Re^5: true from (-e "") on Windoze (" is an illegal filename character

Replies are listed 'Best First'.
Re^6: true from (-e "") on Windoze (" is an illegal filename character by afoken (Chancellor) on Jul 05, 2012 at 19:55 UTC
X:\>objdump -p 979536.exe 979536.exe: file format pei-x86-64 Characteristics 0x27 relocations stripped executable line numbers stripped large address aware Time/Date Thu Jul 05 21:33:01 2012 Magic 020b (PE32+) MajorLinkerVersion 2 MinorLinkerVersion 21 SizeOfCode 00002200 SizeOfInitializedData 00001400 SizeOfUninitializedData 00000a00 AddressOfEntryPoint 00000000000014e0 BaseOfCode 0000000000001000 ImageBase 0000000000400000 SectionAlignment 0000000000001000 FileAlignment 0000000000000200 MajorOSystemVersion 4 MinorOSystemVersion 0 MajorImageVersion 0 MinorImageVersion 0 MajorSubsystemVersion 5 MinorSubsystemVersion 2 Win32Version 00000000 SizeOfImage 00022000 SizeOfHeaders 00000600 CheckSum 000268cb Subsystem 00000003 (Windows CUI) DllCharacteristics 00000000 SizeOfStackReserve 0000000000200000 SizeOfStackCommit 0000000000001000 SizeOfHeapReserve 0000000000100000 SizeOfHeapCommit 0000000000001000 LoaderFlags 00000000 NumberOfRvaAndSizes 00000010 The Data Directory Entry 0 0000000000000000 00000000 Export Directory [.edata (or where e +ver we fou nd it)] Entry 1 0000000000007000 0000082c Import Directory [parts of .idata] Entry 2 0000000000000000 00000000 Resource Directory [.rsrc] Entry 3 0000000000000000 00000000 Exception Directory [.pdata] Entry 4 0000000000000000 00000000 Security Directory Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc] Entry 6 0000000000000000 00000000 Debug Directory Entry 7 0000000000000000 00000000 Description Directory Entry 8 0000000000000000 00000000 Special Directory Entry 9 0000000000009000 00000028 Thread Storage Directory [.tls] Entry a 0000000000000000 00000000 Load Configuration Directory Entry b 0000000000000000 00000000 Bound Import Directory Entry c 0000000000007204 000001c8 Import Address Table Directory Entry d 0000000000000000 00000000 Delay Import Directory Entry e 0000000000000000 00000000 CLR Runtime Header Entry f 0000000000000000 00000000 Reserved There is an import table in .idata at 0x407000 The Import Tables (interpreted .idata section contents) vma: Hint Time Forward DLL First Table Stamp Chain Name Thunk 00007000 0000703c 00000000 00000000 0000779c 00007204 DLL Name: KERNEL32.dll vma: Hint/Ord Member-Name Bound-To 73cc 134 DeleteCriticalSection 73e4 157 EnterCriticalSection 73fc 327 GetCurrentProcess 7410 328 GetCurrentProcessId 7426 331 GetCurrentThreadId 743c 373 GetLastError 744c 387 GetModuleHandleA 7460 420 GetProcAddress 7472 443 GetStartupInfoA 7484 462 GetSystemTimeAsFileTime 749e 483 GetTickCount 74ae 551 InitializeCriticalSection 74ca 591 LeaveCriticalSection 74e2 595 LoadLibraryW 74f2 673 QueryPerformanceCounter 750c 721 RtlAddFunctionTable 7522 722 RtlCaptureContext 7536 729 RtlLookupFunctionEntry 7550 736 RtlVirtualUnwind 7564 850 SetUnhandledExceptionFilter 7582 862 Sleep 758a 870 TerminateProcess 759e 877 TlsGetValue 75ac 886 UnhandledExceptionFilter 75c8 910 VirtualProtect 75da 912 VirtualQuery 00007014 00007114 00000000 00000000 00007820 000072dc DLL Name: msvcrt.dll vma: Hint/Ord Member-Name Bound-To 75ea 78 __dllonexit 75f8 81 __getmainargs 7608 82 __initenv 7614 83 __iob_func 7622 90 __lconv_init 7632 96 __set_app_type 7644 98 __setusermatherr 7658 114 _acmdln 7662 121 _amsg_exit 7670 139 _cexit 767a 231 _fmode 7684 297 _initterm 7690 400 _lock 7698 564 _onexit 76a2 653 _stat64 76ac 732 _unlock 76b6 932 abort 76be 946 calloc 76c8 956 exit 76d0 971 fprintf 76da 978 free 76e2 989 fwrite 76ec 1034 malloc 76f6 1042 memcpy 7700 1050 printf 770a 1072 signal 7714 1092 strlen 771e 1095 strncmp 7728 1127 vfprintf 00007028 00000000 00000000 00000000 00000000 00000000 X:\> [download] Process Explorer shows that BrowserUK's test program uses msvcrt.dll from C:\Windows\System32\msvcrt.dll. This DLL is part of Windows 7, with file and product version both set to 7.0.7601.17744. It seems that msvcrt.dll loads several other DLLs (apisetschema.dll 6.1.7600.16385, kernelbase.dll 6.1.7601.17651, ntdll.dll 6.1.7601.17725) all from C:\Windows\System32, all from Microsoft. The program itself also uses kernel32.dll 6.1.7601.17651, of course from C:\Windows\System32, delivered by Microsoft. No other DLLs are loaded, and not a single DLL comes from the MinGW installation that came with Straberry Perl. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l]

Replies are listed 'Best First'.

Re^6: true from (-e "") on Windoze (" is an illegal filename character
by afoken (Chancellor) on Jul 05, 2012 at 19:55 UTC

X:\>objdump -p  979536.exe

979536.exe:     file format pei-x86-64

Characteristics 0x27
        relocations stripped
        executable
        line numbers stripped
        large address aware

Time/Date               Thu Jul 05 21:33:01 2012
Magic                   020b    (PE32+)
MajorLinkerVersion      2
MinorLinkerVersion      21
SizeOfCode              00002200
SizeOfInitializedData   00001400
SizeOfUninitializedData 00000a00
AddressOfEntryPoint     00000000000014e0
BaseOfCode              0000000000001000
ImageBase               0000000000400000
SectionAlignment        0000000000001000
FileAlignment           0000000000000200
MajorOSystemVersion     4
MinorOSystemVersion     0
MajorImageVersion       0
MinorImageVersion       0
MajorSubsystemVersion   5
MinorSubsystemVersion   2
Win32Version            00000000
SizeOfImage             00022000
SizeOfHeaders           00000600
CheckSum                000268cb
Subsystem               00000003        (Windows CUI)
DllCharacteristics      00000000
SizeOfStackReserve      0000000000200000
SizeOfStackCommit       0000000000001000
SizeOfHeapReserve       0000000000100000
SizeOfHeapCommit        0000000000001000
LoaderFlags             00000000
NumberOfRvaAndSizes     00000010

The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where e
+ver we fou
nd it)]
Entry 1 0000000000007000 0000082c Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000009000 00000028 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000007204 000001c8 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved

There is an import table in .idata at 0x407000

The Import Tables (interpreted .idata section contents)
 vma:            Hint    Time      Forward  DLL       First
                 Table   Stamp     Chain    Name      Thunk
 00007000       0000703c 00000000 00000000 0000779c 00007204

        DLL Name: KERNEL32.dll
        vma:  Hint/Ord Member-Name Bound-To
        73cc      134  DeleteCriticalSection
        73e4      157  EnterCriticalSection
        73fc      327  GetCurrentProcess
        7410      328  GetCurrentProcessId
        7426      331  GetCurrentThreadId
        743c      373  GetLastError
        744c      387  GetModuleHandleA
        7460      420  GetProcAddress
        7472      443  GetStartupInfoA
        7484      462  GetSystemTimeAsFileTime
        749e      483  GetTickCount
        74ae      551  InitializeCriticalSection
        74ca      591  LeaveCriticalSection
        74e2      595  LoadLibraryW
        74f2      673  QueryPerformanceCounter
        750c      721  RtlAddFunctionTable
        7522      722  RtlCaptureContext
        7536      729  RtlLookupFunctionEntry
        7550      736  RtlVirtualUnwind
        7564      850  SetUnhandledExceptionFilter
        7582      862  Sleep
        758a      870  TerminateProcess
        759e      877  TlsGetValue
        75ac      886  UnhandledExceptionFilter
        75c8      910  VirtualProtect
        75da      912  VirtualQuery

 00007014       00007114 00000000 00000000 00007820 000072dc

        DLL Name: msvcrt.dll
        vma:  Hint/Ord Member-Name Bound-To
        75ea       78  __dllonexit
        75f8       81  __getmainargs
        7608       82  __initenv
        7614       83  __iob_func
        7622       90  __lconv_init
        7632       96  __set_app_type
        7644       98  __setusermatherr
        7658      114  _acmdln
        7662      121  _amsg_exit
        7670      139  _cexit
        767a      231  _fmode
        7684      297  _initterm
        7690      400  _lock
        7698      564  _onexit
        76a2      653  _stat64
        76ac      732  _unlock
        76b6      932  abort
        76be      946  calloc
        76c8      956  exit
        76d0      971  fprintf
        76da      978  free
        76e2      989  fwrite
        76ec     1034  malloc
        76f6     1042  memcpy
        7700     1050  printf
        770a     1072  signal
        7714     1092  strlen
        771e     1095  strncmp
        7728     1127  vfprintf

 00007028       00000000 00000000 00000000 00000000 00000000


X:\>
[download]

Process Explorer shows that BrowserUK's test program uses msvcrt.dll from C:\Windows\System32\msvcrt.dll. This DLL is part of Windows 7, with file and product version both set to 7.0.7601.17744. It seems that msvcrt.dll loads several other DLLs (apisetschema.dll 6.1.7600.16385, kernelbase.dll 6.1.7601.17651, ntdll.dll 6.1.7601.17725) all from C:\Windows\System32, all from Microsoft. The program itself also uses kernel32.dll 6.1.7601.17651, of course from C:\Windows\System32, delivered by Microsoft. No other DLLs are loaded, and not a single DLL comes from the MinGW installation that came with Straberry Perl.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

[reply]
[d/l]