1 //! PE/COFF definitions. 2 //! 3 //! These definitions are independent of read/write support, although we do implement 4 //! some traits useful for those. 5 //! 6 //! This module is based heavily on "winnt.h" (10.0.17763.0). 7 8 #![allow(missing_docs)] 9 10 use crate::endian::{LittleEndian as LE, U16Bytes, U32Bytes, I32, U16, U32, U64}; 11 use crate::pod::Pod; 12 13 /// MZ 14 pub const IMAGE_DOS_SIGNATURE: u16 = 0x5A4D; 15 /// NE 16 pub const IMAGE_OS2_SIGNATURE: u16 = 0x454E; 17 /// LE 18 pub const IMAGE_OS2_SIGNATURE_LE: u16 = 0x454C; 19 /// LE 20 pub const IMAGE_VXD_SIGNATURE: u16 = 0x454C; 21 /// PE00 22 pub const IMAGE_NT_SIGNATURE: u32 = 0x0000_4550; 23 24 /// DOS .EXE header 25 #[derive(Debug, Clone, Copy)] 26 #[repr(C)] 27 pub struct ImageDosHeader { 28 /// Magic number 29 pub e_magic: U16<LE>, 30 /// Bytes on last page of file 31 pub e_cblp: U16<LE>, 32 /// Pages in file 33 pub e_cp: U16<LE>, 34 /// Relocations 35 pub e_crlc: U16<LE>, 36 /// Size of header in paragraphs 37 pub e_cparhdr: U16<LE>, 38 /// Minimum extra paragraphs needed 39 pub e_minalloc: U16<LE>, 40 /// Maximum extra paragraphs needed 41 pub e_maxalloc: U16<LE>, 42 /// Initial (relative) SS value 43 pub e_ss: U16<LE>, 44 /// Initial SP value 45 pub e_sp: U16<LE>, 46 /// Checksum 47 pub e_csum: U16<LE>, 48 /// Initial IP value 49 pub e_ip: U16<LE>, 50 /// Initial (relative) CS value 51 pub e_cs: U16<LE>, 52 /// File address of relocation table 53 pub e_lfarlc: U16<LE>, 54 /// Overlay number 55 pub e_ovno: U16<LE>, 56 /// Reserved words 57 pub e_res: [U16<LE>; 4], 58 /// OEM identifier (for e_oeminfo) 59 pub e_oemid: U16<LE>, 60 /// OEM information; e_oemid specific 61 pub e_oeminfo: U16<LE>, 62 /// Reserved words 63 pub e_res2: [U16<LE>; 10], 64 /// File address of new exe header 65 pub e_lfanew: U32<LE>, 66 } 67 68 /// OS/2 .EXE header 69 #[derive(Debug, Clone, Copy)] 70 #[repr(C)] 71 pub struct ImageOs2Header { 72 /// Magic number 73 pub ne_magic: U16<LE>, 74 /// Version number 75 pub ne_ver: i8, 76 /// Revision number 77 pub ne_rev: i8, 78 /// Offset of Entry Table 79 pub ne_enttab: U16<LE>, 80 /// Number of bytes in Entry Table 81 pub ne_cbenttab: U16<LE>, 82 /// Checksum of whole file 83 pub ne_crc: I32<LE>, 84 /// Flag word 85 pub ne_flags: U16<LE>, 86 /// Automatic data segment number 87 pub ne_autodata: U16<LE>, 88 /// Initial heap allocation 89 pub ne_heap: U16<LE>, 90 /// Initial stack allocation 91 pub ne_stack: U16<LE>, 92 /// Initial CS:IP setting 93 pub ne_csip: I32<LE>, 94 /// Initial SS:SP setting 95 pub ne_sssp: I32<LE>, 96 /// Count of file segments 97 pub ne_cseg: U16<LE>, 98 /// Entries in Module Reference Table 99 pub ne_cmod: U16<LE>, 100 /// Size of non-resident name table 101 pub ne_cbnrestab: U16<LE>, 102 /// Offset of Segment Table 103 pub ne_segtab: U16<LE>, 104 /// Offset of Resource Table 105 pub ne_rsrctab: U16<LE>, 106 /// Offset of resident name table 107 pub ne_restab: U16<LE>, 108 /// Offset of Module Reference Table 109 pub ne_modtab: U16<LE>, 110 /// Offset of Imported Names Table 111 pub ne_imptab: U16<LE>, 112 /// Offset of Non-resident Names Table 113 pub ne_nrestab: I32<LE>, 114 /// Count of movable entries 115 pub ne_cmovent: U16<LE>, 116 /// Segment alignment shift count 117 pub ne_align: U16<LE>, 118 /// Count of resource segments 119 pub ne_cres: U16<LE>, 120 /// Target Operating system 121 pub ne_exetyp: u8, 122 /// Other .EXE flags 123 pub ne_flagsothers: u8, 124 /// offset to return thunks 125 pub ne_pretthunks: U16<LE>, 126 /// offset to segment ref. bytes 127 pub ne_psegrefbytes: U16<LE>, 128 /// Minimum code swap area size 129 pub ne_swaparea: U16<LE>, 130 /// Expected Windows version number 131 pub ne_expver: U16<LE>, 132 } 133 134 /// Windows VXD header 135 #[derive(Debug, Clone, Copy)] 136 #[repr(C)] 137 pub struct ImageVxdHeader { 138 /// Magic number 139 pub e32_magic: U16<LE>, 140 /// The byte ordering for the VXD 141 pub e32_border: u8, 142 /// The word ordering for the VXD 143 pub e32_worder: u8, 144 /// The EXE format level for now = 0 145 pub e32_level: U32<LE>, 146 /// The CPU type 147 pub e32_cpu: U16<LE>, 148 /// The OS type 149 pub e32_os: U16<LE>, 150 /// Module version 151 pub e32_ver: U32<LE>, 152 /// Module flags 153 pub e32_mflags: U32<LE>, 154 /// Module # pages 155 pub e32_mpages: U32<LE>, 156 /// Object # for instruction pointer 157 pub e32_startobj: U32<LE>, 158 /// Extended instruction pointer 159 pub e32_eip: U32<LE>, 160 /// Object # for stack pointer 161 pub e32_stackobj: U32<LE>, 162 /// Extended stack pointer 163 pub e32_esp: U32<LE>, 164 /// VXD page size 165 pub e32_pagesize: U32<LE>, 166 /// Last page size in VXD 167 pub e32_lastpagesize: U32<LE>, 168 /// Fixup section size 169 pub e32_fixupsize: U32<LE>, 170 /// Fixup section checksum 171 pub e32_fixupsum: U32<LE>, 172 /// Loader section size 173 pub e32_ldrsize: U32<LE>, 174 /// Loader section checksum 175 pub e32_ldrsum: U32<LE>, 176 /// Object table offset 177 pub e32_objtab: U32<LE>, 178 /// Number of objects in module 179 pub e32_objcnt: U32<LE>, 180 /// Object page map offset 181 pub e32_objmap: U32<LE>, 182 /// Object iterated data map offset 183 pub e32_itermap: U32<LE>, 184 /// Offset of Resource Table 185 pub e32_rsrctab: U32<LE>, 186 /// Number of resource entries 187 pub e32_rsrccnt: U32<LE>, 188 /// Offset of resident name table 189 pub e32_restab: U32<LE>, 190 /// Offset of Entry Table 191 pub e32_enttab: U32<LE>, 192 /// Offset of Module Directive Table 193 pub e32_dirtab: U32<LE>, 194 /// Number of module directives 195 pub e32_dircnt: U32<LE>, 196 /// Offset of Fixup Page Table 197 pub e32_fpagetab: U32<LE>, 198 /// Offset of Fixup Record Table 199 pub e32_frectab: U32<LE>, 200 /// Offset of Import Module Name Table 201 pub e32_impmod: U32<LE>, 202 /// Number of entries in Import Module Name Table 203 pub e32_impmodcnt: U32<LE>, 204 /// Offset of Import Procedure Name Table 205 pub e32_impproc: U32<LE>, 206 /// Offset of Per-Page Checksum Table 207 pub e32_pagesum: U32<LE>, 208 /// Offset of Enumerated Data Pages 209 pub e32_datapage: U32<LE>, 210 /// Number of preload pages 211 pub e32_preload: U32<LE>, 212 /// Offset of Non-resident Names Table 213 pub e32_nrestab: U32<LE>, 214 /// Size of Non-resident Name Table 215 pub e32_cbnrestab: U32<LE>, 216 /// Non-resident Name Table Checksum 217 pub e32_nressum: U32<LE>, 218 /// Object # for automatic data object 219 pub e32_autodata: U32<LE>, 220 /// Offset of the debugging information 221 pub e32_debuginfo: U32<LE>, 222 /// The length of the debugging info. in bytes 223 pub e32_debuglen: U32<LE>, 224 /// Number of instance pages in preload section of VXD file 225 pub e32_instpreload: U32<LE>, 226 /// Number of instance pages in demand load section of VXD file 227 pub e32_instdemand: U32<LE>, 228 /// Size of heap - for 16-bit apps 229 pub e32_heapsize: U32<LE>, 230 /// Reserved words 231 pub e32_res3: [u8; 12], 232 pub e32_winresoff: U32<LE>, 233 pub e32_winreslen: U32<LE>, 234 /// Device ID for VxD 235 pub e32_devid: U16<LE>, 236 /// DDK version for VxD 237 pub e32_ddkver: U16<LE>, 238 } 239 240 // 241 // File header format. 242 // 243 244 #[derive(Debug, Clone, Copy)] 245 #[repr(C)] 246 pub struct ImageFileHeader { 247 pub machine: U16<LE>, 248 pub number_of_sections: U16<LE>, 249 pub time_date_stamp: U32<LE>, 250 pub pointer_to_symbol_table: U32<LE>, 251 pub number_of_symbols: U32<LE>, 252 pub size_of_optional_header: U16<LE>, 253 pub characteristics: U16<LE>, 254 } 255 256 pub const IMAGE_SIZEOF_FILE_HEADER: usize = 20; 257 258 /// Relocation info stripped from file. 259 pub const IMAGE_FILE_RELOCS_STRIPPED: u16 = 0x0001; 260 /// File is executable (i.e. no unresolved external references). 261 pub const IMAGE_FILE_EXECUTABLE_IMAGE: u16 = 0x0002; 262 /// Line nunbers stripped from file. 263 pub const IMAGE_FILE_LINE_NUMS_STRIPPED: u16 = 0x0004; 264 /// Local symbols stripped from file. 265 pub const IMAGE_FILE_LOCAL_SYMS_STRIPPED: u16 = 0x0008; 266 /// Aggressively trim working set 267 pub const IMAGE_FILE_AGGRESIVE_WS_TRIM: u16 = 0x0010; 268 /// App can handle >2gb addresses 269 pub const IMAGE_FILE_LARGE_ADDRESS_AWARE: u16 = 0x0020; 270 /// Bytes of machine word are reversed. 271 pub const IMAGE_FILE_BYTES_REVERSED_LO: u16 = 0x0080; 272 /// 32 bit word machine. 273 pub const IMAGE_FILE_32BIT_MACHINE: u16 = 0x0100; 274 /// Debugging info stripped from file in .DBG file 275 pub const IMAGE_FILE_DEBUG_STRIPPED: u16 = 0x0200; 276 /// If Image is on removable media, copy and run from the swap file. 277 pub const IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP: u16 = 0x0400; 278 /// If Image is on Net, copy and run from the swap file. 279 pub const IMAGE_FILE_NET_RUN_FROM_SWAP: u16 = 0x0800; 280 /// System File. 281 pub const IMAGE_FILE_SYSTEM: u16 = 0x1000; 282 /// File is a DLL. 283 pub const IMAGE_FILE_DLL: u16 = 0x2000; 284 /// File should only be run on a UP machine 285 pub const IMAGE_FILE_UP_SYSTEM_ONLY: u16 = 0x4000; 286 /// Bytes of machine word are reversed. 287 pub const IMAGE_FILE_BYTES_REVERSED_HI: u16 = 0x8000; 288 289 pub const IMAGE_FILE_MACHINE_UNKNOWN: u16 = 0; 290 /// Useful for indicating we want to interact with the host and not a WoW guest. 291 pub const IMAGE_FILE_MACHINE_TARGET_HOST: u16 = 0x0001; 292 /// Intel 386. 293 pub const IMAGE_FILE_MACHINE_I386: u16 = 0x014c; 294 /// MIPS little-endian, 0x160 big-endian 295 pub const IMAGE_FILE_MACHINE_R3000: u16 = 0x0162; 296 /// MIPS little-endian 297 pub const IMAGE_FILE_MACHINE_R4000: u16 = 0x0166; 298 /// MIPS little-endian 299 pub const IMAGE_FILE_MACHINE_R10000: u16 = 0x0168; 300 /// MIPS little-endian WCE v2 301 pub const IMAGE_FILE_MACHINE_WCEMIPSV2: u16 = 0x0169; 302 /// Alpha_AXP 303 pub const IMAGE_FILE_MACHINE_ALPHA: u16 = 0x0184; 304 /// SH3 little-endian 305 pub const IMAGE_FILE_MACHINE_SH3: u16 = 0x01a2; 306 pub const IMAGE_FILE_MACHINE_SH3DSP: u16 = 0x01a3; 307 /// SH3E little-endian 308 pub const IMAGE_FILE_MACHINE_SH3E: u16 = 0x01a4; 309 /// SH4 little-endian 310 pub const IMAGE_FILE_MACHINE_SH4: u16 = 0x01a6; 311 /// SH5 312 pub const IMAGE_FILE_MACHINE_SH5: u16 = 0x01a8; 313 /// ARM Little-Endian 314 pub const IMAGE_FILE_MACHINE_ARM: u16 = 0x01c0; 315 /// ARM Thumb/Thumb-2 Little-Endian 316 pub const IMAGE_FILE_MACHINE_THUMB: u16 = 0x01c2; 317 /// ARM Thumb-2 Little-Endian 318 pub const IMAGE_FILE_MACHINE_ARMNT: u16 = 0x01c4; 319 pub const IMAGE_FILE_MACHINE_AM33: u16 = 0x01d3; 320 /// IBM PowerPC Little-Endian 321 pub const IMAGE_FILE_MACHINE_POWERPC: u16 = 0x01F0; 322 pub const IMAGE_FILE_MACHINE_POWERPCFP: u16 = 0x01f1; 323 /// Intel 64 324 pub const IMAGE_FILE_MACHINE_IA64: u16 = 0x0200; 325 /// MIPS 326 pub const IMAGE_FILE_MACHINE_MIPS16: u16 = 0x0266; 327 /// ALPHA64 328 pub const IMAGE_FILE_MACHINE_ALPHA64: u16 = 0x0284; 329 /// MIPS 330 pub const IMAGE_FILE_MACHINE_MIPSFPU: u16 = 0x0366; 331 /// MIPS 332 pub const IMAGE_FILE_MACHINE_MIPSFPU16: u16 = 0x0466; 333 pub const IMAGE_FILE_MACHINE_AXP64: u16 = IMAGE_FILE_MACHINE_ALPHA64; 334 /// Infineon 335 pub const IMAGE_FILE_MACHINE_TRICORE: u16 = 0x0520; 336 pub const IMAGE_FILE_MACHINE_CEF: u16 = 0x0CEF; 337 /// EFI Byte Code 338 pub const IMAGE_FILE_MACHINE_EBC: u16 = 0x0EBC; 339 /// AMD64 (K8) 340 pub const IMAGE_FILE_MACHINE_AMD64: u16 = 0x8664; 341 /// M32R little-endian 342 pub const IMAGE_FILE_MACHINE_M32R: u16 = 0x9041; 343 /// ARM64 Little-Endian 344 pub const IMAGE_FILE_MACHINE_ARM64: u16 = 0xAA64; 345 pub const IMAGE_FILE_MACHINE_CEE: u16 = 0xC0EE; 346 /// RISCV32 347 pub const IMAGE_FILE_MACHINE_RISCV32: u16 = 0x5032; 348 /// RISCV64 349 pub const IMAGE_FILE_MACHINE_RISCV64: u16 = 0x5064; 350 /// RISCV128 351 pub const IMAGE_FILE_MACHINE_RISCV128: u16 = 0x5128; 352 353 // 354 // Directory format. 355 // 356 357 #[derive(Debug, Clone, Copy)] 358 #[repr(C)] 359 pub struct ImageDataDirectory { 360 pub virtual_address: U32<LE>, 361 pub size: U32<LE>, 362 } 363 364 pub const IMAGE_NUMBEROF_DIRECTORY_ENTRIES: usize = 16; 365 366 // 367 // Optional header format. 368 // 369 370 #[derive(Debug, Clone, Copy)] 371 #[repr(C)] 372 pub struct ImageOptionalHeader32 { 373 // Standard fields. 374 pub magic: U16<LE>, 375 pub major_linker_version: u8, 376 pub minor_linker_version: u8, 377 pub size_of_code: U32<LE>, 378 pub size_of_initialized_data: U32<LE>, 379 pub size_of_uninitialized_data: U32<LE>, 380 pub address_of_entry_point: U32<LE>, 381 pub base_of_code: U32<LE>, 382 pub base_of_data: U32<LE>, 383 384 // NT additional fields. 385 pub image_base: U32<LE>, 386 pub section_alignment: U32<LE>, 387 pub file_alignment: U32<LE>, 388 pub major_operating_system_version: U16<LE>, 389 pub minor_operating_system_version: U16<LE>, 390 pub major_image_version: U16<LE>, 391 pub minor_image_version: U16<LE>, 392 pub major_subsystem_version: U16<LE>, 393 pub minor_subsystem_version: U16<LE>, 394 pub win32_version_value: U32<LE>, 395 pub size_of_image: U32<LE>, 396 pub size_of_headers: U32<LE>, 397 pub check_sum: U32<LE>, 398 pub subsystem: U16<LE>, 399 pub dll_characteristics: U16<LE>, 400 pub size_of_stack_reserve: U32<LE>, 401 pub size_of_stack_commit: U32<LE>, 402 pub size_of_heap_reserve: U32<LE>, 403 pub size_of_heap_commit: U32<LE>, 404 pub loader_flags: U32<LE>, 405 pub number_of_rva_and_sizes: U32<LE>, 406 //pub data_directory: [ImageDataDirectory; IMAGE_NUMBEROF_DIRECTORY_ENTRIES], 407 } 408 409 #[derive(Debug, Clone, Copy)] 410 #[repr(C)] 411 pub struct ImageRomOptionalHeader { 412 pub magic: U16<LE>, 413 pub major_linker_version: u8, 414 pub minor_linker_version: u8, 415 pub size_of_code: U32<LE>, 416 pub size_of_initialized_data: U32<LE>, 417 pub size_of_uninitialized_data: U32<LE>, 418 pub address_of_entry_point: U32<LE>, 419 pub base_of_code: U32<LE>, 420 pub base_of_data: U32<LE>, 421 pub base_of_bss: U32<LE>, 422 pub gpr_mask: U32<LE>, 423 pub cpr_mask: [U32<LE>; 4], 424 pub gp_value: U32<LE>, 425 } 426 427 #[derive(Debug, Clone, Copy)] 428 #[repr(C)] 429 pub struct ImageOptionalHeader64 { 430 pub magic: U16<LE>, 431 pub major_linker_version: u8, 432 pub minor_linker_version: u8, 433 pub size_of_code: U32<LE>, 434 pub size_of_initialized_data: U32<LE>, 435 pub size_of_uninitialized_data: U32<LE>, 436 pub address_of_entry_point: U32<LE>, 437 pub base_of_code: U32<LE>, 438 pub image_base: U64<LE>, 439 pub section_alignment: U32<LE>, 440 pub file_alignment: U32<LE>, 441 pub major_operating_system_version: U16<LE>, 442 pub minor_operating_system_version: U16<LE>, 443 pub major_image_version: U16<LE>, 444 pub minor_image_version: U16<LE>, 445 pub major_subsystem_version: U16<LE>, 446 pub minor_subsystem_version: U16<LE>, 447 pub win32_version_value: U32<LE>, 448 pub size_of_image: U32<LE>, 449 pub size_of_headers: U32<LE>, 450 pub check_sum: U32<LE>, 451 pub subsystem: U16<LE>, 452 pub dll_characteristics: U16<LE>, 453 pub size_of_stack_reserve: U64<LE>, 454 pub size_of_stack_commit: U64<LE>, 455 pub size_of_heap_reserve: U64<LE>, 456 pub size_of_heap_commit: U64<LE>, 457 pub loader_flags: U32<LE>, 458 pub number_of_rva_and_sizes: U32<LE>, 459 //pub data_directory: [ImageDataDirectory; IMAGE_NUMBEROF_DIRECTORY_ENTRIES], 460 } 461 462 pub const IMAGE_NT_OPTIONAL_HDR32_MAGIC: u16 = 0x10b; 463 pub const IMAGE_NT_OPTIONAL_HDR64_MAGIC: u16 = 0x20b; 464 pub const IMAGE_ROM_OPTIONAL_HDR_MAGIC: u16 = 0x107; 465 466 #[derive(Debug, Clone, Copy)] 467 #[repr(C)] 468 pub struct ImageNtHeaders64 { 469 pub signature: U32<LE>, 470 pub file_header: ImageFileHeader, 471 pub optional_header: ImageOptionalHeader64, 472 } 473 474 #[derive(Debug, Clone, Copy)] 475 #[repr(C)] 476 pub struct ImageNtHeaders32 { 477 pub signature: U32<LE>, 478 pub file_header: ImageFileHeader, 479 pub optional_header: ImageOptionalHeader32, 480 } 481 482 #[derive(Debug, Clone, Copy)] 483 #[repr(C)] 484 pub struct ImageRomHeaders { 485 pub file_header: ImageFileHeader, 486 pub optional_header: ImageRomOptionalHeader, 487 } 488 489 // Values for `ImageOptionalHeader*::subsystem`. 490 491 /// Unknown subsystem. 492 pub const IMAGE_SUBSYSTEM_UNKNOWN: u16 = 0; 493 /// Image doesn't require a subsystem. 494 pub const IMAGE_SUBSYSTEM_NATIVE: u16 = 1; 495 /// Image runs in the Windows GUI subsystem. 496 pub const IMAGE_SUBSYSTEM_WINDOWS_GUI: u16 = 2; 497 /// Image runs in the Windows character subsystem. 498 pub const IMAGE_SUBSYSTEM_WINDOWS_CUI: u16 = 3; 499 /// image runs in the OS/2 character subsystem. 500 pub const IMAGE_SUBSYSTEM_OS2_CUI: u16 = 5; 501 /// image runs in the Posix character subsystem. 502 pub const IMAGE_SUBSYSTEM_POSIX_CUI: u16 = 7; 503 /// image is a native Win9x driver. 504 pub const IMAGE_SUBSYSTEM_NATIVE_WINDOWS: u16 = 8; 505 /// Image runs in the Windows CE subsystem. 506 pub const IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: u16 = 9; 507 pub const IMAGE_SUBSYSTEM_EFI_APPLICATION: u16 = 10; 508 pub const IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: u16 = 11; 509 pub const IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: u16 = 12; 510 pub const IMAGE_SUBSYSTEM_EFI_ROM: u16 = 13; 511 pub const IMAGE_SUBSYSTEM_XBOX: u16 = 14; 512 pub const IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: u16 = 16; 513 pub const IMAGE_SUBSYSTEM_XBOX_CODE_CATALOG: u16 = 17; 514 515 // Values for `ImageOptionalHeader*::dll_characteristics`. 516 517 // IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved. 518 // IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved. 519 // IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved. 520 // IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved. 521 /// Image can handle a high entropy 64-bit virtual address space. 522 pub const IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA: u16 = 0x0020; 523 /// DLL can move. 524 pub const IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE: u16 = 0x0040; 525 /// Code Integrity Image 526 pub const IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY: u16 = 0x0080; 527 /// Image is NX compatible 528 pub const IMAGE_DLLCHARACTERISTICS_NX_COMPAT: u16 = 0x0100; 529 /// Image understands isolation and doesn't want it 530 pub const IMAGE_DLLCHARACTERISTICS_NO_ISOLATION: u16 = 0x0200; 531 /// Image does not use SEH. No SE handler may reside in this image 532 pub const IMAGE_DLLCHARACTERISTICS_NO_SEH: u16 = 0x0400; 533 /// Do not bind this image. 534 pub const IMAGE_DLLCHARACTERISTICS_NO_BIND: u16 = 0x0800; 535 /// Image should execute in an AppContainer 536 pub const IMAGE_DLLCHARACTERISTICS_APPCONTAINER: u16 = 0x1000; 537 /// Driver uses WDM model 538 pub const IMAGE_DLLCHARACTERISTICS_WDM_DRIVER: u16 = 0x2000; 539 /// Image supports Control Flow Guard. 540 pub const IMAGE_DLLCHARACTERISTICS_GUARD_CF: u16 = 0x4000; 541 pub const IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE: u16 = 0x8000; 542 543 // Indices for `ImageOptionalHeader*::data_directory`. 544 545 /// Export Directory 546 pub const IMAGE_DIRECTORY_ENTRY_EXPORT: usize = 0; 547 /// Import Directory 548 pub const IMAGE_DIRECTORY_ENTRY_IMPORT: usize = 1; 549 /// Resource Directory 550 pub const IMAGE_DIRECTORY_ENTRY_RESOURCE: usize = 2; 551 /// Exception Directory 552 pub const IMAGE_DIRECTORY_ENTRY_EXCEPTION: usize = 3; 553 /// Security Directory 554 pub const IMAGE_DIRECTORY_ENTRY_SECURITY: usize = 4; 555 /// Base Relocation Table 556 pub const IMAGE_DIRECTORY_ENTRY_BASERELOC: usize = 5; 557 /// Debug Directory 558 pub const IMAGE_DIRECTORY_ENTRY_DEBUG: usize = 6; 559 // IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage) 560 /// Architecture Specific Data 561 pub const IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: usize = 7; 562 /// RVA of GP 563 pub const IMAGE_DIRECTORY_ENTRY_GLOBALPTR: usize = 8; 564 /// TLS Directory 565 pub const IMAGE_DIRECTORY_ENTRY_TLS: usize = 9; 566 /// Load Configuration Directory 567 pub const IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: usize = 10; 568 /// Bound Import Directory in headers 569 pub const IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: usize = 11; 570 /// Import Address Table 571 pub const IMAGE_DIRECTORY_ENTRY_IAT: usize = 12; 572 /// Delay Load Import Descriptors 573 pub const IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: usize = 13; 574 /// COM Runtime descriptor 575 pub const IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: usize = 14; 576 577 #[derive(Debug, Clone, Copy)] 578 #[repr(C)] 579 pub struct Guid { 580 pub data1: U32<LE>, 581 pub data2: U16<LE>, 582 pub data3: U16<LE>, 583 pub data4: [u8; 8], 584 } 585 586 pub type ClsId = Guid; 587 588 /// Non-COFF Object file header 589 #[derive(Debug, Clone, Copy)] 590 #[repr(C)] 591 pub struct AnonObjectHeader { 592 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 593 pub sig1: U16<LE>, 594 /// Must be 0xffff 595 pub sig2: U16<LE>, 596 /// >= 1 (implies the ClsId field is present) 597 pub version: U16<LE>, 598 pub machine: U16<LE>, 599 pub time_date_stamp: U32<LE>, 600 /// Used to invoke CoCreateInstance 601 pub class_id: ClsId, 602 /// Size of data that follows the header 603 pub size_of_data: U32<LE>, 604 } 605 606 #[derive(Debug, Clone, Copy)] 607 #[repr(C)] 608 pub struct AnonObjectHeaderV2 { 609 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 610 pub sig1: U16<LE>, 611 /// Must be 0xffff 612 pub sig2: U16<LE>, 613 /// >= 2 (implies the Flags field is present - otherwise V1) 614 pub version: U16<LE>, 615 pub machine: U16<LE>, 616 pub time_date_stamp: U32<LE>, 617 /// Used to invoke CoCreateInstance 618 pub class_id: ClsId, 619 /// Size of data that follows the header 620 pub size_of_data: U32<LE>, 621 /// 0x1 -> contains metadata 622 pub flags: U32<LE>, 623 /// Size of CLR metadata 624 pub meta_data_size: U32<LE>, 625 /// Offset of CLR metadata 626 pub meta_data_offset: U32<LE>, 627 } 628 629 #[derive(Debug, Clone, Copy)] 630 #[repr(C)] 631 pub struct AnonObjectHeaderBigobj { 632 /* same as ANON_OBJECT_HEADER_V2 */ 633 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 634 pub sig1: U16<LE>, 635 /// Must be 0xffff 636 pub sig2: U16<LE>, 637 /// >= 2 (implies the Flags field is present) 638 pub version: U16<LE>, 639 /// Actual machine - IMAGE_FILE_MACHINE_xxx 640 pub machine: U16<LE>, 641 pub time_date_stamp: U32<LE>, 642 /// {D1BAA1C7-BAEE-4ba9-AF20-FAF66AA4DCB8} 643 pub class_id: ClsId, 644 /// Size of data that follows the header 645 pub size_of_data: U32<LE>, 646 /// 0x1 -> contains metadata 647 pub flags: U32<LE>, 648 /// Size of CLR metadata 649 pub meta_data_size: U32<LE>, 650 /// Offset of CLR metadata 651 pub meta_data_offset: U32<LE>, 652 653 /* bigobj specifics */ 654 /// extended from WORD 655 pub number_of_sections: U32<LE>, 656 pub pointer_to_symbol_table: U32<LE>, 657 pub number_of_symbols: U32<LE>, 658 } 659 660 pub const IMAGE_SIZEOF_SHORT_NAME: usize = 8; 661 662 // 663 // Section header format. 664 // 665 666 #[derive(Debug, Clone, Copy)] 667 #[repr(C)] 668 pub struct ImageSectionHeader { 669 pub name: [u8; IMAGE_SIZEOF_SHORT_NAME], 670 pub virtual_size: U32<LE>, 671 pub virtual_address: U32<LE>, 672 pub size_of_raw_data: U32<LE>, 673 pub pointer_to_raw_data: U32<LE>, 674 pub pointer_to_relocations: U32<LE>, 675 pub pointer_to_linenumbers: U32<LE>, 676 pub number_of_relocations: U16<LE>, 677 pub number_of_linenumbers: U16<LE>, 678 pub characteristics: U32<LE>, 679 } 680 681 pub const IMAGE_SIZEOF_SECTION_HEADER: usize = 40; 682 683 // Values for `ImageSectionHeader::characteristics`. 684 685 // IMAGE_SCN_TYPE_REG 0x00000000 // Reserved. 686 // IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved. 687 // IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved. 688 // IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved. 689 /// Reserved. 690 pub const IMAGE_SCN_TYPE_NO_PAD: u32 = 0x0000_0008; 691 // IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved. 692 693 /// Section contains code. 694 pub const IMAGE_SCN_CNT_CODE: u32 = 0x0000_0020; 695 /// Section contains initialized data. 696 pub const IMAGE_SCN_CNT_INITIALIZED_DATA: u32 = 0x0000_0040; 697 /// Section contains uninitialized data. 698 pub const IMAGE_SCN_CNT_UNINITIALIZED_DATA: u32 = 0x0000_0080; 699 700 /// Reserved. 701 pub const IMAGE_SCN_LNK_OTHER: u32 = 0x0000_0100; 702 /// Section contains comments or some other type of information. 703 pub const IMAGE_SCN_LNK_INFO: u32 = 0x0000_0200; 704 // IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved. 705 /// Section contents will not become part of image. 706 pub const IMAGE_SCN_LNK_REMOVE: u32 = 0x0000_0800; 707 /// Section contents comdat. 708 pub const IMAGE_SCN_LNK_COMDAT: u32 = 0x0000_1000; 709 // 0x00002000 // Reserved. 710 // IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000 711 /// Reset speculative exceptions handling bits in the TLB entries for this section. 712 pub const IMAGE_SCN_NO_DEFER_SPEC_EXC: u32 = 0x0000_4000; 713 /// Section content can be accessed relative to GP 714 pub const IMAGE_SCN_GPREL: u32 = 0x0000_8000; 715 pub const IMAGE_SCN_MEM_FARDATA: u32 = 0x0000_8000; 716 // IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000 717 pub const IMAGE_SCN_MEM_PURGEABLE: u32 = 0x0002_0000; 718 pub const IMAGE_SCN_MEM_16BIT: u32 = 0x0002_0000; 719 pub const IMAGE_SCN_MEM_LOCKED: u32 = 0x0004_0000; 720 pub const IMAGE_SCN_MEM_PRELOAD: u32 = 0x0008_0000; 721 722 pub const IMAGE_SCN_ALIGN_1BYTES: u32 = 0x0010_0000; 723 pub const IMAGE_SCN_ALIGN_2BYTES: u32 = 0x0020_0000; 724 pub const IMAGE_SCN_ALIGN_4BYTES: u32 = 0x0030_0000; 725 pub const IMAGE_SCN_ALIGN_8BYTES: u32 = 0x0040_0000; 726 /// Default alignment if no others are specified. 727 pub const IMAGE_SCN_ALIGN_16BYTES: u32 = 0x0050_0000; 728 pub const IMAGE_SCN_ALIGN_32BYTES: u32 = 0x0060_0000; 729 pub const IMAGE_SCN_ALIGN_64BYTES: u32 = 0x0070_0000; 730 pub const IMAGE_SCN_ALIGN_128BYTES: u32 = 0x0080_0000; 731 pub const IMAGE_SCN_ALIGN_256BYTES: u32 = 0x0090_0000; 732 pub const IMAGE_SCN_ALIGN_512BYTES: u32 = 0x00A0_0000; 733 pub const IMAGE_SCN_ALIGN_1024BYTES: u32 = 0x00B0_0000; 734 pub const IMAGE_SCN_ALIGN_2048BYTES: u32 = 0x00C0_0000; 735 pub const IMAGE_SCN_ALIGN_4096BYTES: u32 = 0x00D0_0000; 736 pub const IMAGE_SCN_ALIGN_8192BYTES: u32 = 0x00E0_0000; 737 // Unused 0x00F0_0000 738 pub const IMAGE_SCN_ALIGN_MASK: u32 = 0x00F0_0000; 739 740 /// Section contains extended relocations. 741 pub const IMAGE_SCN_LNK_NRELOC_OVFL: u32 = 0x0100_0000; 742 /// Section can be discarded. 743 pub const IMAGE_SCN_MEM_DISCARDABLE: u32 = 0x0200_0000; 744 /// Section is not cachable. 745 pub const IMAGE_SCN_MEM_NOT_CACHED: u32 = 0x0400_0000; 746 /// Section is not pageable. 747 pub const IMAGE_SCN_MEM_NOT_PAGED: u32 = 0x0800_0000; 748 /// Section is shareable. 749 pub const IMAGE_SCN_MEM_SHARED: u32 = 0x1000_0000; 750 /// Section is executable. 751 pub const IMAGE_SCN_MEM_EXECUTE: u32 = 0x2000_0000; 752 /// Section is readable. 753 pub const IMAGE_SCN_MEM_READ: u32 = 0x4000_0000; 754 /// Section is writeable. 755 pub const IMAGE_SCN_MEM_WRITE: u32 = 0x8000_0000; 756 757 // 758 // TLS Characteristic Flags 759 // 760 /// Tls index is scaled 761 pub const IMAGE_SCN_SCALE_INDEX: u32 = 0x0000_0001; 762 763 // 764 // Symbol format. 765 // 766 767 // This struct has alignment 1. 768 #[derive(Debug, Clone, Copy)] 769 #[repr(C)] 770 pub struct ImageSymbol { 771 /// If first 4 bytes are 0, then second 4 bytes are offset into string table. 772 pub name: [u8; 8], 773 pub value: U32Bytes<LE>, 774 pub section_number: U16Bytes<LE>, 775 pub typ: U16Bytes<LE>, 776 pub storage_class: u8, 777 pub number_of_aux_symbols: u8, 778 } 779 780 pub const IMAGE_SIZEOF_SYMBOL: usize = 18; 781 782 #[derive(Debug, Clone, Copy)] 783 #[repr(C)] 784 pub struct ImageSymbolBytes(pub [u8; IMAGE_SIZEOF_SYMBOL]); 785 786 // This struct has alignment 1. 787 #[derive(Debug, Clone, Copy)] 788 #[repr(C)] 789 pub struct ImageSymbolEx { 790 /// If first 4 bytes are 0, then second 4 bytes are offset into string table. 791 pub name: [u8; 8], 792 pub value: U32Bytes<LE>, 793 pub section_number: U32Bytes<LE>, 794 pub typ: U16Bytes<LE>, 795 pub storage_class: u8, 796 pub number_of_aux_symbols: u8, 797 } 798 799 pub const IMAGE_SIZEOF_SYMBOL_EX: usize = 20; 800 801 #[derive(Debug, Clone, Copy)] 802 #[repr(C)] 803 pub struct ImageSymbolExBytes(pub [u8; IMAGE_SIZEOF_SYMBOL_EX]); 804 805 // Values for `ImageSymbol::section_number`. 806 // 807 // Symbols have a section number of the section in which they are 808 // defined. Otherwise, section numbers have the following meanings: 809 810 /// Symbol is undefined or is common. 811 pub const IMAGE_SYM_UNDEFINED: u16 = 0; 812 /// Symbol is an absolute value. 813 pub const IMAGE_SYM_ABSOLUTE: u16 = 0xffff; 814 /// Symbol is a special debug item. 815 pub const IMAGE_SYM_DEBUG: u16 = 0xfffe; 816 /// Values 0xFF00-0xFFFF are special 817 pub const IMAGE_SYM_SECTION_MAX: u16 = 0xFEFF; 818 pub const IMAGE_SYM_SECTION_MAX_EX: u32 = 0x7fff_ffff; 819 820 // Values for `ImageSymbol::typ` (basic component). 821 822 /// no type. 823 pub const IMAGE_SYM_TYPE_NULL: u16 = 0x0000; 824 pub const IMAGE_SYM_TYPE_VOID: u16 = 0x0001; 825 /// type character. 826 pub const IMAGE_SYM_TYPE_CHAR: u16 = 0x0002; 827 /// type short integer. 828 pub const IMAGE_SYM_TYPE_SHORT: u16 = 0x0003; 829 pub const IMAGE_SYM_TYPE_INT: u16 = 0x0004; 830 pub const IMAGE_SYM_TYPE_LONG: u16 = 0x0005; 831 pub const IMAGE_SYM_TYPE_FLOAT: u16 = 0x0006; 832 pub const IMAGE_SYM_TYPE_DOUBLE: u16 = 0x0007; 833 pub const IMAGE_SYM_TYPE_STRUCT: u16 = 0x0008; 834 pub const IMAGE_SYM_TYPE_UNION: u16 = 0x0009; 835 /// enumeration. 836 pub const IMAGE_SYM_TYPE_ENUM: u16 = 0x000A; 837 /// member of enumeration. 838 pub const IMAGE_SYM_TYPE_MOE: u16 = 0x000B; 839 pub const IMAGE_SYM_TYPE_BYTE: u16 = 0x000C; 840 pub const IMAGE_SYM_TYPE_WORD: u16 = 0x000D; 841 pub const IMAGE_SYM_TYPE_UINT: u16 = 0x000E; 842 pub const IMAGE_SYM_TYPE_DWORD: u16 = 0x000F; 843 pub const IMAGE_SYM_TYPE_PCODE: u16 = 0x8000; 844 845 // Values for `ImageSymbol::typ` (derived component). 846 847 /// no derived type. 848 pub const IMAGE_SYM_DTYPE_NULL: u16 = 0; 849 /// pointer. 850 pub const IMAGE_SYM_DTYPE_POINTER: u16 = 1; 851 /// function. 852 pub const IMAGE_SYM_DTYPE_FUNCTION: u16 = 2; 853 /// array. 854 pub const IMAGE_SYM_DTYPE_ARRAY: u16 = 3; 855 856 // Values for `ImageSymbol::storage_class`. 857 pub const IMAGE_SYM_CLASS_END_OF_FUNCTION: u8 = 0xff; 858 pub const IMAGE_SYM_CLASS_NULL: u8 = 0x00; 859 pub const IMAGE_SYM_CLASS_AUTOMATIC: u8 = 0x01; 860 pub const IMAGE_SYM_CLASS_EXTERNAL: u8 = 0x02; 861 pub const IMAGE_SYM_CLASS_STATIC: u8 = 0x03; 862 pub const IMAGE_SYM_CLASS_REGISTER: u8 = 0x04; 863 pub const IMAGE_SYM_CLASS_EXTERNAL_DEF: u8 = 0x05; 864 pub const IMAGE_SYM_CLASS_LABEL: u8 = 0x06; 865 pub const IMAGE_SYM_CLASS_UNDEFINED_LABEL: u8 = 0x07; 866 pub const IMAGE_SYM_CLASS_MEMBER_OF_STRUCT: u8 = 0x08; 867 pub const IMAGE_SYM_CLASS_ARGUMENT: u8 = 0x09; 868 pub const IMAGE_SYM_CLASS_STRUCT_TAG: u8 = 0x0A; 869 pub const IMAGE_SYM_CLASS_MEMBER_OF_UNION: u8 = 0x0B; 870 pub const IMAGE_SYM_CLASS_UNION_TAG: u8 = 0x0C; 871 pub const IMAGE_SYM_CLASS_TYPE_DEFINITION: u8 = 0x0D; 872 pub const IMAGE_SYM_CLASS_UNDEFINED_STATIC: u8 = 0x0E; 873 pub const IMAGE_SYM_CLASS_ENUM_TAG: u8 = 0x0F; 874 pub const IMAGE_SYM_CLASS_MEMBER_OF_ENUM: u8 = 0x10; 875 pub const IMAGE_SYM_CLASS_REGISTER_PARAM: u8 = 0x11; 876 pub const IMAGE_SYM_CLASS_BIT_FIELD: u8 = 0x12; 877 878 pub const IMAGE_SYM_CLASS_FAR_EXTERNAL: u8 = 0x44; 879 880 pub const IMAGE_SYM_CLASS_BLOCK: u8 = 0x64; 881 pub const IMAGE_SYM_CLASS_FUNCTION: u8 = 0x65; 882 pub const IMAGE_SYM_CLASS_END_OF_STRUCT: u8 = 0x66; 883 pub const IMAGE_SYM_CLASS_FILE: u8 = 0x67; 884 // new 885 pub const IMAGE_SYM_CLASS_SECTION: u8 = 0x68; 886 pub const IMAGE_SYM_CLASS_WEAK_EXTERNAL: u8 = 0x69; 887 888 pub const IMAGE_SYM_CLASS_CLR_TOKEN: u8 = 0x6B; 889 890 // type packing constants 891 892 pub const N_BTMASK: u16 = 0x000F; 893 pub const N_TMASK: u16 = 0x0030; 894 pub const N_TMASK1: u16 = 0x00C0; 895 pub const N_TMASK2: u16 = 0x00F0; 896 pub const N_BTSHFT: usize = 4; 897 pub const N_TSHIFT: usize = 2; 898 899 pub const IMAGE_SYM_DTYPE_SHIFT: usize = N_BTSHFT; 900 901 impl ImageSymbol { 902 #[inline] base_type(&self) -> u16903 pub fn base_type(&self) -> u16 { 904 self.typ.get(LE) & N_BTMASK 905 } 906 907 #[inline] derived_type(&self) -> u16908 pub fn derived_type(&self) -> u16 { 909 (self.typ.get(LE) & N_TMASK) >> N_BTSHFT 910 } 911 } 912 913 impl ImageSymbolEx { 914 #[inline] base_type(&self) -> u16915 pub fn base_type(&self) -> u16 { 916 self.typ.get(LE) & N_BTMASK 917 } 918 919 #[inline] derived_type(&self) -> u16920 pub fn derived_type(&self) -> u16 { 921 (self.typ.get(LE) & N_TMASK) >> N_BTSHFT 922 } 923 } 924 925 // 926 // Auxiliary entry format. 927 // 928 929 // Used for both ImageSymbol and ImageSymbolEx (with padding). 930 // This struct has alignment 1. 931 #[derive(Debug, Clone, Copy)] 932 #[repr(C)] 933 pub struct ImageAuxSymbolTokenDef { 934 /// IMAGE_AUX_SYMBOL_TYPE 935 pub aux_type: u8, 936 /// Must be 0 937 pub reserved1: u8, 938 pub symbol_table_index: U32Bytes<LE>, 939 /// Must be 0 940 pub reserved2: [u8; 12], 941 } 942 943 pub const IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF: u16 = 1; 944 945 /// Auxiliary symbol format 1: function definitions. 946 // This struct has alignment 1. 947 #[derive(Debug, Clone, Copy)] 948 #[repr(C)] 949 pub struct ImageAuxSymbolFunction { 950 pub tag_index: U32Bytes<LE>, 951 pub total_size: U32Bytes<LE>, 952 pub pointer_to_linenumber: U32Bytes<LE>, 953 pub pointer_to_next_function: U32Bytes<LE>, 954 pub unused: [u8; 2], 955 } 956 957 /// Auxiliary symbol format 2: .bf and .ef symbols. 958 // This struct has alignment 1. 959 #[derive(Debug, Clone, Copy)] 960 #[repr(C)] 961 pub struct ImageAuxSymbolFunctionBeginEnd { 962 pub unused1: [u8; 4], 963 /// declaration line number 964 pub linenumber: U16Bytes<LE>, 965 pub unused2: [u8; 6], 966 pub pointer_to_next_function: U32Bytes<LE>, 967 pub unused3: [u8; 2], 968 } 969 970 /// Auxiliary symbol format 3: weak externals. 971 /// 972 /// Used for both `ImageSymbol` and `ImageSymbolEx` (both with padding). 973 // This struct has alignment 1. 974 #[derive(Debug, Clone, Copy)] 975 #[repr(C)] 976 pub struct ImageAuxSymbolWeak { 977 /// the weak extern default symbol index 978 pub weak_default_sym_index: U32Bytes<LE>, 979 pub weak_search_type: U32Bytes<LE>, 980 } 981 982 /// Auxiliary symbol format 5: sections. 983 /// 984 /// Used for both `ImageSymbol` and `ImageSymbolEx` (with padding). 985 // This struct has alignment 1. 986 #[derive(Debug, Clone, Copy)] 987 #[repr(C)] 988 pub struct ImageAuxSymbolSection { 989 /// section length 990 pub length: U32Bytes<LE>, 991 /// number of relocation entries 992 pub number_of_relocations: U16Bytes<LE>, 993 /// number of line numbers 994 pub number_of_linenumbers: U16Bytes<LE>, 995 /// checksum for communal 996 pub check_sum: U32Bytes<LE>, 997 /// section number to associate with 998 pub number: U16Bytes<LE>, 999 /// communal selection type 1000 pub selection: u8, 1001 pub reserved: u8, 1002 /// high bits of the section number 1003 pub high_number: U16Bytes<LE>, 1004 } 1005 1006 // Used for both ImageSymbol and ImageSymbolEx (both with padding). 1007 // This struct has alignment 1. 1008 #[derive(Debug, Clone, Copy)] 1009 #[repr(C)] 1010 pub struct ImageAuxSymbolCrc { 1011 pub crc: U32Bytes<LE>, 1012 } 1013 1014 // 1015 // Communal selection types. 1016 // 1017 1018 pub const IMAGE_COMDAT_SELECT_NODUPLICATES: u8 = 1; 1019 pub const IMAGE_COMDAT_SELECT_ANY: u8 = 2; 1020 pub const IMAGE_COMDAT_SELECT_SAME_SIZE: u8 = 3; 1021 pub const IMAGE_COMDAT_SELECT_EXACT_MATCH: u8 = 4; 1022 pub const IMAGE_COMDAT_SELECT_ASSOCIATIVE: u8 = 5; 1023 pub const IMAGE_COMDAT_SELECT_LARGEST: u8 = 6; 1024 pub const IMAGE_COMDAT_SELECT_NEWEST: u8 = 7; 1025 1026 pub const IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY: u16 = 1; 1027 pub const IMAGE_WEAK_EXTERN_SEARCH_LIBRARY: u16 = 2; 1028 pub const IMAGE_WEAK_EXTERN_SEARCH_ALIAS: u16 = 3; 1029 pub const IMAGE_WEAK_EXTERN_ANTI_DEPENDENCY: u16 = 4; 1030 1031 // 1032 // Relocation format. 1033 // 1034 1035 // This struct has alignment 1. 1036 #[derive(Debug, Clone, Copy)] 1037 #[repr(C)] 1038 pub struct ImageRelocation { 1039 /// Also `RelocCount` when IMAGE_SCN_LNK_NRELOC_OVFL is set 1040 pub virtual_address: U32Bytes<LE>, 1041 pub symbol_table_index: U32Bytes<LE>, 1042 pub typ: U16Bytes<LE>, 1043 } 1044 1045 // 1046 // I386 relocation types. 1047 // 1048 /// Reference is absolute, no relocation is necessary 1049 pub const IMAGE_REL_I386_ABSOLUTE: u16 = 0x0000; 1050 /// Direct 16-bit reference to the symbols virtual address 1051 pub const IMAGE_REL_I386_DIR16: u16 = 0x0001; 1052 /// PC-relative 16-bit reference to the symbols virtual address 1053 pub const IMAGE_REL_I386_REL16: u16 = 0x0002; 1054 /// Direct 32-bit reference to the symbols virtual address 1055 pub const IMAGE_REL_I386_DIR32: u16 = 0x0006; 1056 /// Direct 32-bit reference to the symbols virtual address, base not included 1057 pub const IMAGE_REL_I386_DIR32NB: u16 = 0x0007; 1058 /// Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 1059 pub const IMAGE_REL_I386_SEG12: u16 = 0x0009; 1060 pub const IMAGE_REL_I386_SECTION: u16 = 0x000A; 1061 pub const IMAGE_REL_I386_SECREL: u16 = 0x000B; 1062 /// clr token 1063 pub const IMAGE_REL_I386_TOKEN: u16 = 0x000C; 1064 /// 7 bit offset from base of section containing target 1065 pub const IMAGE_REL_I386_SECREL7: u16 = 0x000D; 1066 /// PC-relative 32-bit reference to the symbols virtual address 1067 pub const IMAGE_REL_I386_REL32: u16 = 0x0014; 1068 1069 // 1070 // MIPS relocation types. 1071 // 1072 /// Reference is absolute, no relocation is necessary 1073 pub const IMAGE_REL_MIPS_ABSOLUTE: u16 = 0x0000; 1074 pub const IMAGE_REL_MIPS_REFHALF: u16 = 0x0001; 1075 pub const IMAGE_REL_MIPS_REFWORD: u16 = 0x0002; 1076 pub const IMAGE_REL_MIPS_JMPADDR: u16 = 0x0003; 1077 pub const IMAGE_REL_MIPS_REFHI: u16 = 0x0004; 1078 pub const IMAGE_REL_MIPS_REFLO: u16 = 0x0005; 1079 pub const IMAGE_REL_MIPS_GPREL: u16 = 0x0006; 1080 pub const IMAGE_REL_MIPS_LITERAL: u16 = 0x0007; 1081 pub const IMAGE_REL_MIPS_SECTION: u16 = 0x000A; 1082 pub const IMAGE_REL_MIPS_SECREL: u16 = 0x000B; 1083 /// Low 16-bit section relative referemce (used for >32k TLS) 1084 pub const IMAGE_REL_MIPS_SECRELLO: u16 = 0x000C; 1085 /// High 16-bit section relative reference (used for >32k TLS) 1086 pub const IMAGE_REL_MIPS_SECRELHI: u16 = 0x000D; 1087 /// clr token 1088 pub const IMAGE_REL_MIPS_TOKEN: u16 = 0x000E; 1089 pub const IMAGE_REL_MIPS_JMPADDR16: u16 = 0x0010; 1090 pub const IMAGE_REL_MIPS_REFWORDNB: u16 = 0x0022; 1091 pub const IMAGE_REL_MIPS_PAIR: u16 = 0x0025; 1092 1093 // 1094 // Alpha Relocation types. 1095 // 1096 pub const IMAGE_REL_ALPHA_ABSOLUTE: u16 = 0x0000; 1097 pub const IMAGE_REL_ALPHA_REFLONG: u16 = 0x0001; 1098 pub const IMAGE_REL_ALPHA_REFQUAD: u16 = 0x0002; 1099 pub const IMAGE_REL_ALPHA_GPREL32: u16 = 0x0003; 1100 pub const IMAGE_REL_ALPHA_LITERAL: u16 = 0x0004; 1101 pub const IMAGE_REL_ALPHA_LITUSE: u16 = 0x0005; 1102 pub const IMAGE_REL_ALPHA_GPDISP: u16 = 0x0006; 1103 pub const IMAGE_REL_ALPHA_BRADDR: u16 = 0x0007; 1104 pub const IMAGE_REL_ALPHA_HINT: u16 = 0x0008; 1105 pub const IMAGE_REL_ALPHA_INLINE_REFLONG: u16 = 0x0009; 1106 pub const IMAGE_REL_ALPHA_REFHI: u16 = 0x000A; 1107 pub const IMAGE_REL_ALPHA_REFLO: u16 = 0x000B; 1108 pub const IMAGE_REL_ALPHA_PAIR: u16 = 0x000C; 1109 pub const IMAGE_REL_ALPHA_MATCH: u16 = 0x000D; 1110 pub const IMAGE_REL_ALPHA_SECTION: u16 = 0x000E; 1111 pub const IMAGE_REL_ALPHA_SECREL: u16 = 0x000F; 1112 pub const IMAGE_REL_ALPHA_REFLONGNB: u16 = 0x0010; 1113 /// Low 16-bit section relative reference 1114 pub const IMAGE_REL_ALPHA_SECRELLO: u16 = 0x0011; 1115 /// High 16-bit section relative reference 1116 pub const IMAGE_REL_ALPHA_SECRELHI: u16 = 0x0012; 1117 /// High 16 bits of 48 bit reference 1118 pub const IMAGE_REL_ALPHA_REFQ3: u16 = 0x0013; 1119 /// Middle 16 bits of 48 bit reference 1120 pub const IMAGE_REL_ALPHA_REFQ2: u16 = 0x0014; 1121 /// Low 16 bits of 48 bit reference 1122 pub const IMAGE_REL_ALPHA_REFQ1: u16 = 0x0015; 1123 /// Low 16-bit GP relative reference 1124 pub const IMAGE_REL_ALPHA_GPRELLO: u16 = 0x0016; 1125 /// High 16-bit GP relative reference 1126 pub const IMAGE_REL_ALPHA_GPRELHI: u16 = 0x0017; 1127 1128 // 1129 // IBM PowerPC relocation types. 1130 // 1131 /// NOP 1132 pub const IMAGE_REL_PPC_ABSOLUTE: u16 = 0x0000; 1133 /// 64-bit address 1134 pub const IMAGE_REL_PPC_ADDR64: u16 = 0x0001; 1135 /// 32-bit address 1136 pub const IMAGE_REL_PPC_ADDR32: u16 = 0x0002; 1137 /// 26-bit address, shifted left 2 (branch absolute) 1138 pub const IMAGE_REL_PPC_ADDR24: u16 = 0x0003; 1139 /// 16-bit address 1140 pub const IMAGE_REL_PPC_ADDR16: u16 = 0x0004; 1141 /// 16-bit address, shifted left 2 (load doubleword) 1142 pub const IMAGE_REL_PPC_ADDR14: u16 = 0x0005; 1143 /// 26-bit PC-relative offset, shifted left 2 (branch relative) 1144 pub const IMAGE_REL_PPC_REL24: u16 = 0x0006; 1145 /// 16-bit PC-relative offset, shifted left 2 (br cond relative) 1146 pub const IMAGE_REL_PPC_REL14: u16 = 0x0007; 1147 /// 16-bit offset from TOC base 1148 pub const IMAGE_REL_PPC_TOCREL16: u16 = 0x0008; 1149 /// 16-bit offset from TOC base, shifted left 2 (load doubleword) 1150 pub const IMAGE_REL_PPC_TOCREL14: u16 = 0x0009; 1151 1152 /// 32-bit addr w/o image base 1153 pub const IMAGE_REL_PPC_ADDR32NB: u16 = 0x000A; 1154 /// va of containing section (as in an image sectionhdr) 1155 pub const IMAGE_REL_PPC_SECREL: u16 = 0x000B; 1156 /// sectionheader number 1157 pub const IMAGE_REL_PPC_SECTION: u16 = 0x000C; 1158 /// substitute TOC restore instruction iff symbol is glue code 1159 pub const IMAGE_REL_PPC_IFGLUE: u16 = 0x000D; 1160 /// symbol is glue code; virtual address is TOC restore instruction 1161 pub const IMAGE_REL_PPC_IMGLUE: u16 = 0x000E; 1162 /// va of containing section (limited to 16 bits) 1163 pub const IMAGE_REL_PPC_SECREL16: u16 = 0x000F; 1164 pub const IMAGE_REL_PPC_REFHI: u16 = 0x0010; 1165 pub const IMAGE_REL_PPC_REFLO: u16 = 0x0011; 1166 pub const IMAGE_REL_PPC_PAIR: u16 = 0x0012; 1167 /// Low 16-bit section relative reference (used for >32k TLS) 1168 pub const IMAGE_REL_PPC_SECRELLO: u16 = 0x0013; 1169 /// High 16-bit section relative reference (used for >32k TLS) 1170 pub const IMAGE_REL_PPC_SECRELHI: u16 = 0x0014; 1171 pub const IMAGE_REL_PPC_GPREL: u16 = 0x0015; 1172 /// clr token 1173 pub const IMAGE_REL_PPC_TOKEN: u16 = 0x0016; 1174 1175 /// mask to isolate above values in IMAGE_RELOCATION.Type 1176 pub const IMAGE_REL_PPC_TYPEMASK: u16 = 0x00FF; 1177 1178 // Flag bits in `ImageRelocation::typ`. 1179 1180 /// subtract reloc value rather than adding it 1181 pub const IMAGE_REL_PPC_NEG: u16 = 0x0100; 1182 /// fix branch prediction bit to predict branch taken 1183 pub const IMAGE_REL_PPC_BRTAKEN: u16 = 0x0200; 1184 /// fix branch prediction bit to predict branch not taken 1185 pub const IMAGE_REL_PPC_BRNTAKEN: u16 = 0x0400; 1186 /// toc slot defined in file (or, data in toc) 1187 pub const IMAGE_REL_PPC_TOCDEFN: u16 = 0x0800; 1188 1189 // 1190 // Hitachi SH3 relocation types. 1191 // 1192 /// No relocation 1193 pub const IMAGE_REL_SH3_ABSOLUTE: u16 = 0x0000; 1194 /// 16 bit direct 1195 pub const IMAGE_REL_SH3_DIRECT16: u16 = 0x0001; 1196 /// 32 bit direct 1197 pub const IMAGE_REL_SH3_DIRECT32: u16 = 0x0002; 1198 /// 8 bit direct, -128..255 1199 pub const IMAGE_REL_SH3_DIRECT8: u16 = 0x0003; 1200 /// 8 bit direct .W (0 ext.) 1201 pub const IMAGE_REL_SH3_DIRECT8_WORD: u16 = 0x0004; 1202 /// 8 bit direct .L (0 ext.) 1203 pub const IMAGE_REL_SH3_DIRECT8_LONG: u16 = 0x0005; 1204 /// 4 bit direct (0 ext.) 1205 pub const IMAGE_REL_SH3_DIRECT4: u16 = 0x0006; 1206 /// 4 bit direct .W (0 ext.) 1207 pub const IMAGE_REL_SH3_DIRECT4_WORD: u16 = 0x0007; 1208 /// 4 bit direct .L (0 ext.) 1209 pub const IMAGE_REL_SH3_DIRECT4_LONG: u16 = 0x0008; 1210 /// 8 bit PC relative .W 1211 pub const IMAGE_REL_SH3_PCREL8_WORD: u16 = 0x0009; 1212 /// 8 bit PC relative .L 1213 pub const IMAGE_REL_SH3_PCREL8_LONG: u16 = 0x000A; 1214 /// 12 LSB PC relative .W 1215 pub const IMAGE_REL_SH3_PCREL12_WORD: u16 = 0x000B; 1216 /// Start of EXE section 1217 pub const IMAGE_REL_SH3_STARTOF_SECTION: u16 = 0x000C; 1218 /// Size of EXE section 1219 pub const IMAGE_REL_SH3_SIZEOF_SECTION: u16 = 0x000D; 1220 /// Section table index 1221 pub const IMAGE_REL_SH3_SECTION: u16 = 0x000E; 1222 /// Offset within section 1223 pub const IMAGE_REL_SH3_SECREL: u16 = 0x000F; 1224 /// 32 bit direct not based 1225 pub const IMAGE_REL_SH3_DIRECT32_NB: u16 = 0x0010; 1226 /// GP-relative addressing 1227 pub const IMAGE_REL_SH3_GPREL4_LONG: u16 = 0x0011; 1228 /// clr token 1229 pub const IMAGE_REL_SH3_TOKEN: u16 = 0x0012; 1230 /// Offset from current instruction in longwords 1231 /// if not NOMODE, insert the inverse of the low bit at bit 32 to select PTA/PTB 1232 pub const IMAGE_REL_SHM_PCRELPT: u16 = 0x0013; 1233 /// Low bits of 32-bit address 1234 pub const IMAGE_REL_SHM_REFLO: u16 = 0x0014; 1235 /// High bits of 32-bit address 1236 pub const IMAGE_REL_SHM_REFHALF: u16 = 0x0015; 1237 /// Low bits of relative reference 1238 pub const IMAGE_REL_SHM_RELLO: u16 = 0x0016; 1239 /// High bits of relative reference 1240 pub const IMAGE_REL_SHM_RELHALF: u16 = 0x0017; 1241 /// offset operand for relocation 1242 pub const IMAGE_REL_SHM_PAIR: u16 = 0x0018; 1243 1244 /// relocation ignores section mode 1245 pub const IMAGE_REL_SH_NOMODE: u16 = 0x8000; 1246 1247 /// No relocation required 1248 pub const IMAGE_REL_ARM_ABSOLUTE: u16 = 0x0000; 1249 /// 32 bit address 1250 pub const IMAGE_REL_ARM_ADDR32: u16 = 0x0001; 1251 /// 32 bit address w/o image base 1252 pub const IMAGE_REL_ARM_ADDR32NB: u16 = 0x0002; 1253 /// 24 bit offset << 2 & sign ext. 1254 pub const IMAGE_REL_ARM_BRANCH24: u16 = 0x0003; 1255 /// Thumb: 2 11 bit offsets 1256 pub const IMAGE_REL_ARM_BRANCH11: u16 = 0x0004; 1257 /// clr token 1258 pub const IMAGE_REL_ARM_TOKEN: u16 = 0x0005; 1259 /// GP-relative addressing (ARM) 1260 pub const IMAGE_REL_ARM_GPREL12: u16 = 0x0006; 1261 /// GP-relative addressing (Thumb) 1262 pub const IMAGE_REL_ARM_GPREL7: u16 = 0x0007; 1263 pub const IMAGE_REL_ARM_BLX24: u16 = 0x0008; 1264 pub const IMAGE_REL_ARM_BLX11: u16 = 0x0009; 1265 /// Section table index 1266 pub const IMAGE_REL_ARM_SECTION: u16 = 0x000E; 1267 /// Offset within section 1268 pub const IMAGE_REL_ARM_SECREL: u16 = 0x000F; 1269 /// ARM: MOVW/MOVT 1270 pub const IMAGE_REL_ARM_MOV32A: u16 = 0x0010; 1271 /// ARM: MOVW/MOVT (deprecated) 1272 pub const IMAGE_REL_ARM_MOV32: u16 = 0x0010; 1273 /// Thumb: MOVW/MOVT 1274 pub const IMAGE_REL_ARM_MOV32T: u16 = 0x0011; 1275 /// Thumb: MOVW/MOVT (deprecated) 1276 pub const IMAGE_REL_THUMB_MOV32: u16 = 0x0011; 1277 /// Thumb: 32-bit conditional B 1278 pub const IMAGE_REL_ARM_BRANCH20T: u16 = 0x0012; 1279 /// Thumb: 32-bit conditional B (deprecated) 1280 pub const IMAGE_REL_THUMB_BRANCH20: u16 = 0x0012; 1281 /// Thumb: 32-bit B or BL 1282 pub const IMAGE_REL_ARM_BRANCH24T: u16 = 0x0014; 1283 /// Thumb: 32-bit B or BL (deprecated) 1284 pub const IMAGE_REL_THUMB_BRANCH24: u16 = 0x0014; 1285 /// Thumb: BLX immediate 1286 pub const IMAGE_REL_ARM_BLX23T: u16 = 0x0015; 1287 /// Thumb: BLX immediate (deprecated) 1288 pub const IMAGE_REL_THUMB_BLX23: u16 = 0x0015; 1289 1290 pub const IMAGE_REL_AM_ABSOLUTE: u16 = 0x0000; 1291 pub const IMAGE_REL_AM_ADDR32: u16 = 0x0001; 1292 pub const IMAGE_REL_AM_ADDR32NB: u16 = 0x0002; 1293 pub const IMAGE_REL_AM_CALL32: u16 = 0x0003; 1294 pub const IMAGE_REL_AM_FUNCINFO: u16 = 0x0004; 1295 pub const IMAGE_REL_AM_REL32_1: u16 = 0x0005; 1296 pub const IMAGE_REL_AM_REL32_2: u16 = 0x0006; 1297 pub const IMAGE_REL_AM_SECREL: u16 = 0x0007; 1298 pub const IMAGE_REL_AM_SECTION: u16 = 0x0008; 1299 pub const IMAGE_REL_AM_TOKEN: u16 = 0x0009; 1300 1301 // 1302 // ARM64 relocations types. 1303 // 1304 1305 /// No relocation required 1306 pub const IMAGE_REL_ARM64_ABSOLUTE: u16 = 0x0000; 1307 /// 32 bit address. Review! do we need it? 1308 pub const IMAGE_REL_ARM64_ADDR32: u16 = 0x0001; 1309 /// 32 bit address w/o image base (RVA: for Data/PData/XData) 1310 pub const IMAGE_REL_ARM64_ADDR32NB: u16 = 0x0002; 1311 /// 26 bit offset << 2 & sign ext. for B & BL 1312 pub const IMAGE_REL_ARM64_BRANCH26: u16 = 0x0003; 1313 /// ADRP 1314 pub const IMAGE_REL_ARM64_PAGEBASE_REL21: u16 = 0x0004; 1315 /// ADR 1316 pub const IMAGE_REL_ARM64_REL21: u16 = 0x0005; 1317 /// ADD/ADDS (immediate) with zero shift, for page offset 1318 pub const IMAGE_REL_ARM64_PAGEOFFSET_12A: u16 = 0x0006; 1319 /// LDR (indexed, unsigned immediate), for page offset 1320 pub const IMAGE_REL_ARM64_PAGEOFFSET_12L: u16 = 0x0007; 1321 /// Offset within section 1322 pub const IMAGE_REL_ARM64_SECREL: u16 = 0x0008; 1323 /// ADD/ADDS (immediate) with zero shift, for bit 0:11 of section offset 1324 pub const IMAGE_REL_ARM64_SECREL_LOW12A: u16 = 0x0009; 1325 /// ADD/ADDS (immediate) with zero shift, for bit 12:23 of section offset 1326 pub const IMAGE_REL_ARM64_SECREL_HIGH12A: u16 = 0x000A; 1327 /// LDR (indexed, unsigned immediate), for bit 0:11 of section offset 1328 pub const IMAGE_REL_ARM64_SECREL_LOW12L: u16 = 0x000B; 1329 pub const IMAGE_REL_ARM64_TOKEN: u16 = 0x000C; 1330 /// Section table index 1331 pub const IMAGE_REL_ARM64_SECTION: u16 = 0x000D; 1332 /// 64 bit address 1333 pub const IMAGE_REL_ARM64_ADDR64: u16 = 0x000E; 1334 /// 19 bit offset << 2 & sign ext. for conditional B 1335 pub const IMAGE_REL_ARM64_BRANCH19: u16 = 0x000F; 1336 1337 // 1338 // x64 relocations 1339 // 1340 /// Reference is absolute, no relocation is necessary 1341 pub const IMAGE_REL_AMD64_ABSOLUTE: u16 = 0x0000; 1342 /// 64-bit address (VA). 1343 pub const IMAGE_REL_AMD64_ADDR64: u16 = 0x0001; 1344 /// 32-bit address (VA). 1345 pub const IMAGE_REL_AMD64_ADDR32: u16 = 0x0002; 1346 /// 32-bit address w/o image base (RVA). 1347 pub const IMAGE_REL_AMD64_ADDR32NB: u16 = 0x0003; 1348 /// 32-bit relative address from byte following reloc 1349 pub const IMAGE_REL_AMD64_REL32: u16 = 0x0004; 1350 /// 32-bit relative address from byte distance 1 from reloc 1351 pub const IMAGE_REL_AMD64_REL32_1: u16 = 0x0005; 1352 /// 32-bit relative address from byte distance 2 from reloc 1353 pub const IMAGE_REL_AMD64_REL32_2: u16 = 0x0006; 1354 /// 32-bit relative address from byte distance 3 from reloc 1355 pub const IMAGE_REL_AMD64_REL32_3: u16 = 0x0007; 1356 /// 32-bit relative address from byte distance 4 from reloc 1357 pub const IMAGE_REL_AMD64_REL32_4: u16 = 0x0008; 1358 /// 32-bit relative address from byte distance 5 from reloc 1359 pub const IMAGE_REL_AMD64_REL32_5: u16 = 0x0009; 1360 /// Section index 1361 pub const IMAGE_REL_AMD64_SECTION: u16 = 0x000A; 1362 /// 32 bit offset from base of section containing target 1363 pub const IMAGE_REL_AMD64_SECREL: u16 = 0x000B; 1364 /// 7 bit unsigned offset from base of section containing target 1365 pub const IMAGE_REL_AMD64_SECREL7: u16 = 0x000C; 1366 /// 32 bit metadata token 1367 pub const IMAGE_REL_AMD64_TOKEN: u16 = 0x000D; 1368 /// 32 bit signed span-dependent value emitted into object 1369 pub const IMAGE_REL_AMD64_SREL32: u16 = 0x000E; 1370 pub const IMAGE_REL_AMD64_PAIR: u16 = 0x000F; 1371 /// 32 bit signed span-dependent value applied at link time 1372 pub const IMAGE_REL_AMD64_SSPAN32: u16 = 0x0010; 1373 pub const IMAGE_REL_AMD64_EHANDLER: u16 = 0x0011; 1374 /// Indirect branch to an import 1375 pub const IMAGE_REL_AMD64_IMPORT_BR: u16 = 0x0012; 1376 /// Indirect call to an import 1377 pub const IMAGE_REL_AMD64_IMPORT_CALL: u16 = 0x0013; 1378 /// Indirect branch to a CFG check 1379 pub const IMAGE_REL_AMD64_CFG_BR: u16 = 0x0014; 1380 /// Indirect branch to a CFG check, with REX.W prefix 1381 pub const IMAGE_REL_AMD64_CFG_BR_REX: u16 = 0x0015; 1382 /// Indirect call to a CFG check 1383 pub const IMAGE_REL_AMD64_CFG_CALL: u16 = 0x0016; 1384 /// Indirect branch to a target in RAX (no CFG) 1385 pub const IMAGE_REL_AMD64_INDIR_BR: u16 = 0x0017; 1386 /// Indirect branch to a target in RAX, with REX.W prefix (no CFG) 1387 pub const IMAGE_REL_AMD64_INDIR_BR_REX: u16 = 0x0018; 1388 /// Indirect call to a target in RAX (no CFG) 1389 pub const IMAGE_REL_AMD64_INDIR_CALL: u16 = 0x0019; 1390 /// Indirect branch for a switch table using Reg 0 (RAX) 1391 pub const IMAGE_REL_AMD64_INDIR_BR_SWITCHTABLE_FIRST: u16 = 0x0020; 1392 /// Indirect branch for a switch table using Reg 15 (R15) 1393 pub const IMAGE_REL_AMD64_INDIR_BR_SWITCHTABLE_LAST: u16 = 0x002F; 1394 1395 // 1396 // IA64 relocation types. 1397 // 1398 pub const IMAGE_REL_IA64_ABSOLUTE: u16 = 0x0000; 1399 pub const IMAGE_REL_IA64_IMM14: u16 = 0x0001; 1400 pub const IMAGE_REL_IA64_IMM22: u16 = 0x0002; 1401 pub const IMAGE_REL_IA64_IMM64: u16 = 0x0003; 1402 pub const IMAGE_REL_IA64_DIR32: u16 = 0x0004; 1403 pub const IMAGE_REL_IA64_DIR64: u16 = 0x0005; 1404 pub const IMAGE_REL_IA64_PCREL21B: u16 = 0x0006; 1405 pub const IMAGE_REL_IA64_PCREL21M: u16 = 0x0007; 1406 pub const IMAGE_REL_IA64_PCREL21F: u16 = 0x0008; 1407 pub const IMAGE_REL_IA64_GPREL22: u16 = 0x0009; 1408 pub const IMAGE_REL_IA64_LTOFF22: u16 = 0x000A; 1409 pub const IMAGE_REL_IA64_SECTION: u16 = 0x000B; 1410 pub const IMAGE_REL_IA64_SECREL22: u16 = 0x000C; 1411 pub const IMAGE_REL_IA64_SECREL64I: u16 = 0x000D; 1412 pub const IMAGE_REL_IA64_SECREL32: u16 = 0x000E; 1413 // 1414 pub const IMAGE_REL_IA64_DIR32NB: u16 = 0x0010; 1415 pub const IMAGE_REL_IA64_SREL14: u16 = 0x0011; 1416 pub const IMAGE_REL_IA64_SREL22: u16 = 0x0012; 1417 pub const IMAGE_REL_IA64_SREL32: u16 = 0x0013; 1418 pub const IMAGE_REL_IA64_UREL32: u16 = 0x0014; 1419 /// This is always a BRL and never converted 1420 pub const IMAGE_REL_IA64_PCREL60X: u16 = 0x0015; 1421 /// If possible, convert to MBB bundle with NOP.B in slot 1 1422 pub const IMAGE_REL_IA64_PCREL60B: u16 = 0x0016; 1423 /// If possible, convert to MFB bundle with NOP.F in slot 1 1424 pub const IMAGE_REL_IA64_PCREL60F: u16 = 0x0017; 1425 /// If possible, convert to MIB bundle with NOP.I in slot 1 1426 pub const IMAGE_REL_IA64_PCREL60I: u16 = 0x0018; 1427 /// If possible, convert to MMB bundle with NOP.M in slot 1 1428 pub const IMAGE_REL_IA64_PCREL60M: u16 = 0x0019; 1429 pub const IMAGE_REL_IA64_IMMGPREL64: u16 = 0x001A; 1430 /// clr token 1431 pub const IMAGE_REL_IA64_TOKEN: u16 = 0x001B; 1432 pub const IMAGE_REL_IA64_GPREL32: u16 = 0x001C; 1433 pub const IMAGE_REL_IA64_ADDEND: u16 = 0x001F; 1434 1435 // 1436 // CEF relocation types. 1437 // 1438 /// Reference is absolute, no relocation is necessary 1439 pub const IMAGE_REL_CEF_ABSOLUTE: u16 = 0x0000; 1440 /// 32-bit address (VA). 1441 pub const IMAGE_REL_CEF_ADDR32: u16 = 0x0001; 1442 /// 64-bit address (VA). 1443 pub const IMAGE_REL_CEF_ADDR64: u16 = 0x0002; 1444 /// 32-bit address w/o image base (RVA). 1445 pub const IMAGE_REL_CEF_ADDR32NB: u16 = 0x0003; 1446 /// Section index 1447 pub const IMAGE_REL_CEF_SECTION: u16 = 0x0004; 1448 /// 32 bit offset from base of section containing target 1449 pub const IMAGE_REL_CEF_SECREL: u16 = 0x0005; 1450 /// 32 bit metadata token 1451 pub const IMAGE_REL_CEF_TOKEN: u16 = 0x0006; 1452 1453 // 1454 // clr relocation types. 1455 // 1456 /// Reference is absolute, no relocation is necessary 1457 pub const IMAGE_REL_CEE_ABSOLUTE: u16 = 0x0000; 1458 /// 32-bit address (VA). 1459 pub const IMAGE_REL_CEE_ADDR32: u16 = 0x0001; 1460 /// 64-bit address (VA). 1461 pub const IMAGE_REL_CEE_ADDR64: u16 = 0x0002; 1462 /// 32-bit address w/o image base (RVA). 1463 pub const IMAGE_REL_CEE_ADDR32NB: u16 = 0x0003; 1464 /// Section index 1465 pub const IMAGE_REL_CEE_SECTION: u16 = 0x0004; 1466 /// 32 bit offset from base of section containing target 1467 pub const IMAGE_REL_CEE_SECREL: u16 = 0x0005; 1468 /// 32 bit metadata token 1469 pub const IMAGE_REL_CEE_TOKEN: u16 = 0x0006; 1470 1471 /// No relocation required 1472 pub const IMAGE_REL_M32R_ABSOLUTE: u16 = 0x0000; 1473 /// 32 bit address 1474 pub const IMAGE_REL_M32R_ADDR32: u16 = 0x0001; 1475 /// 32 bit address w/o image base 1476 pub const IMAGE_REL_M32R_ADDR32NB: u16 = 0x0002; 1477 /// 24 bit address 1478 pub const IMAGE_REL_M32R_ADDR24: u16 = 0x0003; 1479 /// GP relative addressing 1480 pub const IMAGE_REL_M32R_GPREL16: u16 = 0x0004; 1481 /// 24 bit offset << 2 & sign ext. 1482 pub const IMAGE_REL_M32R_PCREL24: u16 = 0x0005; 1483 /// 16 bit offset << 2 & sign ext. 1484 pub const IMAGE_REL_M32R_PCREL16: u16 = 0x0006; 1485 /// 8 bit offset << 2 & sign ext. 1486 pub const IMAGE_REL_M32R_PCREL8: u16 = 0x0007; 1487 /// 16 MSBs 1488 pub const IMAGE_REL_M32R_REFHALF: u16 = 0x0008; 1489 /// 16 MSBs; adj for LSB sign ext. 1490 pub const IMAGE_REL_M32R_REFHI: u16 = 0x0009; 1491 /// 16 LSBs 1492 pub const IMAGE_REL_M32R_REFLO: u16 = 0x000A; 1493 /// Link HI and LO 1494 pub const IMAGE_REL_M32R_PAIR: u16 = 0x000B; 1495 /// Section table index 1496 pub const IMAGE_REL_M32R_SECTION: u16 = 0x000C; 1497 /// 32 bit section relative reference 1498 pub const IMAGE_REL_M32R_SECREL32: u16 = 0x000D; 1499 /// clr token 1500 pub const IMAGE_REL_M32R_TOKEN: u16 = 0x000E; 1501 1502 /// No relocation required 1503 pub const IMAGE_REL_EBC_ABSOLUTE: u16 = 0x0000; 1504 /// 32 bit address w/o image base 1505 pub const IMAGE_REL_EBC_ADDR32NB: u16 = 0x0001; 1506 /// 32-bit relative address from byte following reloc 1507 pub const IMAGE_REL_EBC_REL32: u16 = 0x0002; 1508 /// Section table index 1509 pub const IMAGE_REL_EBC_SECTION: u16 = 0x0003; 1510 /// Offset within section 1511 pub const IMAGE_REL_EBC_SECREL: u16 = 0x0004; 1512 1513 /* 1514 // TODO? 1515 #define EXT_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */ \ 1516 Value |= (((ULONGLONG)((*(Address) >> InstPos) & (((ULONGLONG)1 << Size) - 1))) << ValPos) // Intel-IA64-Filler 1517 1518 #define INS_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */\ 1519 *(PDWORD)Address = (*(PDWORD)Address & ~(((1 << Size) - 1) << InstPos)) | /* Intel-IA64-Filler */\ 1520 ((DWORD)((((ULONGLONG)Value >> ValPos) & (((ULONGLONG)1 << Size) - 1))) << InstPos) // Intel-IA64-Filler 1521 */ 1522 1523 /// Intel-IA64-Filler 1524 pub const EMARCH_ENC_I17_IMM7B_INST_WORD_X: u16 = 3; 1525 /// Intel-IA64-Filler 1526 pub const EMARCH_ENC_I17_IMM7B_SIZE_X: u16 = 7; 1527 /// Intel-IA64-Filler 1528 pub const EMARCH_ENC_I17_IMM7B_INST_WORD_POS_X: u16 = 4; 1529 /// Intel-IA64-Filler 1530 pub const EMARCH_ENC_I17_IMM7B_VAL_POS_X: u16 = 0; 1531 1532 /// Intel-IA64-Filler 1533 pub const EMARCH_ENC_I17_IMM9D_INST_WORD_X: u16 = 3; 1534 /// Intel-IA64-Filler 1535 pub const EMARCH_ENC_I17_IMM9D_SIZE_X: u16 = 9; 1536 /// Intel-IA64-Filler 1537 pub const EMARCH_ENC_I17_IMM9D_INST_WORD_POS_X: u16 = 18; 1538 /// Intel-IA64-Filler 1539 pub const EMARCH_ENC_I17_IMM9D_VAL_POS_X: u16 = 7; 1540 1541 /// Intel-IA64-Filler 1542 pub const EMARCH_ENC_I17_IMM5C_INST_WORD_X: u16 = 3; 1543 /// Intel-IA64-Filler 1544 pub const EMARCH_ENC_I17_IMM5C_SIZE_X: u16 = 5; 1545 /// Intel-IA64-Filler 1546 pub const EMARCH_ENC_I17_IMM5C_INST_WORD_POS_X: u16 = 13; 1547 /// Intel-IA64-Filler 1548 pub const EMARCH_ENC_I17_IMM5C_VAL_POS_X: u16 = 16; 1549 1550 /// Intel-IA64-Filler 1551 pub const EMARCH_ENC_I17_IC_INST_WORD_X: u16 = 3; 1552 /// Intel-IA64-Filler 1553 pub const EMARCH_ENC_I17_IC_SIZE_X: u16 = 1; 1554 /// Intel-IA64-Filler 1555 pub const EMARCH_ENC_I17_IC_INST_WORD_POS_X: u16 = 12; 1556 /// Intel-IA64-Filler 1557 pub const EMARCH_ENC_I17_IC_VAL_POS_X: u16 = 21; 1558 1559 /// Intel-IA64-Filler 1560 pub const EMARCH_ENC_I17_IMM41A_INST_WORD_X: u16 = 1; 1561 /// Intel-IA64-Filler 1562 pub const EMARCH_ENC_I17_IMM41A_SIZE_X: u16 = 10; 1563 /// Intel-IA64-Filler 1564 pub const EMARCH_ENC_I17_IMM41A_INST_WORD_POS_X: u16 = 14; 1565 /// Intel-IA64-Filler 1566 pub const EMARCH_ENC_I17_IMM41A_VAL_POS_X: u16 = 22; 1567 1568 /// Intel-IA64-Filler 1569 pub const EMARCH_ENC_I17_IMM41B_INST_WORD_X: u16 = 1; 1570 /// Intel-IA64-Filler 1571 pub const EMARCH_ENC_I17_IMM41B_SIZE_X: u16 = 8; 1572 /// Intel-IA64-Filler 1573 pub const EMARCH_ENC_I17_IMM41B_INST_WORD_POS_X: u16 = 24; 1574 /// Intel-IA64-Filler 1575 pub const EMARCH_ENC_I17_IMM41B_VAL_POS_X: u16 = 32; 1576 1577 /// Intel-IA64-Filler 1578 pub const EMARCH_ENC_I17_IMM41C_INST_WORD_X: u16 = 2; 1579 /// Intel-IA64-Filler 1580 pub const EMARCH_ENC_I17_IMM41C_SIZE_X: u16 = 23; 1581 /// Intel-IA64-Filler 1582 pub const EMARCH_ENC_I17_IMM41C_INST_WORD_POS_X: u16 = 0; 1583 /// Intel-IA64-Filler 1584 pub const EMARCH_ENC_I17_IMM41C_VAL_POS_X: u16 = 40; 1585 1586 /// Intel-IA64-Filler 1587 pub const EMARCH_ENC_I17_SIGN_INST_WORD_X: u16 = 3; 1588 /// Intel-IA64-Filler 1589 pub const EMARCH_ENC_I17_SIGN_SIZE_X: u16 = 1; 1590 /// Intel-IA64-Filler 1591 pub const EMARCH_ENC_I17_SIGN_INST_WORD_POS_X: u16 = 27; 1592 /// Intel-IA64-Filler 1593 pub const EMARCH_ENC_I17_SIGN_VAL_POS_X: u16 = 63; 1594 1595 /// Intel-IA64-Filler 1596 pub const X3_OPCODE_INST_WORD_X: u16 = 3; 1597 /// Intel-IA64-Filler 1598 pub const X3_OPCODE_SIZE_X: u16 = 4; 1599 /// Intel-IA64-Filler 1600 pub const X3_OPCODE_INST_WORD_POS_X: u16 = 28; 1601 /// Intel-IA64-Filler 1602 pub const X3_OPCODE_SIGN_VAL_POS_X: u16 = 0; 1603 1604 /// Intel-IA64-Filler 1605 pub const X3_I_INST_WORD_X: u16 = 3; 1606 /// Intel-IA64-Filler 1607 pub const X3_I_SIZE_X: u16 = 1; 1608 /// Intel-IA64-Filler 1609 pub const X3_I_INST_WORD_POS_X: u16 = 27; 1610 /// Intel-IA64-Filler 1611 pub const X3_I_SIGN_VAL_POS_X: u16 = 59; 1612 1613 /// Intel-IA64-Filler 1614 pub const X3_D_WH_INST_WORD_X: u16 = 3; 1615 /// Intel-IA64-Filler 1616 pub const X3_D_WH_SIZE_X: u16 = 3; 1617 /// Intel-IA64-Filler 1618 pub const X3_D_WH_INST_WORD_POS_X: u16 = 24; 1619 /// Intel-IA64-Filler 1620 pub const X3_D_WH_SIGN_VAL_POS_X: u16 = 0; 1621 1622 /// Intel-IA64-Filler 1623 pub const X3_IMM20_INST_WORD_X: u16 = 3; 1624 /// Intel-IA64-Filler 1625 pub const X3_IMM20_SIZE_X: u16 = 20; 1626 /// Intel-IA64-Filler 1627 pub const X3_IMM20_INST_WORD_POS_X: u16 = 4; 1628 /// Intel-IA64-Filler 1629 pub const X3_IMM20_SIGN_VAL_POS_X: u16 = 0; 1630 1631 /// Intel-IA64-Filler 1632 pub const X3_IMM39_1_INST_WORD_X: u16 = 2; 1633 /// Intel-IA64-Filler 1634 pub const X3_IMM39_1_SIZE_X: u16 = 23; 1635 /// Intel-IA64-Filler 1636 pub const X3_IMM39_1_INST_WORD_POS_X: u16 = 0; 1637 /// Intel-IA64-Filler 1638 pub const X3_IMM39_1_SIGN_VAL_POS_X: u16 = 36; 1639 1640 /// Intel-IA64-Filler 1641 pub const X3_IMM39_2_INST_WORD_X: u16 = 1; 1642 /// Intel-IA64-Filler 1643 pub const X3_IMM39_2_SIZE_X: u16 = 16; 1644 /// Intel-IA64-Filler 1645 pub const X3_IMM39_2_INST_WORD_POS_X: u16 = 16; 1646 /// Intel-IA64-Filler 1647 pub const X3_IMM39_2_SIGN_VAL_POS_X: u16 = 20; 1648 1649 /// Intel-IA64-Filler 1650 pub const X3_P_INST_WORD_X: u16 = 3; 1651 /// Intel-IA64-Filler 1652 pub const X3_P_SIZE_X: u16 = 4; 1653 /// Intel-IA64-Filler 1654 pub const X3_P_INST_WORD_POS_X: u16 = 0; 1655 /// Intel-IA64-Filler 1656 pub const X3_P_SIGN_VAL_POS_X: u16 = 0; 1657 1658 /// Intel-IA64-Filler 1659 pub const X3_TMPLT_INST_WORD_X: u16 = 0; 1660 /// Intel-IA64-Filler 1661 pub const X3_TMPLT_SIZE_X: u16 = 4; 1662 /// Intel-IA64-Filler 1663 pub const X3_TMPLT_INST_WORD_POS_X: u16 = 0; 1664 /// Intel-IA64-Filler 1665 pub const X3_TMPLT_SIGN_VAL_POS_X: u16 = 0; 1666 1667 /// Intel-IA64-Filler 1668 pub const X3_BTYPE_QP_INST_WORD_X: u16 = 2; 1669 /// Intel-IA64-Filler 1670 pub const X3_BTYPE_QP_SIZE_X: u16 = 9; 1671 /// Intel-IA64-Filler 1672 pub const X3_BTYPE_QP_INST_WORD_POS_X: u16 = 23; 1673 /// Intel-IA64-Filler 1674 pub const X3_BTYPE_QP_INST_VAL_POS_X: u16 = 0; 1675 1676 /// Intel-IA64-Filler 1677 pub const X3_EMPTY_INST_WORD_X: u16 = 1; 1678 /// Intel-IA64-Filler 1679 pub const X3_EMPTY_SIZE_X: u16 = 2; 1680 /// Intel-IA64-Filler 1681 pub const X3_EMPTY_INST_WORD_POS_X: u16 = 14; 1682 /// Intel-IA64-Filler 1683 pub const X3_EMPTY_INST_VAL_POS_X: u16 = 0; 1684 1685 // 1686 // Line number format. 1687 // 1688 1689 // This struct has alignment 1. 1690 #[derive(Debug, Clone, Copy)] 1691 #[repr(C)] 1692 pub struct ImageLinenumber { 1693 /// Symbol table index of function name if Linenumber is 0. 1694 /// Otherwise virtual address of line number. 1695 pub symbol_table_index_or_virtual_address: U32Bytes<LE>, 1696 /// Line number. 1697 pub linenumber: U16Bytes<LE>, 1698 } 1699 1700 // 1701 // Based relocation format. 1702 // 1703 1704 // This struct has alignment 1. 1705 #[derive(Debug, Clone, Copy)] 1706 #[repr(C)] 1707 pub struct ImageBaseRelocation { 1708 pub virtual_address: U32Bytes<LE>, 1709 pub size_of_block: U32Bytes<LE>, 1710 // pub type_offset[1]: U16<LE>, 1711 } 1712 1713 // 1714 // Based relocation types. 1715 // 1716 1717 pub const IMAGE_REL_BASED_ABSOLUTE: u16 = 0; 1718 pub const IMAGE_REL_BASED_HIGH: u16 = 1; 1719 pub const IMAGE_REL_BASED_LOW: u16 = 2; 1720 pub const IMAGE_REL_BASED_HIGHLOW: u16 = 3; 1721 pub const IMAGE_REL_BASED_HIGHADJ: u16 = 4; 1722 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_5: u16 = 5; 1723 pub const IMAGE_REL_BASED_RESERVED: u16 = 6; 1724 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_7: u16 = 7; 1725 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_8: u16 = 8; 1726 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_9: u16 = 9; 1727 pub const IMAGE_REL_BASED_DIR64: u16 = 10; 1728 1729 // 1730 // Platform-specific based relocation types. 1731 // 1732 1733 pub const IMAGE_REL_BASED_IA64_IMM64: u16 = 9; 1734 1735 pub const IMAGE_REL_BASED_MIPS_JMPADDR: u16 = 5; 1736 pub const IMAGE_REL_BASED_MIPS_JMPADDR16: u16 = 9; 1737 1738 pub const IMAGE_REL_BASED_ARM_MOV32: u16 = 5; 1739 pub const IMAGE_REL_BASED_THUMB_MOV32: u16 = 7; 1740 1741 pub const IMAGE_REL_BASED_RISCV_HIGH20: u16 = 5; 1742 pub const IMAGE_REL_BASED_RISCV_LOW12I: u16 = 7; 1743 pub const IMAGE_REL_BASED_RISCV_LOW12S: u16 = 8; 1744 1745 // 1746 // Archive format. 1747 // 1748 1749 pub const IMAGE_ARCHIVE_START_SIZE: usize = 8; 1750 pub const IMAGE_ARCHIVE_START: &[u8; 8] = b"!<arch>\n"; 1751 pub const IMAGE_ARCHIVE_END: &[u8] = b"`\n"; 1752 pub const IMAGE_ARCHIVE_PAD: &[u8] = b"\n"; 1753 pub const IMAGE_ARCHIVE_LINKER_MEMBER: &[u8; 16] = b"/ "; 1754 pub const IMAGE_ARCHIVE_LONGNAMES_MEMBER: &[u8; 16] = b"// "; 1755 pub const IMAGE_ARCHIVE_HYBRIDMAP_MEMBER: &[u8; 16] = b"/<HYBRIDMAP>/ "; 1756 1757 #[derive(Debug, Clone, Copy)] 1758 #[repr(C)] 1759 pub struct ImageArchiveMemberHeader { 1760 /// File member name - `/' terminated. 1761 pub name: [u8; 16], 1762 /// File member date - decimal. 1763 pub date: [u8; 12], 1764 /// File member user id - decimal. 1765 pub user_id: [u8; 6], 1766 /// File member group id - decimal. 1767 pub group_id: [u8; 6], 1768 /// File member mode - octal. 1769 pub mode: [u8; 8], 1770 /// File member size - decimal. 1771 pub size: [u8; 10], 1772 /// String to end header. 1773 pub end_header: [u8; 2], 1774 } 1775 1776 pub const IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR: u16 = 60; 1777 1778 // 1779 // DLL support. 1780 // 1781 1782 // 1783 // Export Format 1784 // 1785 1786 #[derive(Debug, Clone, Copy)] 1787 #[repr(C)] 1788 pub struct ImageExportDirectory { 1789 pub characteristics: U32<LE>, 1790 pub time_date_stamp: U32<LE>, 1791 pub major_version: U16<LE>, 1792 pub minor_version: U16<LE>, 1793 pub name: U32<LE>, 1794 pub base: U32<LE>, 1795 pub number_of_functions: U32<LE>, 1796 pub number_of_names: U32<LE>, 1797 /// RVA from base of image 1798 pub address_of_functions: U32<LE>, 1799 /// RVA from base of image 1800 pub address_of_names: U32<LE>, 1801 /// RVA from base of image 1802 pub address_of_name_ordinals: U32<LE>, 1803 } 1804 1805 // 1806 // Import Format 1807 // 1808 1809 #[derive(Debug, Clone, Copy)] 1810 #[repr(C)] 1811 pub struct ImageImportByName { 1812 pub hint: U16<LE>, 1813 //pub name: [i8; 1], 1814 } 1815 1816 /* 1817 // TODO? unions 1818 1819 #[derive(Debug, Clone, Copy)] 1820 #[repr(C)] 1821 pub struct ImageThunkData64 { 1822 union { 1823 /// PBYTE 1824 pub forwarder_string: U64<LE>, 1825 /// PDWORD 1826 pub function: U64<LE>, 1827 pub ordinal: U64<LE>, 1828 /// PIMAGE_IMPORT_BY_NAME 1829 pub address_of_data: U64<LE>, 1830 } u1; 1831 } 1832 1833 #[derive(Debug, Clone, Copy)] 1834 #[repr(C)] 1835 pub struct ImageThunkData32 { 1836 union { 1837 /// PBYTE 1838 pub forwarder_string: U32<LE>, 1839 /// PDWORD 1840 pub function: U32<LE>, 1841 pub ordinal: U32<LE>, 1842 /// PIMAGE_IMPORT_BY_NAME 1843 pub address_of_data: U32<LE>, 1844 } u1; 1845 } 1846 */ 1847 1848 pub const IMAGE_ORDINAL_FLAG64: u64 = 0x8000000000000000; 1849 pub const IMAGE_ORDINAL_FLAG32: u32 = 0x80000000; 1850 1851 /* 1852 #define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff) 1853 #define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff) 1854 #define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0) 1855 #define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0) 1856 1857 */ 1858 1859 // 1860 // Thread Local Storage 1861 // 1862 1863 #[derive(Debug, Clone, Copy)] 1864 #[repr(C)] 1865 pub struct ImageTlsDirectory64 { 1866 pub start_address_of_raw_data: U64<LE>, 1867 pub end_address_of_raw_data: U64<LE>, 1868 /// PDWORD 1869 pub address_of_index: U64<LE>, 1870 /// PIMAGE_TLS_CALLBACK *; 1871 pub address_of_call_backs: U64<LE>, 1872 pub size_of_zero_fill: U32<LE>, 1873 pub characteristics: U32<LE>, 1874 } 1875 1876 #[derive(Debug, Clone, Copy)] 1877 #[repr(C)] 1878 pub struct ImageTlsDirectory32 { 1879 pub start_address_of_raw_data: U32<LE>, 1880 pub end_address_of_raw_data: U32<LE>, 1881 /// PDWORD 1882 pub address_of_index: U32<LE>, 1883 /// PIMAGE_TLS_CALLBACK * 1884 pub address_of_call_backs: U32<LE>, 1885 pub size_of_zero_fill: U32<LE>, 1886 pub characteristics: U32<LE>, 1887 } 1888 1889 #[derive(Debug, Clone, Copy)] 1890 #[repr(C)] 1891 pub struct ImageImportDescriptor { 1892 /// RVA to original unbound IAT (`ImageThunkData32`/`ImageThunkData64`) 1893 /// 0 for terminating null import descriptor 1894 pub original_first_thunk: U32Bytes<LE>, 1895 /// 0 if not bound, 1896 /// -1 if bound, and real date\time stamp 1897 /// in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) 1898 /// O.W. date/time stamp of DLL bound to (Old BIND) 1899 pub time_date_stamp: U32Bytes<LE>, 1900 /// -1 if no forwarders 1901 pub forwarder_chain: U32Bytes<LE>, 1902 pub name: U32Bytes<LE>, 1903 /// RVA to IAT (if bound this IAT has actual addresses) 1904 pub first_thunk: U32Bytes<LE>, 1905 } 1906 1907 // 1908 // New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ] 1909 // 1910 1911 #[derive(Debug, Clone, Copy)] 1912 #[repr(C)] 1913 pub struct ImageBoundImportDescriptor { 1914 pub time_date_stamp: U32<LE>, 1915 pub offset_module_name: U16<LE>, 1916 pub number_of_module_forwarder_refs: U16<LE>, 1917 // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows 1918 } 1919 1920 #[derive(Debug, Clone, Copy)] 1921 #[repr(C)] 1922 pub struct ImageBoundForwarderRef { 1923 pub time_date_stamp: U32<LE>, 1924 pub offset_module_name: U16<LE>, 1925 pub reserved: U16<LE>, 1926 } 1927 1928 #[derive(Debug, Clone, Copy)] 1929 #[repr(C)] 1930 pub struct ImageDelayloadDescriptor { 1931 pub attributes: U32<LE>, 1932 1933 /// RVA to the name of the target library (NULL-terminate ASCII string) 1934 pub dll_name_rva: U32<LE>, 1935 /// RVA to the HMODULE caching location (PHMODULE) 1936 pub module_handle_rva: U32<LE>, 1937 /// RVA to the start of the IAT (PIMAGE_THUNK_DATA) 1938 pub import_address_table_rva: U32<LE>, 1939 /// RVA to the start of the name table (PIMAGE_THUNK_DATA::AddressOfData) 1940 pub import_name_table_rva: U32<LE>, 1941 /// RVA to an optional bound IAT 1942 pub bound_import_address_table_rva: U32<LE>, 1943 /// RVA to an optional unload info table 1944 pub unload_information_table_rva: U32<LE>, 1945 /// 0 if not bound, otherwise, date/time of the target DLL 1946 pub time_date_stamp: U32<LE>, 1947 } 1948 1949 /// Delay load version 2 flag for `ImageDelayloadDescriptor::attributes`. 1950 pub const IMAGE_DELAYLOAD_RVA_BASED: u32 = 0x8000_0000; 1951 1952 // 1953 // Resource Format. 1954 // 1955 1956 // 1957 // Resource directory consists of two counts, following by a variable length 1958 // array of directory entries. The first count is the number of entries at 1959 // beginning of the array that have actual names associated with each entry. 1960 // The entries are in ascending order, case insensitive strings. The second 1961 // count is the number of entries that immediately follow the named entries. 1962 // This second count identifies the number of entries that have 16-bit integer 1963 // Ids as their name. These entries are also sorted in ascending order. 1964 // 1965 // This structure allows fast lookup by either name or number, but for any 1966 // given resource entry only one form of lookup is supported, not both. 1967 // This is consistant with the syntax of the .RC file and the .RES file. 1968 // 1969 1970 #[derive(Debug, Clone, Copy)] 1971 #[repr(C)] 1972 pub struct ImageResourceDirectory { 1973 pub characteristics: U32<LE>, 1974 pub time_date_stamp: U32<LE>, 1975 pub major_version: U16<LE>, 1976 pub minor_version: U16<LE>, 1977 pub number_of_named_entries: U16<LE>, 1978 pub number_of_id_entries: U16<LE>, 1979 // DirectoryEntries[ImageResourceDirectoryEntry]; 1980 } 1981 1982 pub const IMAGE_RESOURCE_NAME_IS_STRING: u32 = 0x8000_0000; 1983 pub const IMAGE_RESOURCE_DATA_IS_DIRECTORY: u32 = 0x8000_0000; 1984 // 1985 // Each directory contains the 32-bit Name of the entry and an offset, 1986 // relative to the beginning of the resource directory of the data associated 1987 // with this directory entry. If the name of the entry is an actual text 1988 // string instead of an integer Id, then the high order bit of the name field 1989 // is set to one and the low order 31-bits are an offset, relative to the 1990 // beginning of the resource directory of the string, which is of type 1991 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the 1992 // low-order 16-bits are the integer Id that identify this resource directory 1993 // entry. If the directory entry is yet another resource directory (i.e. a 1994 // subdirectory), then the high order bit of the offset field will be 1995 // set to indicate this. Otherwise the high bit is clear and the offset 1996 // field points to a resource data entry. 1997 // 1998 1999 #[derive(Debug, Clone, Copy)] 2000 #[repr(C)] 2001 pub struct ImageResourceDirectoryEntry { 2002 pub name_or_id: U32<LE>, 2003 pub offset_to_data_or_directory: U32<LE>, 2004 } 2005 2006 // 2007 // For resource directory entries that have actual string names, the Name 2008 // field of the directory entry points to an object of the following type. 2009 // All of these string objects are stored together after the last resource 2010 // directory entry and before the first resource data object. This minimizes 2011 // the impact of these variable length objects on the alignment of the fixed 2012 // size directory entry objects. 2013 // 2014 2015 #[derive(Debug, Clone, Copy)] 2016 #[repr(C)] 2017 pub struct ImageResourceDirectoryString { 2018 pub length: U16<LE>, 2019 //pub name_string: [i8; 1], 2020 } 2021 2022 #[derive(Debug, Clone, Copy)] 2023 #[repr(C)] 2024 pub struct ImageResourceDirStringU { 2025 pub length: U16<LE>, 2026 //pub name_string: [U16<LE>; 1], 2027 } 2028 2029 // 2030 // Each resource data entry describes a leaf node in the resource directory 2031 // tree. It contains an offset, relative to the beginning of the resource 2032 // directory of the data for the resource, a size field that gives the number 2033 // of bytes of data at that offset, a CodePage that should be used when 2034 // decoding code point values within the resource data. Typically for new 2035 // applications the code page would be the unicode code page. 2036 // 2037 2038 #[derive(Debug, Clone, Copy)] 2039 #[repr(C)] 2040 pub struct ImageResourceDataEntry { 2041 pub offset_to_data: U32<LE>, 2042 pub size: U32<LE>, 2043 pub code_page: U32<LE>, 2044 pub reserved: U32<LE>, 2045 } 2046 2047 // 2048 // Code Integrity in loadconfig (CI) 2049 // 2050 2051 #[derive(Debug, Clone, Copy)] 2052 #[repr(C)] 2053 pub struct ImageLoadConfigCodeIntegrity { 2054 /// Flags to indicate if CI information is available, etc. 2055 pub flags: U16<LE>, 2056 /// 0xFFFF means not available 2057 pub catalog: U16<LE>, 2058 pub catalog_offset: U32<LE>, 2059 /// Additional bitmask to be defined later 2060 pub reserved: U32<LE>, 2061 } 2062 2063 // 2064 // Dynamic value relocation table in loadconfig 2065 // 2066 2067 #[derive(Debug, Clone, Copy)] 2068 #[repr(C)] 2069 pub struct ImageDynamicRelocationTable { 2070 pub version: U32<LE>, 2071 pub size: U32<LE>, 2072 // DynamicRelocations: [ImageDynamicRelocation; 0], 2073 } 2074 2075 // 2076 // Dynamic value relocation entries following IMAGE_DYNAMIC_RELOCATION_TABLE 2077 // 2078 2079 #[derive(Debug, Clone, Copy)] 2080 #[repr(C)] 2081 pub struct ImageDynamicRelocation32 { 2082 pub symbol: U32<LE>, 2083 pub base_reloc_size: U32<LE>, 2084 // BaseRelocations: [ImageBaseRelocation; 0], 2085 } 2086 2087 #[derive(Debug, Clone, Copy)] 2088 #[repr(C)] 2089 pub struct ImageDynamicRelocation64 { 2090 pub symbol: U64<LE>, 2091 pub base_reloc_size: U32<LE>, 2092 // BaseRelocations: [ImageBaseRelocation; 0], 2093 } 2094 2095 #[derive(Debug, Clone, Copy)] 2096 #[repr(C)] 2097 pub struct ImageDynamicRelocation32V2 { 2098 pub header_size: U32<LE>, 2099 pub fixup_info_size: U32<LE>, 2100 pub symbol: U32<LE>, 2101 pub symbol_group: U32<LE>, 2102 pub flags: U32<LE>, 2103 // ... variable length header fields 2104 // pub fixup_info: [u8; fixup_info_size] 2105 } 2106 2107 #[derive(Debug, Clone, Copy)] 2108 #[repr(C)] 2109 pub struct ImageDynamicRelocation64V2 { 2110 pub header_size: U32<LE>, 2111 pub fixup_info_size: U32<LE>, 2112 pub symbol: U64<LE>, 2113 pub symbol_group: U32<LE>, 2114 pub flags: U32<LE>, 2115 // ... variable length header fields 2116 // pub fixup_info[u8; fixup_info_size] 2117 } 2118 2119 // 2120 // Defined symbolic dynamic relocation entries. 2121 // 2122 2123 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_RF_PROLOGUE: u32 = 0x0000_0001; 2124 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_RF_EPILOGUE: u32 = 0x0000_0002; 2125 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER: u32 = 0x0000_0003; 2126 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_INDIR_CONTROL_TRANSFER: u32 = 0x0000_0004; 2127 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_SWITCHTABLE_BRANCH: u32 = 0x0000_0005; 2128 2129 // This struct has alignment 1. 2130 #[derive(Debug, Clone, Copy)] 2131 #[repr(C)] 2132 pub struct ImagePrologueDynamicRelocationHeader { 2133 pub prologue_byte_count: u8, 2134 // pub prologue_bytes: [u8; prologue_byte_count], 2135 } 2136 2137 // This struct has alignment 1. 2138 #[derive(Debug, Clone, Copy)] 2139 #[repr(C)] 2140 pub struct ImageEpilogueDynamicRelocationHeader { 2141 pub epilogue_count: U32Bytes<LE>, 2142 pub epilogue_byte_count: u8, 2143 pub branch_descriptor_element_size: u8, 2144 pub branch_descriptor_count: U16Bytes<LE>, 2145 // pub branch_descriptors[...], 2146 // pub branch_descriptor_bit_map[...], 2147 } 2148 2149 /* 2150 // TODO? bitfields 2151 // TODO: unaligned? 2152 #[derive(Debug, Clone, Copy)] 2153 #[repr(C)] 2154 pub struct ImageImportControlTransferDynamicRelocation { 2155 DWORD PageRelativeOffset : 12; 2156 DWORD IndirectCall : 1; 2157 DWORD IATIndex : 19; 2158 } 2159 2160 // TODO: unaligned? 2161 #[derive(Debug, Clone, Copy)] 2162 #[repr(C)] 2163 pub struct ImageIndirControlTransferDynamicRelocation { 2164 WORD PageRelativeOffset : 12; 2165 WORD IndirectCall : 1; 2166 WORD RexWPrefix : 1; 2167 WORD CfgCheck : 1; 2168 WORD Reserved : 1; 2169 } 2170 2171 // TODO: unaligned? 2172 #[derive(Debug, Clone, Copy)] 2173 #[repr(C)] 2174 pub struct ImageSwitchtableBranchDynamicRelocation { 2175 WORD PageRelativeOffset : 12; 2176 WORD RegisterNumber : 4; 2177 } 2178 */ 2179 2180 // 2181 // Load Configuration Directory Entry 2182 // 2183 2184 #[derive(Debug, Clone, Copy)] 2185 #[repr(C)] 2186 pub struct ImageLoadConfigDirectory32 { 2187 pub size: U32<LE>, 2188 pub time_date_stamp: U32<LE>, 2189 pub major_version: U16<LE>, 2190 pub minor_version: U16<LE>, 2191 pub global_flags_clear: U32<LE>, 2192 pub global_flags_set: U32<LE>, 2193 pub critical_section_default_timeout: U32<LE>, 2194 pub de_commit_free_block_threshold: U32<LE>, 2195 pub de_commit_total_free_threshold: U32<LE>, 2196 /// VA 2197 pub lock_prefix_table: U32<LE>, 2198 pub maximum_allocation_size: U32<LE>, 2199 pub virtual_memory_threshold: U32<LE>, 2200 pub process_heap_flags: U32<LE>, 2201 pub process_affinity_mask: U32<LE>, 2202 pub csd_version: U16<LE>, 2203 pub dependent_load_flags: U16<LE>, 2204 /// VA 2205 pub edit_list: U32<LE>, 2206 /// VA 2207 pub security_cookie: U32<LE>, 2208 /// VA 2209 pub sehandler_table: U32<LE>, 2210 pub sehandler_count: U32<LE>, 2211 /// VA 2212 pub guard_cf_check_function_pointer: U32<LE>, 2213 /// VA 2214 pub guard_cf_dispatch_function_pointer: U32<LE>, 2215 /// VA 2216 pub guard_cf_function_table: U32<LE>, 2217 pub guard_cf_function_count: U32<LE>, 2218 pub guard_flags: U32<LE>, 2219 pub code_integrity: ImageLoadConfigCodeIntegrity, 2220 /// VA 2221 pub guard_address_taken_iat_entry_table: U32<LE>, 2222 pub guard_address_taken_iat_entry_count: U32<LE>, 2223 /// VA 2224 pub guard_long_jump_target_table: U32<LE>, 2225 pub guard_long_jump_target_count: U32<LE>, 2226 /// VA 2227 pub dynamic_value_reloc_table: U32<LE>, 2228 pub chpe_metadata_pointer: U32<LE>, 2229 /// VA 2230 pub guard_rf_failure_routine: U32<LE>, 2231 /// VA 2232 pub guard_rf_failure_routine_function_pointer: U32<LE>, 2233 pub dynamic_value_reloc_table_offset: U32<LE>, 2234 pub dynamic_value_reloc_table_section: U16<LE>, 2235 pub reserved2: U16<LE>, 2236 /// VA 2237 pub guard_rf_verify_stack_pointer_function_pointer: U32<LE>, 2238 pub hot_patch_table_offset: U32<LE>, 2239 pub reserved3: U32<LE>, 2240 /// VA 2241 pub enclave_configuration_pointer: U32<LE>, 2242 /// VA 2243 pub volatile_metadata_pointer: U32<LE>, 2244 } 2245 2246 #[derive(Debug, Clone, Copy)] 2247 #[repr(C)] 2248 pub struct ImageLoadConfigDirectory64 { 2249 pub size: U32<LE>, 2250 pub time_date_stamp: U32<LE>, 2251 pub major_version: U16<LE>, 2252 pub minor_version: U16<LE>, 2253 pub global_flags_clear: U32<LE>, 2254 pub global_flags_set: U32<LE>, 2255 pub critical_section_default_timeout: U32<LE>, 2256 pub de_commit_free_block_threshold: U64<LE>, 2257 pub de_commit_total_free_threshold: U64<LE>, 2258 /// VA 2259 pub lock_prefix_table: U64<LE>, 2260 pub maximum_allocation_size: U64<LE>, 2261 pub virtual_memory_threshold: U64<LE>, 2262 pub process_affinity_mask: U64<LE>, 2263 pub process_heap_flags: U32<LE>, 2264 pub csd_version: U16<LE>, 2265 pub dependent_load_flags: U16<LE>, 2266 /// VA 2267 pub edit_list: U64<LE>, 2268 /// VA 2269 pub security_cookie: U64<LE>, 2270 /// VA 2271 pub sehandler_table: U64<LE>, 2272 pub sehandler_count: U64<LE>, 2273 /// VA 2274 pub guard_cf_check_function_pointer: U64<LE>, 2275 /// VA 2276 pub guard_cf_dispatch_function_pointer: U64<LE>, 2277 /// VA 2278 pub guard_cf_function_table: U64<LE>, 2279 pub guard_cf_function_count: U64<LE>, 2280 pub guard_flags: U32<LE>, 2281 pub code_integrity: ImageLoadConfigCodeIntegrity, 2282 /// VA 2283 pub guard_address_taken_iat_entry_table: U64<LE>, 2284 pub guard_address_taken_iat_entry_count: U64<LE>, 2285 /// VA 2286 pub guard_long_jump_target_table: U64<LE>, 2287 pub guard_long_jump_target_count: U64<LE>, 2288 /// VA 2289 pub dynamic_value_reloc_table: U64<LE>, 2290 /// VA 2291 pub chpe_metadata_pointer: U64<LE>, 2292 /// VA 2293 pub guard_rf_failure_routine: U64<LE>, 2294 /// VA 2295 pub guard_rf_failure_routine_function_pointer: U64<LE>, 2296 pub dynamic_value_reloc_table_offset: U32<LE>, 2297 pub dynamic_value_reloc_table_section: U16<LE>, 2298 pub reserved2: U16<LE>, 2299 /// VA 2300 pub guard_rf_verify_stack_pointer_function_pointer: U64<LE>, 2301 pub hot_patch_table_offset: U32<LE>, 2302 pub reserved3: U32<LE>, 2303 /// VA 2304 pub enclave_configuration_pointer: U64<LE>, 2305 /// VA 2306 pub volatile_metadata_pointer: U64<LE>, 2307 } 2308 2309 #[derive(Debug, Clone, Copy)] 2310 #[repr(C)] 2311 pub struct ImageHotPatchInfo { 2312 pub version: U32<LE>, 2313 pub size: U32<LE>, 2314 pub sequence_number: U32<LE>, 2315 pub base_image_list: U32<LE>, 2316 pub base_image_count: U32<LE>, 2317 /// Version 2 and later 2318 pub buffer_offset: U32<LE>, 2319 /// Version 3 and later 2320 pub extra_patch_size: U32<LE>, 2321 } 2322 2323 #[derive(Debug, Clone, Copy)] 2324 #[repr(C)] 2325 pub struct ImageHotPatchBase { 2326 pub sequence_number: U32<LE>, 2327 pub flags: U32<LE>, 2328 pub original_time_date_stamp: U32<LE>, 2329 pub original_check_sum: U32<LE>, 2330 pub code_integrity_info: U32<LE>, 2331 pub code_integrity_size: U32<LE>, 2332 pub patch_table: U32<LE>, 2333 /// Version 2 and later 2334 pub buffer_offset: U32<LE>, 2335 } 2336 2337 #[derive(Debug, Clone, Copy)] 2338 #[repr(C)] 2339 pub struct ImageHotPatchHashes { 2340 pub sha256: [u8; 32], 2341 pub sha1: [u8; 20], 2342 } 2343 2344 pub const IMAGE_HOT_PATCH_BASE_OBLIGATORY: u32 = 0x0000_0001; 2345 pub const IMAGE_HOT_PATCH_BASE_CAN_ROLL_BACK: u32 = 0x0000_0002; 2346 2347 pub const IMAGE_HOT_PATCH_CHUNK_INVERSE: u32 = 0x8000_0000; 2348 pub const IMAGE_HOT_PATCH_CHUNK_OBLIGATORY: u32 = 0x4000_0000; 2349 pub const IMAGE_HOT_PATCH_CHUNK_RESERVED: u32 = 0x3FF0_3000; 2350 pub const IMAGE_HOT_PATCH_CHUNK_TYPE: u32 = 0x000F_C000; 2351 pub const IMAGE_HOT_PATCH_CHUNK_SOURCE_RVA: u32 = 0x0000_8000; 2352 pub const IMAGE_HOT_PATCH_CHUNK_TARGET_RVA: u32 = 0x0000_4000; 2353 pub const IMAGE_HOT_PATCH_CHUNK_SIZE: u32 = 0x0000_0FFF; 2354 2355 pub const IMAGE_HOT_PATCH_NONE: u32 = 0x0000_0000; 2356 pub const IMAGE_HOT_PATCH_FUNCTION: u32 = 0x0001_C000; 2357 pub const IMAGE_HOT_PATCH_ABSOLUTE: u32 = 0x0002_C000; 2358 pub const IMAGE_HOT_PATCH_REL32: u32 = 0x0003_C000; 2359 pub const IMAGE_HOT_PATCH_CALL_TARGET: u32 = 0x0004_4000; 2360 pub const IMAGE_HOT_PATCH_INDIRECT: u32 = 0x0005_C000; 2361 pub const IMAGE_HOT_PATCH_NO_CALL_TARGET: u32 = 0x0006_4000; 2362 pub const IMAGE_HOT_PATCH_DYNAMIC_VALUE: u32 = 0x0007_8000; 2363 2364 /// Module performs control flow integrity checks using system-supplied support 2365 pub const IMAGE_GUARD_CF_INSTRUMENTED: u32 = 0x0000_0100; 2366 /// Module performs control flow and write integrity checks 2367 pub const IMAGE_GUARD_CFW_INSTRUMENTED: u32 = 0x0000_0200; 2368 /// Module contains valid control flow target metadata 2369 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_PRESENT: u32 = 0x0000_0400; 2370 /// Module does not make use of the /GS security cookie 2371 pub const IMAGE_GUARD_SECURITY_COOKIE_UNUSED: u32 = 0x0000_0800; 2372 /// Module supports read only delay load IAT 2373 pub const IMAGE_GUARD_PROTECT_DELAYLOAD_IAT: u32 = 0x0000_1000; 2374 /// Delayload import table in its own .didat section (with nothing else in it) that can be freely reprotected 2375 pub const IMAGE_GUARD_DELAYLOAD_IAT_IN_ITS_OWN_SECTION: u32 = 0x0000_2000; 2376 /// Module contains suppressed export information. 2377 /// 2378 /// This also infers that the address taken taken IAT table is also present in the load config. 2379 pub const IMAGE_GUARD_CF_EXPORT_SUPPRESSION_INFO_PRESENT: u32 = 0x0000_4000; 2380 /// Module enables suppression of exports 2381 pub const IMAGE_GUARD_CF_ENABLE_EXPORT_SUPPRESSION: u32 = 0x0000_8000; 2382 /// Module contains longjmp target information 2383 pub const IMAGE_GUARD_CF_LONGJUMP_TABLE_PRESENT: u32 = 0x0001_0000; 2384 /// Module contains return flow instrumentation and metadata 2385 pub const IMAGE_GUARD_RF_INSTRUMENTED: u32 = 0x0002_0000; 2386 /// Module requests that the OS enable return flow protection 2387 pub const IMAGE_GUARD_RF_ENABLE: u32 = 0x0004_0000; 2388 /// Module requests that the OS enable return flow protection in strict mode 2389 pub const IMAGE_GUARD_RF_STRICT: u32 = 0x0008_0000; 2390 /// Module was built with retpoline support 2391 pub const IMAGE_GUARD_RETPOLINE_PRESENT: u32 = 0x0010_0000; 2392 2393 /// Stride of Guard CF function table encoded in these bits (additional count of bytes per element) 2394 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_SIZE_MASK: u32 = 0xF000_0000; 2395 /// Shift to right-justify Guard CF function table stride 2396 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_SIZE_SHIFT: u32 = 28; 2397 2398 // 2399 // GFIDS table entry flags. 2400 // 2401 2402 /// The containing GFID entry is suppressed 2403 pub const IMAGE_GUARD_FLAG_FID_SUPPRESSED: u16 = 0x01; 2404 /// The containing GFID entry is export suppressed 2405 pub const IMAGE_GUARD_FLAG_EXPORT_SUPPRESSED: u16 = 0x02; 2406 2407 // 2408 // WIN CE Exception table format 2409 // 2410 2411 // 2412 // Function table entry format. Function table is pointed to by the 2413 // IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. 2414 // 2415 2416 /* 2417 // TODO? bitfields 2418 #[derive(Debug, Clone, Copy)] 2419 #[repr(C)] 2420 pub struct ImageCeRuntimeFunctionEntry { 2421 pub func_start: U32<LE>, 2422 DWORD PrologLen : 8; 2423 DWORD FuncLen : 22; 2424 DWORD ThirtyTwoBit : 1; 2425 DWORD ExceptionFlag : 1; 2426 } 2427 */ 2428 2429 #[derive(Debug, Clone, Copy)] 2430 #[repr(C)] 2431 pub struct ImageArmRuntimeFunctionEntry { 2432 pub begin_address: U32<LE>, 2433 pub unwind_data: U32<LE>, 2434 } 2435 2436 #[derive(Debug, Clone, Copy)] 2437 #[repr(C)] 2438 pub struct ImageArm64RuntimeFunctionEntry { 2439 pub begin_address: U32<LE>, 2440 pub unwind_data: U32<LE>, 2441 } 2442 2443 #[derive(Debug, Clone, Copy)] 2444 #[repr(C)] 2445 pub struct ImageAlpha64RuntimeFunctionEntry { 2446 pub begin_address: U64<LE>, 2447 pub end_address: U64<LE>, 2448 pub exception_handler: U64<LE>, 2449 pub handler_data: U64<LE>, 2450 pub prolog_end_address: U64<LE>, 2451 } 2452 2453 #[derive(Debug, Clone, Copy)] 2454 #[repr(C)] 2455 pub struct ImageAlphaRuntimeFunctionEntry { 2456 pub begin_address: U32<LE>, 2457 pub end_address: U32<LE>, 2458 pub exception_handler: U32<LE>, 2459 pub handler_data: U32<LE>, 2460 pub prolog_end_address: U32<LE>, 2461 } 2462 2463 #[derive(Debug, Clone, Copy)] 2464 #[repr(C)] 2465 pub struct ImageRuntimeFunctionEntry { 2466 pub begin_address: U32<LE>, 2467 pub end_address: U32<LE>, 2468 pub unwind_info_address_or_data: U32<LE>, 2469 } 2470 2471 // 2472 // Sofware enclave information 2473 // 2474 2475 pub const IMAGE_ENCLAVE_LONG_ID_LENGTH: usize = 32; 2476 pub const IMAGE_ENCLAVE_SHORT_ID_LENGTH: usize = 16; 2477 2478 #[derive(Debug, Clone, Copy)] 2479 #[repr(C)] 2480 pub struct ImageEnclaveConfig32 { 2481 pub size: U32<LE>, 2482 pub minimum_required_config_size: U32<LE>, 2483 pub policy_flags: U32<LE>, 2484 pub number_of_imports: U32<LE>, 2485 pub import_list: U32<LE>, 2486 pub import_entry_size: U32<LE>, 2487 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2488 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2489 pub image_version: U32<LE>, 2490 pub security_version: U32<LE>, 2491 pub enclave_size: U32<LE>, 2492 pub number_of_threads: U32<LE>, 2493 pub enclave_flags: U32<LE>, 2494 } 2495 2496 #[derive(Debug, Clone, Copy)] 2497 #[repr(C)] 2498 pub struct ImageEnclaveConfig64 { 2499 pub size: U32<LE>, 2500 pub minimum_required_config_size: U32<LE>, 2501 pub policy_flags: U32<LE>, 2502 pub number_of_imports: U32<LE>, 2503 pub import_list: U32<LE>, 2504 pub import_entry_size: U32<LE>, 2505 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2506 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2507 pub image_version: U32<LE>, 2508 pub security_version: U32<LE>, 2509 pub enclave_size: U64<LE>, 2510 pub number_of_threads: U32<LE>, 2511 pub enclave_flags: U32<LE>, 2512 } 2513 2514 //pub const IMAGE_ENCLAVE_MINIMUM_CONFIG_SIZE: usize = FIELD_OFFSET(IMAGE_ENCLAVE_CONFIG, EnclaveFlags); 2515 2516 pub const IMAGE_ENCLAVE_POLICY_DEBUGGABLE: u32 = 0x0000_0001; 2517 2518 pub const IMAGE_ENCLAVE_FLAG_PRIMARY_IMAGE: u32 = 0x0000_0001; 2519 2520 #[derive(Debug, Clone, Copy)] 2521 #[repr(C)] 2522 pub struct ImageEnclaveImport { 2523 pub match_type: U32<LE>, 2524 pub minimum_security_version: U32<LE>, 2525 pub unique_or_author_id: [u8; IMAGE_ENCLAVE_LONG_ID_LENGTH], 2526 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2527 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2528 pub import_name: U32<LE>, 2529 pub reserved: U32<LE>, 2530 } 2531 2532 pub const IMAGE_ENCLAVE_IMPORT_MATCH_NONE: u32 = 0x0000_0000; 2533 pub const IMAGE_ENCLAVE_IMPORT_MATCH_UNIQUE_ID: u32 = 0x0000_0001; 2534 pub const IMAGE_ENCLAVE_IMPORT_MATCH_AUTHOR_ID: u32 = 0x0000_0002; 2535 pub const IMAGE_ENCLAVE_IMPORT_MATCH_FAMILY_ID: u32 = 0x0000_0003; 2536 pub const IMAGE_ENCLAVE_IMPORT_MATCH_IMAGE_ID: u32 = 0x0000_0004; 2537 2538 // 2539 // Debug Format 2540 // 2541 2542 #[derive(Debug, Clone, Copy)] 2543 #[repr(C)] 2544 pub struct ImageDebugDirectory { 2545 pub characteristics: U32<LE>, 2546 pub time_date_stamp: U32<LE>, 2547 pub major_version: U16<LE>, 2548 pub minor_version: U16<LE>, 2549 pub typ: U32<LE>, 2550 pub size_of_data: U32<LE>, 2551 pub address_of_raw_data: U32<LE>, 2552 pub pointer_to_raw_data: U32<LE>, 2553 } 2554 2555 pub const IMAGE_DEBUG_TYPE_UNKNOWN: u32 = 0; 2556 pub const IMAGE_DEBUG_TYPE_COFF: u32 = 1; 2557 pub const IMAGE_DEBUG_TYPE_CODEVIEW: u32 = 2; 2558 pub const IMAGE_DEBUG_TYPE_FPO: u32 = 3; 2559 pub const IMAGE_DEBUG_TYPE_MISC: u32 = 4; 2560 pub const IMAGE_DEBUG_TYPE_EXCEPTION: u32 = 5; 2561 pub const IMAGE_DEBUG_TYPE_FIXUP: u32 = 6; 2562 pub const IMAGE_DEBUG_TYPE_OMAP_TO_SRC: u32 = 7; 2563 pub const IMAGE_DEBUG_TYPE_OMAP_FROM_SRC: u32 = 8; 2564 pub const IMAGE_DEBUG_TYPE_BORLAND: u32 = 9; 2565 pub const IMAGE_DEBUG_TYPE_RESERVED10: u32 = 10; 2566 pub const IMAGE_DEBUG_TYPE_CLSID: u32 = 11; 2567 pub const IMAGE_DEBUG_TYPE_VC_FEATURE: u32 = 12; 2568 pub const IMAGE_DEBUG_TYPE_POGO: u32 = 13; 2569 pub const IMAGE_DEBUG_TYPE_ILTCG: u32 = 14; 2570 pub const IMAGE_DEBUG_TYPE_MPX: u32 = 15; 2571 pub const IMAGE_DEBUG_TYPE_REPRO: u32 = 16; 2572 2573 #[derive(Debug, Clone, Copy)] 2574 #[repr(C)] 2575 pub struct ImageCoffSymbolsHeader { 2576 pub number_of_symbols: U32<LE>, 2577 pub lva_to_first_symbol: U32<LE>, 2578 pub number_of_linenumbers: U32<LE>, 2579 pub lva_to_first_linenumber: U32<LE>, 2580 pub rva_to_first_byte_of_code: U32<LE>, 2581 pub rva_to_last_byte_of_code: U32<LE>, 2582 pub rva_to_first_byte_of_data: U32<LE>, 2583 pub rva_to_last_byte_of_data: U32<LE>, 2584 } 2585 2586 pub const FRAME_FPO: u16 = 0; 2587 pub const FRAME_TRAP: u16 = 1; 2588 pub const FRAME_TSS: u16 = 2; 2589 pub const FRAME_NONFPO: u16 = 3; 2590 2591 /* 2592 // TODO? bitfields 2593 #[derive(Debug, Clone, Copy)] 2594 #[repr(C)] 2595 pub struct FpoData { 2596 /// offset 1st byte of function code 2597 pub ul_off_start: U32<LE>, 2598 /// # bytes in function 2599 pub cb_proc_size: U32<LE>, 2600 /// # bytes in locals/4 2601 pub cdw_locals: U32<LE>, 2602 /// # bytes in params/4 2603 pub cdw_params: U16<LE>, 2604 /// # bytes in prolog 2605 WORD cbProlog : 8; 2606 /// # regs saved 2607 WORD cbRegs : 3; 2608 /// TRUE if SEH in func 2609 WORD fHasSEH : 1; 2610 /// TRUE if EBP has been allocated 2611 WORD fUseBP : 1; 2612 /// reserved for future use 2613 WORD reserved : 1; 2614 /// frame type 2615 WORD cbFrame : 2; 2616 } 2617 pub const SIZEOF_RFPO_DATA: usize = 16; 2618 */ 2619 2620 pub const IMAGE_DEBUG_MISC_EXENAME: u16 = 1; 2621 2622 #[derive(Debug, Clone, Copy)] 2623 #[repr(C)] 2624 pub struct ImageDebugMisc { 2625 /// type of misc data, see defines 2626 pub data_type: U32<LE>, 2627 /// total length of record, rounded to four byte multiple. 2628 pub length: U32<LE>, 2629 /// TRUE if data is unicode string 2630 pub unicode: u8, 2631 pub reserved: [u8; 3], 2632 // Actual data 2633 //pub data: [u8; 1], 2634 } 2635 2636 // 2637 // Function table extracted from MIPS/ALPHA/IA64 images. Does not contain 2638 // information needed only for runtime support. Just those fields for 2639 // each entry needed by a debugger. 2640 // 2641 2642 #[derive(Debug, Clone, Copy)] 2643 #[repr(C)] 2644 pub struct ImageFunctionEntry { 2645 pub starting_address: U32<LE>, 2646 pub ending_address: U32<LE>, 2647 pub end_of_prologue: U32<LE>, 2648 } 2649 2650 #[derive(Debug, Clone, Copy)] 2651 #[repr(C)] 2652 pub struct ImageFunctionEntry64 { 2653 pub starting_address: U64<LE>, 2654 pub ending_address: U64<LE>, 2655 pub end_of_prologue_or_unwind_info_address: U64<LE>, 2656 } 2657 2658 // 2659 // Debugging information can be stripped from an image file and placed 2660 // in a separate .DBG file, whose file name part is the same as the 2661 // image file name part (e.g. symbols for CMD.EXE could be stripped 2662 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED 2663 // flag in the Characteristics field of the file header. The beginning of 2664 // the .DBG file contains the following structure which captures certain 2665 // information from the image file. This allows a debug to proceed even if 2666 // the original image file is not accessable. This header is followed by 2667 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more 2668 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in 2669 // the image file contain file offsets relative to the beginning of the 2670 // .DBG file. 2671 // 2672 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure 2673 // is left in the image file, but not mapped. This allows a debugger to 2674 // compute the name of the .DBG file, from the name of the image in the 2675 // IMAGE_DEBUG_MISC structure. 2676 // 2677 2678 #[derive(Debug, Clone, Copy)] 2679 #[repr(C)] 2680 pub struct ImageSeparateDebugHeader { 2681 pub signature: U16<LE>, 2682 pub flags: U16<LE>, 2683 pub machine: U16<LE>, 2684 pub characteristics: U16<LE>, 2685 pub time_date_stamp: U32<LE>, 2686 pub check_sum: U32<LE>, 2687 pub image_base: U32<LE>, 2688 pub size_of_image: U32<LE>, 2689 pub number_of_sections: U32<LE>, 2690 pub exported_names_size: U32<LE>, 2691 pub debug_directory_size: U32<LE>, 2692 pub section_alignment: U32<LE>, 2693 pub reserved: [U32<LE>; 2], 2694 } 2695 2696 #[derive(Debug, Clone, Copy)] 2697 #[repr(C)] 2698 pub struct NonPagedDebugInfo { 2699 pub signature: U16<LE>, 2700 pub flags: U16<LE>, 2701 pub size: U32<LE>, 2702 pub machine: U16<LE>, 2703 pub characteristics: U16<LE>, 2704 pub time_date_stamp: U32<LE>, 2705 pub check_sum: U32<LE>, 2706 pub size_of_image: U32<LE>, 2707 pub image_base: U64<LE>, 2708 //debug_directory_size 2709 //ImageDebugDirectory 2710 } 2711 2712 pub const IMAGE_SEPARATE_DEBUG_SIGNATURE: u16 = 0x4944; 2713 pub const NON_PAGED_DEBUG_SIGNATURE: u16 = 0x494E; 2714 2715 pub const IMAGE_SEPARATE_DEBUG_FLAGS_MASK: u16 = 0x8000; 2716 /// when DBG was updated, the old checksum didn't match. 2717 pub const IMAGE_SEPARATE_DEBUG_MISMATCH: u16 = 0x8000; 2718 2719 // 2720 // The .arch section is made up of headers, each describing an amask position/value 2721 // pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header 2722 // and entry arrays) are terminiated by a quadword of 0xffffffffL. 2723 // 2724 // NOTE: There may be quadwords of 0 sprinkled around and must be skipped. 2725 // 2726 2727 /* 2728 // TODO? bitfields 2729 #[derive(Debug, Clone, Copy)] 2730 #[repr(C)] 2731 pub struct ImageArchitectureHeader { 2732 /// 1 -> code section depends on mask bit 2733 /// 0 -> new instruction depends on mask bit 2734 unsigned int AmaskValue: 1; 2735 /// MBZ 2736 int :7; 2737 /// Amask bit in question for this fixup 2738 unsigned int AmaskShift: 8; 2739 /// MBZ 2740 int :16; 2741 /// RVA into .arch section to array of ARCHITECTURE_ENTRY's 2742 pub first_entry_rva: U32<LE>, 2743 } 2744 */ 2745 2746 #[derive(Debug, Clone, Copy)] 2747 #[repr(C)] 2748 pub struct ImageArchitectureEntry { 2749 /// RVA of instruction to fixup 2750 pub fixup_inst_rva: U32<LE>, 2751 /// fixup instruction (see alphaops.h) 2752 pub new_inst: U32<LE>, 2753 } 2754 2755 // The following structure defines the new import object. Note the values of the first two fields, 2756 // which must be set as stated in order to differentiate old and new import members. 2757 // Following this structure, the linker emits two null-terminated strings used to recreate the 2758 // import at the time of use. The first string is the import's name, the second is the dll's name. 2759 2760 pub const IMPORT_OBJECT_HDR_SIG2: u16 = 0xffff; 2761 2762 #[derive(Debug, Clone, Copy)] 2763 #[repr(C)] 2764 pub struct ImportObjectHeader { 2765 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 2766 pub sig1: U16<LE>, 2767 /// Must be IMPORT_OBJECT_HDR_SIG2. 2768 pub sig2: U16<LE>, 2769 pub version: U16<LE>, 2770 pub machine: U16<LE>, 2771 /// Time/date stamp 2772 pub time_date_stamp: U32<LE>, 2773 /// particularly useful for incremental links 2774 pub size_of_data: U32<LE>, 2775 2776 /// if grf & IMPORT_OBJECT_ORDINAL 2777 pub ordinal_or_hint: U16<LE>, 2778 2779 // WORD Type : 2; 2780 // WORD NameType : 3; 2781 // WORD Reserved : 11; 2782 pub name_type: U16<LE>, 2783 } 2784 2785 pub const IMPORT_OBJECT_CODE: u16 = 0; 2786 pub const IMPORT_OBJECT_DATA: u16 = 1; 2787 pub const IMPORT_OBJECT_CONST: u16 = 2; 2788 2789 /// Import by ordinal 2790 pub const IMPORT_OBJECT_ORDINAL: u16 = 0; 2791 /// Import name == public symbol name. 2792 pub const IMPORT_OBJECT_NAME: u16 = 1; 2793 /// Import name == public symbol name skipping leading ?, @, or optionally _. 2794 pub const IMPORT_OBJECT_NAME_NO_PREFIX: u16 = 2; 2795 /// Import name == public symbol name skipping leading ?, @, or optionally _ and truncating at first @. 2796 pub const IMPORT_OBJECT_NAME_UNDECORATE: u16 = 3; 2797 /// Import name == a name is explicitly provided after the DLL name. 2798 pub const IMPORT_OBJECT_NAME_EXPORTAS: u16 = 4; 2799 2800 // COM+ Header entry point flags. 2801 pub const COMIMAGE_FLAGS_ILONLY: u32 = 0x0000_0001; 2802 pub const COMIMAGE_FLAGS_32BITREQUIRED: u32 = 0x0000_0002; 2803 pub const COMIMAGE_FLAGS_IL_LIBRARY: u32 = 0x0000_0004; 2804 pub const COMIMAGE_FLAGS_STRONGNAMESIGNED: u32 = 0x0000_0008; 2805 pub const COMIMAGE_FLAGS_NATIVE_ENTRYPOINT: u32 = 0x0000_0010; 2806 pub const COMIMAGE_FLAGS_TRACKDEBUGDATA: u32 = 0x0001_0000; 2807 pub const COMIMAGE_FLAGS_32BITPREFERRED: u32 = 0x0002_0000; 2808 2809 // Version flags for image. 2810 pub const COR_VERSION_MAJOR_V2: u16 = 2; 2811 pub const COR_VERSION_MAJOR: u16 = COR_VERSION_MAJOR_V2; 2812 pub const COR_VERSION_MINOR: u16 = 5; 2813 pub const COR_DELETED_NAME_LENGTH: usize = 8; 2814 pub const COR_VTABLEGAP_NAME_LENGTH: usize = 8; 2815 2816 // Maximum size of a NativeType descriptor. 2817 pub const NATIVE_TYPE_MAX_CB: u16 = 1; 2818 pub const COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE: u16 = 0xFF; 2819 2820 // Consts for the MIH FLAGS 2821 pub const IMAGE_COR_MIH_METHODRVA: u16 = 0x01; 2822 pub const IMAGE_COR_MIH_EHRVA: u16 = 0x02; 2823 pub const IMAGE_COR_MIH_BASICBLOCK: u16 = 0x08; 2824 2825 // V-table constants 2826 /// V-table slots are 32-bits in size. 2827 pub const COR_VTABLE_32BIT: u16 = 0x01; 2828 /// V-table slots are 64-bits in size. 2829 pub const COR_VTABLE_64BIT: u16 = 0x02; 2830 /// If set, transition from unmanaged. 2831 pub const COR_VTABLE_FROM_UNMANAGED: u16 = 0x04; 2832 /// If set, transition from unmanaged with keeping the current appdomain. 2833 pub const COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN: u16 = 0x08; 2834 /// Call most derived method described by 2835 pub const COR_VTABLE_CALL_MOST_DERIVED: u16 = 0x10; 2836 2837 // EATJ constants 2838 /// Size of a jump thunk reserved range. 2839 pub const IMAGE_COR_EATJ_THUNK_SIZE: usize = 32; 2840 2841 // Max name lengths 2842 pub const MAX_CLASS_NAME: usize = 1024; 2843 pub const MAX_PACKAGE_NAME: usize = 1024; 2844 2845 // CLR 2.0 header structure. 2846 #[derive(Debug, Clone, Copy)] 2847 #[repr(C)] 2848 pub struct ImageCor20Header { 2849 // Header versioning 2850 pub cb: U32<LE>, 2851 pub major_runtime_version: U16<LE>, 2852 pub minor_runtime_version: U16<LE>, 2853 2854 // Symbol table and startup information 2855 pub meta_data: ImageDataDirectory, 2856 pub flags: U32<LE>, 2857 2858 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, EntryPointToken represents a managed entrypoint. 2859 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, EntryPointRVA represents an RVA to a native entrypoint. 2860 pub entry_point_token_or_rva: U32<LE>, 2861 2862 // Binding information 2863 pub resources: ImageDataDirectory, 2864 pub strong_name_signature: ImageDataDirectory, 2865 2866 // Regular fixup and binding information 2867 pub code_manager_table: ImageDataDirectory, 2868 pub vtable_fixups: ImageDataDirectory, 2869 pub export_address_table_jumps: ImageDataDirectory, 2870 2871 // Precompiled image info (internal use only - set to zero) 2872 pub managed_native_header: ImageDataDirectory, 2873 } 2874 2875 unsafe_impl_pod!( 2876 ImageDosHeader, 2877 ImageOs2Header, 2878 ImageVxdHeader, 2879 ImageFileHeader, 2880 ImageDataDirectory, 2881 ImageOptionalHeader32, 2882 ImageRomOptionalHeader, 2883 ImageOptionalHeader64, 2884 ImageNtHeaders64, 2885 ImageNtHeaders32, 2886 ImageRomHeaders, 2887 Guid, 2888 AnonObjectHeader, 2889 AnonObjectHeaderV2, 2890 AnonObjectHeaderBigobj, 2891 ImageSectionHeader, 2892 ImageSymbol, 2893 ImageSymbolBytes, 2894 ImageSymbolEx, 2895 ImageSymbolExBytes, 2896 ImageAuxSymbolTokenDef, 2897 ImageAuxSymbolFunction, 2898 ImageAuxSymbolFunctionBeginEnd, 2899 ImageAuxSymbolWeak, 2900 ImageAuxSymbolSection, 2901 ImageAuxSymbolCrc, 2902 ImageRelocation, 2903 ImageLinenumber, 2904 ImageBaseRelocation, 2905 ImageArchiveMemberHeader, 2906 ImageExportDirectory, 2907 ImageImportByName, 2908 //ImageThunkData64, 2909 //ImageThunkData32, 2910 ImageTlsDirectory64, 2911 ImageTlsDirectory32, 2912 ImageImportDescriptor, 2913 ImageBoundImportDescriptor, 2914 ImageBoundForwarderRef, 2915 ImageDelayloadDescriptor, 2916 ImageResourceDirectory, 2917 ImageResourceDirectoryEntry, 2918 ImageResourceDirectoryString, 2919 ImageResourceDirStringU, 2920 ImageResourceDataEntry, 2921 ImageLoadConfigCodeIntegrity, 2922 ImageDynamicRelocationTable, 2923 ImageDynamicRelocation32, 2924 ImageDynamicRelocation64, 2925 ImageDynamicRelocation32V2, 2926 ImageDynamicRelocation64V2, 2927 ImagePrologueDynamicRelocationHeader, 2928 ImageEpilogueDynamicRelocationHeader, 2929 //ImageImportControlTransferDynamicRelocation, 2930 //ImageIndirControlTransferDynamicRelocation, 2931 //ImageSwitchtableBranchDynamicRelocation, 2932 ImageLoadConfigDirectory32, 2933 ImageLoadConfigDirectory64, 2934 ImageHotPatchInfo, 2935 ImageHotPatchBase, 2936 ImageHotPatchHashes, 2937 //ImageCeRuntimeFunctionEntry, 2938 ImageArmRuntimeFunctionEntry, 2939 ImageArm64RuntimeFunctionEntry, 2940 ImageAlpha64RuntimeFunctionEntry, 2941 ImageAlphaRuntimeFunctionEntry, 2942 ImageRuntimeFunctionEntry, 2943 ImageEnclaveConfig32, 2944 ImageEnclaveConfig64, 2945 ImageEnclaveImport, 2946 ImageDebugDirectory, 2947 ImageCoffSymbolsHeader, 2948 //FpoData, 2949 ImageDebugMisc, 2950 ImageFunctionEntry, 2951 ImageFunctionEntry64, 2952 ImageSeparateDebugHeader, 2953 NonPagedDebugInfo, 2954 //ImageArchitectureHeader, 2955 ImageArchitectureEntry, 2956 ImportObjectHeader, 2957 ImageCor20Header, 2958 ); 2959