1 //! PE/COFF definitions. 2 //! 3 //! These definitions are independent of read/write support, although we do implement 4 //! some traits useful for those. 5 //! 6 //! This module is based heavily on "winnt.h" (10.0.17763.0). 7 8 #![allow(missing_docs)] 9 10 use crate::endian::{LittleEndian as LE, U16Bytes, U32Bytes, I32, U16, U32, U64}; 11 use crate::pod::Pod; 12 13 /// MZ 14 pub const IMAGE_DOS_SIGNATURE: u16 = 0x5A4D; 15 /// NE 16 pub const IMAGE_OS2_SIGNATURE: u16 = 0x454E; 17 /// LE 18 pub const IMAGE_OS2_SIGNATURE_LE: u16 = 0x454C; 19 /// LE 20 pub const IMAGE_VXD_SIGNATURE: u16 = 0x454C; 21 /// PE00 22 pub const IMAGE_NT_SIGNATURE: u32 = 0x0000_4550; 23 24 /// DOS .EXE header 25 #[derive(Debug, Clone, Copy)] 26 #[repr(C)] 27 pub struct ImageDosHeader { 28 /// Magic number 29 pub e_magic: U16<LE>, 30 /// Bytes on last page of file 31 pub e_cblp: U16<LE>, 32 /// Pages in file 33 pub e_cp: U16<LE>, 34 /// Relocations 35 pub e_crlc: U16<LE>, 36 /// Size of header in paragraphs 37 pub e_cparhdr: U16<LE>, 38 /// Minimum extra paragraphs needed 39 pub e_minalloc: U16<LE>, 40 /// Maximum extra paragraphs needed 41 pub e_maxalloc: U16<LE>, 42 /// Initial (relative) SS value 43 pub e_ss: U16<LE>, 44 /// Initial SP value 45 pub e_sp: U16<LE>, 46 /// Checksum 47 pub e_csum: U16<LE>, 48 /// Initial IP value 49 pub e_ip: U16<LE>, 50 /// Initial (relative) CS value 51 pub e_cs: U16<LE>, 52 /// File address of relocation table 53 pub e_lfarlc: U16<LE>, 54 /// Overlay number 55 pub e_ovno: U16<LE>, 56 /// Reserved words 57 pub e_res: [U16<LE>; 4], 58 /// OEM identifier (for e_oeminfo) 59 pub e_oemid: U16<LE>, 60 /// OEM information; e_oemid specific 61 pub e_oeminfo: U16<LE>, 62 /// Reserved words 63 pub e_res2: [U16<LE>; 10], 64 /// File address of new exe header 65 pub e_lfanew: U32<LE>, 66 } 67 68 /// OS/2 .EXE header 69 #[derive(Debug, Clone, Copy)] 70 #[repr(C)] 71 pub struct ImageOs2Header { 72 /// Magic number 73 pub ne_magic: U16<LE>, 74 /// Version number 75 pub ne_ver: i8, 76 /// Revision number 77 pub ne_rev: i8, 78 /// Offset of Entry Table 79 pub ne_enttab: U16<LE>, 80 /// Number of bytes in Entry Table 81 pub ne_cbenttab: U16<LE>, 82 /// Checksum of whole file 83 pub ne_crc: I32<LE>, 84 /// Flag word 85 pub ne_flags: U16<LE>, 86 /// Automatic data segment number 87 pub ne_autodata: U16<LE>, 88 /// Initial heap allocation 89 pub ne_heap: U16<LE>, 90 /// Initial stack allocation 91 pub ne_stack: U16<LE>, 92 /// Initial CS:IP setting 93 pub ne_csip: I32<LE>, 94 /// Initial SS:SP setting 95 pub ne_sssp: I32<LE>, 96 /// Count of file segments 97 pub ne_cseg: U16<LE>, 98 /// Entries in Module Reference Table 99 pub ne_cmod: U16<LE>, 100 /// Size of non-resident name table 101 pub ne_cbnrestab: U16<LE>, 102 /// Offset of Segment Table 103 pub ne_segtab: U16<LE>, 104 /// Offset of Resource Table 105 pub ne_rsrctab: U16<LE>, 106 /// Offset of resident name table 107 pub ne_restab: U16<LE>, 108 /// Offset of Module Reference Table 109 pub ne_modtab: U16<LE>, 110 /// Offset of Imported Names Table 111 pub ne_imptab: U16<LE>, 112 /// Offset of Non-resident Names Table 113 pub ne_nrestab: I32<LE>, 114 /// Count of movable entries 115 pub ne_cmovent: U16<LE>, 116 /// Segment alignment shift count 117 pub ne_align: U16<LE>, 118 /// Count of resource segments 119 pub ne_cres: U16<LE>, 120 /// Target Operating system 121 pub ne_exetyp: u8, 122 /// Other .EXE flags 123 pub ne_flagsothers: u8, 124 /// offset to return thunks 125 pub ne_pretthunks: U16<LE>, 126 /// offset to segment ref. bytes 127 pub ne_psegrefbytes: U16<LE>, 128 /// Minimum code swap area size 129 pub ne_swaparea: U16<LE>, 130 /// Expected Windows version number 131 pub ne_expver: U16<LE>, 132 } 133 134 /// Windows VXD header 135 #[derive(Debug, Clone, Copy)] 136 #[repr(C)] 137 pub struct ImageVxdHeader { 138 /// Magic number 139 pub e32_magic: U16<LE>, 140 /// The byte ordering for the VXD 141 pub e32_border: u8, 142 /// The word ordering for the VXD 143 pub e32_worder: u8, 144 /// The EXE format level for now = 0 145 pub e32_level: U32<LE>, 146 /// The CPU type 147 pub e32_cpu: U16<LE>, 148 /// The OS type 149 pub e32_os: U16<LE>, 150 /// Module version 151 pub e32_ver: U32<LE>, 152 /// Module flags 153 pub e32_mflags: U32<LE>, 154 /// Module # pages 155 pub e32_mpages: U32<LE>, 156 /// Object # for instruction pointer 157 pub e32_startobj: U32<LE>, 158 /// Extended instruction pointer 159 pub e32_eip: U32<LE>, 160 /// Object # for stack pointer 161 pub e32_stackobj: U32<LE>, 162 /// Extended stack pointer 163 pub e32_esp: U32<LE>, 164 /// VXD page size 165 pub e32_pagesize: U32<LE>, 166 /// Last page size in VXD 167 pub e32_lastpagesize: U32<LE>, 168 /// Fixup section size 169 pub e32_fixupsize: U32<LE>, 170 /// Fixup section checksum 171 pub e32_fixupsum: U32<LE>, 172 /// Loader section size 173 pub e32_ldrsize: U32<LE>, 174 /// Loader section checksum 175 pub e32_ldrsum: U32<LE>, 176 /// Object table offset 177 pub e32_objtab: U32<LE>, 178 /// Number of objects in module 179 pub e32_objcnt: U32<LE>, 180 /// Object page map offset 181 pub e32_objmap: U32<LE>, 182 /// Object iterated data map offset 183 pub e32_itermap: U32<LE>, 184 /// Offset of Resource Table 185 pub e32_rsrctab: U32<LE>, 186 /// Number of resource entries 187 pub e32_rsrccnt: U32<LE>, 188 /// Offset of resident name table 189 pub e32_restab: U32<LE>, 190 /// Offset of Entry Table 191 pub e32_enttab: U32<LE>, 192 /// Offset of Module Directive Table 193 pub e32_dirtab: U32<LE>, 194 /// Number of module directives 195 pub e32_dircnt: U32<LE>, 196 /// Offset of Fixup Page Table 197 pub e32_fpagetab: U32<LE>, 198 /// Offset of Fixup Record Table 199 pub e32_frectab: U32<LE>, 200 /// Offset of Import Module Name Table 201 pub e32_impmod: U32<LE>, 202 /// Number of entries in Import Module Name Table 203 pub e32_impmodcnt: U32<LE>, 204 /// Offset of Import Procedure Name Table 205 pub e32_impproc: U32<LE>, 206 /// Offset of Per-Page Checksum Table 207 pub e32_pagesum: U32<LE>, 208 /// Offset of Enumerated Data Pages 209 pub e32_datapage: U32<LE>, 210 /// Number of preload pages 211 pub e32_preload: U32<LE>, 212 /// Offset of Non-resident Names Table 213 pub e32_nrestab: U32<LE>, 214 /// Size of Non-resident Name Table 215 pub e32_cbnrestab: U32<LE>, 216 /// Non-resident Name Table Checksum 217 pub e32_nressum: U32<LE>, 218 /// Object # for automatic data object 219 pub e32_autodata: U32<LE>, 220 /// Offset of the debugging information 221 pub e32_debuginfo: U32<LE>, 222 /// The length of the debugging info. in bytes 223 pub e32_debuglen: U32<LE>, 224 /// Number of instance pages in preload section of VXD file 225 pub e32_instpreload: U32<LE>, 226 /// Number of instance pages in demand load section of VXD file 227 pub e32_instdemand: U32<LE>, 228 /// Size of heap - for 16-bit apps 229 pub e32_heapsize: U32<LE>, 230 /// Reserved words 231 pub e32_res3: [u8; 12], 232 pub e32_winresoff: U32<LE>, 233 pub e32_winreslen: U32<LE>, 234 /// Device ID for VxD 235 pub e32_devid: U16<LE>, 236 /// DDK version for VxD 237 pub e32_ddkver: U16<LE>, 238 } 239 240 // 241 // File header format. 242 // 243 244 #[derive(Debug, Clone, Copy)] 245 #[repr(C)] 246 pub struct ImageFileHeader { 247 pub machine: U16<LE>, 248 pub number_of_sections: U16<LE>, 249 pub time_date_stamp: U32<LE>, 250 pub pointer_to_symbol_table: U32<LE>, 251 pub number_of_symbols: U32<LE>, 252 pub size_of_optional_header: U16<LE>, 253 pub characteristics: U16<LE>, 254 } 255 256 pub const IMAGE_SIZEOF_FILE_HEADER: usize = 20; 257 258 /// Relocation info stripped from file. 259 pub const IMAGE_FILE_RELOCS_STRIPPED: u16 = 0x0001; 260 /// File is executable (i.e. no unresolved external references). 261 pub const IMAGE_FILE_EXECUTABLE_IMAGE: u16 = 0x0002; 262 /// Line nunbers stripped from file. 263 pub const IMAGE_FILE_LINE_NUMS_STRIPPED: u16 = 0x0004; 264 /// Local symbols stripped from file. 265 pub const IMAGE_FILE_LOCAL_SYMS_STRIPPED: u16 = 0x0008; 266 /// Aggressively trim working set 267 pub const IMAGE_FILE_AGGRESIVE_WS_TRIM: u16 = 0x0010; 268 /// App can handle >2gb addresses 269 pub const IMAGE_FILE_LARGE_ADDRESS_AWARE: u16 = 0x0020; 270 /// Bytes of machine word are reversed. 271 pub const IMAGE_FILE_BYTES_REVERSED_LO: u16 = 0x0080; 272 /// 32 bit word machine. 273 pub const IMAGE_FILE_32BIT_MACHINE: u16 = 0x0100; 274 /// Debugging info stripped from file in .DBG file 275 pub const IMAGE_FILE_DEBUG_STRIPPED: u16 = 0x0200; 276 /// If Image is on removable media, copy and run from the swap file. 277 pub const IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP: u16 = 0x0400; 278 /// If Image is on Net, copy and run from the swap file. 279 pub const IMAGE_FILE_NET_RUN_FROM_SWAP: u16 = 0x0800; 280 /// System File. 281 pub const IMAGE_FILE_SYSTEM: u16 = 0x1000; 282 /// File is a DLL. 283 pub const IMAGE_FILE_DLL: u16 = 0x2000; 284 /// File should only be run on a UP machine 285 pub const IMAGE_FILE_UP_SYSTEM_ONLY: u16 = 0x4000; 286 /// Bytes of machine word are reversed. 287 pub const IMAGE_FILE_BYTES_REVERSED_HI: u16 = 0x8000; 288 289 pub const IMAGE_FILE_MACHINE_UNKNOWN: u16 = 0; 290 /// Useful for indicating we want to interact with the host and not a WoW guest. 291 pub const IMAGE_FILE_MACHINE_TARGET_HOST: u16 = 0x0001; 292 /// Intel 386. 293 pub const IMAGE_FILE_MACHINE_I386: u16 = 0x014c; 294 /// MIPS little-endian, 0x160 big-endian 295 pub const IMAGE_FILE_MACHINE_R3000: u16 = 0x0162; 296 /// MIPS little-endian 297 pub const IMAGE_FILE_MACHINE_R4000: u16 = 0x0166; 298 /// MIPS little-endian 299 pub const IMAGE_FILE_MACHINE_R10000: u16 = 0x0168; 300 /// MIPS little-endian WCE v2 301 pub const IMAGE_FILE_MACHINE_WCEMIPSV2: u16 = 0x0169; 302 /// Alpha_AXP 303 pub const IMAGE_FILE_MACHINE_ALPHA: u16 = 0x0184; 304 /// SH3 little-endian 305 pub const IMAGE_FILE_MACHINE_SH3: u16 = 0x01a2; 306 pub const IMAGE_FILE_MACHINE_SH3DSP: u16 = 0x01a3; 307 /// SH3E little-endian 308 pub const IMAGE_FILE_MACHINE_SH3E: u16 = 0x01a4; 309 /// SH4 little-endian 310 pub const IMAGE_FILE_MACHINE_SH4: u16 = 0x01a6; 311 /// SH5 312 pub const IMAGE_FILE_MACHINE_SH5: u16 = 0x01a8; 313 /// ARM Little-Endian 314 pub const IMAGE_FILE_MACHINE_ARM: u16 = 0x01c0; 315 /// ARM Thumb/Thumb-2 Little-Endian 316 pub const IMAGE_FILE_MACHINE_THUMB: u16 = 0x01c2; 317 /// ARM Thumb-2 Little-Endian 318 pub const IMAGE_FILE_MACHINE_ARMNT: u16 = 0x01c4; 319 pub const IMAGE_FILE_MACHINE_AM33: u16 = 0x01d3; 320 /// IBM PowerPC Little-Endian 321 pub const IMAGE_FILE_MACHINE_POWERPC: u16 = 0x01F0; 322 pub const IMAGE_FILE_MACHINE_POWERPCFP: u16 = 0x01f1; 323 /// Intel 64 324 pub const IMAGE_FILE_MACHINE_IA64: u16 = 0x0200; 325 /// MIPS 326 pub const IMAGE_FILE_MACHINE_MIPS16: u16 = 0x0266; 327 /// ALPHA64 328 pub const IMAGE_FILE_MACHINE_ALPHA64: u16 = 0x0284; 329 /// MIPS 330 pub const IMAGE_FILE_MACHINE_MIPSFPU: u16 = 0x0366; 331 /// MIPS 332 pub const IMAGE_FILE_MACHINE_MIPSFPU16: u16 = 0x0466; 333 pub const IMAGE_FILE_MACHINE_AXP64: u16 = IMAGE_FILE_MACHINE_ALPHA64; 334 /// Infineon 335 pub const IMAGE_FILE_MACHINE_TRICORE: u16 = 0x0520; 336 pub const IMAGE_FILE_MACHINE_CEF: u16 = 0x0CEF; 337 /// EFI Byte Code 338 pub const IMAGE_FILE_MACHINE_EBC: u16 = 0x0EBC; 339 /// AMD64 (K8) 340 pub const IMAGE_FILE_MACHINE_AMD64: u16 = 0x8664; 341 /// M32R little-endian 342 pub const IMAGE_FILE_MACHINE_M32R: u16 = 0x9041; 343 /// ARM64 Little-Endian 344 pub const IMAGE_FILE_MACHINE_ARM64: u16 = 0xAA64; 345 pub const IMAGE_FILE_MACHINE_CEE: u16 = 0xC0EE; 346 347 // 348 // Directory format. 349 // 350 351 #[derive(Debug, Clone, Copy)] 352 #[repr(C)] 353 pub struct ImageDataDirectory { 354 pub virtual_address: U32<LE>, 355 pub size: U32<LE>, 356 } 357 358 pub const IMAGE_NUMBEROF_DIRECTORY_ENTRIES: usize = 16; 359 360 // 361 // Optional header format. 362 // 363 364 #[derive(Debug, Clone, Copy)] 365 #[repr(C)] 366 pub struct ImageOptionalHeader32 { 367 // Standard fields. 368 pub magic: U16<LE>, 369 pub major_linker_version: u8, 370 pub minor_linker_version: u8, 371 pub size_of_code: U32<LE>, 372 pub size_of_initialized_data: U32<LE>, 373 pub size_of_uninitialized_data: U32<LE>, 374 pub address_of_entry_point: U32<LE>, 375 pub base_of_code: U32<LE>, 376 pub base_of_data: U32<LE>, 377 378 // NT additional fields. 379 pub image_base: U32<LE>, 380 pub section_alignment: U32<LE>, 381 pub file_alignment: U32<LE>, 382 pub major_operating_system_version: U16<LE>, 383 pub minor_operating_system_version: U16<LE>, 384 pub major_image_version: U16<LE>, 385 pub minor_image_version: U16<LE>, 386 pub major_subsystem_version: U16<LE>, 387 pub minor_subsystem_version: U16<LE>, 388 pub win32_version_value: U32<LE>, 389 pub size_of_image: U32<LE>, 390 pub size_of_headers: U32<LE>, 391 pub check_sum: U32<LE>, 392 pub subsystem: U16<LE>, 393 pub dll_characteristics: U16<LE>, 394 pub size_of_stack_reserve: U32<LE>, 395 pub size_of_stack_commit: U32<LE>, 396 pub size_of_heap_reserve: U32<LE>, 397 pub size_of_heap_commit: U32<LE>, 398 pub loader_flags: U32<LE>, 399 pub number_of_rva_and_sizes: U32<LE>, 400 //pub data_directory: [ImageDataDirectory; IMAGE_NUMBEROF_DIRECTORY_ENTRIES], 401 } 402 403 #[derive(Debug, Clone, Copy)] 404 #[repr(C)] 405 pub struct ImageRomOptionalHeader { 406 pub magic: U16<LE>, 407 pub major_linker_version: u8, 408 pub minor_linker_version: u8, 409 pub size_of_code: U32<LE>, 410 pub size_of_initialized_data: U32<LE>, 411 pub size_of_uninitialized_data: U32<LE>, 412 pub address_of_entry_point: U32<LE>, 413 pub base_of_code: U32<LE>, 414 pub base_of_data: U32<LE>, 415 pub base_of_bss: U32<LE>, 416 pub gpr_mask: U32<LE>, 417 pub cpr_mask: [U32<LE>; 4], 418 pub gp_value: U32<LE>, 419 } 420 421 #[derive(Debug, Clone, Copy)] 422 #[repr(C)] 423 pub struct ImageOptionalHeader64 { 424 pub magic: U16<LE>, 425 pub major_linker_version: u8, 426 pub minor_linker_version: u8, 427 pub size_of_code: U32<LE>, 428 pub size_of_initialized_data: U32<LE>, 429 pub size_of_uninitialized_data: U32<LE>, 430 pub address_of_entry_point: U32<LE>, 431 pub base_of_code: U32<LE>, 432 pub image_base: U64<LE>, 433 pub section_alignment: U32<LE>, 434 pub file_alignment: U32<LE>, 435 pub major_operating_system_version: U16<LE>, 436 pub minor_operating_system_version: U16<LE>, 437 pub major_image_version: U16<LE>, 438 pub minor_image_version: U16<LE>, 439 pub major_subsystem_version: U16<LE>, 440 pub minor_subsystem_version: U16<LE>, 441 pub win32_version_value: U32<LE>, 442 pub size_of_image: U32<LE>, 443 pub size_of_headers: U32<LE>, 444 pub check_sum: U32<LE>, 445 pub subsystem: U16<LE>, 446 pub dll_characteristics: U16<LE>, 447 pub size_of_stack_reserve: U64<LE>, 448 pub size_of_stack_commit: U64<LE>, 449 pub size_of_heap_reserve: U64<LE>, 450 pub size_of_heap_commit: U64<LE>, 451 pub loader_flags: U32<LE>, 452 pub number_of_rva_and_sizes: U32<LE>, 453 //pub data_directory: [ImageDataDirectory; IMAGE_NUMBEROF_DIRECTORY_ENTRIES], 454 } 455 456 pub const IMAGE_NT_OPTIONAL_HDR32_MAGIC: u16 = 0x10b; 457 pub const IMAGE_NT_OPTIONAL_HDR64_MAGIC: u16 = 0x20b; 458 pub const IMAGE_ROM_OPTIONAL_HDR_MAGIC: u16 = 0x107; 459 460 #[derive(Debug, Clone, Copy)] 461 #[repr(C)] 462 pub struct ImageNtHeaders64 { 463 pub signature: U32<LE>, 464 pub file_header: ImageFileHeader, 465 pub optional_header: ImageOptionalHeader64, 466 } 467 468 #[derive(Debug, Clone, Copy)] 469 #[repr(C)] 470 pub struct ImageNtHeaders32 { 471 pub signature: U32<LE>, 472 pub file_header: ImageFileHeader, 473 pub optional_header: ImageOptionalHeader32, 474 } 475 476 #[derive(Debug, Clone, Copy)] 477 #[repr(C)] 478 pub struct ImageRomHeaders { 479 pub file_header: ImageFileHeader, 480 pub optional_header: ImageRomOptionalHeader, 481 } 482 483 // Values for `ImageOptionalHeader*::subsystem`. 484 485 /// Unknown subsystem. 486 pub const IMAGE_SUBSYSTEM_UNKNOWN: u16 = 0; 487 /// Image doesn't require a subsystem. 488 pub const IMAGE_SUBSYSTEM_NATIVE: u16 = 1; 489 /// Image runs in the Windows GUI subsystem. 490 pub const IMAGE_SUBSYSTEM_WINDOWS_GUI: u16 = 2; 491 /// Image runs in the Windows character subsystem. 492 pub const IMAGE_SUBSYSTEM_WINDOWS_CUI: u16 = 3; 493 /// image runs in the OS/2 character subsystem. 494 pub const IMAGE_SUBSYSTEM_OS2_CUI: u16 = 5; 495 /// image runs in the Posix character subsystem. 496 pub const IMAGE_SUBSYSTEM_POSIX_CUI: u16 = 7; 497 /// image is a native Win9x driver. 498 pub const IMAGE_SUBSYSTEM_NATIVE_WINDOWS: u16 = 8; 499 /// Image runs in the Windows CE subsystem. 500 pub const IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: u16 = 9; 501 pub const IMAGE_SUBSYSTEM_EFI_APPLICATION: u16 = 10; 502 pub const IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: u16 = 11; 503 pub const IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: u16 = 12; 504 pub const IMAGE_SUBSYSTEM_EFI_ROM: u16 = 13; 505 pub const IMAGE_SUBSYSTEM_XBOX: u16 = 14; 506 pub const IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: u16 = 16; 507 pub const IMAGE_SUBSYSTEM_XBOX_CODE_CATALOG: u16 = 17; 508 509 // Values for `ImageOptionalHeader*::dll_characteristics`. 510 511 // IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved. 512 // IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved. 513 // IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved. 514 // IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved. 515 /// Image can handle a high entropy 64-bit virtual address space. 516 pub const IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA: u16 = 0x0020; 517 /// DLL can move. 518 pub const IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE: u16 = 0x0040; 519 /// Code Integrity Image 520 pub const IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY: u16 = 0x0080; 521 /// Image is NX compatible 522 pub const IMAGE_DLLCHARACTERISTICS_NX_COMPAT: u16 = 0x0100; 523 /// Image understands isolation and doesn't want it 524 pub const IMAGE_DLLCHARACTERISTICS_NO_ISOLATION: u16 = 0x0200; 525 /// Image does not use SEH. No SE handler may reside in this image 526 pub const IMAGE_DLLCHARACTERISTICS_NO_SEH: u16 = 0x0400; 527 /// Do not bind this image. 528 pub const IMAGE_DLLCHARACTERISTICS_NO_BIND: u16 = 0x0800; 529 /// Image should execute in an AppContainer 530 pub const IMAGE_DLLCHARACTERISTICS_APPCONTAINER: u16 = 0x1000; 531 /// Driver uses WDM model 532 pub const IMAGE_DLLCHARACTERISTICS_WDM_DRIVER: u16 = 0x2000; 533 /// Image supports Control Flow Guard. 534 pub const IMAGE_DLLCHARACTERISTICS_GUARD_CF: u16 = 0x4000; 535 pub const IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE: u16 = 0x8000; 536 537 // Indices for `ImageOptionalHeader*::data_directory`. 538 539 /// Export Directory 540 pub const IMAGE_DIRECTORY_ENTRY_EXPORT: usize = 0; 541 /// Import Directory 542 pub const IMAGE_DIRECTORY_ENTRY_IMPORT: usize = 1; 543 /// Resource Directory 544 pub const IMAGE_DIRECTORY_ENTRY_RESOURCE: usize = 2; 545 /// Exception Directory 546 pub const IMAGE_DIRECTORY_ENTRY_EXCEPTION: usize = 3; 547 /// Security Directory 548 pub const IMAGE_DIRECTORY_ENTRY_SECURITY: usize = 4; 549 /// Base Relocation Table 550 pub const IMAGE_DIRECTORY_ENTRY_BASERELOC: usize = 5; 551 /// Debug Directory 552 pub const IMAGE_DIRECTORY_ENTRY_DEBUG: usize = 6; 553 // IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage) 554 /// Architecture Specific Data 555 pub const IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: usize = 7; 556 /// RVA of GP 557 pub const IMAGE_DIRECTORY_ENTRY_GLOBALPTR: usize = 8; 558 /// TLS Directory 559 pub const IMAGE_DIRECTORY_ENTRY_TLS: usize = 9; 560 /// Load Configuration Directory 561 pub const IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: usize = 10; 562 /// Bound Import Directory in headers 563 pub const IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: usize = 11; 564 /// Import Address Table 565 pub const IMAGE_DIRECTORY_ENTRY_IAT: usize = 12; 566 /// Delay Load Import Descriptors 567 pub const IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: usize = 13; 568 /// COM Runtime descriptor 569 pub const IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: usize = 14; 570 571 #[derive(Debug, Clone, Copy)] 572 #[repr(C)] 573 pub struct Guid { 574 pub data1: U32<LE>, 575 pub data2: U16<LE>, 576 pub data3: U16<LE>, 577 pub data4: [u8; 8], 578 } 579 580 pub type ClsId = Guid; 581 582 /// Non-COFF Object file header 583 #[derive(Debug, Clone, Copy)] 584 #[repr(C)] 585 pub struct AnonObjectHeader { 586 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 587 pub sig1: U16<LE>, 588 /// Must be 0xffff 589 pub sig2: U16<LE>, 590 /// >= 1 (implies the ClsId field is present) 591 pub version: U16<LE>, 592 pub machine: U16<LE>, 593 pub time_date_stamp: U32<LE>, 594 /// Used to invoke CoCreateInstance 595 pub class_id: ClsId, 596 /// Size of data that follows the header 597 pub size_of_data: U32<LE>, 598 } 599 600 #[derive(Debug, Clone, Copy)] 601 #[repr(C)] 602 pub struct AnonObjectHeaderV2 { 603 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 604 pub sig1: U16<LE>, 605 /// Must be 0xffff 606 pub sig2: U16<LE>, 607 /// >= 2 (implies the Flags field is present - otherwise V1) 608 pub version: U16<LE>, 609 pub machine: U16<LE>, 610 pub time_date_stamp: U32<LE>, 611 /// Used to invoke CoCreateInstance 612 pub class_id: ClsId, 613 /// Size of data that follows the header 614 pub size_of_data: U32<LE>, 615 /// 0x1 -> contains metadata 616 pub flags: U32<LE>, 617 /// Size of CLR metadata 618 pub meta_data_size: U32<LE>, 619 /// Offset of CLR metadata 620 pub meta_data_offset: U32<LE>, 621 } 622 623 #[derive(Debug, Clone, Copy)] 624 #[repr(C)] 625 pub struct AnonObjectHeaderBigobj { 626 /* same as ANON_OBJECT_HEADER_V2 */ 627 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 628 pub sig1: U16<LE>, 629 /// Must be 0xffff 630 pub sig2: U16<LE>, 631 /// >= 2 (implies the Flags field is present) 632 pub version: U16<LE>, 633 /// Actual machine - IMAGE_FILE_MACHINE_xxx 634 pub machine: U16<LE>, 635 pub time_date_stamp: U32<LE>, 636 /// {D1BAA1C7-BAEE-4ba9-AF20-FAF66AA4DCB8} 637 pub class_id: ClsId, 638 /// Size of data that follows the header 639 pub size_of_data: U32<LE>, 640 /// 0x1 -> contains metadata 641 pub flags: U32<LE>, 642 /// Size of CLR metadata 643 pub meta_data_size: U32<LE>, 644 /// Offset of CLR metadata 645 pub meta_data_offset: U32<LE>, 646 647 /* bigobj specifics */ 648 /// extended from WORD 649 pub number_of_sections: U32<LE>, 650 pub pointer_to_symbol_table: U32<LE>, 651 pub number_of_symbols: U32<LE>, 652 } 653 654 pub const IMAGE_SIZEOF_SHORT_NAME: usize = 8; 655 656 // 657 // Section header format. 658 // 659 660 #[derive(Debug, Clone, Copy)] 661 #[repr(C)] 662 pub struct ImageSectionHeader { 663 pub name: [u8; IMAGE_SIZEOF_SHORT_NAME], 664 pub virtual_size: U32<LE>, 665 pub virtual_address: U32<LE>, 666 pub size_of_raw_data: U32<LE>, 667 pub pointer_to_raw_data: U32<LE>, 668 pub pointer_to_relocations: U32<LE>, 669 pub pointer_to_linenumbers: U32<LE>, 670 pub number_of_relocations: U16<LE>, 671 pub number_of_linenumbers: U16<LE>, 672 pub characteristics: U32<LE>, 673 } 674 675 pub const IMAGE_SIZEOF_SECTION_HEADER: usize = 40; 676 677 // Values for `ImageSectionHeader::characteristics`. 678 679 // IMAGE_SCN_TYPE_REG 0x00000000 // Reserved. 680 // IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved. 681 // IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved. 682 // IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved. 683 /// Reserved. 684 pub const IMAGE_SCN_TYPE_NO_PAD: u32 = 0x0000_0008; 685 // IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved. 686 687 /// Section contains code. 688 pub const IMAGE_SCN_CNT_CODE: u32 = 0x0000_0020; 689 /// Section contains initialized data. 690 pub const IMAGE_SCN_CNT_INITIALIZED_DATA: u32 = 0x0000_0040; 691 /// Section contains uninitialized data. 692 pub const IMAGE_SCN_CNT_UNINITIALIZED_DATA: u32 = 0x0000_0080; 693 694 /// Reserved. 695 pub const IMAGE_SCN_LNK_OTHER: u32 = 0x0000_0100; 696 /// Section contains comments or some other type of information. 697 pub const IMAGE_SCN_LNK_INFO: u32 = 0x0000_0200; 698 // IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved. 699 /// Section contents will not become part of image. 700 pub const IMAGE_SCN_LNK_REMOVE: u32 = 0x0000_0800; 701 /// Section contents comdat. 702 pub const IMAGE_SCN_LNK_COMDAT: u32 = 0x0000_1000; 703 // 0x00002000 // Reserved. 704 // IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000 705 /// Reset speculative exceptions handling bits in the TLB entries for this section. 706 pub const IMAGE_SCN_NO_DEFER_SPEC_EXC: u32 = 0x0000_4000; 707 /// Section content can be accessed relative to GP 708 pub const IMAGE_SCN_GPREL: u32 = 0x0000_8000; 709 pub const IMAGE_SCN_MEM_FARDATA: u32 = 0x0000_8000; 710 // IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000 711 pub const IMAGE_SCN_MEM_PURGEABLE: u32 = 0x0002_0000; 712 pub const IMAGE_SCN_MEM_16BIT: u32 = 0x0002_0000; 713 pub const IMAGE_SCN_MEM_LOCKED: u32 = 0x0004_0000; 714 pub const IMAGE_SCN_MEM_PRELOAD: u32 = 0x0008_0000; 715 716 pub const IMAGE_SCN_ALIGN_1BYTES: u32 = 0x0010_0000; 717 pub const IMAGE_SCN_ALIGN_2BYTES: u32 = 0x0020_0000; 718 pub const IMAGE_SCN_ALIGN_4BYTES: u32 = 0x0030_0000; 719 pub const IMAGE_SCN_ALIGN_8BYTES: u32 = 0x0040_0000; 720 /// Default alignment if no others are specified. 721 pub const IMAGE_SCN_ALIGN_16BYTES: u32 = 0x0050_0000; 722 pub const IMAGE_SCN_ALIGN_32BYTES: u32 = 0x0060_0000; 723 pub const IMAGE_SCN_ALIGN_64BYTES: u32 = 0x0070_0000; 724 pub const IMAGE_SCN_ALIGN_128BYTES: u32 = 0x0080_0000; 725 pub const IMAGE_SCN_ALIGN_256BYTES: u32 = 0x0090_0000; 726 pub const IMAGE_SCN_ALIGN_512BYTES: u32 = 0x00A0_0000; 727 pub const IMAGE_SCN_ALIGN_1024BYTES: u32 = 0x00B0_0000; 728 pub const IMAGE_SCN_ALIGN_2048BYTES: u32 = 0x00C0_0000; 729 pub const IMAGE_SCN_ALIGN_4096BYTES: u32 = 0x00D0_0000; 730 pub const IMAGE_SCN_ALIGN_8192BYTES: u32 = 0x00E0_0000; 731 // Unused 0x00F0_0000 732 pub const IMAGE_SCN_ALIGN_MASK: u32 = 0x00F0_0000; 733 734 /// Section contains extended relocations. 735 pub const IMAGE_SCN_LNK_NRELOC_OVFL: u32 = 0x0100_0000; 736 /// Section can be discarded. 737 pub const IMAGE_SCN_MEM_DISCARDABLE: u32 = 0x0200_0000; 738 /// Section is not cachable. 739 pub const IMAGE_SCN_MEM_NOT_CACHED: u32 = 0x0400_0000; 740 /// Section is not pageable. 741 pub const IMAGE_SCN_MEM_NOT_PAGED: u32 = 0x0800_0000; 742 /// Section is shareable. 743 pub const IMAGE_SCN_MEM_SHARED: u32 = 0x1000_0000; 744 /// Section is executable. 745 pub const IMAGE_SCN_MEM_EXECUTE: u32 = 0x2000_0000; 746 /// Section is readable. 747 pub const IMAGE_SCN_MEM_READ: u32 = 0x4000_0000; 748 /// Section is writeable. 749 pub const IMAGE_SCN_MEM_WRITE: u32 = 0x8000_0000; 750 751 // 752 // TLS Characteristic Flags 753 // 754 /// Tls index is scaled 755 pub const IMAGE_SCN_SCALE_INDEX: u32 = 0x0000_0001; 756 757 // 758 // Symbol format. 759 // 760 761 // This struct has alignment 1. 762 #[derive(Debug, Clone, Copy)] 763 #[repr(C)] 764 pub struct ImageSymbol { 765 /// If first 4 bytes are 0, then second 4 bytes are offset into string table. 766 pub name: [u8; 8], 767 pub value: U32Bytes<LE>, 768 pub section_number: U16Bytes<LE>, 769 pub typ: U16Bytes<LE>, 770 pub storage_class: u8, 771 pub number_of_aux_symbols: u8, 772 } 773 774 pub const IMAGE_SIZEOF_SYMBOL: usize = 18; 775 776 #[derive(Debug, Clone, Copy)] 777 #[repr(C)] 778 pub struct ImageSymbolBytes(pub [u8; IMAGE_SIZEOF_SYMBOL]); 779 780 // This struct has alignment 1. 781 #[derive(Debug, Clone, Copy)] 782 #[repr(C)] 783 pub struct ImageSymbolEx { 784 /// If first 4 bytes are 0, then second 4 bytes are offset into string table. 785 pub name: [u8; 8], 786 pub value: U32Bytes<LE>, 787 pub section_number: U32Bytes<LE>, 788 pub typ: U16Bytes<LE>, 789 pub storage_class: u8, 790 pub number_of_aux_symbols: u8, 791 } 792 793 pub const IMAGE_SIZEOF_SYMBOL_EX: usize = 20; 794 795 #[derive(Debug, Clone, Copy)] 796 #[repr(C)] 797 pub struct ImageSymbolExBytes(pub [u8; IMAGE_SIZEOF_SYMBOL_EX]); 798 799 // Values for `ImageSymbol::section_number`. 800 // 801 // Symbols have a section number of the section in which they are 802 // defined. Otherwise, section numbers have the following meanings: 803 804 /// Symbol is undefined or is common. 805 pub const IMAGE_SYM_UNDEFINED: u16 = 0; 806 /// Symbol is an absolute value. 807 pub const IMAGE_SYM_ABSOLUTE: u16 = 0xffff; 808 /// Symbol is a special debug item. 809 pub const IMAGE_SYM_DEBUG: u16 = 0xfffe; 810 /// Values 0xFF00-0xFFFF are special 811 pub const IMAGE_SYM_SECTION_MAX: u16 = 0xFEFF; 812 pub const IMAGE_SYM_SECTION_MAX_EX: u32 = 0x7fff_ffff; 813 814 // Values for `ImageSymbol::typ` (basic component). 815 816 /// no type. 817 pub const IMAGE_SYM_TYPE_NULL: u16 = 0x0000; 818 pub const IMAGE_SYM_TYPE_VOID: u16 = 0x0001; 819 /// type character. 820 pub const IMAGE_SYM_TYPE_CHAR: u16 = 0x0002; 821 /// type short integer. 822 pub const IMAGE_SYM_TYPE_SHORT: u16 = 0x0003; 823 pub const IMAGE_SYM_TYPE_INT: u16 = 0x0004; 824 pub const IMAGE_SYM_TYPE_LONG: u16 = 0x0005; 825 pub const IMAGE_SYM_TYPE_FLOAT: u16 = 0x0006; 826 pub const IMAGE_SYM_TYPE_DOUBLE: u16 = 0x0007; 827 pub const IMAGE_SYM_TYPE_STRUCT: u16 = 0x0008; 828 pub const IMAGE_SYM_TYPE_UNION: u16 = 0x0009; 829 /// enumeration. 830 pub const IMAGE_SYM_TYPE_ENUM: u16 = 0x000A; 831 /// member of enumeration. 832 pub const IMAGE_SYM_TYPE_MOE: u16 = 0x000B; 833 pub const IMAGE_SYM_TYPE_BYTE: u16 = 0x000C; 834 pub const IMAGE_SYM_TYPE_WORD: u16 = 0x000D; 835 pub const IMAGE_SYM_TYPE_UINT: u16 = 0x000E; 836 pub const IMAGE_SYM_TYPE_DWORD: u16 = 0x000F; 837 pub const IMAGE_SYM_TYPE_PCODE: u16 = 0x8000; 838 839 // Values for `ImageSymbol::typ` (derived component). 840 841 /// no derived type. 842 pub const IMAGE_SYM_DTYPE_NULL: u16 = 0; 843 /// pointer. 844 pub const IMAGE_SYM_DTYPE_POINTER: u16 = 1; 845 /// function. 846 pub const IMAGE_SYM_DTYPE_FUNCTION: u16 = 2; 847 /// array. 848 pub const IMAGE_SYM_DTYPE_ARRAY: u16 = 3; 849 850 // Values for `ImageSymbol::storage_class`. 851 pub const IMAGE_SYM_CLASS_END_OF_FUNCTION: u8 = 0xff; 852 pub const IMAGE_SYM_CLASS_NULL: u8 = 0x00; 853 pub const IMAGE_SYM_CLASS_AUTOMATIC: u8 = 0x01; 854 pub const IMAGE_SYM_CLASS_EXTERNAL: u8 = 0x02; 855 pub const IMAGE_SYM_CLASS_STATIC: u8 = 0x03; 856 pub const IMAGE_SYM_CLASS_REGISTER: u8 = 0x04; 857 pub const IMAGE_SYM_CLASS_EXTERNAL_DEF: u8 = 0x05; 858 pub const IMAGE_SYM_CLASS_LABEL: u8 = 0x06; 859 pub const IMAGE_SYM_CLASS_UNDEFINED_LABEL: u8 = 0x07; 860 pub const IMAGE_SYM_CLASS_MEMBER_OF_STRUCT: u8 = 0x08; 861 pub const IMAGE_SYM_CLASS_ARGUMENT: u8 = 0x09; 862 pub const IMAGE_SYM_CLASS_STRUCT_TAG: u8 = 0x0A; 863 pub const IMAGE_SYM_CLASS_MEMBER_OF_UNION: u8 = 0x0B; 864 pub const IMAGE_SYM_CLASS_UNION_TAG: u8 = 0x0C; 865 pub const IMAGE_SYM_CLASS_TYPE_DEFINITION: u8 = 0x0D; 866 pub const IMAGE_SYM_CLASS_UNDEFINED_STATIC: u8 = 0x0E; 867 pub const IMAGE_SYM_CLASS_ENUM_TAG: u8 = 0x0F; 868 pub const IMAGE_SYM_CLASS_MEMBER_OF_ENUM: u8 = 0x10; 869 pub const IMAGE_SYM_CLASS_REGISTER_PARAM: u8 = 0x11; 870 pub const IMAGE_SYM_CLASS_BIT_FIELD: u8 = 0x12; 871 872 pub const IMAGE_SYM_CLASS_FAR_EXTERNAL: u8 = 0x44; 873 874 pub const IMAGE_SYM_CLASS_BLOCK: u8 = 0x64; 875 pub const IMAGE_SYM_CLASS_FUNCTION: u8 = 0x65; 876 pub const IMAGE_SYM_CLASS_END_OF_STRUCT: u8 = 0x66; 877 pub const IMAGE_SYM_CLASS_FILE: u8 = 0x67; 878 // new 879 pub const IMAGE_SYM_CLASS_SECTION: u8 = 0x68; 880 pub const IMAGE_SYM_CLASS_WEAK_EXTERNAL: u8 = 0x69; 881 882 pub const IMAGE_SYM_CLASS_CLR_TOKEN: u8 = 0x6B; 883 884 // type packing constants 885 886 pub const N_BTMASK: u16 = 0x000F; 887 pub const N_TMASK: u16 = 0x0030; 888 pub const N_TMASK1: u16 = 0x00C0; 889 pub const N_TMASK2: u16 = 0x00F0; 890 pub const N_BTSHFT: usize = 4; 891 pub const N_TSHIFT: usize = 2; 892 893 pub const IMAGE_SYM_DTYPE_SHIFT: usize = N_BTSHFT; 894 895 impl ImageSymbol { 896 #[inline] base_type(&self) -> u16897 pub fn base_type(&self) -> u16 { 898 self.typ.get(LE) & N_BTMASK 899 } 900 901 #[inline] derived_type(&self) -> u16902 pub fn derived_type(&self) -> u16 { 903 (self.typ.get(LE) & N_TMASK) >> N_BTSHFT 904 } 905 } 906 907 impl ImageSymbolEx { 908 #[inline] base_type(&self) -> u16909 pub fn base_type(&self) -> u16 { 910 self.typ.get(LE) & N_BTMASK 911 } 912 913 #[inline] derived_type(&self) -> u16914 pub fn derived_type(&self) -> u16 { 915 (self.typ.get(LE) & N_TMASK) >> N_BTSHFT 916 } 917 } 918 919 // 920 // Auxiliary entry format. 921 // 922 923 // Used for both ImageSymbol and ImageSymbolEx (with padding). 924 // This struct has alignment 1. 925 #[derive(Debug, Clone, Copy)] 926 #[repr(C)] 927 pub struct ImageAuxSymbolTokenDef { 928 /// IMAGE_AUX_SYMBOL_TYPE 929 pub aux_type: u8, 930 /// Must be 0 931 pub reserved1: u8, 932 pub symbol_table_index: U32Bytes<LE>, 933 /// Must be 0 934 pub reserved2: [u8; 12], 935 } 936 937 pub const IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF: u16 = 1; 938 939 /// Auxiliary symbol format 1: function definitions. 940 // This struct has alignment 1. 941 #[derive(Debug, Clone, Copy)] 942 #[repr(C)] 943 pub struct ImageAuxSymbolFunction { 944 pub tag_index: U32Bytes<LE>, 945 pub total_size: U32Bytes<LE>, 946 pub pointer_to_linenumber: U32Bytes<LE>, 947 pub pointer_to_next_function: U32Bytes<LE>, 948 pub unused: [u8; 2], 949 } 950 951 /// Auxiliary symbol format 2: .bf and .ef symbols. 952 // This struct has alignment 1. 953 #[derive(Debug, Clone, Copy)] 954 #[repr(C)] 955 pub struct ImageAuxSymbolFunctionBeginEnd { 956 pub unused1: [u8; 4], 957 /// declaration line number 958 pub linenumber: U16Bytes<LE>, 959 pub unused2: [u8; 6], 960 pub pointer_to_next_function: U32Bytes<LE>, 961 pub unused3: [u8; 2], 962 } 963 964 /// Auxiliary symbol format 3: weak externals. 965 /// 966 /// Used for both `ImageSymbol` and `ImageSymbolEx` (both with padding). 967 // This struct has alignment 1. 968 #[derive(Debug, Clone, Copy)] 969 #[repr(C)] 970 pub struct ImageAuxSymbolWeak { 971 /// the weak extern default symbol index 972 pub weak_default_sym_index: U32Bytes<LE>, 973 pub weak_search_type: U32Bytes<LE>, 974 } 975 976 /// Auxiliary symbol format 5: sections. 977 /// 978 /// Used for both `ImageSymbol` and `ImageSymbolEx` (with padding). 979 // This struct has alignment 1. 980 #[derive(Debug, Clone, Copy)] 981 #[repr(C)] 982 pub struct ImageAuxSymbolSection { 983 /// section length 984 pub length: U32Bytes<LE>, 985 /// number of relocation entries 986 pub number_of_relocations: U16Bytes<LE>, 987 /// number of line numbers 988 pub number_of_linenumbers: U16Bytes<LE>, 989 /// checksum for communal 990 pub check_sum: U32Bytes<LE>, 991 /// section number to associate with 992 pub number: U16Bytes<LE>, 993 /// communal selection type 994 pub selection: u8, 995 pub reserved: u8, 996 /// high bits of the section number 997 pub high_number: U16Bytes<LE>, 998 } 999 1000 // Used for both ImageSymbol and ImageSymbolEx (both with padding). 1001 // This struct has alignment 1. 1002 #[derive(Debug, Clone, Copy)] 1003 #[repr(C)] 1004 pub struct ImageAuxSymbolCrc { 1005 pub crc: U32Bytes<LE>, 1006 } 1007 1008 // 1009 // Communal selection types. 1010 // 1011 1012 pub const IMAGE_COMDAT_SELECT_NODUPLICATES: u8 = 1; 1013 pub const IMAGE_COMDAT_SELECT_ANY: u8 = 2; 1014 pub const IMAGE_COMDAT_SELECT_SAME_SIZE: u8 = 3; 1015 pub const IMAGE_COMDAT_SELECT_EXACT_MATCH: u8 = 4; 1016 pub const IMAGE_COMDAT_SELECT_ASSOCIATIVE: u8 = 5; 1017 pub const IMAGE_COMDAT_SELECT_LARGEST: u8 = 6; 1018 pub const IMAGE_COMDAT_SELECT_NEWEST: u8 = 7; 1019 1020 pub const IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY: u16 = 1; 1021 pub const IMAGE_WEAK_EXTERN_SEARCH_LIBRARY: u16 = 2; 1022 pub const IMAGE_WEAK_EXTERN_SEARCH_ALIAS: u16 = 3; 1023 pub const IMAGE_WEAK_EXTERN_ANTI_DEPENDENCY: u16 = 4; 1024 1025 // 1026 // Relocation format. 1027 // 1028 1029 // This struct has alignment 1. 1030 #[derive(Debug, Clone, Copy)] 1031 #[repr(C)] 1032 pub struct ImageRelocation { 1033 /// Also `RelocCount` when IMAGE_SCN_LNK_NRELOC_OVFL is set 1034 pub virtual_address: U32Bytes<LE>, 1035 pub symbol_table_index: U32Bytes<LE>, 1036 pub typ: U16Bytes<LE>, 1037 } 1038 1039 // 1040 // I386 relocation types. 1041 // 1042 /// Reference is absolute, no relocation is necessary 1043 pub const IMAGE_REL_I386_ABSOLUTE: u16 = 0x0000; 1044 /// Direct 16-bit reference to the symbols virtual address 1045 pub const IMAGE_REL_I386_DIR16: u16 = 0x0001; 1046 /// PC-relative 16-bit reference to the symbols virtual address 1047 pub const IMAGE_REL_I386_REL16: u16 = 0x0002; 1048 /// Direct 32-bit reference to the symbols virtual address 1049 pub const IMAGE_REL_I386_DIR32: u16 = 0x0006; 1050 /// Direct 32-bit reference to the symbols virtual address, base not included 1051 pub const IMAGE_REL_I386_DIR32NB: u16 = 0x0007; 1052 /// Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 1053 pub const IMAGE_REL_I386_SEG12: u16 = 0x0009; 1054 pub const IMAGE_REL_I386_SECTION: u16 = 0x000A; 1055 pub const IMAGE_REL_I386_SECREL: u16 = 0x000B; 1056 /// clr token 1057 pub const IMAGE_REL_I386_TOKEN: u16 = 0x000C; 1058 /// 7 bit offset from base of section containing target 1059 pub const IMAGE_REL_I386_SECREL7: u16 = 0x000D; 1060 /// PC-relative 32-bit reference to the symbols virtual address 1061 pub const IMAGE_REL_I386_REL32: u16 = 0x0014; 1062 1063 // 1064 // MIPS relocation types. 1065 // 1066 /// Reference is absolute, no relocation is necessary 1067 pub const IMAGE_REL_MIPS_ABSOLUTE: u16 = 0x0000; 1068 pub const IMAGE_REL_MIPS_REFHALF: u16 = 0x0001; 1069 pub const IMAGE_REL_MIPS_REFWORD: u16 = 0x0002; 1070 pub const IMAGE_REL_MIPS_JMPADDR: u16 = 0x0003; 1071 pub const IMAGE_REL_MIPS_REFHI: u16 = 0x0004; 1072 pub const IMAGE_REL_MIPS_REFLO: u16 = 0x0005; 1073 pub const IMAGE_REL_MIPS_GPREL: u16 = 0x0006; 1074 pub const IMAGE_REL_MIPS_LITERAL: u16 = 0x0007; 1075 pub const IMAGE_REL_MIPS_SECTION: u16 = 0x000A; 1076 pub const IMAGE_REL_MIPS_SECREL: u16 = 0x000B; 1077 /// Low 16-bit section relative referemce (used for >32k TLS) 1078 pub const IMAGE_REL_MIPS_SECRELLO: u16 = 0x000C; 1079 /// High 16-bit section relative reference (used for >32k TLS) 1080 pub const IMAGE_REL_MIPS_SECRELHI: u16 = 0x000D; 1081 /// clr token 1082 pub const IMAGE_REL_MIPS_TOKEN: u16 = 0x000E; 1083 pub const IMAGE_REL_MIPS_JMPADDR16: u16 = 0x0010; 1084 pub const IMAGE_REL_MIPS_REFWORDNB: u16 = 0x0022; 1085 pub const IMAGE_REL_MIPS_PAIR: u16 = 0x0025; 1086 1087 // 1088 // Alpha Relocation types. 1089 // 1090 pub const IMAGE_REL_ALPHA_ABSOLUTE: u16 = 0x0000; 1091 pub const IMAGE_REL_ALPHA_REFLONG: u16 = 0x0001; 1092 pub const IMAGE_REL_ALPHA_REFQUAD: u16 = 0x0002; 1093 pub const IMAGE_REL_ALPHA_GPREL32: u16 = 0x0003; 1094 pub const IMAGE_REL_ALPHA_LITERAL: u16 = 0x0004; 1095 pub const IMAGE_REL_ALPHA_LITUSE: u16 = 0x0005; 1096 pub const IMAGE_REL_ALPHA_GPDISP: u16 = 0x0006; 1097 pub const IMAGE_REL_ALPHA_BRADDR: u16 = 0x0007; 1098 pub const IMAGE_REL_ALPHA_HINT: u16 = 0x0008; 1099 pub const IMAGE_REL_ALPHA_INLINE_REFLONG: u16 = 0x0009; 1100 pub const IMAGE_REL_ALPHA_REFHI: u16 = 0x000A; 1101 pub const IMAGE_REL_ALPHA_REFLO: u16 = 0x000B; 1102 pub const IMAGE_REL_ALPHA_PAIR: u16 = 0x000C; 1103 pub const IMAGE_REL_ALPHA_MATCH: u16 = 0x000D; 1104 pub const IMAGE_REL_ALPHA_SECTION: u16 = 0x000E; 1105 pub const IMAGE_REL_ALPHA_SECREL: u16 = 0x000F; 1106 pub const IMAGE_REL_ALPHA_REFLONGNB: u16 = 0x0010; 1107 /// Low 16-bit section relative reference 1108 pub const IMAGE_REL_ALPHA_SECRELLO: u16 = 0x0011; 1109 /// High 16-bit section relative reference 1110 pub const IMAGE_REL_ALPHA_SECRELHI: u16 = 0x0012; 1111 /// High 16 bits of 48 bit reference 1112 pub const IMAGE_REL_ALPHA_REFQ3: u16 = 0x0013; 1113 /// Middle 16 bits of 48 bit reference 1114 pub const IMAGE_REL_ALPHA_REFQ2: u16 = 0x0014; 1115 /// Low 16 bits of 48 bit reference 1116 pub const IMAGE_REL_ALPHA_REFQ1: u16 = 0x0015; 1117 /// Low 16-bit GP relative reference 1118 pub const IMAGE_REL_ALPHA_GPRELLO: u16 = 0x0016; 1119 /// High 16-bit GP relative reference 1120 pub const IMAGE_REL_ALPHA_GPRELHI: u16 = 0x0017; 1121 1122 // 1123 // IBM PowerPC relocation types. 1124 // 1125 /// NOP 1126 pub const IMAGE_REL_PPC_ABSOLUTE: u16 = 0x0000; 1127 /// 64-bit address 1128 pub const IMAGE_REL_PPC_ADDR64: u16 = 0x0001; 1129 /// 32-bit address 1130 pub const IMAGE_REL_PPC_ADDR32: u16 = 0x0002; 1131 /// 26-bit address, shifted left 2 (branch absolute) 1132 pub const IMAGE_REL_PPC_ADDR24: u16 = 0x0003; 1133 /// 16-bit address 1134 pub const IMAGE_REL_PPC_ADDR16: u16 = 0x0004; 1135 /// 16-bit address, shifted left 2 (load doubleword) 1136 pub const IMAGE_REL_PPC_ADDR14: u16 = 0x0005; 1137 /// 26-bit PC-relative offset, shifted left 2 (branch relative) 1138 pub const IMAGE_REL_PPC_REL24: u16 = 0x0006; 1139 /// 16-bit PC-relative offset, shifted left 2 (br cond relative) 1140 pub const IMAGE_REL_PPC_REL14: u16 = 0x0007; 1141 /// 16-bit offset from TOC base 1142 pub const IMAGE_REL_PPC_TOCREL16: u16 = 0x0008; 1143 /// 16-bit offset from TOC base, shifted left 2 (load doubleword) 1144 pub const IMAGE_REL_PPC_TOCREL14: u16 = 0x0009; 1145 1146 /// 32-bit addr w/o image base 1147 pub const IMAGE_REL_PPC_ADDR32NB: u16 = 0x000A; 1148 /// va of containing section (as in an image sectionhdr) 1149 pub const IMAGE_REL_PPC_SECREL: u16 = 0x000B; 1150 /// sectionheader number 1151 pub const IMAGE_REL_PPC_SECTION: u16 = 0x000C; 1152 /// substitute TOC restore instruction iff symbol is glue code 1153 pub const IMAGE_REL_PPC_IFGLUE: u16 = 0x000D; 1154 /// symbol is glue code; virtual address is TOC restore instruction 1155 pub const IMAGE_REL_PPC_IMGLUE: u16 = 0x000E; 1156 /// va of containing section (limited to 16 bits) 1157 pub const IMAGE_REL_PPC_SECREL16: u16 = 0x000F; 1158 pub const IMAGE_REL_PPC_REFHI: u16 = 0x0010; 1159 pub const IMAGE_REL_PPC_REFLO: u16 = 0x0011; 1160 pub const IMAGE_REL_PPC_PAIR: u16 = 0x0012; 1161 /// Low 16-bit section relative reference (used for >32k TLS) 1162 pub const IMAGE_REL_PPC_SECRELLO: u16 = 0x0013; 1163 /// High 16-bit section relative reference (used for >32k TLS) 1164 pub const IMAGE_REL_PPC_SECRELHI: u16 = 0x0014; 1165 pub const IMAGE_REL_PPC_GPREL: u16 = 0x0015; 1166 /// clr token 1167 pub const IMAGE_REL_PPC_TOKEN: u16 = 0x0016; 1168 1169 /// mask to isolate above values in IMAGE_RELOCATION.Type 1170 pub const IMAGE_REL_PPC_TYPEMASK: u16 = 0x00FF; 1171 1172 // Flag bits in `ImageRelocation::typ`. 1173 1174 /// subtract reloc value rather than adding it 1175 pub const IMAGE_REL_PPC_NEG: u16 = 0x0100; 1176 /// fix branch prediction bit to predict branch taken 1177 pub const IMAGE_REL_PPC_BRTAKEN: u16 = 0x0200; 1178 /// fix branch prediction bit to predict branch not taken 1179 pub const IMAGE_REL_PPC_BRNTAKEN: u16 = 0x0400; 1180 /// toc slot defined in file (or, data in toc) 1181 pub const IMAGE_REL_PPC_TOCDEFN: u16 = 0x0800; 1182 1183 // 1184 // Hitachi SH3 relocation types. 1185 // 1186 /// No relocation 1187 pub const IMAGE_REL_SH3_ABSOLUTE: u16 = 0x0000; 1188 /// 16 bit direct 1189 pub const IMAGE_REL_SH3_DIRECT16: u16 = 0x0001; 1190 /// 32 bit direct 1191 pub const IMAGE_REL_SH3_DIRECT32: u16 = 0x0002; 1192 /// 8 bit direct, -128..255 1193 pub const IMAGE_REL_SH3_DIRECT8: u16 = 0x0003; 1194 /// 8 bit direct .W (0 ext.) 1195 pub const IMAGE_REL_SH3_DIRECT8_WORD: u16 = 0x0004; 1196 /// 8 bit direct .L (0 ext.) 1197 pub const IMAGE_REL_SH3_DIRECT8_LONG: u16 = 0x0005; 1198 /// 4 bit direct (0 ext.) 1199 pub const IMAGE_REL_SH3_DIRECT4: u16 = 0x0006; 1200 /// 4 bit direct .W (0 ext.) 1201 pub const IMAGE_REL_SH3_DIRECT4_WORD: u16 = 0x0007; 1202 /// 4 bit direct .L (0 ext.) 1203 pub const IMAGE_REL_SH3_DIRECT4_LONG: u16 = 0x0008; 1204 /// 8 bit PC relative .W 1205 pub const IMAGE_REL_SH3_PCREL8_WORD: u16 = 0x0009; 1206 /// 8 bit PC relative .L 1207 pub const IMAGE_REL_SH3_PCREL8_LONG: u16 = 0x000A; 1208 /// 12 LSB PC relative .W 1209 pub const IMAGE_REL_SH3_PCREL12_WORD: u16 = 0x000B; 1210 /// Start of EXE section 1211 pub const IMAGE_REL_SH3_STARTOF_SECTION: u16 = 0x000C; 1212 /// Size of EXE section 1213 pub const IMAGE_REL_SH3_SIZEOF_SECTION: u16 = 0x000D; 1214 /// Section table index 1215 pub const IMAGE_REL_SH3_SECTION: u16 = 0x000E; 1216 /// Offset within section 1217 pub const IMAGE_REL_SH3_SECREL: u16 = 0x000F; 1218 /// 32 bit direct not based 1219 pub const IMAGE_REL_SH3_DIRECT32_NB: u16 = 0x0010; 1220 /// GP-relative addressing 1221 pub const IMAGE_REL_SH3_GPREL4_LONG: u16 = 0x0011; 1222 /// clr token 1223 pub const IMAGE_REL_SH3_TOKEN: u16 = 0x0012; 1224 /// Offset from current instruction in longwords 1225 /// if not NOMODE, insert the inverse of the low bit at bit 32 to select PTA/PTB 1226 pub const IMAGE_REL_SHM_PCRELPT: u16 = 0x0013; 1227 /// Low bits of 32-bit address 1228 pub const IMAGE_REL_SHM_REFLO: u16 = 0x0014; 1229 /// High bits of 32-bit address 1230 pub const IMAGE_REL_SHM_REFHALF: u16 = 0x0015; 1231 /// Low bits of relative reference 1232 pub const IMAGE_REL_SHM_RELLO: u16 = 0x0016; 1233 /// High bits of relative reference 1234 pub const IMAGE_REL_SHM_RELHALF: u16 = 0x0017; 1235 /// offset operand for relocation 1236 pub const IMAGE_REL_SHM_PAIR: u16 = 0x0018; 1237 1238 /// relocation ignores section mode 1239 pub const IMAGE_REL_SH_NOMODE: u16 = 0x8000; 1240 1241 /// No relocation required 1242 pub const IMAGE_REL_ARM_ABSOLUTE: u16 = 0x0000; 1243 /// 32 bit address 1244 pub const IMAGE_REL_ARM_ADDR32: u16 = 0x0001; 1245 /// 32 bit address w/o image base 1246 pub const IMAGE_REL_ARM_ADDR32NB: u16 = 0x0002; 1247 /// 24 bit offset << 2 & sign ext. 1248 pub const IMAGE_REL_ARM_BRANCH24: u16 = 0x0003; 1249 /// Thumb: 2 11 bit offsets 1250 pub const IMAGE_REL_ARM_BRANCH11: u16 = 0x0004; 1251 /// clr token 1252 pub const IMAGE_REL_ARM_TOKEN: u16 = 0x0005; 1253 /// GP-relative addressing (ARM) 1254 pub const IMAGE_REL_ARM_GPREL12: u16 = 0x0006; 1255 /// GP-relative addressing (Thumb) 1256 pub const IMAGE_REL_ARM_GPREL7: u16 = 0x0007; 1257 pub const IMAGE_REL_ARM_BLX24: u16 = 0x0008; 1258 pub const IMAGE_REL_ARM_BLX11: u16 = 0x0009; 1259 /// Section table index 1260 pub const IMAGE_REL_ARM_SECTION: u16 = 0x000E; 1261 /// Offset within section 1262 pub const IMAGE_REL_ARM_SECREL: u16 = 0x000F; 1263 /// ARM: MOVW/MOVT 1264 pub const IMAGE_REL_ARM_MOV32A: u16 = 0x0010; 1265 /// ARM: MOVW/MOVT (deprecated) 1266 pub const IMAGE_REL_ARM_MOV32: u16 = 0x0010; 1267 /// Thumb: MOVW/MOVT 1268 pub const IMAGE_REL_ARM_MOV32T: u16 = 0x0011; 1269 /// Thumb: MOVW/MOVT (deprecated) 1270 pub const IMAGE_REL_THUMB_MOV32: u16 = 0x0011; 1271 /// Thumb: 32-bit conditional B 1272 pub const IMAGE_REL_ARM_BRANCH20T: u16 = 0x0012; 1273 /// Thumb: 32-bit conditional B (deprecated) 1274 pub const IMAGE_REL_THUMB_BRANCH20: u16 = 0x0012; 1275 /// Thumb: 32-bit B or BL 1276 pub const IMAGE_REL_ARM_BRANCH24T: u16 = 0x0014; 1277 /// Thumb: 32-bit B or BL (deprecated) 1278 pub const IMAGE_REL_THUMB_BRANCH24: u16 = 0x0014; 1279 /// Thumb: BLX immediate 1280 pub const IMAGE_REL_ARM_BLX23T: u16 = 0x0015; 1281 /// Thumb: BLX immediate (deprecated) 1282 pub const IMAGE_REL_THUMB_BLX23: u16 = 0x0015; 1283 1284 pub const IMAGE_REL_AM_ABSOLUTE: u16 = 0x0000; 1285 pub const IMAGE_REL_AM_ADDR32: u16 = 0x0001; 1286 pub const IMAGE_REL_AM_ADDR32NB: u16 = 0x0002; 1287 pub const IMAGE_REL_AM_CALL32: u16 = 0x0003; 1288 pub const IMAGE_REL_AM_FUNCINFO: u16 = 0x0004; 1289 pub const IMAGE_REL_AM_REL32_1: u16 = 0x0005; 1290 pub const IMAGE_REL_AM_REL32_2: u16 = 0x0006; 1291 pub const IMAGE_REL_AM_SECREL: u16 = 0x0007; 1292 pub const IMAGE_REL_AM_SECTION: u16 = 0x0008; 1293 pub const IMAGE_REL_AM_TOKEN: u16 = 0x0009; 1294 1295 // 1296 // ARM64 relocations types. 1297 // 1298 1299 /// No relocation required 1300 pub const IMAGE_REL_ARM64_ABSOLUTE: u16 = 0x0000; 1301 /// 32 bit address. Review! do we need it? 1302 pub const IMAGE_REL_ARM64_ADDR32: u16 = 0x0001; 1303 /// 32 bit address w/o image base (RVA: for Data/PData/XData) 1304 pub const IMAGE_REL_ARM64_ADDR32NB: u16 = 0x0002; 1305 /// 26 bit offset << 2 & sign ext. for B & BL 1306 pub const IMAGE_REL_ARM64_BRANCH26: u16 = 0x0003; 1307 /// ADRP 1308 pub const IMAGE_REL_ARM64_PAGEBASE_REL21: u16 = 0x0004; 1309 /// ADR 1310 pub const IMAGE_REL_ARM64_REL21: u16 = 0x0005; 1311 /// ADD/ADDS (immediate) with zero shift, for page offset 1312 pub const IMAGE_REL_ARM64_PAGEOFFSET_12A: u16 = 0x0006; 1313 /// LDR (indexed, unsigned immediate), for page offset 1314 pub const IMAGE_REL_ARM64_PAGEOFFSET_12L: u16 = 0x0007; 1315 /// Offset within section 1316 pub const IMAGE_REL_ARM64_SECREL: u16 = 0x0008; 1317 /// ADD/ADDS (immediate) with zero shift, for bit 0:11 of section offset 1318 pub const IMAGE_REL_ARM64_SECREL_LOW12A: u16 = 0x0009; 1319 /// ADD/ADDS (immediate) with zero shift, for bit 12:23 of section offset 1320 pub const IMAGE_REL_ARM64_SECREL_HIGH12A: u16 = 0x000A; 1321 /// LDR (indexed, unsigned immediate), for bit 0:11 of section offset 1322 pub const IMAGE_REL_ARM64_SECREL_LOW12L: u16 = 0x000B; 1323 pub const IMAGE_REL_ARM64_TOKEN: u16 = 0x000C; 1324 /// Section table index 1325 pub const IMAGE_REL_ARM64_SECTION: u16 = 0x000D; 1326 /// 64 bit address 1327 pub const IMAGE_REL_ARM64_ADDR64: u16 = 0x000E; 1328 /// 19 bit offset << 2 & sign ext. for conditional B 1329 pub const IMAGE_REL_ARM64_BRANCH19: u16 = 0x000F; 1330 1331 // 1332 // x64 relocations 1333 // 1334 /// Reference is absolute, no relocation is necessary 1335 pub const IMAGE_REL_AMD64_ABSOLUTE: u16 = 0x0000; 1336 /// 64-bit address (VA). 1337 pub const IMAGE_REL_AMD64_ADDR64: u16 = 0x0001; 1338 /// 32-bit address (VA). 1339 pub const IMAGE_REL_AMD64_ADDR32: u16 = 0x0002; 1340 /// 32-bit address w/o image base (RVA). 1341 pub const IMAGE_REL_AMD64_ADDR32NB: u16 = 0x0003; 1342 /// 32-bit relative address from byte following reloc 1343 pub const IMAGE_REL_AMD64_REL32: u16 = 0x0004; 1344 /// 32-bit relative address from byte distance 1 from reloc 1345 pub const IMAGE_REL_AMD64_REL32_1: u16 = 0x0005; 1346 /// 32-bit relative address from byte distance 2 from reloc 1347 pub const IMAGE_REL_AMD64_REL32_2: u16 = 0x0006; 1348 /// 32-bit relative address from byte distance 3 from reloc 1349 pub const IMAGE_REL_AMD64_REL32_3: u16 = 0x0007; 1350 /// 32-bit relative address from byte distance 4 from reloc 1351 pub const IMAGE_REL_AMD64_REL32_4: u16 = 0x0008; 1352 /// 32-bit relative address from byte distance 5 from reloc 1353 pub const IMAGE_REL_AMD64_REL32_5: u16 = 0x0009; 1354 /// Section index 1355 pub const IMAGE_REL_AMD64_SECTION: u16 = 0x000A; 1356 /// 32 bit offset from base of section containing target 1357 pub const IMAGE_REL_AMD64_SECREL: u16 = 0x000B; 1358 /// 7 bit unsigned offset from base of section containing target 1359 pub const IMAGE_REL_AMD64_SECREL7: u16 = 0x000C; 1360 /// 32 bit metadata token 1361 pub const IMAGE_REL_AMD64_TOKEN: u16 = 0x000D; 1362 /// 32 bit signed span-dependent value emitted into object 1363 pub const IMAGE_REL_AMD64_SREL32: u16 = 0x000E; 1364 pub const IMAGE_REL_AMD64_PAIR: u16 = 0x000F; 1365 /// 32 bit signed span-dependent value applied at link time 1366 pub const IMAGE_REL_AMD64_SSPAN32: u16 = 0x0010; 1367 pub const IMAGE_REL_AMD64_EHANDLER: u16 = 0x0011; 1368 /// Indirect branch to an import 1369 pub const IMAGE_REL_AMD64_IMPORT_BR: u16 = 0x0012; 1370 /// Indirect call to an import 1371 pub const IMAGE_REL_AMD64_IMPORT_CALL: u16 = 0x0013; 1372 /// Indirect branch to a CFG check 1373 pub const IMAGE_REL_AMD64_CFG_BR: u16 = 0x0014; 1374 /// Indirect branch to a CFG check, with REX.W prefix 1375 pub const IMAGE_REL_AMD64_CFG_BR_REX: u16 = 0x0015; 1376 /// Indirect call to a CFG check 1377 pub const IMAGE_REL_AMD64_CFG_CALL: u16 = 0x0016; 1378 /// Indirect branch to a target in RAX (no CFG) 1379 pub const IMAGE_REL_AMD64_INDIR_BR: u16 = 0x0017; 1380 /// Indirect branch to a target in RAX, with REX.W prefix (no CFG) 1381 pub const IMAGE_REL_AMD64_INDIR_BR_REX: u16 = 0x0018; 1382 /// Indirect call to a target in RAX (no CFG) 1383 pub const IMAGE_REL_AMD64_INDIR_CALL: u16 = 0x0019; 1384 /// Indirect branch for a switch table using Reg 0 (RAX) 1385 pub const IMAGE_REL_AMD64_INDIR_BR_SWITCHTABLE_FIRST: u16 = 0x0020; 1386 /// Indirect branch for a switch table using Reg 15 (R15) 1387 pub const IMAGE_REL_AMD64_INDIR_BR_SWITCHTABLE_LAST: u16 = 0x002F; 1388 1389 // 1390 // IA64 relocation types. 1391 // 1392 pub const IMAGE_REL_IA64_ABSOLUTE: u16 = 0x0000; 1393 pub const IMAGE_REL_IA64_IMM14: u16 = 0x0001; 1394 pub const IMAGE_REL_IA64_IMM22: u16 = 0x0002; 1395 pub const IMAGE_REL_IA64_IMM64: u16 = 0x0003; 1396 pub const IMAGE_REL_IA64_DIR32: u16 = 0x0004; 1397 pub const IMAGE_REL_IA64_DIR64: u16 = 0x0005; 1398 pub const IMAGE_REL_IA64_PCREL21B: u16 = 0x0006; 1399 pub const IMAGE_REL_IA64_PCREL21M: u16 = 0x0007; 1400 pub const IMAGE_REL_IA64_PCREL21F: u16 = 0x0008; 1401 pub const IMAGE_REL_IA64_GPREL22: u16 = 0x0009; 1402 pub const IMAGE_REL_IA64_LTOFF22: u16 = 0x000A; 1403 pub const IMAGE_REL_IA64_SECTION: u16 = 0x000B; 1404 pub const IMAGE_REL_IA64_SECREL22: u16 = 0x000C; 1405 pub const IMAGE_REL_IA64_SECREL64I: u16 = 0x000D; 1406 pub const IMAGE_REL_IA64_SECREL32: u16 = 0x000E; 1407 // 1408 pub const IMAGE_REL_IA64_DIR32NB: u16 = 0x0010; 1409 pub const IMAGE_REL_IA64_SREL14: u16 = 0x0011; 1410 pub const IMAGE_REL_IA64_SREL22: u16 = 0x0012; 1411 pub const IMAGE_REL_IA64_SREL32: u16 = 0x0013; 1412 pub const IMAGE_REL_IA64_UREL32: u16 = 0x0014; 1413 /// This is always a BRL and never converted 1414 pub const IMAGE_REL_IA64_PCREL60X: u16 = 0x0015; 1415 /// If possible, convert to MBB bundle with NOP.B in slot 1 1416 pub const IMAGE_REL_IA64_PCREL60B: u16 = 0x0016; 1417 /// If possible, convert to MFB bundle with NOP.F in slot 1 1418 pub const IMAGE_REL_IA64_PCREL60F: u16 = 0x0017; 1419 /// If possible, convert to MIB bundle with NOP.I in slot 1 1420 pub const IMAGE_REL_IA64_PCREL60I: u16 = 0x0018; 1421 /// If possible, convert to MMB bundle with NOP.M in slot 1 1422 pub const IMAGE_REL_IA64_PCREL60M: u16 = 0x0019; 1423 pub const IMAGE_REL_IA64_IMMGPREL64: u16 = 0x001A; 1424 /// clr token 1425 pub const IMAGE_REL_IA64_TOKEN: u16 = 0x001B; 1426 pub const IMAGE_REL_IA64_GPREL32: u16 = 0x001C; 1427 pub const IMAGE_REL_IA64_ADDEND: u16 = 0x001F; 1428 1429 // 1430 // CEF relocation types. 1431 // 1432 /// Reference is absolute, no relocation is necessary 1433 pub const IMAGE_REL_CEF_ABSOLUTE: u16 = 0x0000; 1434 /// 32-bit address (VA). 1435 pub const IMAGE_REL_CEF_ADDR32: u16 = 0x0001; 1436 /// 64-bit address (VA). 1437 pub const IMAGE_REL_CEF_ADDR64: u16 = 0x0002; 1438 /// 32-bit address w/o image base (RVA). 1439 pub const IMAGE_REL_CEF_ADDR32NB: u16 = 0x0003; 1440 /// Section index 1441 pub const IMAGE_REL_CEF_SECTION: u16 = 0x0004; 1442 /// 32 bit offset from base of section containing target 1443 pub const IMAGE_REL_CEF_SECREL: u16 = 0x0005; 1444 /// 32 bit metadata token 1445 pub const IMAGE_REL_CEF_TOKEN: u16 = 0x0006; 1446 1447 // 1448 // clr relocation types. 1449 // 1450 /// Reference is absolute, no relocation is necessary 1451 pub const IMAGE_REL_CEE_ABSOLUTE: u16 = 0x0000; 1452 /// 32-bit address (VA). 1453 pub const IMAGE_REL_CEE_ADDR32: u16 = 0x0001; 1454 /// 64-bit address (VA). 1455 pub const IMAGE_REL_CEE_ADDR64: u16 = 0x0002; 1456 /// 32-bit address w/o image base (RVA). 1457 pub const IMAGE_REL_CEE_ADDR32NB: u16 = 0x0003; 1458 /// Section index 1459 pub const IMAGE_REL_CEE_SECTION: u16 = 0x0004; 1460 /// 32 bit offset from base of section containing target 1461 pub const IMAGE_REL_CEE_SECREL: u16 = 0x0005; 1462 /// 32 bit metadata token 1463 pub const IMAGE_REL_CEE_TOKEN: u16 = 0x0006; 1464 1465 /// No relocation required 1466 pub const IMAGE_REL_M32R_ABSOLUTE: u16 = 0x0000; 1467 /// 32 bit address 1468 pub const IMAGE_REL_M32R_ADDR32: u16 = 0x0001; 1469 /// 32 bit address w/o image base 1470 pub const IMAGE_REL_M32R_ADDR32NB: u16 = 0x0002; 1471 /// 24 bit address 1472 pub const IMAGE_REL_M32R_ADDR24: u16 = 0x0003; 1473 /// GP relative addressing 1474 pub const IMAGE_REL_M32R_GPREL16: u16 = 0x0004; 1475 /// 24 bit offset << 2 & sign ext. 1476 pub const IMAGE_REL_M32R_PCREL24: u16 = 0x0005; 1477 /// 16 bit offset << 2 & sign ext. 1478 pub const IMAGE_REL_M32R_PCREL16: u16 = 0x0006; 1479 /// 8 bit offset << 2 & sign ext. 1480 pub const IMAGE_REL_M32R_PCREL8: u16 = 0x0007; 1481 /// 16 MSBs 1482 pub const IMAGE_REL_M32R_REFHALF: u16 = 0x0008; 1483 /// 16 MSBs; adj for LSB sign ext. 1484 pub const IMAGE_REL_M32R_REFHI: u16 = 0x0009; 1485 /// 16 LSBs 1486 pub const IMAGE_REL_M32R_REFLO: u16 = 0x000A; 1487 /// Link HI and LO 1488 pub const IMAGE_REL_M32R_PAIR: u16 = 0x000B; 1489 /// Section table index 1490 pub const IMAGE_REL_M32R_SECTION: u16 = 0x000C; 1491 /// 32 bit section relative reference 1492 pub const IMAGE_REL_M32R_SECREL32: u16 = 0x000D; 1493 /// clr token 1494 pub const IMAGE_REL_M32R_TOKEN: u16 = 0x000E; 1495 1496 /// No relocation required 1497 pub const IMAGE_REL_EBC_ABSOLUTE: u16 = 0x0000; 1498 /// 32 bit address w/o image base 1499 pub const IMAGE_REL_EBC_ADDR32NB: u16 = 0x0001; 1500 /// 32-bit relative address from byte following reloc 1501 pub const IMAGE_REL_EBC_REL32: u16 = 0x0002; 1502 /// Section table index 1503 pub const IMAGE_REL_EBC_SECTION: u16 = 0x0003; 1504 /// Offset within section 1505 pub const IMAGE_REL_EBC_SECREL: u16 = 0x0004; 1506 1507 /* 1508 // TODO? 1509 #define EXT_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */ \ 1510 Value |= (((ULONGLONG)((*(Address) >> InstPos) & (((ULONGLONG)1 << Size) - 1))) << ValPos) // Intel-IA64-Filler 1511 1512 #define INS_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */\ 1513 *(PDWORD)Address = (*(PDWORD)Address & ~(((1 << Size) - 1) << InstPos)) | /* Intel-IA64-Filler */\ 1514 ((DWORD)((((ULONGLONG)Value >> ValPos) & (((ULONGLONG)1 << Size) - 1))) << InstPos) // Intel-IA64-Filler 1515 */ 1516 1517 /// Intel-IA64-Filler 1518 pub const EMARCH_ENC_I17_IMM7B_INST_WORD_X: u16 = 3; 1519 /// Intel-IA64-Filler 1520 pub const EMARCH_ENC_I17_IMM7B_SIZE_X: u16 = 7; 1521 /// Intel-IA64-Filler 1522 pub const EMARCH_ENC_I17_IMM7B_INST_WORD_POS_X: u16 = 4; 1523 /// Intel-IA64-Filler 1524 pub const EMARCH_ENC_I17_IMM7B_VAL_POS_X: u16 = 0; 1525 1526 /// Intel-IA64-Filler 1527 pub const EMARCH_ENC_I17_IMM9D_INST_WORD_X: u16 = 3; 1528 /// Intel-IA64-Filler 1529 pub const EMARCH_ENC_I17_IMM9D_SIZE_X: u16 = 9; 1530 /// Intel-IA64-Filler 1531 pub const EMARCH_ENC_I17_IMM9D_INST_WORD_POS_X: u16 = 18; 1532 /// Intel-IA64-Filler 1533 pub const EMARCH_ENC_I17_IMM9D_VAL_POS_X: u16 = 7; 1534 1535 /// Intel-IA64-Filler 1536 pub const EMARCH_ENC_I17_IMM5C_INST_WORD_X: u16 = 3; 1537 /// Intel-IA64-Filler 1538 pub const EMARCH_ENC_I17_IMM5C_SIZE_X: u16 = 5; 1539 /// Intel-IA64-Filler 1540 pub const EMARCH_ENC_I17_IMM5C_INST_WORD_POS_X: u16 = 13; 1541 /// Intel-IA64-Filler 1542 pub const EMARCH_ENC_I17_IMM5C_VAL_POS_X: u16 = 16; 1543 1544 /// Intel-IA64-Filler 1545 pub const EMARCH_ENC_I17_IC_INST_WORD_X: u16 = 3; 1546 /// Intel-IA64-Filler 1547 pub const EMARCH_ENC_I17_IC_SIZE_X: u16 = 1; 1548 /// Intel-IA64-Filler 1549 pub const EMARCH_ENC_I17_IC_INST_WORD_POS_X: u16 = 12; 1550 /// Intel-IA64-Filler 1551 pub const EMARCH_ENC_I17_IC_VAL_POS_X: u16 = 21; 1552 1553 /// Intel-IA64-Filler 1554 pub const EMARCH_ENC_I17_IMM41A_INST_WORD_X: u16 = 1; 1555 /// Intel-IA64-Filler 1556 pub const EMARCH_ENC_I17_IMM41A_SIZE_X: u16 = 10; 1557 /// Intel-IA64-Filler 1558 pub const EMARCH_ENC_I17_IMM41A_INST_WORD_POS_X: u16 = 14; 1559 /// Intel-IA64-Filler 1560 pub const EMARCH_ENC_I17_IMM41A_VAL_POS_X: u16 = 22; 1561 1562 /// Intel-IA64-Filler 1563 pub const EMARCH_ENC_I17_IMM41B_INST_WORD_X: u16 = 1; 1564 /// Intel-IA64-Filler 1565 pub const EMARCH_ENC_I17_IMM41B_SIZE_X: u16 = 8; 1566 /// Intel-IA64-Filler 1567 pub const EMARCH_ENC_I17_IMM41B_INST_WORD_POS_X: u16 = 24; 1568 /// Intel-IA64-Filler 1569 pub const EMARCH_ENC_I17_IMM41B_VAL_POS_X: u16 = 32; 1570 1571 /// Intel-IA64-Filler 1572 pub const EMARCH_ENC_I17_IMM41C_INST_WORD_X: u16 = 2; 1573 /// Intel-IA64-Filler 1574 pub const EMARCH_ENC_I17_IMM41C_SIZE_X: u16 = 23; 1575 /// Intel-IA64-Filler 1576 pub const EMARCH_ENC_I17_IMM41C_INST_WORD_POS_X: u16 = 0; 1577 /// Intel-IA64-Filler 1578 pub const EMARCH_ENC_I17_IMM41C_VAL_POS_X: u16 = 40; 1579 1580 /// Intel-IA64-Filler 1581 pub const EMARCH_ENC_I17_SIGN_INST_WORD_X: u16 = 3; 1582 /// Intel-IA64-Filler 1583 pub const EMARCH_ENC_I17_SIGN_SIZE_X: u16 = 1; 1584 /// Intel-IA64-Filler 1585 pub const EMARCH_ENC_I17_SIGN_INST_WORD_POS_X: u16 = 27; 1586 /// Intel-IA64-Filler 1587 pub const EMARCH_ENC_I17_SIGN_VAL_POS_X: u16 = 63; 1588 1589 /// Intel-IA64-Filler 1590 pub const X3_OPCODE_INST_WORD_X: u16 = 3; 1591 /// Intel-IA64-Filler 1592 pub const X3_OPCODE_SIZE_X: u16 = 4; 1593 /// Intel-IA64-Filler 1594 pub const X3_OPCODE_INST_WORD_POS_X: u16 = 28; 1595 /// Intel-IA64-Filler 1596 pub const X3_OPCODE_SIGN_VAL_POS_X: u16 = 0; 1597 1598 /// Intel-IA64-Filler 1599 pub const X3_I_INST_WORD_X: u16 = 3; 1600 /// Intel-IA64-Filler 1601 pub const X3_I_SIZE_X: u16 = 1; 1602 /// Intel-IA64-Filler 1603 pub const X3_I_INST_WORD_POS_X: u16 = 27; 1604 /// Intel-IA64-Filler 1605 pub const X3_I_SIGN_VAL_POS_X: u16 = 59; 1606 1607 /// Intel-IA64-Filler 1608 pub const X3_D_WH_INST_WORD_X: u16 = 3; 1609 /// Intel-IA64-Filler 1610 pub const X3_D_WH_SIZE_X: u16 = 3; 1611 /// Intel-IA64-Filler 1612 pub const X3_D_WH_INST_WORD_POS_X: u16 = 24; 1613 /// Intel-IA64-Filler 1614 pub const X3_D_WH_SIGN_VAL_POS_X: u16 = 0; 1615 1616 /// Intel-IA64-Filler 1617 pub const X3_IMM20_INST_WORD_X: u16 = 3; 1618 /// Intel-IA64-Filler 1619 pub const X3_IMM20_SIZE_X: u16 = 20; 1620 /// Intel-IA64-Filler 1621 pub const X3_IMM20_INST_WORD_POS_X: u16 = 4; 1622 /// Intel-IA64-Filler 1623 pub const X3_IMM20_SIGN_VAL_POS_X: u16 = 0; 1624 1625 /// Intel-IA64-Filler 1626 pub const X3_IMM39_1_INST_WORD_X: u16 = 2; 1627 /// Intel-IA64-Filler 1628 pub const X3_IMM39_1_SIZE_X: u16 = 23; 1629 /// Intel-IA64-Filler 1630 pub const X3_IMM39_1_INST_WORD_POS_X: u16 = 0; 1631 /// Intel-IA64-Filler 1632 pub const X3_IMM39_1_SIGN_VAL_POS_X: u16 = 36; 1633 1634 /// Intel-IA64-Filler 1635 pub const X3_IMM39_2_INST_WORD_X: u16 = 1; 1636 /// Intel-IA64-Filler 1637 pub const X3_IMM39_2_SIZE_X: u16 = 16; 1638 /// Intel-IA64-Filler 1639 pub const X3_IMM39_2_INST_WORD_POS_X: u16 = 16; 1640 /// Intel-IA64-Filler 1641 pub const X3_IMM39_2_SIGN_VAL_POS_X: u16 = 20; 1642 1643 /// Intel-IA64-Filler 1644 pub const X3_P_INST_WORD_X: u16 = 3; 1645 /// Intel-IA64-Filler 1646 pub const X3_P_SIZE_X: u16 = 4; 1647 /// Intel-IA64-Filler 1648 pub const X3_P_INST_WORD_POS_X: u16 = 0; 1649 /// Intel-IA64-Filler 1650 pub const X3_P_SIGN_VAL_POS_X: u16 = 0; 1651 1652 /// Intel-IA64-Filler 1653 pub const X3_TMPLT_INST_WORD_X: u16 = 0; 1654 /// Intel-IA64-Filler 1655 pub const X3_TMPLT_SIZE_X: u16 = 4; 1656 /// Intel-IA64-Filler 1657 pub const X3_TMPLT_INST_WORD_POS_X: u16 = 0; 1658 /// Intel-IA64-Filler 1659 pub const X3_TMPLT_SIGN_VAL_POS_X: u16 = 0; 1660 1661 /// Intel-IA64-Filler 1662 pub const X3_BTYPE_QP_INST_WORD_X: u16 = 2; 1663 /// Intel-IA64-Filler 1664 pub const X3_BTYPE_QP_SIZE_X: u16 = 9; 1665 /// Intel-IA64-Filler 1666 pub const X3_BTYPE_QP_INST_WORD_POS_X: u16 = 23; 1667 /// Intel-IA64-Filler 1668 pub const X3_BTYPE_QP_INST_VAL_POS_X: u16 = 0; 1669 1670 /// Intel-IA64-Filler 1671 pub const X3_EMPTY_INST_WORD_X: u16 = 1; 1672 /// Intel-IA64-Filler 1673 pub const X3_EMPTY_SIZE_X: u16 = 2; 1674 /// Intel-IA64-Filler 1675 pub const X3_EMPTY_INST_WORD_POS_X: u16 = 14; 1676 /// Intel-IA64-Filler 1677 pub const X3_EMPTY_INST_VAL_POS_X: u16 = 0; 1678 1679 // 1680 // Line number format. 1681 // 1682 1683 // This struct has alignment 1. 1684 #[derive(Debug, Clone, Copy)] 1685 #[repr(C)] 1686 pub struct ImageLinenumber { 1687 /// Symbol table index of function name if Linenumber is 0. 1688 /// Otherwise virtual address of line number. 1689 pub symbol_table_index_or_virtual_address: U32Bytes<LE>, 1690 /// Line number. 1691 pub linenumber: U16Bytes<LE>, 1692 } 1693 1694 // 1695 // Based relocation format. 1696 // 1697 1698 // This struct has alignment 1. 1699 #[derive(Debug, Clone, Copy)] 1700 #[repr(C)] 1701 pub struct ImageBaseRelocation { 1702 pub virtual_address: U32Bytes<LE>, 1703 pub size_of_block: U32Bytes<LE>, 1704 // pub type_offset[1]: U16<LE>, 1705 } 1706 1707 // 1708 // Based relocation types. 1709 // 1710 1711 pub const IMAGE_REL_BASED_ABSOLUTE: u16 = 0; 1712 pub const IMAGE_REL_BASED_HIGH: u16 = 1; 1713 pub const IMAGE_REL_BASED_LOW: u16 = 2; 1714 pub const IMAGE_REL_BASED_HIGHLOW: u16 = 3; 1715 pub const IMAGE_REL_BASED_HIGHADJ: u16 = 4; 1716 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_5: u16 = 5; 1717 pub const IMAGE_REL_BASED_RESERVED: u16 = 6; 1718 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_7: u16 = 7; 1719 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_8: u16 = 8; 1720 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_9: u16 = 9; 1721 pub const IMAGE_REL_BASED_DIR64: u16 = 10; 1722 1723 // 1724 // Platform-specific based relocation types. 1725 // 1726 1727 pub const IMAGE_REL_BASED_IA64_IMM64: u16 = 9; 1728 1729 pub const IMAGE_REL_BASED_MIPS_JMPADDR: u16 = 5; 1730 pub const IMAGE_REL_BASED_MIPS_JMPADDR16: u16 = 9; 1731 1732 pub const IMAGE_REL_BASED_ARM_MOV32: u16 = 5; 1733 pub const IMAGE_REL_BASED_THUMB_MOV32: u16 = 7; 1734 1735 // 1736 // Archive format. 1737 // 1738 1739 pub const IMAGE_ARCHIVE_START_SIZE: usize = 8; 1740 pub const IMAGE_ARCHIVE_START: &[u8; 8] = b"!<arch>\n"; 1741 pub const IMAGE_ARCHIVE_END: &[u8] = b"`\n"; 1742 pub const IMAGE_ARCHIVE_PAD: &[u8] = b"\n"; 1743 pub const IMAGE_ARCHIVE_LINKER_MEMBER: &[u8; 16] = b"/ "; 1744 pub const IMAGE_ARCHIVE_LONGNAMES_MEMBER: &[u8; 16] = b"// "; 1745 pub const IMAGE_ARCHIVE_HYBRIDMAP_MEMBER: &[u8; 16] = b"/<HYBRIDMAP>/ "; 1746 1747 #[derive(Debug, Clone, Copy)] 1748 #[repr(C)] 1749 pub struct ImageArchiveMemberHeader { 1750 /// File member name - `/' terminated. 1751 pub name: [u8; 16], 1752 /// File member date - decimal. 1753 pub date: [u8; 12], 1754 /// File member user id - decimal. 1755 pub user_id: [u8; 6], 1756 /// File member group id - decimal. 1757 pub group_id: [u8; 6], 1758 /// File member mode - octal. 1759 pub mode: [u8; 8], 1760 /// File member size - decimal. 1761 pub size: [u8; 10], 1762 /// String to end header. 1763 pub end_header: [u8; 2], 1764 } 1765 1766 pub const IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR: u16 = 60; 1767 1768 // 1769 // DLL support. 1770 // 1771 1772 // 1773 // Export Format 1774 // 1775 1776 #[derive(Debug, Clone, Copy)] 1777 #[repr(C)] 1778 pub struct ImageExportDirectory { 1779 pub characteristics: U32<LE>, 1780 pub time_date_stamp: U32<LE>, 1781 pub major_version: U16<LE>, 1782 pub minor_version: U16<LE>, 1783 pub name: U32<LE>, 1784 pub base: U32<LE>, 1785 pub number_of_functions: U32<LE>, 1786 pub number_of_names: U32<LE>, 1787 /// RVA from base of image 1788 pub address_of_functions: U32<LE>, 1789 /// RVA from base of image 1790 pub address_of_names: U32<LE>, 1791 /// RVA from base of image 1792 pub address_of_name_ordinals: U32<LE>, 1793 } 1794 1795 // 1796 // Import Format 1797 // 1798 1799 #[derive(Debug, Clone, Copy)] 1800 #[repr(C)] 1801 pub struct ImageImportByName { 1802 pub hint: U16<LE>, 1803 //pub name: [i8; 1], 1804 } 1805 1806 /* 1807 // TODO? unions 1808 1809 #[derive(Debug, Clone, Copy)] 1810 #[repr(C)] 1811 pub struct ImageThunkData64 { 1812 union { 1813 /// PBYTE 1814 pub forwarder_string: U64<LE>, 1815 /// PDWORD 1816 pub function: U64<LE>, 1817 pub ordinal: U64<LE>, 1818 /// PIMAGE_IMPORT_BY_NAME 1819 pub address_of_data: U64<LE>, 1820 } u1; 1821 } 1822 1823 #[derive(Debug, Clone, Copy)] 1824 #[repr(C)] 1825 pub struct ImageThunkData32 { 1826 union { 1827 /// PBYTE 1828 pub forwarder_string: U32<LE>, 1829 /// PDWORD 1830 pub function: U32<LE>, 1831 pub ordinal: U32<LE>, 1832 /// PIMAGE_IMPORT_BY_NAME 1833 pub address_of_data: U32<LE>, 1834 } u1; 1835 } 1836 1837 pub const IMAGE_ORDINAL_FLAG64: u64 = 0x8000000000000000; 1838 pub const IMAGE_ORDINAL_FLAG32: u32 = 0x80000000; 1839 #define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff) 1840 #define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff) 1841 #define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0) 1842 #define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0) 1843 1844 */ 1845 1846 // 1847 // Thread Local Storage 1848 // 1849 1850 #[derive(Debug, Clone, Copy)] 1851 #[repr(C)] 1852 pub struct ImageTlsDirectory64 { 1853 pub start_address_of_raw_data: U64<LE>, 1854 pub end_address_of_raw_data: U64<LE>, 1855 /// PDWORD 1856 pub address_of_index: U64<LE>, 1857 /// PIMAGE_TLS_CALLBACK *; 1858 pub address_of_call_backs: U64<LE>, 1859 pub size_of_zero_fill: U32<LE>, 1860 pub characteristics: U32<LE>, 1861 } 1862 1863 #[derive(Debug, Clone, Copy)] 1864 #[repr(C)] 1865 pub struct ImageTlsDirectory32 { 1866 pub start_address_of_raw_data: U32<LE>, 1867 pub end_address_of_raw_data: U32<LE>, 1868 /// PDWORD 1869 pub address_of_index: U32<LE>, 1870 /// PIMAGE_TLS_CALLBACK * 1871 pub address_of_call_backs: U32<LE>, 1872 pub size_of_zero_fill: U32<LE>, 1873 pub characteristics: U32<LE>, 1874 } 1875 1876 // TODO: unaligned? 1877 #[derive(Debug, Clone, Copy)] 1878 #[repr(C)] 1879 pub struct ImageImportDescriptor { 1880 /// 0 for terminating null import descriptor 1881 /// RVA to original unbound IAT (PIMAGE_THUNK_DATA) 1882 pub characteristics_or_original_first_thunk: U32<LE>, 1883 pub original_first_thunk: U32<LE>, 1884 /// 0 if not bound, 1885 /// -1 if bound, and real date\time stamp 1886 /// in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) 1887 /// O.W. date/time stamp of DLL bound to (Old BIND) 1888 pub time_date_stamp: U32<LE>, 1889 1890 /// -1 if no forwarders 1891 pub forwarder_chain: U32<LE>, 1892 pub name: U32<LE>, 1893 /// RVA to IAT (if bound this IAT has actual addresses) 1894 pub first_thunk: U32<LE>, 1895 } 1896 1897 // 1898 // New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ] 1899 // 1900 1901 #[derive(Debug, Clone, Copy)] 1902 #[repr(C)] 1903 pub struct ImageBoundImportDescriptor { 1904 pub time_date_stamp: U32<LE>, 1905 pub offset_module_name: U16<LE>, 1906 pub number_of_module_forwarder_refs: U16<LE>, 1907 // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows 1908 } 1909 1910 #[derive(Debug, Clone, Copy)] 1911 #[repr(C)] 1912 pub struct ImageBoundForwarderRef { 1913 pub time_date_stamp: U32<LE>, 1914 pub offset_module_name: U16<LE>, 1915 pub reserved: U16<LE>, 1916 } 1917 1918 #[derive(Debug, Clone, Copy)] 1919 #[repr(C)] 1920 pub struct ImageDelayloadDescriptor { 1921 pub attributes: U32<LE>, 1922 1923 /// RVA to the name of the target library (NULL-terminate ASCII string) 1924 pub dll_name_rva: U32<LE>, 1925 /// RVA to the HMODULE caching location (PHMODULE) 1926 pub module_handle_rva: U32<LE>, 1927 /// RVA to the start of the IAT (PIMAGE_THUNK_DATA) 1928 pub import_address_table_rva: U32<LE>, 1929 /// RVA to the start of the name table (PIMAGE_THUNK_DATA::AddressOfData) 1930 pub import_name_table_rva: U32<LE>, 1931 /// RVA to an optional bound IAT 1932 pub bound_import_address_table_rva: U32<LE>, 1933 /// RVA to an optional unload info table 1934 pub unload_information_table_rva: U32<LE>, 1935 /// 0 if not bound, otherwise, date/time of the target DLL 1936 pub time_date_stamp: U32<LE>, 1937 } 1938 1939 /// Delay load version 2 flag for `ImageDelayloadDescriptor::attributes`. 1940 pub const IMAGE_DELAYLOAD_RVA_BASED: u32 = 0x8000_0000; 1941 1942 // 1943 // Resource Format. 1944 // 1945 1946 // 1947 // Resource directory consists of two counts, following by a variable length 1948 // array of directory entries. The first count is the number of entries at 1949 // beginning of the array that have actual names associated with each entry. 1950 // The entries are in ascending order, case insensitive strings. The second 1951 // count is the number of entries that immediately follow the named entries. 1952 // This second count identifies the number of entries that have 16-bit integer 1953 // Ids as their name. These entries are also sorted in ascending order. 1954 // 1955 // This structure allows fast lookup by either name or number, but for any 1956 // given resource entry only one form of lookup is supported, not both. 1957 // This is consistant with the syntax of the .RC file and the .RES file. 1958 // 1959 1960 #[derive(Debug, Clone, Copy)] 1961 #[repr(C)] 1962 pub struct ImageResourceDirectory { 1963 pub characteristics: U32<LE>, 1964 pub time_date_stamp: U32<LE>, 1965 pub major_version: U16<LE>, 1966 pub minor_version: U16<LE>, 1967 pub number_of_named_entries: U16<LE>, 1968 pub number_of_id_entries: U16<LE>, 1969 // DirectoryEntries[ImageResourceDirectoryEntry]; 1970 } 1971 1972 pub const IMAGE_RESOURCE_NAME_IS_STRING: u32 = 0x8000_0000; 1973 pub const IMAGE_RESOURCE_DATA_IS_DIRECTORY: u32 = 0x8000_0000; 1974 // 1975 // Each directory contains the 32-bit Name of the entry and an offset, 1976 // relative to the beginning of the resource directory of the data associated 1977 // with this directory entry. If the name of the entry is an actual text 1978 // string instead of an integer Id, then the high order bit of the name field 1979 // is set to one and the low order 31-bits are an offset, relative to the 1980 // beginning of the resource directory of the string, which is of type 1981 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the 1982 // low-order 16-bits are the integer Id that identify this resource directory 1983 // entry. If the directory entry is yet another resource directory (i.e. a 1984 // subdirectory), then the high order bit of the offset field will be 1985 // set to indicate this. Otherwise the high bit is clear and the offset 1986 // field points to a resource data entry. 1987 // 1988 1989 #[derive(Debug, Clone, Copy)] 1990 #[repr(C)] 1991 pub struct ImageResourceDirectoryEntry { 1992 pub name_or_id: U32<LE>, 1993 pub offset_to_data_or_directory: U32<LE>, 1994 } 1995 1996 // 1997 // For resource directory entries that have actual string names, the Name 1998 // field of the directory entry points to an object of the following type. 1999 // All of these string objects are stored together after the last resource 2000 // directory entry and before the first resource data object. This minimizes 2001 // the impact of these variable length objects on the alignment of the fixed 2002 // size directory entry objects. 2003 // 2004 2005 #[derive(Debug, Clone, Copy)] 2006 #[repr(C)] 2007 pub struct ImageResourceDirectoryString { 2008 pub length: U16<LE>, 2009 //pub name_string: [i8; 1], 2010 } 2011 2012 #[derive(Debug, Clone, Copy)] 2013 #[repr(C)] 2014 pub struct ImageResourceDirStringU { 2015 pub length: U16<LE>, 2016 //pub name_string: [U16<LE>; 1], 2017 } 2018 2019 // 2020 // Each resource data entry describes a leaf node in the resource directory 2021 // tree. It contains an offset, relative to the beginning of the resource 2022 // directory of the data for the resource, a size field that gives the number 2023 // of bytes of data at that offset, a CodePage that should be used when 2024 // decoding code point values within the resource data. Typically for new 2025 // applications the code page would be the unicode code page. 2026 // 2027 2028 #[derive(Debug, Clone, Copy)] 2029 #[repr(C)] 2030 pub struct ImageResourceDataEntry { 2031 pub offset_to_data: U32<LE>, 2032 pub size: U32<LE>, 2033 pub code_page: U32<LE>, 2034 pub reserved: U32<LE>, 2035 } 2036 2037 // 2038 // Code Integrity in loadconfig (CI) 2039 // 2040 2041 #[derive(Debug, Clone, Copy)] 2042 #[repr(C)] 2043 pub struct ImageLoadConfigCodeIntegrity { 2044 /// Flags to indicate if CI information is available, etc. 2045 pub flags: U16<LE>, 2046 /// 0xFFFF means not available 2047 pub catalog: U16<LE>, 2048 pub catalog_offset: U32<LE>, 2049 /// Additional bitmask to be defined later 2050 pub reserved: U32<LE>, 2051 } 2052 2053 // 2054 // Dynamic value relocation table in loadconfig 2055 // 2056 2057 #[derive(Debug, Clone, Copy)] 2058 #[repr(C)] 2059 pub struct ImageDynamicRelocationTable { 2060 pub version: U32<LE>, 2061 pub size: U32<LE>, 2062 // DynamicRelocations: [ImageDynamicRelocation; 0], 2063 } 2064 2065 // 2066 // Dynamic value relocation entries following IMAGE_DYNAMIC_RELOCATION_TABLE 2067 // 2068 2069 #[derive(Debug, Clone, Copy)] 2070 #[repr(C)] 2071 pub struct ImageDynamicRelocation32 { 2072 pub symbol: U32<LE>, 2073 pub base_reloc_size: U32<LE>, 2074 // BaseRelocations: [ImageBaseRelocation; 0], 2075 } 2076 2077 #[derive(Debug, Clone, Copy)] 2078 #[repr(C)] 2079 pub struct ImageDynamicRelocation64 { 2080 pub symbol: U64<LE>, 2081 pub base_reloc_size: U32<LE>, 2082 // BaseRelocations: [ImageBaseRelocation; 0], 2083 } 2084 2085 #[derive(Debug, Clone, Copy)] 2086 #[repr(C)] 2087 pub struct ImageDynamicRelocation32V2 { 2088 pub header_size: U32<LE>, 2089 pub fixup_info_size: U32<LE>, 2090 pub symbol: U32<LE>, 2091 pub symbol_group: U32<LE>, 2092 pub flags: U32<LE>, 2093 // ... variable length header fields 2094 // pub fixup_info: [u8; fixup_info_size] 2095 } 2096 2097 #[derive(Debug, Clone, Copy)] 2098 #[repr(C)] 2099 pub struct ImageDynamicRelocation64V2 { 2100 pub header_size: U32<LE>, 2101 pub fixup_info_size: U32<LE>, 2102 pub symbol: U64<LE>, 2103 pub symbol_group: U32<LE>, 2104 pub flags: U32<LE>, 2105 // ... variable length header fields 2106 // pub fixup_info[u8; fixup_info_size] 2107 } 2108 2109 // 2110 // Defined symbolic dynamic relocation entries. 2111 // 2112 2113 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_RF_PROLOGUE: u32 = 0x0000_0001; 2114 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_RF_EPILOGUE: u32 = 0x0000_0002; 2115 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER: u32 = 0x0000_0003; 2116 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_INDIR_CONTROL_TRANSFER: u32 = 0x0000_0004; 2117 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_SWITCHTABLE_BRANCH: u32 = 0x0000_0005; 2118 2119 // This struct has alignment 1. 2120 #[derive(Debug, Clone, Copy)] 2121 #[repr(C)] 2122 pub struct ImagePrologueDynamicRelocationHeader { 2123 pub prologue_byte_count: u8, 2124 // pub prologue_bytes: [u8; prologue_byte_count], 2125 } 2126 2127 // This struct has alignment 1. 2128 #[derive(Debug, Clone, Copy)] 2129 #[repr(C)] 2130 pub struct ImageEpilogueDynamicRelocationHeader { 2131 pub epilogue_count: U32Bytes<LE>, 2132 pub epilogue_byte_count: u8, 2133 pub branch_descriptor_element_size: u8, 2134 pub branch_descriptor_count: U16Bytes<LE>, 2135 // pub branch_descriptors[...], 2136 // pub branch_descriptor_bit_map[...], 2137 } 2138 2139 /* 2140 // TODO? bitfields 2141 // TODO: unaligned? 2142 #[derive(Debug, Clone, Copy)] 2143 #[repr(C)] 2144 pub struct ImageImportControlTransferDynamicRelocation { 2145 DWORD PageRelativeOffset : 12; 2146 DWORD IndirectCall : 1; 2147 DWORD IATIndex : 19; 2148 } 2149 2150 // TODO: unaligned? 2151 #[derive(Debug, Clone, Copy)] 2152 #[repr(C)] 2153 pub struct ImageIndirControlTransferDynamicRelocation { 2154 WORD PageRelativeOffset : 12; 2155 WORD IndirectCall : 1; 2156 WORD RexWPrefix : 1; 2157 WORD CfgCheck : 1; 2158 WORD Reserved : 1; 2159 } 2160 2161 // TODO: unaligned? 2162 #[derive(Debug, Clone, Copy)] 2163 #[repr(C)] 2164 pub struct ImageSwitchtableBranchDynamicRelocation { 2165 WORD PageRelativeOffset : 12; 2166 WORD RegisterNumber : 4; 2167 } 2168 */ 2169 2170 // 2171 // Load Configuration Directory Entry 2172 // 2173 2174 #[derive(Debug, Clone, Copy)] 2175 #[repr(C)] 2176 pub struct ImageLoadConfigDirectory32 { 2177 pub size: U32<LE>, 2178 pub time_date_stamp: U32<LE>, 2179 pub major_version: U16<LE>, 2180 pub minor_version: U16<LE>, 2181 pub global_flags_clear: U32<LE>, 2182 pub global_flags_set: U32<LE>, 2183 pub critical_section_default_timeout: U32<LE>, 2184 pub de_commit_free_block_threshold: U32<LE>, 2185 pub de_commit_total_free_threshold: U32<LE>, 2186 /// VA 2187 pub lock_prefix_table: U32<LE>, 2188 pub maximum_allocation_size: U32<LE>, 2189 pub virtual_memory_threshold: U32<LE>, 2190 pub process_heap_flags: U32<LE>, 2191 pub process_affinity_mask: U32<LE>, 2192 pub csd_version: U16<LE>, 2193 pub dependent_load_flags: U16<LE>, 2194 /// VA 2195 pub edit_list: U32<LE>, 2196 /// VA 2197 pub security_cookie: U32<LE>, 2198 /// VA 2199 pub sehandler_table: U32<LE>, 2200 pub sehandler_count: U32<LE>, 2201 /// VA 2202 pub guard_cf_check_function_pointer: U32<LE>, 2203 /// VA 2204 pub guard_cf_dispatch_function_pointer: U32<LE>, 2205 /// VA 2206 pub guard_cf_function_table: U32<LE>, 2207 pub guard_cf_function_count: U32<LE>, 2208 pub guard_flags: U32<LE>, 2209 pub code_integrity: ImageLoadConfigCodeIntegrity, 2210 /// VA 2211 pub guard_address_taken_iat_entry_table: U32<LE>, 2212 pub guard_address_taken_iat_entry_count: U32<LE>, 2213 /// VA 2214 pub guard_long_jump_target_table: U32<LE>, 2215 pub guard_long_jump_target_count: U32<LE>, 2216 /// VA 2217 pub dynamic_value_reloc_table: U32<LE>, 2218 pub chpe_metadata_pointer: U32<LE>, 2219 /// VA 2220 pub guard_rf_failure_routine: U32<LE>, 2221 /// VA 2222 pub guard_rf_failure_routine_function_pointer: U32<LE>, 2223 pub dynamic_value_reloc_table_offset: U32<LE>, 2224 pub dynamic_value_reloc_table_section: U16<LE>, 2225 pub reserved2: U16<LE>, 2226 /// VA 2227 pub guard_rf_verify_stack_pointer_function_pointer: U32<LE>, 2228 pub hot_patch_table_offset: U32<LE>, 2229 pub reserved3: U32<LE>, 2230 /// VA 2231 pub enclave_configuration_pointer: U32<LE>, 2232 /// VA 2233 pub volatile_metadata_pointer: U32<LE>, 2234 } 2235 2236 #[derive(Debug, Clone, Copy)] 2237 #[repr(C)] 2238 pub struct ImageLoadConfigDirectory64 { 2239 pub size: U32<LE>, 2240 pub time_date_stamp: U32<LE>, 2241 pub major_version: U16<LE>, 2242 pub minor_version: U16<LE>, 2243 pub global_flags_clear: U32<LE>, 2244 pub global_flags_set: U32<LE>, 2245 pub critical_section_default_timeout: U32<LE>, 2246 pub de_commit_free_block_threshold: U64<LE>, 2247 pub de_commit_total_free_threshold: U64<LE>, 2248 /// VA 2249 pub lock_prefix_table: U64<LE>, 2250 pub maximum_allocation_size: U64<LE>, 2251 pub virtual_memory_threshold: U64<LE>, 2252 pub process_affinity_mask: U64<LE>, 2253 pub process_heap_flags: U32<LE>, 2254 pub csd_version: U16<LE>, 2255 pub dependent_load_flags: U16<LE>, 2256 /// VA 2257 pub edit_list: U64<LE>, 2258 /// VA 2259 pub security_cookie: U64<LE>, 2260 /// VA 2261 pub sehandler_table: U64<LE>, 2262 pub sehandler_count: U64<LE>, 2263 /// VA 2264 pub guard_cf_check_function_pointer: U64<LE>, 2265 /// VA 2266 pub guard_cf_dispatch_function_pointer: U64<LE>, 2267 /// VA 2268 pub guard_cf_function_table: U64<LE>, 2269 pub guard_cf_function_count: U64<LE>, 2270 pub guard_flags: U32<LE>, 2271 pub code_integrity: ImageLoadConfigCodeIntegrity, 2272 /// VA 2273 pub guard_address_taken_iat_entry_table: U64<LE>, 2274 pub guard_address_taken_iat_entry_count: U64<LE>, 2275 /// VA 2276 pub guard_long_jump_target_table: U64<LE>, 2277 pub guard_long_jump_target_count: U64<LE>, 2278 /// VA 2279 pub dynamic_value_reloc_table: U64<LE>, 2280 /// VA 2281 pub chpe_metadata_pointer: U64<LE>, 2282 /// VA 2283 pub guard_rf_failure_routine: U64<LE>, 2284 /// VA 2285 pub guard_rf_failure_routine_function_pointer: U64<LE>, 2286 pub dynamic_value_reloc_table_offset: U32<LE>, 2287 pub dynamic_value_reloc_table_section: U16<LE>, 2288 pub reserved2: U16<LE>, 2289 /// VA 2290 pub guard_rf_verify_stack_pointer_function_pointer: U64<LE>, 2291 pub hot_patch_table_offset: U32<LE>, 2292 pub reserved3: U32<LE>, 2293 /// VA 2294 pub enclave_configuration_pointer: U64<LE>, 2295 /// VA 2296 pub volatile_metadata_pointer: U64<LE>, 2297 } 2298 2299 #[derive(Debug, Clone, Copy)] 2300 #[repr(C)] 2301 pub struct ImageHotPatchInfo { 2302 pub version: U32<LE>, 2303 pub size: U32<LE>, 2304 pub sequence_number: U32<LE>, 2305 pub base_image_list: U32<LE>, 2306 pub base_image_count: U32<LE>, 2307 /// Version 2 and later 2308 pub buffer_offset: U32<LE>, 2309 /// Version 3 and later 2310 pub extra_patch_size: U32<LE>, 2311 } 2312 2313 #[derive(Debug, Clone, Copy)] 2314 #[repr(C)] 2315 pub struct ImageHotPatchBase { 2316 pub sequence_number: U32<LE>, 2317 pub flags: U32<LE>, 2318 pub original_time_date_stamp: U32<LE>, 2319 pub original_check_sum: U32<LE>, 2320 pub code_integrity_info: U32<LE>, 2321 pub code_integrity_size: U32<LE>, 2322 pub patch_table: U32<LE>, 2323 /// Version 2 and later 2324 pub buffer_offset: U32<LE>, 2325 } 2326 2327 #[derive(Debug, Clone, Copy)] 2328 #[repr(C)] 2329 pub struct ImageHotPatchHashes { 2330 pub sha256: [u8; 32], 2331 pub sha1: [u8; 20], 2332 } 2333 2334 pub const IMAGE_HOT_PATCH_BASE_OBLIGATORY: u32 = 0x0000_0001; 2335 pub const IMAGE_HOT_PATCH_BASE_CAN_ROLL_BACK: u32 = 0x0000_0002; 2336 2337 pub const IMAGE_HOT_PATCH_CHUNK_INVERSE: u32 = 0x8000_0000; 2338 pub const IMAGE_HOT_PATCH_CHUNK_OBLIGATORY: u32 = 0x4000_0000; 2339 pub const IMAGE_HOT_PATCH_CHUNK_RESERVED: u32 = 0x3FF0_3000; 2340 pub const IMAGE_HOT_PATCH_CHUNK_TYPE: u32 = 0x000F_C000; 2341 pub const IMAGE_HOT_PATCH_CHUNK_SOURCE_RVA: u32 = 0x0000_8000; 2342 pub const IMAGE_HOT_PATCH_CHUNK_TARGET_RVA: u32 = 0x0000_4000; 2343 pub const IMAGE_HOT_PATCH_CHUNK_SIZE: u32 = 0x0000_0FFF; 2344 2345 pub const IMAGE_HOT_PATCH_NONE: u32 = 0x0000_0000; 2346 pub const IMAGE_HOT_PATCH_FUNCTION: u32 = 0x0001_C000; 2347 pub const IMAGE_HOT_PATCH_ABSOLUTE: u32 = 0x0002_C000; 2348 pub const IMAGE_HOT_PATCH_REL32: u32 = 0x0003_C000; 2349 pub const IMAGE_HOT_PATCH_CALL_TARGET: u32 = 0x0004_4000; 2350 pub const IMAGE_HOT_PATCH_INDIRECT: u32 = 0x0005_C000; 2351 pub const IMAGE_HOT_PATCH_NO_CALL_TARGET: u32 = 0x0006_4000; 2352 pub const IMAGE_HOT_PATCH_DYNAMIC_VALUE: u32 = 0x0007_8000; 2353 2354 /// Module performs control flow integrity checks using system-supplied support 2355 pub const IMAGE_GUARD_CF_INSTRUMENTED: u32 = 0x0000_0100; 2356 /// Module performs control flow and write integrity checks 2357 pub const IMAGE_GUARD_CFW_INSTRUMENTED: u32 = 0x0000_0200; 2358 /// Module contains valid control flow target metadata 2359 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_PRESENT: u32 = 0x0000_0400; 2360 /// Module does not make use of the /GS security cookie 2361 pub const IMAGE_GUARD_SECURITY_COOKIE_UNUSED: u32 = 0x0000_0800; 2362 /// Module supports read only delay load IAT 2363 pub const IMAGE_GUARD_PROTECT_DELAYLOAD_IAT: u32 = 0x0000_1000; 2364 /// Delayload import table in its own .didat section (with nothing else in it) that can be freely reprotected 2365 pub const IMAGE_GUARD_DELAYLOAD_IAT_IN_ITS_OWN_SECTION: u32 = 0x0000_2000; 2366 /// Module contains suppressed export information. 2367 /// 2368 /// This also infers that the address taken taken IAT table is also present in the load config. 2369 pub const IMAGE_GUARD_CF_EXPORT_SUPPRESSION_INFO_PRESENT: u32 = 0x0000_4000; 2370 /// Module enables suppression of exports 2371 pub const IMAGE_GUARD_CF_ENABLE_EXPORT_SUPPRESSION: u32 = 0x0000_8000; 2372 /// Module contains longjmp target information 2373 pub const IMAGE_GUARD_CF_LONGJUMP_TABLE_PRESENT: u32 = 0x0001_0000; 2374 /// Module contains return flow instrumentation and metadata 2375 pub const IMAGE_GUARD_RF_INSTRUMENTED: u32 = 0x0002_0000; 2376 /// Module requests that the OS enable return flow protection 2377 pub const IMAGE_GUARD_RF_ENABLE: u32 = 0x0004_0000; 2378 /// Module requests that the OS enable return flow protection in strict mode 2379 pub const IMAGE_GUARD_RF_STRICT: u32 = 0x0008_0000; 2380 /// Module was built with retpoline support 2381 pub const IMAGE_GUARD_RETPOLINE_PRESENT: u32 = 0x0010_0000; 2382 2383 /// Stride of Guard CF function table encoded in these bits (additional count of bytes per element) 2384 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_SIZE_MASK: u32 = 0xF000_0000; 2385 /// Shift to right-justify Guard CF function table stride 2386 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_SIZE_SHIFT: u32 = 28; 2387 2388 // 2389 // GFIDS table entry flags. 2390 // 2391 2392 /// The containing GFID entry is suppressed 2393 pub const IMAGE_GUARD_FLAG_FID_SUPPRESSED: u16 = 0x01; 2394 /// The containing GFID entry is export suppressed 2395 pub const IMAGE_GUARD_FLAG_EXPORT_SUPPRESSED: u16 = 0x02; 2396 2397 // 2398 // WIN CE Exception table format 2399 // 2400 2401 // 2402 // Function table entry format. Function table is pointed to by the 2403 // IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. 2404 // 2405 2406 /* 2407 // TODO? bitfields 2408 #[derive(Debug, Clone, Copy)] 2409 #[repr(C)] 2410 pub struct ImageCeRuntimeFunctionEntry { 2411 pub func_start: U32<LE>, 2412 DWORD PrologLen : 8; 2413 DWORD FuncLen : 22; 2414 DWORD ThirtyTwoBit : 1; 2415 DWORD ExceptionFlag : 1; 2416 } 2417 */ 2418 2419 #[derive(Debug, Clone, Copy)] 2420 #[repr(C)] 2421 pub struct ImageArmRuntimeFunctionEntry { 2422 pub begin_address: U32<LE>, 2423 pub unwind_data: U32<LE>, 2424 } 2425 2426 #[derive(Debug, Clone, Copy)] 2427 #[repr(C)] 2428 pub struct ImageArm64RuntimeFunctionEntry { 2429 pub begin_address: U32<LE>, 2430 pub unwind_data: U32<LE>, 2431 } 2432 2433 #[derive(Debug, Clone, Copy)] 2434 #[repr(C)] 2435 pub struct ImageAlpha64RuntimeFunctionEntry { 2436 pub begin_address: U64<LE>, 2437 pub end_address: U64<LE>, 2438 pub exception_handler: U64<LE>, 2439 pub handler_data: U64<LE>, 2440 pub prolog_end_address: U64<LE>, 2441 } 2442 2443 #[derive(Debug, Clone, Copy)] 2444 #[repr(C)] 2445 pub struct ImageAlphaRuntimeFunctionEntry { 2446 pub begin_address: U32<LE>, 2447 pub end_address: U32<LE>, 2448 pub exception_handler: U32<LE>, 2449 pub handler_data: U32<LE>, 2450 pub prolog_end_address: U32<LE>, 2451 } 2452 2453 #[derive(Debug, Clone, Copy)] 2454 #[repr(C)] 2455 pub struct ImageRuntimeFunctionEntry { 2456 pub begin_address: U32<LE>, 2457 pub end_address: U32<LE>, 2458 pub unwind_info_address_or_data: U32<LE>, 2459 } 2460 2461 // 2462 // Sofware enclave information 2463 // 2464 2465 pub const IMAGE_ENCLAVE_LONG_ID_LENGTH: usize = 32; 2466 pub const IMAGE_ENCLAVE_SHORT_ID_LENGTH: usize = 16; 2467 2468 #[derive(Debug, Clone, Copy)] 2469 #[repr(C)] 2470 pub struct ImageEnclaveConfig32 { 2471 pub size: U32<LE>, 2472 pub minimum_required_config_size: U32<LE>, 2473 pub policy_flags: U32<LE>, 2474 pub number_of_imports: U32<LE>, 2475 pub import_list: U32<LE>, 2476 pub import_entry_size: U32<LE>, 2477 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2478 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2479 pub image_version: U32<LE>, 2480 pub security_version: U32<LE>, 2481 pub enclave_size: U32<LE>, 2482 pub number_of_threads: U32<LE>, 2483 pub enclave_flags: U32<LE>, 2484 } 2485 2486 #[derive(Debug, Clone, Copy)] 2487 #[repr(C)] 2488 pub struct ImageEnclaveConfig64 { 2489 pub size: U32<LE>, 2490 pub minimum_required_config_size: U32<LE>, 2491 pub policy_flags: U32<LE>, 2492 pub number_of_imports: U32<LE>, 2493 pub import_list: U32<LE>, 2494 pub import_entry_size: U32<LE>, 2495 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2496 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2497 pub image_version: U32<LE>, 2498 pub security_version: U32<LE>, 2499 pub enclave_size: U64<LE>, 2500 pub number_of_threads: U32<LE>, 2501 pub enclave_flags: U32<LE>, 2502 } 2503 2504 //pub const IMAGE_ENCLAVE_MINIMUM_CONFIG_SIZE: usize = FIELD_OFFSET(IMAGE_ENCLAVE_CONFIG, EnclaveFlags); 2505 2506 pub const IMAGE_ENCLAVE_POLICY_DEBUGGABLE: u32 = 0x0000_0001; 2507 2508 pub const IMAGE_ENCLAVE_FLAG_PRIMARY_IMAGE: u32 = 0x0000_0001; 2509 2510 #[derive(Debug, Clone, Copy)] 2511 #[repr(C)] 2512 pub struct ImageEnclaveImport { 2513 pub match_type: U32<LE>, 2514 pub minimum_security_version: U32<LE>, 2515 pub unique_or_author_id: [u8; IMAGE_ENCLAVE_LONG_ID_LENGTH], 2516 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2517 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2518 pub import_name: U32<LE>, 2519 pub reserved: U32<LE>, 2520 } 2521 2522 pub const IMAGE_ENCLAVE_IMPORT_MATCH_NONE: u32 = 0x0000_0000; 2523 pub const IMAGE_ENCLAVE_IMPORT_MATCH_UNIQUE_ID: u32 = 0x0000_0001; 2524 pub const IMAGE_ENCLAVE_IMPORT_MATCH_AUTHOR_ID: u32 = 0x0000_0002; 2525 pub const IMAGE_ENCLAVE_IMPORT_MATCH_FAMILY_ID: u32 = 0x0000_0003; 2526 pub const IMAGE_ENCLAVE_IMPORT_MATCH_IMAGE_ID: u32 = 0x0000_0004; 2527 2528 // 2529 // Debug Format 2530 // 2531 2532 #[derive(Debug, Clone, Copy)] 2533 #[repr(C)] 2534 pub struct ImageDebugDirectory { 2535 pub characteristics: U32<LE>, 2536 pub time_date_stamp: U32<LE>, 2537 pub major_version: U16<LE>, 2538 pub minor_version: U16<LE>, 2539 pub typ: U32<LE>, 2540 pub size_of_data: U32<LE>, 2541 pub address_of_raw_data: U32<LE>, 2542 pub pointer_to_raw_data: U32<LE>, 2543 } 2544 2545 pub const IMAGE_DEBUG_TYPE_UNKNOWN: u32 = 0; 2546 pub const IMAGE_DEBUG_TYPE_COFF: u32 = 1; 2547 pub const IMAGE_DEBUG_TYPE_CODEVIEW: u32 = 2; 2548 pub const IMAGE_DEBUG_TYPE_FPO: u32 = 3; 2549 pub const IMAGE_DEBUG_TYPE_MISC: u32 = 4; 2550 pub const IMAGE_DEBUG_TYPE_EXCEPTION: u32 = 5; 2551 pub const IMAGE_DEBUG_TYPE_FIXUP: u32 = 6; 2552 pub const IMAGE_DEBUG_TYPE_OMAP_TO_SRC: u32 = 7; 2553 pub const IMAGE_DEBUG_TYPE_OMAP_FROM_SRC: u32 = 8; 2554 pub const IMAGE_DEBUG_TYPE_BORLAND: u32 = 9; 2555 pub const IMAGE_DEBUG_TYPE_RESERVED10: u32 = 10; 2556 pub const IMAGE_DEBUG_TYPE_CLSID: u32 = 11; 2557 pub const IMAGE_DEBUG_TYPE_VC_FEATURE: u32 = 12; 2558 pub const IMAGE_DEBUG_TYPE_POGO: u32 = 13; 2559 pub const IMAGE_DEBUG_TYPE_ILTCG: u32 = 14; 2560 pub const IMAGE_DEBUG_TYPE_MPX: u32 = 15; 2561 pub const IMAGE_DEBUG_TYPE_REPRO: u32 = 16; 2562 2563 #[derive(Debug, Clone, Copy)] 2564 #[repr(C)] 2565 pub struct ImageCoffSymbolsHeader { 2566 pub number_of_symbols: U32<LE>, 2567 pub lva_to_first_symbol: U32<LE>, 2568 pub number_of_linenumbers: U32<LE>, 2569 pub lva_to_first_linenumber: U32<LE>, 2570 pub rva_to_first_byte_of_code: U32<LE>, 2571 pub rva_to_last_byte_of_code: U32<LE>, 2572 pub rva_to_first_byte_of_data: U32<LE>, 2573 pub rva_to_last_byte_of_data: U32<LE>, 2574 } 2575 2576 pub const FRAME_FPO: u16 = 0; 2577 pub const FRAME_TRAP: u16 = 1; 2578 pub const FRAME_TSS: u16 = 2; 2579 pub const FRAME_NONFPO: u16 = 3; 2580 2581 /* 2582 // TODO? bitfields 2583 #[derive(Debug, Clone, Copy)] 2584 #[repr(C)] 2585 pub struct FpoData { 2586 /// offset 1st byte of function code 2587 pub ul_off_start: U32<LE>, 2588 /// # bytes in function 2589 pub cb_proc_size: U32<LE>, 2590 /// # bytes in locals/4 2591 pub cdw_locals: U32<LE>, 2592 /// # bytes in params/4 2593 pub cdw_params: U16<LE>, 2594 /// # bytes in prolog 2595 WORD cbProlog : 8; 2596 /// # regs saved 2597 WORD cbRegs : 3; 2598 /// TRUE if SEH in func 2599 WORD fHasSEH : 1; 2600 /// TRUE if EBP has been allocated 2601 WORD fUseBP : 1; 2602 /// reserved for future use 2603 WORD reserved : 1; 2604 /// frame type 2605 WORD cbFrame : 2; 2606 } 2607 pub const SIZEOF_RFPO_DATA: usize = 16; 2608 */ 2609 2610 pub const IMAGE_DEBUG_MISC_EXENAME: u16 = 1; 2611 2612 #[derive(Debug, Clone, Copy)] 2613 #[repr(C)] 2614 pub struct ImageDebugMisc { 2615 /// type of misc data, see defines 2616 pub data_type: U32<LE>, 2617 /// total length of record, rounded to four byte multiple. 2618 pub length: U32<LE>, 2619 /// TRUE if data is unicode string 2620 pub unicode: u8, 2621 pub reserved: [u8; 3], 2622 // Actual data 2623 //pub data: [u8; 1], 2624 } 2625 2626 // 2627 // Function table extracted from MIPS/ALPHA/IA64 images. Does not contain 2628 // information needed only for runtime support. Just those fields for 2629 // each entry needed by a debugger. 2630 // 2631 2632 #[derive(Debug, Clone, Copy)] 2633 #[repr(C)] 2634 pub struct ImageFunctionEntry { 2635 pub starting_address: U32<LE>, 2636 pub ending_address: U32<LE>, 2637 pub end_of_prologue: U32<LE>, 2638 } 2639 2640 #[derive(Debug, Clone, Copy)] 2641 #[repr(C)] 2642 pub struct ImageFunctionEntry64 { 2643 pub starting_address: U64<LE>, 2644 pub ending_address: U64<LE>, 2645 pub end_of_prologue_or_unwind_info_address: U64<LE>, 2646 } 2647 2648 // 2649 // Debugging information can be stripped from an image file and placed 2650 // in a separate .DBG file, whose file name part is the same as the 2651 // image file name part (e.g. symbols for CMD.EXE could be stripped 2652 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED 2653 // flag in the Characteristics field of the file header. The beginning of 2654 // the .DBG file contains the following structure which captures certain 2655 // information from the image file. This allows a debug to proceed even if 2656 // the original image file is not accessable. This header is followed by 2657 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more 2658 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in 2659 // the image file contain file offsets relative to the beginning of the 2660 // .DBG file. 2661 // 2662 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure 2663 // is left in the image file, but not mapped. This allows a debugger to 2664 // compute the name of the .DBG file, from the name of the image in the 2665 // IMAGE_DEBUG_MISC structure. 2666 // 2667 2668 #[derive(Debug, Clone, Copy)] 2669 #[repr(C)] 2670 pub struct ImageSeparateDebugHeader { 2671 pub signature: U16<LE>, 2672 pub flags: U16<LE>, 2673 pub machine: U16<LE>, 2674 pub characteristics: U16<LE>, 2675 pub time_date_stamp: U32<LE>, 2676 pub check_sum: U32<LE>, 2677 pub image_base: U32<LE>, 2678 pub size_of_image: U32<LE>, 2679 pub number_of_sections: U32<LE>, 2680 pub exported_names_size: U32<LE>, 2681 pub debug_directory_size: U32<LE>, 2682 pub section_alignment: U32<LE>, 2683 pub reserved: [U32<LE>; 2], 2684 } 2685 2686 #[derive(Debug, Clone, Copy)] 2687 #[repr(C)] 2688 pub struct NonPagedDebugInfo { 2689 pub signature: U16<LE>, 2690 pub flags: U16<LE>, 2691 pub size: U32<LE>, 2692 pub machine: U16<LE>, 2693 pub characteristics: U16<LE>, 2694 pub time_date_stamp: U32<LE>, 2695 pub check_sum: U32<LE>, 2696 pub size_of_image: U32<LE>, 2697 pub image_base: U64<LE>, 2698 //debug_directory_size 2699 //ImageDebugDirectory 2700 } 2701 2702 pub const IMAGE_SEPARATE_DEBUG_SIGNATURE: u16 = 0x4944; 2703 pub const NON_PAGED_DEBUG_SIGNATURE: u16 = 0x494E; 2704 2705 pub const IMAGE_SEPARATE_DEBUG_FLAGS_MASK: u16 = 0x8000; 2706 /// when DBG was updated, the old checksum didn't match. 2707 pub const IMAGE_SEPARATE_DEBUG_MISMATCH: u16 = 0x8000; 2708 2709 // 2710 // The .arch section is made up of headers, each describing an amask position/value 2711 // pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header 2712 // and entry arrays) are terminiated by a quadword of 0xffffffffL. 2713 // 2714 // NOTE: There may be quadwords of 0 sprinkled around and must be skipped. 2715 // 2716 2717 /* 2718 // TODO? bitfields 2719 #[derive(Debug, Clone, Copy)] 2720 #[repr(C)] 2721 pub struct ImageArchitectureHeader { 2722 /// 1 -> code section depends on mask bit 2723 /// 0 -> new instruction depends on mask bit 2724 unsigned int AmaskValue: 1; 2725 /// MBZ 2726 int :7; 2727 /// Amask bit in question for this fixup 2728 unsigned int AmaskShift: 8; 2729 /// MBZ 2730 int :16; 2731 /// RVA into .arch section to array of ARCHITECTURE_ENTRY's 2732 pub first_entry_rva: U32<LE>, 2733 } 2734 */ 2735 2736 #[derive(Debug, Clone, Copy)] 2737 #[repr(C)] 2738 pub struct ImageArchitectureEntry { 2739 /// RVA of instruction to fixup 2740 pub fixup_inst_rva: U32<LE>, 2741 /// fixup instruction (see alphaops.h) 2742 pub new_inst: U32<LE>, 2743 } 2744 2745 // The following structure defines the new import object. Note the values of the first two fields, 2746 // which must be set as stated in order to differentiate old and new import members. 2747 // Following this structure, the linker emits two null-terminated strings used to recreate the 2748 // import at the time of use. The first string is the import's name, the second is the dll's name. 2749 2750 pub const IMPORT_OBJECT_HDR_SIG2: u16 = 0xffff; 2751 2752 #[derive(Debug, Clone, Copy)] 2753 #[repr(C)] 2754 pub struct ImportObjectHeader { 2755 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 2756 pub sig1: U16<LE>, 2757 /// Must be IMPORT_OBJECT_HDR_SIG2. 2758 pub sig2: U16<LE>, 2759 pub version: U16<LE>, 2760 pub machine: U16<LE>, 2761 /// Time/date stamp 2762 pub time_date_stamp: U32<LE>, 2763 /// particularly useful for incremental links 2764 pub size_of_data: U32<LE>, 2765 2766 /// if grf & IMPORT_OBJECT_ORDINAL 2767 pub ordinal_or_hint: U16<LE>, 2768 2769 // WORD Type : 2; 2770 // WORD NameType : 3; 2771 // WORD Reserved : 11; 2772 pub name_type: U16<LE>, 2773 } 2774 2775 pub const IMPORT_OBJECT_CODE: u16 = 0; 2776 pub const IMPORT_OBJECT_DATA: u16 = 1; 2777 pub const IMPORT_OBJECT_CONST: u16 = 2; 2778 2779 /// Import by ordinal 2780 pub const IMPORT_OBJECT_ORDINAL: u16 = 0; 2781 /// Import name == public symbol name. 2782 pub const IMPORT_OBJECT_NAME: u16 = 1; 2783 /// Import name == public symbol name skipping leading ?, @, or optionally _. 2784 pub const IMPORT_OBJECT_NAME_NO_PREFIX: u16 = 2; 2785 /// Import name == public symbol name skipping leading ?, @, or optionally _ and truncating at first @. 2786 pub const IMPORT_OBJECT_NAME_UNDECORATE: u16 = 3; 2787 /// Import name == a name is explicitly provided after the DLL name. 2788 pub const IMPORT_OBJECT_NAME_EXPORTAS: u16 = 4; 2789 2790 // COM+ Header entry point flags. 2791 pub const COMIMAGE_FLAGS_ILONLY: u32 = 0x0000_0001; 2792 pub const COMIMAGE_FLAGS_32BITREQUIRED: u32 = 0x0000_0002; 2793 pub const COMIMAGE_FLAGS_IL_LIBRARY: u32 = 0x0000_0004; 2794 pub const COMIMAGE_FLAGS_STRONGNAMESIGNED: u32 = 0x0000_0008; 2795 pub const COMIMAGE_FLAGS_NATIVE_ENTRYPOINT: u32 = 0x0000_0010; 2796 pub const COMIMAGE_FLAGS_TRACKDEBUGDATA: u32 = 0x0001_0000; 2797 pub const COMIMAGE_FLAGS_32BITPREFERRED: u32 = 0x0002_0000; 2798 2799 // Version flags for image. 2800 pub const COR_VERSION_MAJOR_V2: u16 = 2; 2801 pub const COR_VERSION_MAJOR: u16 = COR_VERSION_MAJOR_V2; 2802 pub const COR_VERSION_MINOR: u16 = 5; 2803 pub const COR_DELETED_NAME_LENGTH: usize = 8; 2804 pub const COR_VTABLEGAP_NAME_LENGTH: usize = 8; 2805 2806 // Maximum size of a NativeType descriptor. 2807 pub const NATIVE_TYPE_MAX_CB: u16 = 1; 2808 pub const COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE: u16 = 0xFF; 2809 2810 // Consts for the MIH FLAGS 2811 pub const IMAGE_COR_MIH_METHODRVA: u16 = 0x01; 2812 pub const IMAGE_COR_MIH_EHRVA: u16 = 0x02; 2813 pub const IMAGE_COR_MIH_BASICBLOCK: u16 = 0x08; 2814 2815 // V-table constants 2816 /// V-table slots are 32-bits in size. 2817 pub const COR_VTABLE_32BIT: u16 = 0x01; 2818 /// V-table slots are 64-bits in size. 2819 pub const COR_VTABLE_64BIT: u16 = 0x02; 2820 /// If set, transition from unmanaged. 2821 pub const COR_VTABLE_FROM_UNMANAGED: u16 = 0x04; 2822 /// If set, transition from unmanaged with keeping the current appdomain. 2823 pub const COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN: u16 = 0x08; 2824 /// Call most derived method described by 2825 pub const COR_VTABLE_CALL_MOST_DERIVED: u16 = 0x10; 2826 2827 // EATJ constants 2828 /// Size of a jump thunk reserved range. 2829 pub const IMAGE_COR_EATJ_THUNK_SIZE: usize = 32; 2830 2831 // Max name lengths 2832 pub const MAX_CLASS_NAME: usize = 1024; 2833 pub const MAX_PACKAGE_NAME: usize = 1024; 2834 2835 // CLR 2.0 header structure. 2836 #[derive(Debug, Clone, Copy)] 2837 #[repr(C)] 2838 pub struct ImageCor20Header { 2839 // Header versioning 2840 pub cb: U32<LE>, 2841 pub major_runtime_version: U16<LE>, 2842 pub minor_runtime_version: U16<LE>, 2843 2844 // Symbol table and startup information 2845 pub meta_data: ImageDataDirectory, 2846 pub flags: U32<LE>, 2847 2848 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, EntryPointToken represents a managed entrypoint. 2849 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, EntryPointRVA represents an RVA to a native entrypoint. 2850 pub entry_point_token_or_rva: U32<LE>, 2851 2852 // Binding information 2853 pub resources: ImageDataDirectory, 2854 pub strong_name_signature: ImageDataDirectory, 2855 2856 // Regular fixup and binding information 2857 pub code_manager_table: ImageDataDirectory, 2858 pub vtable_fixups: ImageDataDirectory, 2859 pub export_address_table_jumps: ImageDataDirectory, 2860 2861 // Precompiled image info (internal use only - set to zero) 2862 pub managed_native_header: ImageDataDirectory, 2863 } 2864 2865 unsafe_impl_pod!( 2866 ImageDosHeader, 2867 ImageOs2Header, 2868 ImageVxdHeader, 2869 ImageFileHeader, 2870 ImageDataDirectory, 2871 ImageOptionalHeader32, 2872 ImageRomOptionalHeader, 2873 ImageOptionalHeader64, 2874 ImageNtHeaders64, 2875 ImageNtHeaders32, 2876 ImageRomHeaders, 2877 Guid, 2878 AnonObjectHeader, 2879 AnonObjectHeaderV2, 2880 AnonObjectHeaderBigobj, 2881 ImageSectionHeader, 2882 ImageSymbol, 2883 ImageSymbolBytes, 2884 ImageSymbolEx, 2885 ImageSymbolExBytes, 2886 ImageAuxSymbolTokenDef, 2887 ImageAuxSymbolFunction, 2888 ImageAuxSymbolFunctionBeginEnd, 2889 ImageAuxSymbolWeak, 2890 ImageAuxSymbolSection, 2891 ImageAuxSymbolCrc, 2892 ImageRelocation, 2893 ImageLinenumber, 2894 ImageBaseRelocation, 2895 ImageArchiveMemberHeader, 2896 ImageExportDirectory, 2897 ImageImportByName, 2898 //ImageThunkData64, 2899 //ImageThunkData32, 2900 ImageTlsDirectory64, 2901 ImageTlsDirectory32, 2902 ImageImportDescriptor, 2903 ImageBoundImportDescriptor, 2904 ImageBoundForwarderRef, 2905 ImageDelayloadDescriptor, 2906 ImageResourceDirectory, 2907 ImageResourceDirectoryEntry, 2908 ImageResourceDirectoryString, 2909 ImageResourceDirStringU, 2910 ImageResourceDataEntry, 2911 ImageLoadConfigCodeIntegrity, 2912 ImageDynamicRelocationTable, 2913 ImageDynamicRelocation32, 2914 ImageDynamicRelocation64, 2915 ImageDynamicRelocation32V2, 2916 ImageDynamicRelocation64V2, 2917 ImagePrologueDynamicRelocationHeader, 2918 ImageEpilogueDynamicRelocationHeader, 2919 //ImageImportControlTransferDynamicRelocation, 2920 //ImageIndirControlTransferDynamicRelocation, 2921 //ImageSwitchtableBranchDynamicRelocation, 2922 ImageLoadConfigDirectory32, 2923 ImageLoadConfigDirectory64, 2924 ImageHotPatchInfo, 2925 ImageHotPatchBase, 2926 ImageHotPatchHashes, 2927 //ImageCeRuntimeFunctionEntry, 2928 ImageArmRuntimeFunctionEntry, 2929 ImageArm64RuntimeFunctionEntry, 2930 ImageAlpha64RuntimeFunctionEntry, 2931 ImageAlphaRuntimeFunctionEntry, 2932 ImageRuntimeFunctionEntry, 2933 ImageEnclaveConfig32, 2934 ImageEnclaveConfig64, 2935 ImageEnclaveImport, 2936 ImageDebugDirectory, 2937 ImageCoffSymbolsHeader, 2938 //FpoData, 2939 ImageDebugMisc, 2940 ImageFunctionEntry, 2941 ImageFunctionEntry64, 2942 ImageSeparateDebugHeader, 2943 NonPagedDebugInfo, 2944 //ImageArchitectureHeader, 2945 ImageArchitectureEntry, 2946 ImportObjectHeader, 2947 ImageCor20Header, 2948 ); 2949