COFF: Symbol Table

typedef struct {
  union {
    char e_name[E_SYMNMLEN];
    struct {
      unsigned long e_zeroes;
      unsigned long e_offset;
    } e;
  } e;
  unsigned long e_value;
  short e_scnum;
  unsigned short e_type;
  unsigned char e_sclass;
  unsigned char e_numaux;

The symbol table is probably one of the most complex parts of the COFF object, mostly because there are so many symbol types. The symbol table has entries for all symbols and meta-symbols, including public, static, external, section, and debugging symbols.

e.e_name - inlined symbol name
If the symbol's name is eight characters or less, it is stored in this field. Note that the first character overlaps the e_zeroes field - by doing so, the e_zeroes field can be used to determine if the symbol name has been inlined. Beware that the name is null terminated only if it is less than eight characters long, else it is not null terminated.

e.e.e_zeroes - flag to tell if name is inlined
If this field is zero, then the symbol name is found by using e_offset as an offset into the string table. If it is nonzero, then the name is in the e_name field.

e.e.e_offset - offset of name in string table
If e_zeroes is zero, this field contains the offset of the symbol name in the string table.

e_value - the value of the symbol
The value of the symbol. For example, if the symbol represents a function, this contains the address of the function. The meaning of the value depends on the type of symbol (below).

e_scnum - section number
The number of the section that this symbol belongs to. The first section in the section table is section one. In addition, e_scnum may be one of the following values:

N_UNDEF 0 An undefined (extern) symbol
N_ABS -1 An absolute symbol (e_value is a constant, not an address)
N_DEBUG -2 A debugging symbol

e_type - symbol type
The type of the symbol. This is made up of a base type and a derived type. For example, "pointer to int" is "pointer to T" and "int".

T_NULL ---- 0000 No symbol
T_VOID ---- 0001 void function argument (not used)
T_CHAR ---- 0010 character
T_SHORT ---- 0011 short integer
T_INT ---- 0100 integer
T_LONG ---- 0101 long integer
T_FLOAT ---- 0110 floating point
T_DOUBLE ---- 0111 double precision float
T_STRUCT ---- 1000 structure
T_UNION ---- 1001 union
T_ENUM ---- 1010 enumeration
T_MOE ---- 1011 member of enumeration
T_UCHAR ---- 1100 unsigned character
T_USHORT ---- 1101 unsigned short
T_UINT ---- 1110 unsigned integer
T_ULONG ---- 1111 unsigned long
T_LNGDBL ---1 0000 long double (special case bit pattern)
DT_NON --00 ---- No derived type
DT_PTR --01 ---- pointer to T
DT_FCN --10 ---- function returning T
DT_ARY --11 ---- array of T

The BTYPE(x) macro extracts the base type from e_type. Note that all DT_* must be shifted by N_BTSHIFT to get actual values, as in:

e_type = base + derived << N_BTSHIFT;
There are also macros ISPTR, ISFCN, and ISARY that test the upper bits for the derived type.

e_sclass - storage class
This tells where and what the symbol represents.
C_NULL 0 No entry
C_AUTO 1 Automatic variable
C_EXT 2 External (public) symbol - this covers globals and externs
C_STAT 3 static (private) symbol
C_REG 4 register variable
C_EXTDEF 5 External definition
C_LABEL 6 label
C_ULABEL 7 undefined label
C_MOS 8 member of structure
C_ARG 9 function argument
C_STRTAG 10 structure tag
C_MOU 11 member of union
C_UNTAG 12 union tag
C_TPDEF 13 type definition
C_USTATIC 14 undefined static
C_ENTAG 15 enumaration tag
C_MOE 16 member of enumeration
C_REGPARM 17 register parameter
C_FIELD 18 bit field
C_AUTOARG 19 auto argument
C_LASTENT 20 dummy entry (end of block)
C_BLOCK 100 ".bb" or ".eb" - beginning or end of block
C_FCN 101 ".bf" or ".ef" - beginning or end of function
C_EOS 102 end of structure
C_FILE 103 file name
C_LINE 104 line number, reformatted as symbol
C_ALIAS 105 duplicate tag
C_HIDDEN 106 ext symbol in dmert public lib
C_EFCN 255 physical end of function
e_numaux - number of auxiliary entries
Each symbol is allowed to have additional data that follows it in the symbol table. This field tells how many equivalent SYMENTs are used for aux entries. For most symbols, this is zero. A value of one allows up to SYMESZ bytes of auxiliary information for that symbol. A non-exhaustive list of auxiliary entries follows, based on the storage class (e_sclass) or type (e_type) of the symbol.

Auxiliary Entries

size in bytes (size*count)

syment index for list of tags (will point to C_STRTAG, C_UNTAG, or C_ENTAG)
size in bytes (size*count)

T_NULL | C_STAT - section symbols (like .text)
section length (bytes)
number of relocation entries (ushort)
number of line numbers (ushort)

C_STRTAG - will be followed by C_MOS's and C_EOS
C_UNTAG - will be followed by C_MOU's and C_EOS
C_ENTAG - will be followed by C_MOE's and C_EOS
The size of the struct/union/enum
The symbol index after our list.

the size of the struct/union/enum
The symbol index of the start of our list.

the number of bits

starting line number
The symbol index after our block (if .bb)

starting line number
size in bytes

These three specify the file name, just like the three fields used to specify the symbol name.

Meanings of the Values

Meaning of the Value
Address of the variable, relative to %ebp
The address of the symbol
C_REG The register number assigned to this variable
C_MOS Offset of the member from the beginning of the structure
C_MOE The value of this enum member
C_FIELD The mask for this field
C_EOS size of struct/union/enum

