Prev: overflow of stack for recursive functions
Next: getting keyboard keys strokes via VMware Fusion on Apple MAC
From: BGB / cr88192 on 7 Mar 2010 23:47
the text below is from a misc email.
it is an idea I had considered recently, but as of yet have not done much.
I am not sure if anything similar is already in common use.
some later variants on the idea had considered:
really, I don't strictly need a special section, as using pretty much any
section would work (assuming that a scan is done over the entire mapped
other thoughts had considered the possibility of doing something along the
lines of WAD or WAD2 (itself embedded into the EXE with a similar mechanism,
or possibly based on the same mechanism).
as for another idle thought, I have another thought WRT adding custom
metadata/... to PE/COFF:
a collection of "chunks" are linked into the image in a special section,
such as ".chunks".
in general, the chunks section is relatively unstructured, but each chunk
could contain a header:
FOURCC magic1; //"\x89\n\r\x1A"
FOURCC magic2; //"CHNK"
FOURCC magic3; //payload-fourcc
byte head_size; //base header size
byte head_flags; //base header flags
u16 head_crc; //CRC16 of header
u32 chunk_size; //total chunk size (includes headers)
u32 flags; //chunk flags
beyond this, each chunk header would start on a 16-byte boundary (not
difficult, as linkers do this by default).
note that it is likely that some amount of scanning/matching would be used
(this being a major reason for making the header so bulky and including a
the idea for how this would get loaded into PE/COFF images would be that the
data would be converted into COFF objects which would be linked into the
image (I am assuming for now a stock linker, such as "link.exe" or
I am also considering the possibility of this coexisting with CLR metadata.
now, what sorts of data would be encoded here?...
matadata-DB dumps (maybe a deflated version of a textual dump?... well, it
is that or devise a binary serialization...);
maybe symbolic-linking info (would mostly be used to key the DB against the
binary code/data/... mostly because my main DB does not directly hold
references to code or data);
JVM-style class and jar files;
ZIP files (embedded sub-files, could be accessed via the VFS).
the idea is that any unknown chunks will be ignored by default.
although, I guess it may be worth looking and seeing if there is some other
established convention for doing something similar to this...
however, at present I often store info like this in sideband files, but this
would allow packaging the info directly into the PE/COFF image...
then, an API could be added which could iterate over the chunks, possibly
looking for chunks with a given FOURCC and returning pointers to the
payload, ... (technically, the core functionality for implementing this is
provided by the Win32 API).
don't know if all this is a good idea though...