@@ -1348,7 +1348,7 @@ bool PEView::Init()
13481348 }
13491349
13501350 vector<pair<BNRelocationInfo, string>> relocs;
1351-
1351+
13521352 BulkSymbolModification bulkSymbolModification (this );
13531353 m_symbolQueue = new SymbolQueue ();
13541354 m_symExternMappingMetadata = new Metadata (KeyValueDataType);
@@ -1426,34 +1426,79 @@ bool PEView::Init()
14261426 // + m_imageBase, e_scnum, e_value);
14271427
14281428 uint8_t baseType = (e_type >> 4 ) & 0x3 ;
1429- switch (baseType)
1429+
1430+ bool createSymbol = true ;
1431+
1432+ // Some records are just providing debugging information and we should ignore them
1433+ // TODO: can we recover any useful information from the aux records?
1434+ // See https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-symbol-records for info provided by aux records
1435+ if (e_sclass == IMAGE_SYM_CLASS_EXTERNAL && baseType == IMAGE_SYM_DTYPE_FUNCTION )
14301436 {
1431- case IMAGE_SYM_DTYPE_NULL : // no derived type
1432- {
1433- if (virtualAddress)
1434- AddPESymbol (DataSymbol, " " , symbolName, virtualAddress, binding);
1435- break ;
1436- }
1437- case IMAGE_SYM_DTYPE_POINTER : // pointer to base type
1437+ // Auxiliary Format 1: Function Definitions
1438+ }
1439+ else if (e_sclass == IMAGE_SYM_CLASS_FUNCTION )
1440+ {
1441+ if (symbolName == " .bf" || symbolName == " .ef" )
14381442 {
1439- break ;
1443+ // Auxiliary Format 2: .bf and .ef Symbols
1444+ // This entry is providing information about a function's line numbers and should not have a symbol created
1445+ createSymbol = false ;
14401446 }
1441- case IMAGE_SYM_DTYPE_FUNCTION : // function that returns base type
1447+ else if (symbolName == " .lf " )
14421448 {
1443- // LogError("%x StorageClass:%u Type:%x NumAux:%x COFF_DT_FCN at %x section:%x %s ", header.coffSymbolTable + (i * 18), e_sclass, e_type, e_numaux, virtualAddress + m_imageBase, e_scnum, symbolName.c_str());
1444- if (virtualAddress)
1445- AddPESymbol (FunctionSymbol, " " , symbolName, virtualAddress, binding);
1446- break ;
1449+ // This entry is providing information about a function's line numbers and should not have a symbol created
1450+ createSymbol = false ;
14471451 }
1448- case IMAGE_SYM_DTYPE_ARRAY : // array of base type
1452+ }
1453+ else if (e_sclass == IMAGE_SYM_CLASS_EXTERNAL && e_scnum == IMAGE_SYM_UNDEFINED && e_value == 0 )
1454+ {
1455+ // Auxiliary Format 3: Weak Externals
1456+ }
1457+ else if (e_sclass == IMAGE_SYM_CLASS_FILE && symbolName == " .file" )
1458+ {
1459+ // Auxiliary Format 4: Files
1460+ // This entry is providing information about a source file and should not have a symbol created
1461+ createSymbol = false ;
1462+ }
1463+ else if (e_sclass == IMAGE_SYM_CLASS_STATIC &&
1464+ find_if (m_sections.begin (), m_sections.end (), [&symbolName](const PESection& section) { return section.name == symbolName; }) != m_sections.end ())
1465+ {
1466+ // Auxiliary Format 5: Section Definitions
1467+ // This entry is providing information about a section and should not have a symbol created
1468+ createSymbol = false ;
1469+ }
1470+
1471+ if (createSymbol)
1472+ {
1473+ switch (baseType)
14491474 {
1450- break ;
1475+ case IMAGE_SYM_DTYPE_NULL : // no derived type
1476+ {
1477+ if (virtualAddress)
1478+ AddPESymbol (DataSymbol, " " , symbolName, virtualAddress, binding);
1479+ break ;
1480+ }
1481+ case IMAGE_SYM_DTYPE_POINTER : // pointer to base type
1482+ {
1483+ break ;
1484+ }
1485+ case IMAGE_SYM_DTYPE_FUNCTION : // function that returns base type
1486+ {
1487+ // LogError("%x StorageClass:%u Type:%x NumAux:%x COFF_DT_FCN at %x section:%x %s ", header.coffSymbolTable + (i * 18), e_sclass, e_type, e_numaux, virtualAddress + m_imageBase, e_scnum, symbolName.c_str());
1488+ if (virtualAddress)
1489+ AddPESymbol (FunctionSymbol, " " , symbolName, virtualAddress, binding);
1490+ break ;
1491+ }
1492+ case IMAGE_SYM_DTYPE_ARRAY : // array of base type
1493+ {
1494+ break ;
1495+ }
1496+ default :
1497+ break ;
14511498 }
1452- default :
1453- break ;
14541499 }
14551500
1456- // TODO handle auxiliary entries
1501+ // Skip over auxiliary entries
14571502 i += e_numaux;
14581503 }
14591504 }
0 commit comments