Are the names of COFF Data Directories fixed?

Question

I have a PE file (notepad), the NumberOfRvaAndSize value in the COFF header is 0x10, and there are 16 DataDirectory entries as expected.

The documentation says that this value can change (though I've never seen it), which would mean there were greater than of fewer than 16 entries.

Immediatly after there's a list of 16 data directories complete with names.

1. Are these names just always the same, in that exact order?
2. If there are fewer, will it always be whatever directories are at the end that will be missing?
3. If there are greater than 16, what names are they assigned?

Answer 1

It's always a matter of specification vs. implementation.

Are these names just always the same, in that exact order?

As for the names (I guess you are referring to the section names?), no they can change. You can name them whatever you want although most implementations (i.e linkers) will keep the specification names (e.g .reloc for the relocations).

The order is fixed; You can refer to them by their numbers.

If there are fewer, will it always be whatever directories are at the end that will be missing?

I'm not sure a valid PE (which can be loaded by an actual supported system) can have fewer than 16 data directories. It might be possible though as the location of the section headers is probably calculated using the FILE_HEADER.SizeOfOptionalHeader.

The reference implementation for loading a PE file (the Windows Loader) is not open source so it's not easy to answer this question.

My guess is that it could work: it's like trying to load a win2K PE on a windows 10 system (given that it is importing functions that are still present on a windows 10 system). It would be like the CLR data directory is just not there.

If there are greater than 16, what names are they assigned?

You can't have more than 16 data directories because the maximum number is 16. I'm pretty sure the Windows loader would not load a PE file with more than 16 data directories.

The documentation says that this value can change (though I've never seen it), which would mean there were greater than of fewer than 16 entries.

The number is fixed to 16 right now. For example the last addition was the CLR data directory which was added to load the CLR with the introduction of .NET. Before that, the number was 15, so yes the value can change and will not always be 16, but this doesn't mean it changes between PEs. What I mean is that, at a given time, for a supported system, all PEs will have the same number of data directories.

My guess is that, at the time of the introduction of .NET (with the CLR data directory) there were PEs with 15 data directories and others with 16. The windows loader was probably patched to account for the two different numbers. Right now it is probable that the number is fixed to only 16.