1 // copyright (c) 2017-2021 hors<horsicq@gmail.com> 2 // 3 // Permission is hereby granted, free of charge, to any person obtaining a copy 4 // of this software and associated documentation files (the "Software"), to deal 5 // in the Software without restriction, including without limitation the rights 6 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 // copies of the Software, and to permit persons to whom the Software is 8 // furnished to do so, subject to the following conditions: 9 10 // The above copyright notice and this permission notice shall be included in all 11 // copies or substantial portions of the Software. 12 13 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 // SOFTWARE. 20 // 21 #ifndef XPE_DEF_H 22 #define XPE_DEF_H 23 24 #include <QtGlobal> 25 26 namespace XPE_DEF 27 { 28 const quint32 S_IMAGE_NT_SIGNATURE =0x00004550; // PE00 29 const quint32 S_IMAGE_NUMBEROF_DIRECTORY_ENTRIES =16; 30 31 const quint32 S_IMAGE_DIRECTORY_ENTRY_EXPORT =0; // Export Directory 32 const quint32 S_IMAGE_DIRECTORY_ENTRY_IMPORT =1; // Import Directory 33 const quint32 S_IMAGE_DIRECTORY_ENTRY_RESOURCE =2; // Resource Directory 34 const quint32 S_IMAGE_DIRECTORY_ENTRY_EXCEPTION =3; // Exception Directory 35 const quint32 S_IMAGE_DIRECTORY_ENTRY_SECURITY =4; // Security Directory 36 const quint32 S_IMAGE_DIRECTORY_ENTRY_BASERELOC =5; // Base Relocation Table 37 const quint32 S_IMAGE_DIRECTORY_ENTRY_DEBUG =6; // Debug Directory 38 // XPE_DEF::IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage) 39 const quint32 S_IMAGE_DIRECTORY_ENTRY_ARCHITECTURE =7; // Architecture Specific Data 40 const quint32 S_IMAGE_DIRECTORY_ENTRY_GLOBALPTR =8; // RVA of GP 41 const quint32 S_IMAGE_DIRECTORY_ENTRY_TLS =9; // TLS Directory 42 const quint32 S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG =10; // Load Configuration Directory 43 const quint32 S_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT =11; // Bound Import Directory in headers 44 const quint32 S_IMAGE_DIRECTORY_ENTRY_IAT =12; // Import Address Table 45 const quint32 S_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT =13; // Delay Load Import Descriptors 46 const quint32 S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR =14; // COM Runtime descriptor 47 48 const quint32 S_IMAGE_SIZEOF_FILE_HEADER =20; 49 50 const quint32 S_IMAGE_FILE_RELOCS_STRIPPED =0x0001; // Relocation info stripped from file. 51 const quint32 S_IMAGE_FILE_EXECUTABLE_IMAGE =0x0002; // File is executable (i.e. no unresolved externel references). 52 const quint32 S_IMAGE_FILE_LINE_NUMS_STRIPPED =0x0004; // Line nunbers stripped from file. 53 const quint32 S_IMAGE_FILE_LOCAL_SYMS_STRIPPED =0x0008; // Local symbols stripped from file. 54 const quint32 S_IMAGE_FILE_AGGRESIVE_WS_TRIM =0x0010; // Agressively trim working set 55 const quint32 S_IMAGE_FILE_LARGE_ADDRESS_AWARE =0x0020; // App can handle >2gb addresses 56 const quint32 S_IMAGE_FILE_BYTES_REVERSED_LO =0x0080; // Bytes of machine quint16 are reversed. 57 const quint32 S_IMAGE_FILE_32BIT_MACHINE =0x0100; // 32 bit quint16 machine. 58 const quint32 S_IMAGE_FILE_DEBUG_STRIPPED =0x0200; // Debugging info stripped from file in .DBG file 59 const quint32 S_IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP =0x0400; // If Image is on removable media, copy and run from the swap file. 60 const quint32 S_IMAGE_FILE_NET_RUN_FROM_SWAP =0x0800; // If Image is on Net, copy and run from the swap file. 61 const quint32 S_IMAGE_FILE_SYSTEM =0x1000; // System File. 62 const quint32 S_IMAGE_FILE_DLL =0x2000; // File is a DLL. 63 const quint32 S_IMAGE_FILE_UP_SYSTEM_ONLY =0x4000; // File should only be run on a UP machine 64 const quint32 S_IMAGE_FILE_BYTES_REVERSED_HI =0x8000; // Bytes of machine quint16 are reversed. 65 66 const quint32 S_IMAGE_FILE_MACHINE_UNKNOWN =0; 67 const quint32 S_IMAGE_FILE_MACHINE_I386 =0x014C; // Intel 386. 68 const quint32 S_IMAGE_FILE_MACHINE_R3000 =0x0162; // MIPS little-endian, 0x160 big-endian 69 const quint32 S_IMAGE_FILE_MACHINE_R4000 =0x0166; // MIPS little-endian 70 const quint32 S_IMAGE_FILE_MACHINE_R10000 =0x0168; // MIPS little-endian 71 const quint32 S_IMAGE_FILE_MACHINE_WCEMIPSV2 =0x0169; // MIPS little-endian WCE v2 72 const quint32 S_IMAGE_FILE_MACHINE_ALPHA =0x0184; // Alpha_AXP 73 const quint32 S_IMAGE_FILE_MACHINE_SH3 =0x01A2; // SH3 little-endian 74 const quint32 S_IMAGE_FILE_MACHINE_SH3DSP =0x01A3; 75 const quint32 S_IMAGE_FILE_MACHINE_SH3E =0x01A4; // SH3E little-endian 76 const quint32 S_IMAGE_FILE_MACHINE_SH4 =0x01A6; // SH4 little-endian 77 const quint32 S_IMAGE_FILE_MACHINE_SH5 =0x01A8; // SH5 78 const quint32 S_IMAGE_FILE_MACHINE_ARM =0x01C0; // ARM Little-Endian 79 const quint32 S_IMAGE_FILE_MACHINE_THUMB =0x01C2; 80 const quint32 S_IMAGE_FILE_MACHINE_AM33 =0x01D3; 81 const quint32 S_IMAGE_FILE_MACHINE_POWERPC =0x01F0; // IBM PowerPC Little-Endian 82 const quint32 S_IMAGE_FILE_MACHINE_POWERPCFP =0x01F1; 83 const quint32 S_IMAGE_FILE_MACHINE_IA64 =0x0200; // Intel 64 84 const quint32 S_IMAGE_FILE_MACHINE_MIPS16 =0x0266; // MIPS 85 const quint32 S_IMAGE_FILE_MACHINE_ALPHA64 =0x0284; // ALPHA64 86 const quint32 S_IMAGE_FILE_MACHINE_MIPSFPU =0x0366; // MIPS 87 const quint32 S_IMAGE_FILE_MACHINE_MIPSFPU16 =0x0466; // MIPS 88 const quint32 S_IMAGE_FILE_MACHINE_AXP64 =S_IMAGE_FILE_MACHINE_ALPHA64; 89 const quint32 S_IMAGE_FILE_MACHINE_TRICORE =0x0520; // Infineon 90 const quint32 S_IMAGE_FILE_MACHINE_CEF =0x0CEF; 91 const quint32 S_IMAGE_FILE_MACHINE_EBC =0x0EBC; // EFI Byte Code 92 const quint32 S_IMAGE_FILE_MACHINE_AMD64 =0x8664; // AMD64 (K8) 93 const quint32 S_IMAGE_FILE_MACHINE_M32R =0x9041; // M32R little-endian 94 const quint32 S_IMAGE_FILE_MACHINE_CEE =0xC0EE; 95 const quint32 S_IMAGE_FILE_MACHINE_ARM64 =0xAA64; 96 const quint32 S_IMAGE_FILE_MACHINE_RISCV32 =0x5032; // RISC-V 32bit 97 const quint32 S_IMAGE_FILE_MACHINE_RISCV64 =0x5064; // RISC-V 64bit 98 const quint32 S_IMAGE_FILE_MACHINE_RISCV128 =0x5128; // RISC-V 128bit 99 100 const quint32 S_IMAGE_SUBSYSTEM_UNKNOWN =0; 101 const quint32 S_IMAGE_SUBSYSTEM_NATIVE =1; 102 const quint32 S_IMAGE_SUBSYSTEM_WINDOWS_GUI =2; 103 const quint32 S_IMAGE_SUBSYSTEM_WINDOWS_CUI =3; 104 const quint32 S_IMAGE_SUBSYSTEM_OS2_CUI =5; 105 const quint32 S_IMAGE_SUBSYSTEM_POSIX_CUI =7; 106 const quint32 S_IMAGE_SUBSYSTEM_NATIVE_WINDOWS =8; 107 const quint32 S_IMAGE_SUBSYSTEM_WINDOWS_CE_GUI =9; 108 const quint32 S_IMAGE_SUBSYSTEM_EFI_APPLICATION =10; 109 const quint32 S_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER =11; 110 const quint32 S_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER =12; 111 const quint32 S_IMAGE_SUBSYSTEM_EFI_ROM =13; 112 const quint32 S_IMAGE_SUBSYSTEM_XBOX =14; 113 const quint32 S_IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION =16; 114 115 const qint32 S_IMAGE_SIZEOF_SHORT_NAME =8; 116 117 const quint32 S_IMAGE_SCN_MEM_EXECUTE =0x20000000; 118 const quint32 S_IMAGE_SCN_MEM_READ =0x40000000; 119 const quint32 S_IMAGE_SCN_MEM_WRITE =0x80000000; 120 const quint32 S_IMAGE_SCN_ALIGN_MASK =0x00F00000; 121 122 /* Predefined resource types */ 123 const quint32 S_RT_NEWRESOURCE =0x2000; 124 const quint32 S_RT_ERROR =0x7FFF; 125 const quint32 S_RT_CURSOR =1; 126 const quint32 S_RT_BITMAP =2; 127 const quint32 S_RT_ICON =3; 128 const quint32 S_RT_MENU =4; 129 const quint32 S_RT_DIALOG =5; 130 const quint32 S_RT_STRING =6; 131 const quint32 S_RT_FONTDIR =7; 132 const quint32 S_RT_FONT =8; 133 const quint32 S_RT_ACCELERATORS =9; 134 const quint32 S_RT_RCDATA =10; 135 const quint32 S_RT_MESSAGETABLE =11; 136 const quint32 S_RT_GROUP_CURSOR =12; 137 const quint32 S_RT_GROUP_ICON =14; 138 const quint32 S_RT_VERSION =16; 139 const quint32 S_RT_NEWBITMAP =(S_RT_BITMAP|S_RT_NEWRESOURCE); 140 const quint32 S_RT_NEWMENU =(S_RT_MENU|S_RT_NEWRESOURCE); 141 const quint32 S_RT_NEWDIALOG =(S_RT_DIALOG|S_RT_NEWRESOURCE); 142 const quint32 S_RT_MANIFEST =24; 143 144 const quint32 S_IMAGE_DEBUG_TYPE_UNKNOWN =0; 145 const quint32 S_IMAGE_DEBUG_TYPE_COFF =1; 146 const quint32 S_IMAGE_DEBUG_TYPE_CODEVIEW =2; 147 const quint32 S_IMAGE_DEBUG_TYPE_FPO =3; 148 const quint32 S_IMAGE_DEBUG_TYPE_MISC =4; 149 const quint32 S_IMAGE_DEBUG_TYPE_EXCEPTION =5; 150 const quint32 S_IMAGE_DEBUG_TYPE_FIXUP =6; 151 const quint32 S_IMAGE_DEBUG_TYPE_OMAP_TO_SRC =7; 152 const quint32 S_IMAGE_DEBUG_TYPE_OMAP_FROM_SRC =8; 153 const quint32 S_IMAGE_DEBUG_TYPE_BORLAND =9; 154 const quint32 S_IMAGE_DEBUG_TYPE_RESERVED10 =10; 155 const quint32 S_IMAGE_DEBUG_TYPE_CLSID =11; 156 const quint32 S_IMAGE_DEBUG_TYPE_REPRO =16; 157 const quint32 S_IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS =20; 158 159 const quint32 S_ASN1_BOOLEAN =0x01; 160 const quint32 S_ASN1_INTEGER =0x02; 161 const quint32 S_ASN1_BIT_STRING =0x03; 162 const quint32 S_ASN1_OCTET_STRING =0x04; 163 const quint32 S_ASN1_NULL =0x05; 164 const quint32 S_ASN1_OBJECT_ID =0x06; 165 const quint32 S_ASN1_OBJECT_DESCRIPTOR =0x07; 166 const quint32 S_ASN1_REAL =0x09; 167 const quint32 S_ASN1_ENUMERATED =0x0A; 168 const quint32 S_ASN1_EMBEDDED_PDV =0x0B; 169 const quint32 S_ASN1_UTF8_STRING =0x0C; 170 const quint32 S_ASN1_SEQUENCE =0x10; 171 const quint32 S_ASN1_SET =0x11; 172 const quint32 S_ASN1_NUMERIC_STRING =0x12; 173 const quint32 S_ASN1_PRINTABLE_STRING =0x13; 174 const quint32 S_ASN1_T61_STRING =0x14; 175 const quint32 S_ASN1_VIDEOTEX_STRING =0x15; 176 const quint32 S_ASN1_IA5_STRING =0x16; 177 const quint32 S_ASN1_UTC_TIME =0x17; 178 const quint32 S_ASN1_GENERALIZED_TIME =0x18; 179 const quint32 S_ASN1_ASN1_GRAPHIC_STRING =0x19; 180 const quint32 S_ASN1_VISIBLE_STRING =0x1A; 181 const quint32 S_ASN1_GENERAL_STRING =0x1B; 182 const quint32 S_ASN1_UNIVERSAL_STRING =0x1C; 183 const quint32 S_ASN1_BMP_STRING =0x1E; 184 const quint32 S_ASN1_PRIMITIVE =0x00; 185 const quint32 S_ASN1_CONSTRUCTED =0x20; 186 const quint32 S_ASN1_CONTEXT_SPECIFIC =0x80; 187 188 struct IMAGE_FILE_HEADER 189 { 190 quint16 Machine; 191 quint16 NumberOfSections; 192 quint32 TimeDateStamp; 193 quint32 PointerToSymbolTable; 194 quint32 NumberOfSymbols; 195 quint16 SizeOfOptionalHeader; 196 quint16 Characteristics; 197 }; 198 199 struct IMAGE_DATA_DIRECTORY 200 { 201 quint32 VirtualAddress; 202 quint32 Size; 203 }; 204 205 struct IMAGE_OPTIONAL_HEADER32 206 { 207 // Standard fields. 208 quint16 Magic; 209 quint8 MajorLinkerVersion; 210 quint8 MinorLinkerVersion; 211 quint32 SizeOfCode; 212 quint32 SizeOfInitializedData; 213 quint32 SizeOfUninitializedData; 214 quint32 AddressOfEntryPoint; 215 quint32 BaseOfCode; 216 quint32 BaseOfData; 217 // NT additional fields. 218 quint32 ImageBase; 219 quint32 SectionAlignment; 220 quint32 FileAlignment; 221 quint16 MajorOperatingSystemVersion; 222 quint16 MinorOperatingSystemVersion; 223 quint16 MajorImageVersion; 224 quint16 MinorImageVersion; 225 quint16 MajorSubsystemVersion; 226 quint16 MinorSubsystemVersion; 227 quint32 Win32VersionValue; 228 quint32 SizeOfImage; 229 quint32 SizeOfHeaders; 230 quint32 CheckSum; 231 quint16 Subsystem; 232 quint16 DllCharacteristics; 233 quint32 SizeOfStackReserve; 234 quint32 SizeOfStackCommit; 235 quint32 SizeOfHeapReserve; 236 quint32 SizeOfHeapCommit; 237 quint32 LoaderFlags; 238 quint32 NumberOfRvaAndSizes; 239 IMAGE_DATA_DIRECTORY DataDirectory[S_IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 240 }; 241 242 struct IMAGE_OPTIONAL_HEADER32S 243 { 244 // Standard fields. 245 quint16 Magic; 246 quint8 MajorLinkerVersion; 247 quint8 MinorLinkerVersion; 248 quint32 SizeOfCode; 249 quint32 SizeOfInitializedData; 250 quint32 SizeOfUninitializedData; 251 quint32 AddressOfEntryPoint; 252 quint32 BaseOfCode; 253 quint32 BaseOfData; 254 // NT additional fields. 255 quint32 ImageBase; 256 quint32 SectionAlignment; 257 quint32 FileAlignment; 258 quint16 MajorOperatingSystemVersion; 259 quint16 MinorOperatingSystemVersion; 260 quint16 MajorImageVersion; 261 quint16 MinorImageVersion; 262 quint16 MajorSubsystemVersion; 263 quint16 MinorSubsystemVersion; 264 quint32 Win32VersionValue; 265 quint32 SizeOfImage; 266 quint32 SizeOfHeaders; 267 quint32 CheckSum; 268 quint16 Subsystem; 269 quint16 DllCharacteristics; 270 quint32 SizeOfStackReserve; 271 quint32 SizeOfStackCommit; 272 quint32 SizeOfHeapReserve; 273 quint32 SizeOfHeapCommit; 274 quint32 LoaderFlags; 275 quint32 NumberOfRvaAndSizes; 276 }; 277 278 struct IMAGE_OPTIONAL_HEADER64 279 { 280 // Standard fields. 281 quint16 Magic; 282 quint8 MajorLinkerVersion; 283 quint8 MinorLinkerVersion; 284 quint32 SizeOfCode; 285 quint32 SizeOfInitializedData; 286 quint32 SizeOfUninitializedData; 287 quint32 AddressOfEntryPoint; 288 quint32 BaseOfCode; 289 // NT additional fields. 290 qint64 ImageBase; 291 quint32 SectionAlignment; 292 quint32 FileAlignment; 293 quint16 MajorOperatingSystemVersion; 294 quint16 MinorOperatingSystemVersion; 295 quint16 MajorImageVersion; 296 quint16 MinorImageVersion; 297 quint16 MajorSubsystemVersion; 298 quint16 MinorSubsystemVersion; 299 quint32 Win32VersionValue; 300 quint32 SizeOfImage; 301 quint32 SizeOfHeaders; 302 quint32 CheckSum; 303 quint16 Subsystem; 304 quint16 DllCharacteristics; 305 qint64 SizeOfStackReserve; 306 qint64 SizeOfStackCommit; 307 qint64 SizeOfHeapReserve; 308 qint64 SizeOfHeapCommit; 309 quint32 LoaderFlags; 310 quint32 NumberOfRvaAndSizes; 311 IMAGE_DATA_DIRECTORY DataDirectory[S_IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 312 }; 313 314 struct IMAGE_OPTIONAL_HEADER64S 315 { 316 // Standard fields. 317 quint16 Magic; 318 quint8 MajorLinkerVersion; 319 quint8 MinorLinkerVersion; 320 quint32 SizeOfCode; 321 quint32 SizeOfInitializedData; 322 quint32 SizeOfUninitializedData; 323 quint32 AddressOfEntryPoint; 324 quint32 BaseOfCode; 325 // NT additional fields. 326 qint64 ImageBase; 327 quint32 SectionAlignment; 328 quint32 FileAlignment; 329 quint16 MajorOperatingSystemVersion; 330 quint16 MinorOperatingSystemVersion; 331 quint16 MajorImageVersion; 332 quint16 MinorImageVersion; 333 quint16 MajorSubsystemVersion; 334 quint16 MinorSubsystemVersion; 335 quint32 Win32VersionValue; 336 quint32 SizeOfImage; 337 quint32 SizeOfHeaders; 338 quint32 CheckSum; 339 quint16 Subsystem; 340 quint16 DllCharacteristics; 341 qint64 SizeOfStackReserve; 342 qint64 SizeOfStackCommit; 343 qint64 SizeOfHeapReserve; 344 qint64 SizeOfHeapCommit; 345 quint32 LoaderFlags; 346 quint32 NumberOfRvaAndSizes; 347 }; 348 349 struct IMAGE_NT_HEADERS64 350 { 351 quint32 Signature; 352 IMAGE_FILE_HEADER FileHeader; 353 IMAGE_OPTIONAL_HEADER64 OptionalHeader; 354 }; 355 356 struct IMAGE_NT_HEADERS32 357 { 358 quint32 Signature; 359 IMAGE_FILE_HEADER FileHeader; 360 IMAGE_OPTIONAL_HEADER32 OptionalHeader; 361 }; 362 363 struct IMAGE_SECTION_HEADER 364 { 365 quint8 Name[S_IMAGE_SIZEOF_SHORT_NAME]; 366 union 367 { 368 quint32 PhysicalAddress; 369 quint32 VirtualSize; 370 } Misc; 371 quint32 VirtualAddress; 372 quint32 SizeOfRawData; 373 quint32 PointerToRawData; 374 quint32 PointerToRelocations; 375 quint32 PointerToLinenumbers; 376 quint16 NumberOfRelocations; 377 quint16 NumberOfLinenumbers; 378 quint32 Characteristics; 379 }; 380 381 struct IMAGE_RESOURCE_DIRECTORY 382 { 383 quint32 Characteristics; 384 quint32 TimeDateStamp; 385 quint16 MajorVersion; 386 quint16 MinorVersion; 387 quint16 NumberOfNamedEntries; 388 quint16 NumberOfIdEntries; 389 }; 390 391 struct IMAGE_RESOURCE_DIRECTORY_ENTRY 392 { 393 union 394 { 395 struct 396 { 397 quint32 NameOffset:31; 398 quint32 NameIsString:1; 399 }; 400 quint32 Name; 401 quint16 Id; 402 }; 403 union 404 { 405 quint32 OffsetToData; 406 struct 407 { 408 quint32 OffsetToDirectory:31; 409 quint32 DataIsDirectory:1; 410 }; 411 }; 412 }; 413 414 struct IMAGE_RESOURCE_DATA_ENTRY 415 { 416 quint32 OffsetToData; 417 quint32 Size; 418 quint32 CodePage; 419 quint32 Reserved; 420 }; 421 422 struct IMAGE_IMPORT_DESCRIPTOR 423 { 424 union 425 { 426 quint32 Characteristics; 427 quint32 OriginalFirstThunk; 428 }; 429 quint32 TimeDateStamp; 430 quint32 ForwarderChain; 431 quint32 Name; 432 quint32 FirstThunk; 433 }; 434 435 struct IMAGE_BASE_RELOCATION 436 { 437 quint32 VirtualAddress; 438 quint32 SizeOfBlock; 439 // quint16 TypeOffset[1]; 440 }; 441 442 struct IMAGE_EXPORT_DIRECTORY 443 { 444 quint32 Characteristics; 445 quint32 TimeDateStamp; 446 quint16 MajorVersion; 447 quint16 MinorVersion; 448 quint32 Name; 449 quint32 Base; 450 quint32 NumberOfFunctions; 451 quint32 NumberOfNames; 452 quint32 AddressOfFunctions; // RVA from base of image 453 quint32 AddressOfNames; // RVA from base of image 454 quint32 AddressOfNameOrdinals; // RVA from base of image 455 }; 456 457 struct SYSTEM_INFO32 458 { 459 union 460 { 461 quint32 dwOemId; 462 struct 463 { 464 quint16 wProcessorArchitecture; 465 quint16 wReserved; 466 }; 467 }; 468 quint32 dwPageSize; 469 quint32 lpMinimumApplicationAddress; 470 quint32 lpMaximumApplicationAddress; 471 quint32 dwActiveProcessorMask; 472 quint32 dwNumberOfProcessors; 473 quint32 dwProcessorType; 474 quint32 dwAllocationGranularity; 475 quint16 wProcessorLevel; 476 quint16 wProcessorRevision; 477 }; 478 479 struct SYSTEM_INFO64 480 { 481 union 482 { 483 quint32 dwOemId; 484 struct 485 { 486 quint16 wProcessorArchitecture; 487 quint16 wReserved; 488 }; 489 }; 490 quint32 dwPageSize; 491 quint64 lpMinimumApplicationAddress; 492 quint64 lpMaximumApplicationAddress; 493 quint32 dwActiveProcessorMask; 494 quint32 dwNumberOfProcessors; 495 quint32 dwProcessorType; 496 quint32 dwAllocationGranularity; 497 quint16 wProcessorLevel; 498 quint16 wProcessorRevision; 499 }; 500 501 struct IMAGE_COR20_HEADER 502 { 503 // Header versioning 504 quint32 cb; 505 quint16 MajorRuntimeVersion; 506 quint16 MinorRuntimeVersion; 507 // Symbol table and startup information 508 IMAGE_DATA_DIRECTORY MetaData; 509 quint32 Flags; 510 // DDBLD - Added next section to replace following lin 511 // DDBLD - Still verifying, since not in NT SDK 512 // unsigned int EntryPointToken; 513 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, 514 // EntryPointToken represents a managed entrypoint. 515 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, 516 // EntryPointRVA represents an RVA to a native entrypoint. 517 union 518 { 519 quint32 EntryPointToken; 520 quint32 EntryPointRVA; 521 }; 522 // DDBLD - End of Added Area 523 // Binding information 524 IMAGE_DATA_DIRECTORY Resources; 525 IMAGE_DATA_DIRECTORY StrongNameSignature; 526 // Regular fixup and binding information 527 IMAGE_DATA_DIRECTORY CodeManagerTable; 528 IMAGE_DATA_DIRECTORY VTableFixups; 529 IMAGE_DATA_DIRECTORY ExportAddressTableJumps; 530 // Precompiled image info (internal use only - set to zero) 531 IMAGE_DATA_DIRECTORY ManagedNativeHeader; 532 }; 533 534 enum ReplacesCorHdrNumericDefines 535 { 536 // COM+ Header entry point flags. 537 COMIMAGE_FLAGS_ILONLY =0x00000001, 538 COMIMAGE_FLAGS_32BITREQUIRED =0x00000002, 539 COMIMAGE_FLAGS_IL_LIBRARY =0x00000004, 540 COMIMAGE_FLAGS_STRONGNAMESIGNED =0x00000008, 541 COMIMAGE_FLAGS_NATIVE_ENTRYPOINT =0x00000010, 542 COMIMAGE_FLAGS_TRACKDEBUGDATA =0x00010000, 543 // Version flags for image. 544 COR_VERSION_MAJOR_V2 =2, 545 COR_VERSION_MAJOR =COR_VERSION_MAJOR_V2, 546 COR_VERSION_MINOR =5, 547 COR_DELETED_NAME_LENGTH =8, 548 COR_VTABLEGAP_NAME_LENGTH =8, 549 // Maximum size of a NativeType descriptor. 550 NATIVE_TYPE_MAX_CB =1, 551 COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE=0xFF, 552 // #defines for the MIH FLAGS 553 IMAGE_COR_MIH_METHODRVA =0x01, 554 IMAGE_COR_MIH_EHRVA =0x02, 555 IMAGE_COR_MIH_BASICBLOCK =0x08, 556 // V-table constants 557 COR_VTABLE_32BIT =0x01, // V-table slots are 32-bits in size. 558 COR_VTABLE_64BIT =0x02, // V-table slots are 64-bits in size. 559 COR_VTABLE_FROM_UNMANAGED =0x04, // If set, transition from unmanaged. 560 COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN =0x08, // If set, transition from unmanaged with keeping the current appdomain. 561 COR_VTABLE_CALL_MOST_DERIVED =0x10, // Call most derived method described by 562 // EATJ constants 563 IMAGE_COR_EATJ_THUNK_SIZE =32, // Size of a jump thunk reserved range. 564 // Max name lengths 565 //@todo: Change to unlimited name lengths. 566 MAX_CLASS_NAME =1024, 567 MAX_PACKAGE_NAME =1024 568 }; 569 570 struct S_VS_VERSION_INFO 571 { 572 quint16 wLength; /* Length of the version resource */ 573 quint16 wValueLength; /* Length of the value field for this block */ 574 quint16 wType; 575 }; 576 577 struct tagVS_FIXEDFILEINFO 578 { 579 quint32 dwSignature; // e.g. 0xfeef04bd 580 quint32 dwStrucVersion; // e.g. 0x00000042 = "0.42" 581 quint32 dwFileVersionMS; // e.g. 0x00030075 = "3.75" 582 quint32 dwFileVersionLS; // e.g. 0x00000031 = "0.31" 583 quint32 dwProductVersionMS; // e.g. 0x00030010 = "3.10" 584 quint32 dwProductVersionLS; // e.g. 0x00000031 = "0.31" 585 quint32 dwFileFlagsMask; // = 0x3F for version "0.42" 586 quint32 dwFileFlags; // e.g. VFF_DEBUG | VFF_PRERELEASE 587 quint32 dwFileOS; // e.g. VOS_DOS_WINDOWS16 588 quint32 dwFileType; // e.g. VFT_DRIVER 589 quint32 dwFileSubtype; // e.g. VFT2_DRV_KEYBOARD 590 quint32 dwFileDateMS; // e.g. 0 591 quint32 dwFileDateLS; // e.g. 0 592 }; 593 //typedef VOID (NTAPI *PIMAGE_TLS_CALLBACK)(PVOID DllHandle,quint32 Reason,PVOID Reserved); 594 595 struct S_IMAGE_TLS_DIRECTORY64 596 { 597 quint64 StartAddressOfRawData; 598 quint64 EndAddressOfRawData; 599 quint64 AddressOfIndex; 600 quint64 AddressOfCallBacks; 601 quint32 SizeOfZeroFill; 602 quint32 Characteristics; 603 }; 604 605 struct S_IMAGE_TLS_DIRECTORY32 606 { 607 quint32 StartAddressOfRawData; 608 quint32 EndAddressOfRawData; 609 quint32 AddressOfIndex; 610 quint32 AddressOfCallBacks; 611 quint32 SizeOfZeroFill; 612 quint32 Characteristics; 613 }; 614 615 struct S_IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY 616 { 617 quint64 BeginAddress; 618 quint64 EndAddress; 619 quint64 ExceptionHandler; 620 quint64 HandlerData; 621 quint64 PrologEndAddress; 622 }; 623 624 struct S_IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY 625 { 626 quint32 BeginAddress; 627 quint32 EndAddress; 628 quint32 ExceptionHandler; 629 quint32 HandlerData; 630 quint32 PrologEndAddress; 631 }; 632 633 struct S_IMAGE_DEBUG_DIRECTORY 634 { 635 quint32 Characteristics; 636 quint32 TimeDateStamp; 637 quint16 MajorVersion; 638 quint16 MinorVersion; 639 quint32 Type; 640 quint32 SizeOfData; 641 quint32 AddressOfRawData; 642 quint32 PointerToRawData; 643 }; 644 645 struct S_IMAGE_RUNTIME_FUNCTION_ENTRY 646 { 647 quint32 BeginAddress; 648 quint32 EndAddress; 649 union 650 { 651 quint32 UnwindInfoAddress; 652 quint32 UnwindData; 653 }; 654 }; 655 656 struct S_IMAGE_LOAD_CONFIG_CODE_INTEGRITY 657 { 658 quint16 Flags; // Flags to indicate if CI information is available, etc. 659 quint16 Catalog; // 0xFFFF means not available 660 quint32 CatalogOffset; 661 quint32 Reserved; // Additional bitmask to be defined later 662 }; 663 664 struct S_IMAGE_LOAD_CONFIG_DIRECTORY32 665 { 666 quint32 Size; 667 quint32 TimeDateStamp; 668 quint16 MajorVersion; 669 quint16 MinorVersion; 670 quint32 GlobalFlagsClear; 671 quint32 GlobalFlagsSet; 672 quint32 CriticalSectionDefaultTimeout; 673 quint32 DeCommitFreeBlockThreshold; 674 quint32 DeCommitTotalFreeThreshold; 675 quint32 LockPrefixTable; // VA 676 quint32 MaximumAllocationSize; 677 quint32 VirtualMemoryThreshold; 678 quint32 ProcessHeapFlags; 679 quint32 ProcessAffinityMask; 680 quint16 CSDVersion; 681 quint16 DependentLoadFlags; 682 quint32 EditList; // VA 683 quint32 SecurityCookie; // VA 684 quint32 SEHandlerTable; // VA 685 quint32 SEHandlerCount; 686 // Standard 687 quint32 GuardCFCheckFunctionPointer; // VA 688 quint32 GuardCFDispatchFunctionPointer; // VA 689 quint32 GuardCFFunctionTable; // VA 690 quint32 GuardCFFunctionCount; 691 quint32 GuardFlags; 692 S_IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; 693 quint32 GuardAddressTakenIatEntryTable; // VA 694 quint32 GuardAddressTakenIatEntryCount; 695 quint32 GuardLongJumpTargetTable; // VA 696 quint32 GuardLongJumpTargetCount; 697 quint32 DynamicValueRelocTable; // VA 698 quint32 CHPEMetadataPointer; 699 quint32 GuardRFFailureRoutine; // VA 700 quint32 GuardRFFailureRoutineFunctionPointer; // VA 701 quint32 DynamicValueRelocTableOffset; 702 quint16 DynamicValueRelocTableSection; 703 quint16 Reserved2; 704 quint32 GuardRFVerifyStackPointerFunctionPointer; // VA 705 quint32 HotPatchTableOffset; 706 quint32 Reserved3; 707 quint32 EnclaveConfigurationPointer; // VA 708 quint32 VolatileMetadataPointer; // VA 709 quint32 GuardEHContinuationTable; 710 quint32 GuardEHContinuationCount; 711 quint32 GuardXFGCheckFunctionPointer; 712 quint32 GuardXFGDispatchFunctionPointer; 713 quint32 GuardXFGTableDispatchFunctionPointer; 714 quint32 CastGuardOsDeterminedFailureMode; 715 }; 716 717 struct S_IMAGE_LOAD_CONFIG_DIRECTORY64 718 { 719 quint32 Size; 720 quint32 TimeDateStamp; 721 quint16 MajorVersion; 722 quint16 MinorVersion; 723 quint32 GlobalFlagsClear; 724 quint32 GlobalFlagsSet; 725 quint32 CriticalSectionDefaultTimeout; 726 quint64 DeCommitFreeBlockThreshold; 727 quint64 DeCommitTotalFreeThreshold; 728 quint64 LockPrefixTable; // VA 729 quint64 MaximumAllocationSize; 730 quint64 VirtualMemoryThreshold; 731 quint64 ProcessAffinityMask; 732 quint32 ProcessHeapFlags; 733 quint16 CSDVersion; 734 quint16 DependentLoadFlags; 735 quint64 EditList; // VA 736 quint64 SecurityCookie; // VA 737 quint64 SEHandlerTable; // VA 738 quint64 SEHandlerCount; 739 // Standard 740 quint64 GuardCFCheckFunctionPointer; // VA 741 quint64 GuardCFDispatchFunctionPointer; // VA 742 quint64 GuardCFFunctionTable; // VA 743 quint64 GuardCFFunctionCount; 744 quint32 GuardFlags; 745 S_IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; 746 quint64 GuardAddressTakenIatEntryTable; // VA 747 quint64 GuardAddressTakenIatEntryCount; 748 quint64 GuardLongJumpTargetTable; // VA 749 quint64 GuardLongJumpTargetCount; 750 quint64 DynamicValueRelocTable; // VA 751 quint64 CHPEMetadataPointer; // VA 752 quint64 GuardRFFailureRoutine; // VA 753 quint64 GuardRFFailureRoutineFunctionPointer; // VA 754 quint32 DynamicValueRelocTableOffset; 755 quint16 DynamicValueRelocTableSection; 756 quint16 Reserved2; 757 quint64 GuardRFVerifyStackPointerFunctionPointer; // VA 758 quint32 HotPatchTableOffset; 759 quint32 Reserved3; 760 quint64 EnclaveConfigurationPointer; // VA 761 quint64 VolatileMetadataPointer; // VA 762 quint64 GuardEHContinuationTable; 763 quint64 GuardEHContinuationCount; 764 quint64 GuardXFGCheckFunctionPointer; 765 quint64 GuardXFGDispatchFunctionPointer; 766 quint64 GuardXFGTableDispatchFunctionPointer; 767 quint64 CastGuardOsDeterminedFailureMode; 768 }; 769 770 struct S_IMAGE_DELAYLOAD_DESCRIPTOR 771 { 772 union 773 { 774 quint32 AllAttributes; 775 struct 776 { 777 quint32 RvaBased : 1; // Delay load version 2 778 quint32 ReservedAttributes : 31; 779 } DUMMYSTRUCTNAME; 780 }; 781 quint32 DllNameRVA; // RVA to the name of the target library (NULL-terminate ASCII string) 782 quint32 ModuleHandleRVA; // RVA to the HMODULE caching location (PHMODULE) 783 quint32 ImportAddressTableRVA; // RVA to the start of the IAT (PIMAGE_THUNK_DATA) 784 quint32 ImportNameTableRVA; // RVA to the start of the name table (PIMAGE_THUNK_DATA::AddressOfData) 785 quint32 BoundImportAddressTableRVA; // RVA to an optional bound IAT 786 quint32 UnloadInformationTableRVA; // RVA to an optional unload info table 787 quint32 TimeDateStamp; // 0 if not bound, 788 // Otherwise, date/time of the target DLL 789 }; 790 791 struct IMAGE_BOUND_IMPORT_DESCRIPTOR 792 { 793 quint32 TimeDateStamp; 794 quint16 OffsetModuleName; 795 quint16 NumberOfModuleForwarderRefs; 796 // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows 797 }; 798 799 struct WIN_CERT_RECORD 800 { 801 quint32 dwLength; 802 quint16 wRevision; 803 quint16 wCertificateType; 804 }; 805 } 806 #endif // XPE_DEF_H 807