Where is the RTTI metadata stored in the executable file?

Question

I'm looking at the documentation of RTTI which says:

If RTTI generation is enabled, the resulting binary includes special metadata that contains information about types (for example, class ancestry, declared fields, annotated attributes).

Where is the RTTI metadata stored in the PE file, and what structure does it have?

It's stored in the .text section IIRC. You can reverse engineer the structure by studying the code in `TypInfo` and `Rtti`. There's a lot of detail in this. And it is subject to change at every release. Don't expect somebody to write a treatise on the matter for you. If you can't find all the details by websearch then they probably don't exist. Feel free to reverse engineer it and write it up yourself. Almost certainly you don't need to know the details though. — David Heffernan, Sep 14 '17 at 10:30
@DavidHeffernan thanks for explain.I just wanted to know.You're great man. — İsmail Kocacan, Sep 14 '17 at 10:45
While typeinfo/typedata might be extended by some things they don't change fundamentally. Since much of the information (especially any names/strings) are stored in the packed shortstring format not all information are actually fields on the records (you can see those in the code as commented out because you can only access them via pointer math) — Stefan Glienke, Sep 14 '17 at 11:49

Anders · Answer 1 · 2017-09-14T14:21:26.020

1

Windows PE files do not have a standard section where RTTI is stored, its format and where it is stored is completely up to the compiler vendor.

Even though it does not specify the storage format (only the memory layout) the Itanium C++ ABI specification is a good place to start and then move on to the GCC source code if you want to know more. This answer reveals that GCC v3+ uses this ABI everywhere except Windows where I'm guessing they try to follow the Microsoft format instead.

The specifics should not matter that much because the compiler is free to change its implementation at any time and you would have to investigate a specific version if you want to interact with its RTTI data.

For Delphi specific information it might be worth taking a look at the Free Pascal code but I don't know if they are fully ABI compatible.

edited Sep 14 '17 at 14:21

answered Sep 14 '17 at 11:30

Anders

97,548
12
110
164

3

This is a Delphi question. – David Heffernan Sep 14 '17 at 11:56
1

What does GCC+ and the Itanium C++ ABI specification have to do with Delphi? – Ken White Sep 14 '17 at 12:35
1

@DavidHeffernan It is just as much a Windows/PE question IMHO. – Anders Sep 14 '17 at 14:23
It has nothing to do with Windows or PE. It's just data stored in the .text section in a proprietary Emba format. That's it. – David Heffernan Sep 14 '17 at 14:24
@DavidHeffernan That is the answer yes, but the question is asking whether there is a standard format used in PE files. – Anders Sep 14 '17 at 14:25
3

No, the question asks how the Delphi windows compilers stores them – David Heffernan Sep 14 '17 at 14:26
1

@KenWhite The concept applies to multiple languages. I linked to the only official document I know about. – Anders Sep 14 '17 at 14:26

Where is the RTTI metadata stored in the executable file?

1 Answers1