Skip to content

Instantly share code, notes, and snippets.

@namazso

namazso/coff.ksy

Created January 13, 2022 20:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save namazso/68c1bc8b442d3b8483c05e68390ecbc2 to your computer and use it in GitHub Desktop.
Save namazso/68c1bc8b442d3b8483c05e68390ecbc2 to your computer and use it in GitHub Desktop.
Download ZIP
Kaitai Struct YAML for COFF
Raw
coff.ksy
meta:
id: coff
title: Common Object Format File
file-extension:
- obj
license: CC0-1.0
ks-version: 0.9
endian: le
doc-ref: https://wiki.osdev.org/COFF
seq:
- id: coff_hdr
type: coff_header
- id: optional_hdr
type: optional_header
if: coff_hdr.size_of_optional_header != 0
size: coff_hdr.size_of_optional_header
- id: sections
repeat: expr
repeat-expr: coff_hdr.number_of_sections
type: section
types:
coff_header:
seq:
- id: machine
type: u2
enum: machine_type
- id: number_of_sections
type: u2
- id: time_date_stamp
type: u4
- id: pointer_to_symbol_table
type: u4
- id: number_of_symbols
type: u4
- id: size_of_optional_header
type: u2
- id: characteristics
type: u2
instances:
symbol_table_size:
value: number_of_symbols * 18
symbol_name_table_offset:
value: pointer_to_symbol_table + symbol_table_size
symbol_name_table_size:
pos: symbol_name_table_offset
type: u4
symbol_table:
pos: pointer_to_symbol_table
type: coff_symbol
repeat: expr
repeat-expr: number_of_symbols
enums:
machine_type:
# 3.3.1. Machine Types
0x0: unknown
0x1d3: am33
0x8664: amd64
0x1c0: arm
0xaa64: arm64
0x1c4: armnt
0xebc: ebc
0x14c: i386
0x200: ia64
0x9041: m32r
0x266: mips16
0x366: mipsfpu
0x466: mipsfpu16
0x1f0: powerpc
0x1f1: powerpcfp
0x166: r4000
0x5032: riscv32
0x5064: riscv64
0x5128: riscv128
0x1a2: sh3
0x1a3: sh3dsp
0x1a6: sh4
0x1a8: sh5
0x1c2: thumb
0x169: wcemipsv2
# Not mentioned in Microsoft documentation, but widely regarded
0x184: alpha
optional_header:
seq:
- id: magic
type: u2
- id: vstamp
type: u2
- id: text_size
type: u4
- id: data_size
type: u4
- id: bss_size
type: u4
- id: entry_point
type: u4
- id: text_start
type: u4
- id: data_start
type: u4
coff_symbol:
-webide-representation: '{name_annoying.name}'
seq:
- id: name_annoying
type: annoyingstring
size: 8
#- id: name_zeroes
# type: u4
#- id: name_offset
# type: u4
- id: value
type: u4
- id: section_number
type: u2
- id: type
type: u2
- id: storage_class
type: u1
- id: number_of_aux_symbols
type: u1
instances:
#effective_name:
# value: name_zeroes == 0 ? name_from_offset : '"fixme"'
#name_from_offset:
# io: _root._io
# pos: name_zeroes == 0 ? _parent.symbol_name_table_offset + name_offset : 0
# type: str
# terminator: 0
# encoding: ascii
section:
value: _root.sections[section_number - 1]
data:
pos: section.pointer_to_raw_data + value
size: 1
coff_reloc:
seq:
- id: vaddr
type: u4
- id: symndx
type: u4
- id: type
type: u2
annoyingstring:
-webide-representation: '{name}'
instances:
name_zeroes:
pos: 0
type: u4
name_offset:
pos: 4
type: u4
name_from_offset:
io: _root._io
pos: 'name_zeroes == 0 ? _parent._parent.symbol_name_table_offset + name_offset : 0'
type: str
terminator: 0
encoding: ascii
eos-error: false
if: name_zeroes == 0
name_from_short:
pos: 0
type: str
terminator: 0
encoding: ascii
eos-error: false
if: name_zeroes != 0
name:
value: 'name_zeroes == 0 ? name_from_offset : name_from_short'
section:
-webide-representation: "{name}"
seq:
- id: name
type: str
encoding: UTF-8
size: 8
pad-right: 0
- id: virtual_size
type: u4
- id: virtual_address
type: u4
- id: size_of_raw_data
type: u4
- id: pointer_to_raw_data
type: u4
- id: pointer_to_relocations
type: u4
- id: pointer_to_linenumbers
type: u4
- id: number_of_relocations
type: u2
- id: number_of_linenumbers
type: u2
- id: characteristics
type: u4
instances:
body:
pos: pointer_to_raw_data
size: size_of_raw_data
relocs:
pos: pointer_to_relocations
repeat: expr
repeat-expr: number_of_relocations
type: coff_reloc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment