Debris is now matching DumpBin's output with file and optional headers, base relocation and clr header directory/header data. This leaves two challenges: Import Directory and Import Address Table (plus one annoying bug with the base relocation type)...with a little luck I'll finish my research to complete these two items and get them implemented this week.
I am focusing on a typical .Net assembly right now and not looking at additional sections/directories that are included with more complicated assemblies (especially when interop is being used).
Here is the current output for a simple .Net assembly (not quite sure why one of the lines in this output shows up as a mailto in the blog entry...):
PE Signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
014C machine (x86)
2 number of sections
4335DCE9 time date stamp 9/24/2005 7:10:33 PM
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
010E characteristics
Executable
Line numbers stripped
Symbols stripped
32 bit word machine
OPTIONAL HEADER VALUES
010B magic # PE32
6.0 linker version
1000 size of code
1000 size of initialized data
0 size of uninitialized data
24AE entry point
2000 base of code
4000 base of data
400000 image base
2000 section alignment
1000 file alignment
4.0 operating system version
0.0 image version
4.0 subsystem version
0 Win32 version
1000 size of image
1000 size of headers
0 checksum
0003 subsystem (Windows CUI)
400 DLL characteristics
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
245C [ 4F] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
4000 [ C] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
2000 [ 8] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
2008 [ 48] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
4B4 virtual size
2000 virtual address (402000 to 4024B3)
1000 size of raw data
1000 file pointer to raw data (1000 to 1FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute
Read
RAW DATA #1
402000: 90 24 00 00 00 00 00 00 48 00 00 00 02 00 00 00 $......H.......
402010: 7C 20 00 00 E0 03 00 00 01 00 00 00 01 00 00 06 |...à...........
402020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
402030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
402040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
402050: 13 30 01 00 0B 00 00 00 00 00 00 00 72 01 00 00 .0..........r...
402060: 70 28 0B 00 00 0A 2A 00 13 30 01 00 07 00 00 00 p(....*..0......
402070: 00 00 00 00 02 28 0C 00 00 0A 2A 00 42 53 4A 42 .....(....*.BSJB
402080: 01 00 01 00 00 00 00 00 0C 00 00 00 76 31 2E 31 ............v1.1
402090: 2E 34 33 32 32 00 00 00 00 00 05 00 6C 00 00 00 .4322.......l...
4020A0: 7C 01 00 00 23 7E 00 00 E8 01 00 00 94 01 00 00 |...#~..è...?...
4020B0: 23 53 74 72 69 6E 67 73 00 00 00 00 7C 03 00 00 #Strings....|...
4020C0: 24 00 00 00 23 55 53 00 A0 03 00 00 10 00 00 00 $...#US. .......
4020D0: 23 47 55 49 44 00 00 00 B0 03 00 00 30 00 00 00 #GUID...°...0...
4020E0: 23 42 6C 6F 62 00 00 00 00 00 00 00 01 00 00 01 #Blob...........
4020F0: 47 15 00 00 09 00 00 00 00 FA 01 33 00 02 00 00 G........ú.3....
402100: 01 00 00 00 0C 00 00 00 02 00 00 00 02 00 00 00 ................
402110: 01 00 00 00 0C 00 00 00 0A 00 00 00 01 00 00 00 ................
402120: 01 00 00 00 00 00 3A 01 01 00 00 00 00 00 06 00 ......:.........
402130: 34 00 22 00 06 00 53 00 22 00 06 00 6E 00 22 00 4."...S."...n.".
402140: 06 00 87 00 22 00 06 00 A0 00 22 00 06 00 BF 00 ..?."... ."...¿.
402150: 22 00 06 00 DC 00 22 00 06 00 F3 00 22 00 06 00 "...Ü."...ó."...
402160: 0E 01 22 00 06 00 56 01 4F 01 06 00 64 01 4F 01 .."...V.O...d.O.
402170: 06 00 77 01 4F 01 00 00 00 00 01 00 00 00 00 00 ..w.O...........
402180: 01 00 01 00 00 00 10 00 5D 01 29 01 29 00 01 00 ........].).)...
402190: 01 00 50 20 00 00 00 00 91 00 89 01 23 00 01 00 ..P.....?.?.#...
4021A0: 68 20 00 00 00 00 86 18 4D 00 1A 00 02 00 00 00 h.....?.M.......
4021B0: 01 00 8E 01 09 00 4D 00 0A 00 11 00 4D 00 0A 00 ..?...M.....M...
4021C0: 19 00 4D 00 0A 00 21 00 4D 00 0A 00 29 00 4D 00 ..M...!.M...).M.
4021D0: 0A 00 31 00 4D 00 0A 00 39 00 4D 00 0A 00 41 00 ..1.M...9.M...A.
4021E0: 4D 00 0F 00 49 00 4D 00 0A 00 59 00 4D 00 1A 00 M...I.M...Y.M...
4021F0: 61 00 7F 01 1E 00 51 00 4D 00 1A 00 20 00 53 00 a....Q.M.....S.
402200: 29 00 2E 00 0B 00 14 00 2E 00 1B 00 14 00 2E 00 )...............
402210: 23 00 14 00 2E 00 2B 00 14 00 2E 00 33 00 14 00 #.....+.....3...
402220: 2E 00 3B 00 14 00 2E 00 43 00 14 00 2E 00 4B 00 ..;.....C.....K.
402230: 14 00 2E 00 13 00 14 00 04 80 00 00 01 00 00 00 .........?......
402240: 27 08 07 43 00 00 00 00 00 00 29 01 00 00 01 00 '..C......).....
402250: 00 00 88 13 00 00 00 00 00 00 01 00 19 00 00 00 ..?.............
402260: 00 00 00 00 00 3C 4D 6F 64 75 6C 65 3E 00 68 65 ......he
402270: 6C 6C 6F 77 6F 72 6C 64 2E 45 58 45 00 6D 73 63 lloworld.EXE.msc
402280: 6F 72 6C 69 62 00 53 79 73 74 65 6D 2E 52 65 66 orlib.System.Ref
402290: 6C 65 63 74 69 6F 6E 00 41 73 73 65 6D 62 6C 79 lection.Assembly
4022A0: 50 72 6F 64 75 63 74 41 74 74 72 69 62 75 74 65 ProductAttribute
4022B0: 00 2E 63 74 6F 72 00 41 73 73 65 6D 62 6C 79 43 ..ctor.AssemblyC
4022C0: 6F 70 79 72 69 67 68 74 41 74 74 72 69 62 75 74 opyrightAttribut
4022D0: 65 00 41 73 73 65 6D 62 6C 79 4B 65 79 4E 61 6D e.AssemblyKeyNam
4022E0: 65 41 74 74 72 69 62 75 74 65 00 41 73 73 65 6D eAttribute.Assem
4022F0: 62 6C 79 43 6F 6D 70 61 6E 79 41 74 74 72 69 62 blyCompanyAttrib
402300: 75 74 65 00 41 73 73 65 6D 62 6C 79 43 6F 6E 66 ute.AssemblyConf
402310: 69 67 75 72 61 74 69 6F 6E 41 74 74 72 69 62 75 igurationAttribu
402320: 74 65 00 41 73 73 65 6D 62 6C 79 44 65 73 63 72 te.AssemblyDescr
402330: 69 70 74 69 6F 6E 41 74 74 72 69 62 75 74 65 00 iptionAttribute.
402340: 41 73 73 65 6D 62 6C 79 54 69 74 6C 65 41 74 74 AssemblyTitleAtt
402350: 72 69 62 75 74 65 00 41 73 73 65 6D 62 6C 79 44 ribute.AssemblyD
402360: 65 6C 61 79 53 69 67 6E 41 74 74 72 69 62 75 74 elaySignAttribut
402370: 65 00 41 73 73 65 6D 62 6C 79 54 72 61 64 65 6D e.AssemblyTradem
402380: 61 72 6B 41 74 74 72 69 62 75 74 65 00 48 65 6C arkAttribute.Hel
402390: 6C 6F 57 6F 72 6C 64 43 53 68 61 72 70 00 48 65 loWorldCSharp.He
4023A0: 6C 6C 6F 57 6F 72 6C 64 43 53 68 61 72 70 2E 65 lloWorldCSharp.e
4023B0: 78 65 00 53 79 73 74 65 6D 00 4F 62 6A 65 63 74 xe.System.Object
4023C0: 00 43 6C 61 73 73 31 00 53 54 41 54 68 72 65 61 .Class1.STAThrea
4023D0: 64 41 74 74 72 69 62 75 74 65 00 43 6F 6E 73 6F dAttribute.Conso
4023E0: 6C 65 00 57 72 69 74 65 4C 69 6E 65 00 4D 61 69 le.WriteLine.Mai
4023F0: 6E 00 61 72 67 73 00 00 00 21 48 00 65 00 6C 00 n.args...!H.e.l.
402400: 6C 00 6F 00 20 00 43 00 6F 00 64 00 65 00 20 00 l.o...C.o.d.e...
402410: 43 00 61 00 6D 00 70 00 21 00 00 00 8F 91 31 5C C.a.m.p.!...?1\
402420: 9F 83 64 40 B9 A7 8C 1C C5 84 3F A6 00 08 B7 7A ??d@¹§?.Å??¦..·z
402430: 5C 56 19 34 E0 89 04 20 01 01 0E 04 20 01 01 02 \V.4à?..........
402440: 05 01 00 00 00 00 03 20 00 01 04 00 01 01 0E 05 ................
402450: 00 01 01 1D 0E 04 01 00 00 00 00 00 84 24 00 00 ............?$..
402460: 00 00 00 00 00 00 00 00 9E 24 00 00 00 20 00 00 ........?$......
402470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
402480: 00 00 00 00 90 24 00 00 00 00 00 00 00 00 00 00 ....$..........
402490: 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 .._CorExeMain.ms
4024A0: 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00 00 FF 25 coree.dll.....ÿ%
4024B0: 00 20 40 00 ..@.
Import Directory
Import Address Table
Clr Directory
48 cb
2.0 runtime version
207C [ 3E0] RVA [size] of MetaData Directory
00000001 flags
6000001 entry point token
0 [ 0] RVA [size] of Resources Directory
0 [ 0] RVA [size] of StrongNameSignature Directory
0 [ 0] RVA [size] of CodeManagerTable Directory
0 [ 0] RVA [size] of VTableFixups Directory
0 [ 0] RVA [size] of ExportAddressTableJumps Directory
SECTION HEADER #2
.reloc name
C virtual size
4000 virtual address (404000 to 40400B)
1000 size of raw data
2000 file pointer to raw data (2000 to 2FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Read
Initialized Data
Discardable
RAW DATA #2
404000: 00 20 00 00 0C 00 00 00 B0 34 00 00 ........°4..
Base Relocation Directory
2000 [ C] RVA [size] of block
34B0 Type of Offset
Absolute