1 #pragma once
2 
3 #include "../../redasm.h"
4 #include "pe_constants.h"
5 
6 #define IMAGE_FIRST_SECTION(ntheaders) reinterpret_cast<ImageSectionHeader*>(reinterpret_cast<size_t>(ntheaders) + \
7                                                                              ntheaders->FileHeader.SizeOfOptionalHeader + 0x18)
8 
9 namespace REDasm {
10 
11 struct ImageDosHeader
12 {
13     u16 e_magic, e_cblp, e_cp, e_crlc, e_cparhdr;
14     u16 e_minalloc, e_maxalloc;
15     u16 e_ss, e_sp, e_csum, e_ip, e_cs;
16     u16 e_lfarlc, e_ovno, e_res[4];
17     u16 e_oemid, e_oeminfo, e_res2[10];
18     u32 e_lfanew;
19 };
20 
21 struct ImageFileHeader
22 {
23     u16 Machine, NumberOfSections;
24     u32 TimeDateStamp, PointerToSymbolTable, NumberOfSymbols;
25     u16 SizeOfOptionalHeader, Characteristics;
26 };
27 
28 struct ImageDataDirectory { u32 VirtualAddress, Size; };
29 
30 struct ImageOptionalHeader32
31 {
32     u16 Magic;
33     u8 MajorLinkerVersion, MinorLinkerVersion;
34     u32 SizeOfCode, SizeOfInitializedData, SizeOfUninitializedData;
35     u32 AddressOfEntryPoint, BaseOfCode, BaseOfData, ImageBase;
36     u32 SectionAlignment, FileAlignment;
37     u16 MajorOperatingSystemVersion, MinorOperatingSystemVersion;
38     u16 MajorImageVersion, MinorImageVersion;
39     u16 MajorSubsystemVersion, MinorSubsystemVersion;
40     u32 Win32VersionValue, SizeOfImage, SizeOfHeaders, CheckSum;
41     u16 Subsystem, DllCharacteristics;
42     u32 SizeOfStackReserve, SizeOfStackCommit;
43     u32 SizeOfHeapReserve, SizeOfHeapCommit;
44     u32 LoaderFlags, NumberOfRvaAndSizes;
45     ImageDataDirectory DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
46 };
47 
48 struct ImageOptionalHeader64
49 {
50     u16 Magic;
51     u8 MajorLinkerVersion, MinorLinkerVersion;
52     u32 SizeOfCode, SizeOfInitializedData, SizeOfUninitializedData;
53     u32 AddressOfEntryPoint, BaseOfCode;
54     u64 ImageBase;
55     u32 SectionAlignment, FileAlignment;
56     u16 MajorOperatingSystemVersion, MinorOperatingSystemVersion;
57     u16 MajorImageVersion, MinorImageVersion;
58     u16 MajorSubsystemVersion, MinorSubsystemVersion;
59     u32 Win32VersionValue, SizeOfImage, SizeOfHeaders;
60     u32 CheckSum;
61     u16 Subsystem, DllCharacteristics;
62     u64 SizeOfStackReserve, SizeOfStackCommit;
63     u64 SizeOfHeapReserve, SizeOfHeapCommit;
64     u32 LoaderFlags, NumberOfRvaAndSizes;
65     ImageDataDirectory DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
66 };
67 
68 struct ImageNtHeaders
69 {
70     u32 Signature;
71     ImageFileHeader FileHeader;
72 
73     union
74     {
75         u16 OptionalHeaderMagic;
76         ImageOptionalHeader32 OptionalHeader32;
77         ImageOptionalHeader64 OptionalHeader64;
78     };
79 };
80 
81 struct ImageSectionHeader
82 {
83     u8 Name[IMAGE_SIZEOF_SHORT_NAME];
84     union { u32 PhysicalAddress, VirtualSize; } Misc;
85 
86     u32 VirtualAddress, SizeOfRawData, PointerToRawData;
87     u32 PointerToRelocations, PointerToLinenumbers;
88     u16 NumberOfRelocations, NumberOfLinenumbers;
89     u32 Characteristics;
90 };
91 
92 struct ImageExportDirectory
93 {
94     u32 Characteristics, TimeDateStamp;
95     u16 MajorVersion, MinorVersion;
96     u32 Name, Base;
97     u32 NumberOfFunctions, NumberOfNames;
98     u32 AddressOfFunctions, AddressOfNames, AddressOfNameOrdinals;
99 };
100 
101 struct ImageDebugDirectory
102 {
103     u32 Characteristics, TimeDateStamp;
104     u16 MajorVersion, MinorVersion;
105     u32 Type, SizeOfData;
106     u32 AddressOfRawData, PointerToRawData;
107 };
108 
109 struct ImageBaseRelocation { u32 VirtualAddress, SizeOfBlock; /* u16 TypeOffset[1]; */ };
110 
111 struct ImageResourceDirectory
112 {
113     u32 Characteristics, TimeDateStamp;
114     u16 MajorVersion, MinorVersion;
115     u16 NumberOfNamedEntries, NumberOfIdEntries;
116     // ImageResourceDirectoryEntry DirectoryEntries[];
117 };
118 
119 struct ImageResourceDirectoryEntry
120 {
121     union
122     {
123         struct { u32 NameOffset:31, NameIsString:1; };
124         u32 Name;
125         u16 Id;
126     };
127 
128     union
129     {
130         u32 OffsetToData;
131         struct { u32 OffsetToDirectory:31, DataIsDirectory:1; };
132     };
133 };
134 
135 struct ImageResourceDirStringU { u16 Length; char NameString[1]; };
136 struct ImageResourceDataEntry { u32 OffsetToData, Size, CodePage, Reserved; };
137 
138 struct ImageImportDescriptor
139 {
140     union { u32 Characteristics, OriginalFirstThunk; };
141 
142     u32 TimeDateStamp, ForwarderChain;
143     u32 Name, FirstThunk;
144 };
145 
146 struct ImageImportByName { u16 Hint; u8 Name[1]; };
147 
148 typedef u32 ImageThunkData32;
149 typedef u64 ImageThunkData64;
150 
151 template<typename T> struct ImageTlsDirectory
152 {
153     T StartAddressOfRawData;
154     T EndAddressOfRawData;
155     T AddressOfIndex;
156     T AddressOfCallBacks;
157     u32 SizeOfZeroFill;
158     u32 Characteristics;
159 };
160 
161 typedef ImageTlsDirectory<u32> ImageTlsDirectory32;
162 typedef ImageTlsDirectory<u64> ImageTlsDirectory64;
163 
164 struct ImageLoadConfigDirectory32
165 {
166     u32 Size, TimeDateStamp;
167     u16 MajorVersion, MinorVersion;
168     u32 GlobalFlagsClear, GlobalFlagsSet, CriticalSectionDefaultTimeout;
169     u32 DeCommitFreeBlockThreshold, DeCommitTotalFreeThreshold;
170     u32 LockPrefixTable;             // VA
171     u32 MaximumAllocationSize, VirtualMemoryThreshold;
172     u32 ProcessHeapFlags, ProcessAffinityMask;
173     u16 CSDVersion, Reserved1;
174     u32 EditList;                    // VA
175     u32 SecurityCookie;              // VA
176     u32 SEHandlerTable;              // VA
177     u32 SEHandlerCount;
178     u32 GuardCFCheckFunctionPointer; // VA
179     u32 Reserved2;
180     u32 GuardCFFunctionTable;        // VA
181     u32 GuardCFFunctionCount, GuardFlags;
182 };
183 
184 struct ImageLoadConfigDirectory64
185 {
186     u32 Size, TimeDateStamp;
187     u16 MajorVersion, MinorVersion;
188     u32 GlobalFlagsClear, GlobalFlagsSet, CriticalSectionDefaultTimeout;
189     u64 DeCommitFreeBlockThreshold, DeCommitTotalFreeThreshold;
190     u64 LockPrefixTable;             // VA
191     u64 MaximumAllocationSize, VirtualMemoryThreshold;
192     u64 ProcessAffinityMask, ProcessHeapFlags;
193     u16 CSDVersion, Reserved1;
194     u64 EditList;                    // VA
195     u64 SecurityCookie;              // VA
196     u64 SEHandlerTable;              // VA
197     u64 SEHandlerCount;
198     u64 GuardCFCheckFunctionPointer; // VA
199     u64 Reserved2;
200     u64 GuardCFFunctionTable;        // VA
201     u64 GuardCFFunctionCount;
202     u32 GuardFlags;
203 };
204 
205 struct ImageRuntimeFunctionEntry { u32 BeginAddress, EndAddress, UnwindInfoAddress; };
206 
207 union UnwindCodeU
208 {
209     struct {
210         u8 CodeOffset;
211         u8 UnwindOp : 4;
212         u8 OpInfo : 4;
213     };
214 
215     u16 FrameOffset;
216 };
217 
218 struct UnwindInfo
219 {
220     u8 Version : 3;
221     u8 Flags : 5;
222     u8 SizeOfProlog;
223     u8 CountOfCodes;
224     u8 FrameRegister : 4;
225     u8 FrameOffset : 4;
226     UnwindCodeU UnwindCode[1];
227 };
228 
229 } // namespace REDasm
230