Auxiliary Format 1: Function Definitions
1438+
}
1439+
else if (e_sclass == IMAGE_SYM_CLASS_FUNCTION)
1440+
{
1441+
if (symbolName == ".bf" || symbolName == ".ef")
14381442
{
1439-
break;
1443+
// Auxiliary Format 2: .bf and .ef Symbols
1444+
// This entry is providing information about a function's line numbers and should not have a symbol created
1445+
createSymbol = false;
14401446
}
1441-
case IMAGE_SYM_DTYPE_FUNCTION: // function that returns base type
1447+
else if (symbolName == ".lf")
14421448
{
1443-
//LogError("%x StorageClass:%u Type:%x NumAux:%x COFF_DT_FCN at %x section:%x %s ", header.coffSymbolTable + (i * 18), e_sclass, e_type, e_numaux, virtualAddress + m_imageBase, e_scnum, symbolName.c_str());
1444-
if (virtualAddress)
1445-
AddPESymbol(FunctionSymbol, "", symbolName, virtualAddress, binding);
1446-
break;
1449+
// This entry is providing information about a function's line numbers and should not have a symbol created
1450+
createSymbol = false;
14471451
}
1448-
case IMAGE_SYM_DTYPE_ARRAY: // array of base type
1452+
}
1453+
else if (e_sclass == IMAGE_SYM_CLASS_EXTERNAL && e_scnum == IMAGE_SYM_UNDEFINED && e_value == 0)
1454+
{
1455+
// Auxiliary Format 3: Weak Externals
1456+
}
1457+
else if (e_sclass == IMAGE_SYM_CLASS_FILE && symbolName == ".file")
1458+
{
1459+
// Auxiliary Format 4: Files
1460+
// This entry is providing information about a source file and should not have a symbol created
1461+
createSymbol = false;
1462+
}
1463+
else if (e_sclass == IMAGE_SYM_CLASS_STATIC &&
1464+
find_if(m_sections.begin(), m_sections.end(), [&symbolName](const PESection& section) { return section.name == symbolName; }) != m_sections.end())
1465+
{
1466+
// Auxiliary Format 5: Section Definitions
1467+
// This entry is providing information about a section and should not have a symbol created
1468+
createSymbol = false;
1469+
}
1470+
1471+
if (createSymbol)
1472+
{
1473+
switch (baseType)
14491474
{
1450-
break;
1475+
case IMAGE_SYM_DTYPE_NULL: // no derived type
1476+
{
1477+
if (virtualAddress)
1478+
AddPESymbol(DataSymbol, "", symbolName, virtualAddress, binding);
1479+
break;
1480+
}
1481+
case IMAGE_SYM_DTYPE_POINTER: // pointer to base type
1482+
{
1483+
break;
1484+
}
1485+
case IMAGE_SYM_DTYPE_FUNCTION: // function that returns base type
1486+
{
1487+
//LogError("%x StorageClass:%u Type:%x NumAux:%x COFF_DT_FCN at %x section:%x %s ", header.coffSymbolTable + (i * 18), e_sclass, e_type, e_numaux, virtualAddress + m_imageBase, e_scnum, symbolName.c_str());
1488+
if (virtualAddress)
1489+
AddPESymbol(FunctionSymbol, "", symbolName, virtualAddress, binding);
1490+
break;
1491+
}
1492+
case IMAGE_SYM_DTYPE_ARRAY: // array of base type
1493+
{
1494+
break;
1495+
}
1496+
default:
1497+
break;
14511498
}
1452-
default:
1453-
break;
14541499
}
14551500

1456-
// TODO handle auxiliary entries
1501+
// Skip over auxiliary entries
14571502
i += e_numaux;
14581503
}
14591504
}

0 commit comments

Comments
 (0)