object/read/coff/

symbol.rs

use alloc::fmt;
use alloc::vec::Vec;
use core::convert::TryInto;
use core::fmt::Debug;
use core::str;

use super::{CoffCommon, CoffHeader, SectionTable};
use crate::endian::{LittleEndian as LE, U32Bytes};
use crate::pe;
use crate::pod::{bytes_of, bytes_of_slice, Pod};
use crate::read::util::StringTable;
use crate::read::{
    self, Bytes, ObjectSymbol, ObjectSymbolTable, ReadError, ReadRef, Result, SectionIndex,
    SymbolFlags, SymbolIndex, SymbolKind, SymbolMap, SymbolMapEntry, SymbolScope, SymbolSection,
};

/// A table of symbol entries in a COFF or PE file.
///
/// Also includes the string table used for the symbol names.
///
/// Returned by [`CoffHeader::symbols`] and
/// [`ImageNtHeaders::symbols`](crate::read::pe::ImageNtHeaders::symbols).
#[derive(Debug)]
pub struct SymbolTable<'data, R = &'data [u8], Coff = pe::ImageFileHeader>
where
    R: ReadRef<'data>,
    Coff: CoffHeader,
{
    symbols: &'data [Coff::ImageSymbolBytes],
    strings: StringTable<'data, R>,
}

impl<'data, R: ReadRef<'data>, Coff: CoffHeader> Default for SymbolTable<'data, R, Coff> {
    fn default() -> Self {
        Self {
            symbols: &[],
            strings: StringTable::default(),
        }
    }
}

impl<'data, R: ReadRef<'data>, Coff: CoffHeader> SymbolTable<'data, R, Coff> {
    /// Read the symbol table.
    pub fn parse(header: &Coff, data: R) -> Result<Self> {
        // The symbol table may not be present.
        let mut offset = header.pointer_to_symbol_table().into();
        let (symbols, strings) = if offset != 0 {
            let symbols = data
                .read_slice(&mut offset, header.number_of_symbols() as usize)
                .read_error("Invalid COFF symbol table offset or size")?;

            // Note: don't update data when reading length; the length includes itself.
            let length = data
                .read_at::<U32Bytes<_>>(offset)
                .read_error("Missing COFF string table")?
                .get(LE);
            let str_end = offset
                .checked_add(length as u64)
                .read_error("Invalid COFF string table length")?;
            let strings = StringTable::new(data, offset, str_end);

            (symbols, strings)
        } else {
            (&[][..], StringTable::default())
        };

        Ok(SymbolTable { symbols, strings })
    }

    /// Return the string table used for the symbol names.
    #[inline]
    pub fn strings(&self) -> StringTable<'data, R> {
        self.strings
    }

    /// Return true if the symbol table is empty.
    #[inline]
    pub fn is_empty(&self) -> bool {
        self.symbols.is_empty()
    }

    /// The number of symbol table entries.
    ///
    /// This includes auxiliary symbol table entries.
    #[inline]
    pub fn len(&self) -> usize {
        self.symbols.len()
    }

    /// Iterate over the symbols.
    #[inline]
    pub fn iter<'table>(&'table self) -> SymbolIterator<'data, 'table, R, Coff> {
        SymbolIterator {
            symbols: self,
            index: SymbolIndex(0),
        }
    }

    /// Return the symbol table entry at the given index.
    #[inline]
    pub fn symbol(&self, index: SymbolIndex) -> Result<&'data Coff::ImageSymbol> {
        self.get::<Coff::ImageSymbol>(index, 0)
    }

    /// Return the auxiliary function symbol for the symbol table entry at the given index.
    ///
    /// Note that the index is of the symbol, not the first auxiliary record.
    #[inline]
    pub fn aux_function(&self, index: SymbolIndex) -> Result<&'data pe::ImageAuxSymbolFunction> {
        self.get::<pe::ImageAuxSymbolFunction>(index, 1)
    }

    /// Return the auxiliary section symbol for the symbol table entry at the given index.
    ///
    /// Note that the index is of the symbol, not the first auxiliary record.
    #[inline]
    pub fn aux_section(&self, index: SymbolIndex) -> Result<&'data pe::ImageAuxSymbolSection> {
        self.get::<pe::ImageAuxSymbolSection>(index, 1)
    }

    /// Return the auxiliary file name for the symbol table entry at the given index.
    ///
    /// Note that the index is of the symbol, not the first auxiliary record.
    pub fn aux_file_name(&self, index: SymbolIndex, aux_count: u8) -> Result<&'data [u8]> {
        let entries = index
            .0
            .checked_add(1)
            .and_then(|x| Some(x..x.checked_add(aux_count.into())?))
            .and_then(|x| self.symbols.get(x))
            .read_error("Invalid COFF symbol index")?;
        let bytes = bytes_of_slice(entries);
        // The name is padded with nulls.
        Ok(match memchr::memchr(b'\0', bytes) {
            Some(end) => &bytes[..end],
            None => bytes,
        })
    }

    /// Return the symbol table entry or auxiliary record at the given index and offset.
    pub fn get<T: Pod>(&self, index: SymbolIndex, offset: usize) -> Result<&'data T> {
        let bytes = index
            .0
            .checked_add(offset)
            .and_then(|x| self.symbols.get(x))
            .read_error("Invalid COFF symbol index")?;
        Bytes(bytes_of(bytes))
            .read()
            .read_error("Invalid COFF symbol data")
    }

    /// Construct a map from addresses to a user-defined map entry.
    pub fn map<Entry: SymbolMapEntry, F: Fn(&'data Coff::ImageSymbol) -> Option<Entry>>(
        &self,
        f: F,
    ) -> SymbolMap<Entry> {
        let mut symbols = Vec::with_capacity(self.symbols.len());
        for (_, symbol) in self.iter() {
            if !symbol.is_definition() {
                continue;
            }
            if let Some(entry) = f(symbol) {
                symbols.push(entry);
            }
        }
        SymbolMap::new(symbols)
    }
}

/// An iterator for symbol entries in a COFF or PE file.
///
/// Yields the index and symbol structure for each symbol.
#[derive(Debug)]
pub struct SymbolIterator<'data, 'table, R = &'data [u8], Coff = pe::ImageFileHeader>
where
    R: ReadRef<'data>,
    Coff: CoffHeader,
{
    symbols: &'table SymbolTable<'data, R, Coff>,
    index: SymbolIndex,
}

impl<'data, 'table, R: ReadRef<'data>, Coff: CoffHeader> Iterator
    for SymbolIterator<'data, 'table, R, Coff>
{
    type Item = (SymbolIndex, &'data Coff::ImageSymbol);

    fn next(&mut self) -> Option<Self::Item> {
        let index = self.index;
        let symbol = self.symbols.symbol(index).ok()?;
        self.index.0 += 1 + symbol.number_of_aux_symbols() as usize;
        Some((index, symbol))
    }
}

/// A symbol table in a [`CoffBigFile`](super::CoffBigFile).
pub type CoffBigSymbolTable<'data, 'file, R = &'data [u8]> =
    CoffSymbolTable<'data, 'file, R, pe::AnonObjectHeaderBigobj>;

/// A symbol table in a [`CoffFile`](super::CoffFile)
/// or [`PeFile`](crate::read::pe::PeFile).
#[derive(Debug, Clone, Copy)]
pub struct CoffSymbolTable<'data, 'file, R = &'data [u8], Coff = pe::ImageFileHeader>
where
    R: ReadRef<'data>,
    Coff: CoffHeader,
{
    pub(crate) file: &'file CoffCommon<'data, R, Coff>,
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> read::private::Sealed
    for CoffSymbolTable<'data, 'file, R, Coff>
{
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> ObjectSymbolTable<'data>
    for CoffSymbolTable<'data, 'file, R, Coff>
{
    type Symbol = CoffSymbol<'data, 'file, R, Coff>;
    type SymbolIterator = CoffSymbolIterator<'data, 'file, R, Coff>;

    fn symbols(&self) -> Self::SymbolIterator {
        CoffSymbolIterator::new(self.file)
    }

    fn symbol_by_index(&self, index: SymbolIndex) -> Result<Self::Symbol> {
        let symbol = self.file.symbols.symbol(index)?;
        Ok(CoffSymbol {
            file: self.file,
            index,
            symbol,
        })
    }
}

/// An iterator for the symbols in a [`CoffBigFile`](super::CoffBigFile).
pub type CoffBigSymbolIterator<'data, 'file, R = &'data [u8]> =
    CoffSymbolIterator<'data, 'file, R, pe::AnonObjectHeaderBigobj>;

/// An iterator for the symbols in a [`CoffFile`](super::CoffFile)
/// or [`PeFile`](crate::read::pe::PeFile).
pub struct CoffSymbolIterator<'data, 'file, R = &'data [u8], Coff = pe::ImageFileHeader>
where
    R: ReadRef<'data>,
    Coff: CoffHeader,
{
    file: &'file CoffCommon<'data, R, Coff>,
    index: SymbolIndex,
}

impl<'data, 'file, R, Coff> CoffSymbolIterator<'data, 'file, R, Coff>
where
    R: ReadRef<'data>,
    Coff: CoffHeader,
{
    pub(crate) fn new(file: &'file CoffCommon<'data, R, Coff>) -> Self {
        Self {
            file,
            index: SymbolIndex(0),
        }
    }

    pub(crate) fn empty(file: &'file CoffCommon<'data, R, Coff>) -> Self {
        Self {
            file,
            index: SymbolIndex(file.symbols.len()),
        }
    }
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> fmt::Debug
    for CoffSymbolIterator<'data, 'file, R, Coff>
{
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.debug_struct("CoffSymbolIterator").finish()
    }
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> Iterator
    for CoffSymbolIterator<'data, 'file, R, Coff>
{
    type Item = CoffSymbol<'data, 'file, R, Coff>;

    fn next(&mut self) -> Option<Self::Item> {
        let index = self.index;
        let symbol = self.file.symbols.symbol(index).ok()?;
        self.index.0 += 1 + symbol.number_of_aux_symbols() as usize;
        Some(CoffSymbol {
            file: self.file,
            index,
            symbol,
        })
    }
}

/// A symbol in a [`CoffBigFile`](super::CoffBigFile).
///
/// Most functionality is provided by the [`ObjectSymbol`] trait implementation.
pub type CoffBigSymbol<'data, 'file, R = &'data [u8]> =
    CoffSymbol<'data, 'file, R, pe::AnonObjectHeaderBigobj>;

/// A symbol in a [`CoffFile`](super::CoffFile) or [`PeFile`](crate::read::pe::PeFile).
///
/// Most functionality is provided by the [`ObjectSymbol`] trait implementation.
#[derive(Debug, Clone, Copy)]
pub struct CoffSymbol<'data, 'file, R = &'data [u8], Coff = pe::ImageFileHeader>
where
    R: ReadRef<'data>,
    Coff: CoffHeader,
{
    pub(crate) file: &'file CoffCommon<'data, R, Coff>,
    pub(crate) index: SymbolIndex,
    pub(crate) symbol: &'data Coff::ImageSymbol,
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> CoffSymbol<'data, 'file, R, Coff> {
    #[inline]
    /// Get the raw `ImageSymbol` struct.
    #[deprecated(note = "Use `coff_symbol` instead")]
    pub fn raw_symbol(&self) -> &'data Coff::ImageSymbol {
        self.symbol
    }

    /// Get the raw `ImageSymbol` struct.
    pub fn coff_symbol(&self) -> &'data Coff::ImageSymbol {
        self.symbol
    }
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> read::private::Sealed
    for CoffSymbol<'data, 'file, R, Coff>
{
}

impl<'data, 'file, R: ReadRef<'data>, Coff: CoffHeader> ObjectSymbol<'data>
    for CoffSymbol<'data, 'file, R, Coff>
{
    #[inline]
    fn index(&self) -> SymbolIndex {
        self.index
    }

    fn name_bytes(&self) -> read::Result<&'data [u8]> {
        if self.symbol.has_aux_file_name() {
            self.file
                .symbols
                .aux_file_name(self.index, self.symbol.number_of_aux_symbols())
        } else {
            self.symbol.name(self.file.symbols.strings())
        }
    }

    fn name(&self) -> read::Result<&'data str> {
        let name = self.name_bytes()?;
        str::from_utf8(name)
            .ok()
            .read_error("Non UTF-8 COFF symbol name")
    }

    fn address(&self) -> u64 {
        self.symbol
            .address(self.file.image_base, &self.file.sections)
            .unwrap_or(None)
            .unwrap_or(0)
    }

    fn size(&self) -> u64 {
        match self.symbol.storage_class() {
            pe::IMAGE_SYM_CLASS_STATIC => {
                // Section symbols may duplicate the size from the section table.
                if self.symbol.has_aux_section() {
                    if let Ok(aux) = self.file.symbols.aux_section(self.index) {
                        u64::from(aux.length.get(LE))
                    } else {
                        0
                    }
                } else {
                    0
                }
            }
            pe::IMAGE_SYM_CLASS_EXTERNAL => {
                if self.symbol.section_number() == pe::IMAGE_SYM_UNDEFINED {
                    // For undefined symbols, symbol.value is 0 and the size is 0.
                    // For common data, symbol.value is the size.
                    u64::from(self.symbol.value())
                } else if self.symbol.has_aux_function() {
                    // Function symbols may have a size.
                    if let Ok(aux) = self.file.symbols.aux_function(self.index) {
                        u64::from(aux.total_size.get(LE))
                    } else {
                        0
                    }
                } else {
                    0
                }
            }
            // Most symbols don't have sizes.
            _ => 0,
        }
    }

    fn kind(&self) -> SymbolKind {
        let derived_kind = if self.symbol.derived_type() == pe::IMAGE_SYM_DTYPE_FUNCTION {
            SymbolKind::Text
        } else {
            SymbolKind::Data
        };
        match self.symbol.storage_class() {
            pe::IMAGE_SYM_CLASS_STATIC => {
                if self.symbol.has_aux_section() {
                    SymbolKind::Section
                } else {
                    derived_kind
                }
            }
            pe::IMAGE_SYM_CLASS_EXTERNAL | pe::IMAGE_SYM_CLASS_WEAK_EXTERNAL => derived_kind,
            pe::IMAGE_SYM_CLASS_SECTION => SymbolKind::Section,
            pe::IMAGE_SYM_CLASS_FILE => SymbolKind::File,
            pe::IMAGE_SYM_CLASS_LABEL => SymbolKind::Label,
            _ => SymbolKind::Unknown,
        }
    }

    fn section(&self) -> SymbolSection {
        match self.symbol.section_number() {
            pe::IMAGE_SYM_UNDEFINED => {
                if self.symbol.storage_class() == pe::IMAGE_SYM_CLASS_EXTERNAL {
                    if self.symbol.value() == 0 {
                        SymbolSection::Undefined
                    } else {
                        SymbolSection::Common
                    }
                } else if self.symbol.storage_class() == pe::IMAGE_SYM_CLASS_SECTION {
                    SymbolSection::Undefined
                } else {
                    SymbolSection::Unknown
                }
            }
            pe::IMAGE_SYM_ABSOLUTE => SymbolSection::Absolute,
            pe::IMAGE_SYM_DEBUG => {
                if self.symbol.storage_class() == pe::IMAGE_SYM_CLASS_FILE {
                    SymbolSection::None
                } else {
                    SymbolSection::Unknown
                }
            }
            index if index > 0 => SymbolSection::Section(SectionIndex(index as usize)),
            _ => SymbolSection::Unknown,
        }
    }

    #[inline]
    fn is_undefined(&self) -> bool {
        self.symbol.storage_class() == pe::IMAGE_SYM_CLASS_EXTERNAL
            && self.symbol.section_number() == pe::IMAGE_SYM_UNDEFINED
            && self.symbol.value() == 0
    }

    #[inline]
    fn is_definition(&self) -> bool {
        self.symbol.is_definition()
    }

    #[inline]
    fn is_common(&self) -> bool {
        self.symbol.storage_class() == pe::IMAGE_SYM_CLASS_EXTERNAL
            && self.symbol.section_number() == pe::IMAGE_SYM_UNDEFINED
            && self.symbol.value() != 0
    }

    #[inline]
    fn is_weak(&self) -> bool {
        self.symbol.storage_class() == pe::IMAGE_SYM_CLASS_WEAK_EXTERNAL
    }

    #[inline]
    fn scope(&self) -> SymbolScope {
        match self.symbol.storage_class() {
            pe::IMAGE_SYM_CLASS_EXTERNAL | pe::IMAGE_SYM_CLASS_WEAK_EXTERNAL => {
                // TODO: determine if symbol is exported
                SymbolScope::Linkage
            }
            _ => SymbolScope::Compilation,
        }
    }

    #[inline]
    fn is_global(&self) -> bool {
        match self.symbol.storage_class() {
            pe::IMAGE_SYM_CLASS_EXTERNAL | pe::IMAGE_SYM_CLASS_WEAK_EXTERNAL => true,
            _ => false,
        }
    }

    #[inline]
    fn is_local(&self) -> bool {
        !self.is_global()
    }

    fn flags(&self) -> SymbolFlags<SectionIndex, SymbolIndex> {
        if self.symbol.has_aux_section() {
            if let Ok(aux) = self.file.symbols.aux_section(self.index) {
                let number = if Coff::is_type_bigobj() {
                    u32::from(aux.number.get(LE)) | (u32::from(aux.high_number.get(LE)) << 16)
                } else {
                    u32::from(aux.number.get(LE))
                };
                return SymbolFlags::CoffSection {
                    selection: aux.selection,
                    associative_section: if number == 0 {
                        None
                    } else {
                        Some(SectionIndex(number as usize))
                    },
                };
            }
        }
        SymbolFlags::None
    }
}

/// A trait for generic access to [`pe::ImageSymbol`] and [`pe::ImageSymbolEx`].
#[allow(missing_docs)]
pub trait ImageSymbol: Debug + Pod {
    fn raw_name(&self) -> &[u8; 8];
    fn value(&self) -> u32;
    fn section_number(&self) -> i32;
    fn typ(&self) -> u16;
    fn storage_class(&self) -> u8;
    fn number_of_aux_symbols(&self) -> u8;

    /// Parse a COFF symbol name.
    ///
    /// `strings` must be the string table used for symbol names.
    fn name<'data, R: ReadRef<'data>>(
        &'data self,
        strings: StringTable<'data, R>,
    ) -> Result<&'data [u8]> {
        let name = self.raw_name();
        if name[0] == 0 {
            // If the name starts with 0 then the last 4 bytes are a string table offset.
            let offset = u32::from_le_bytes(name[4..8].try_into().unwrap());
            strings
                .get(offset)
                .read_error("Invalid COFF symbol name offset")
        } else {
            // The name is inline and padded with nulls.
            Ok(match memchr::memchr(b'\0', name) {
                Some(end) => &name[..end],
                None => &name[..],
            })
        }
    }

    /// Return the symbol address.
    ///
    /// This takes into account the image base and the section address,
    /// and only returns an address for symbols that have an address.
    fn address(&self, image_base: u64, sections: &SectionTable<'_>) -> Result<Option<u64>> {
        // Only return an address for storage classes that we know use an address.
        match self.storage_class() {
            pe::IMAGE_SYM_CLASS_STATIC
            | pe::IMAGE_SYM_CLASS_WEAK_EXTERNAL
            | pe::IMAGE_SYM_CLASS_LABEL
            | pe::IMAGE_SYM_CLASS_EXTERNAL => {}
            _ => return Ok(None),
        }
        let Some(section_index) = self.section() else {
            return Ok(None);
        };
        let section = sections.section(section_index)?;
        let virtual_address = u64::from(section.virtual_address.get(LE));
        let value = u64::from(self.value());
        Ok(Some(image_base + virtual_address + value))
    }

    /// Return the section index for the symbol.
    fn section(&self) -> Option<SectionIndex> {
        let section_number = self.section_number();
        if section_number > 0 {
            Some(SectionIndex(section_number as usize))
        } else {
            None
        }
    }

    /// Return true if the symbol is a definition of a function or data object.
    fn is_definition(&self) -> bool {
        if self.section_number() <= 0 {
            return false;
        }
        match self.storage_class() {
            pe::IMAGE_SYM_CLASS_STATIC => !self.has_aux_section(),
            pe::IMAGE_SYM_CLASS_EXTERNAL | pe::IMAGE_SYM_CLASS_WEAK_EXTERNAL => true,
            _ => false,
        }
    }

    /// Return true if the symbol has an auxiliary file name.
    fn has_aux_file_name(&self) -> bool {
        self.number_of_aux_symbols() > 0 && self.storage_class() == pe::IMAGE_SYM_CLASS_FILE
    }

    /// Return true if the symbol has an auxiliary function symbol.
    fn has_aux_function(&self) -> bool {
        self.number_of_aux_symbols() > 0 && self.derived_type() == pe::IMAGE_SYM_DTYPE_FUNCTION
    }

    /// Return true if the symbol has an auxiliary section symbol.
    fn has_aux_section(&self) -> bool {
        self.number_of_aux_symbols() > 0
            && self.storage_class() == pe::IMAGE_SYM_CLASS_STATIC
            && self.typ() == 0
    }

    fn base_type(&self) -> u16 {
        self.typ() & pe::N_BTMASK
    }

    fn derived_type(&self) -> u16 {
        (self.typ() & pe::N_TMASK) >> pe::N_BTSHFT
    }
}

impl ImageSymbol for pe::ImageSymbol {
    fn raw_name(&self) -> &[u8; 8] {
        &self.name
    }
    fn value(&self) -> u32 {
        self.value.get(LE)
    }
    fn section_number(&self) -> i32 {
        let section_number = self.section_number.get(LE);
        if section_number >= pe::IMAGE_SYM_SECTION_MAX {
            (section_number as i16) as i32
        } else {
            section_number as i32
        }
    }
    fn typ(&self) -> u16 {
        self.typ.get(LE)
    }
    fn storage_class(&self) -> u8 {
        self.storage_class
    }
    fn number_of_aux_symbols(&self) -> u8 {
        self.number_of_aux_symbols
    }
}

impl ImageSymbol for pe::ImageSymbolEx {
    fn raw_name(&self) -> &[u8; 8] {
        &self.name
    }
    fn value(&self) -> u32 {
        self.value.get(LE)
    }
    fn section_number(&self) -> i32 {
        self.section_number.get(LE)
    }
    fn typ(&self) -> u16 {
        self.typ.get(LE)
    }
    fn storage_class(&self) -> u8 {
        self.storage_class
    }
    fn number_of_aux_symbols(&self) -> u8 {
        self.number_of_aux_symbols
    }
}