1 #pragma once 2 3 #define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x010b 4 #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x020b 5 6 #define IMAGE_DOS_MAGIC 0x5a4d 7 #define IMAGE_PE_MAGIC 0x00004550 8 #define IMAGE_SIZEOF_SHORT_NAME 8 9 10 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 11 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 12 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 13 14 #define IMAGE_FILE_MACHINE_I386 0x14c 15 #define IMAGE_FILE_MACHINE_AMD64 0x8664 16 #define IMAGE_FILE_MACHINE_IA64 0x0200 17 18 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 19 20 #define IMAGE_SCN_TYPE_NOLOAD 0x00000002 21 #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 22 #define IMAGE_SCN_CNT_CODE 0x00000020 23 #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 24 #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 25 #define IMAGE_SCN_LNK_OTHER 0x00000100 26 #define IMAGE_SCN_LNK_INFO 0x00000200 27 #define IMAGE_SCN_LNK_REMOVE 0x00000800 28 #define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 29 #define IMAGE_SCN_GPREL 0x00008000 30 #define IMAGE_SCN_MEM_PURGEABLE 0x00020000 31 #define IMAGE_SCN_MEM_LOCKED 0x00040000 32 #define IMAGE_SCN_MEM_PRELOAD 0x00080000 33 #define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 34 #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 35 #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 36 #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 37 #define IMAGE_SCN_MEM_SHARED 0x10000000 38 #define IMAGE_SCN_MEM_EXECUTE 0x20000000 39 #define IMAGE_SCN_MEM_READ 0x40000000 40 #define IMAGE_SCN_MEM_WRITE 0x80000000 41 42 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 43 44 #define IMAGE_REL_I386_ABSOLUTE 0x0001 45 #define IMAGE_REL_I386_REL16 0x0002 46 #define IMAGE_REL_I386_DIR32 0x0006 47 48 #pragma pack(push,2) 49 typedef struct _IMAGE_DOS_HEADER { 50 WORD e_magic; 51 WORD e_cblp; 52 WORD e_cp; 53 WORD e_crlc; 54 WORD e_cparhdr; 55 WORD e_minalloc; 56 WORD e_maxalloc; 57 WORD e_ss; 58 WORD e_sp; 59 WORD e_csum; 60 WORD e_ip; 61 WORD e_cs; 62 WORD e_lfarlc; 63 WORD e_ovno; 64 WORD e_res[4]; 65 WORD e_oemid; 66 WORD e_oeminfo; 67 WORD e_res2[10]; 68 LONG e_lfanew; 69 } IMAGE_DOS_HEADER,*PIMAGE_DOS_HEADER; 70 #pragma pack(pop) 71 72 #pragma pack(push,4) 73 typedef struct _IMAGE_FILE_HEADER { 74 WORD Machine; 75 WORD NumberOfSections; 76 DWORD TimeDateStamp; 77 DWORD PointerToSymbolTable; 78 DWORD NumberOfSymbols; 79 WORD SizeOfOptionalHeader; 80 WORD Characteristics; 81 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 82 #pragma pack(pop) 83 84 typedef struct _IMAGE_DATA_DIRECTORY { 85 DWORD VirtualAddress; 86 DWORD Size; 87 } IMAGE_DATA_DIRECTORY,*PIMAGE_DATA_DIRECTORY; 88 89 typedef struct _IMAGE_OPTIONAL_HEADER32 { 90 WORD Magic; 91 BYTE MajorLinkerVersion; 92 BYTE MinorLinkerVersion; 93 DWORD SizeOfCode; 94 DWORD SizeOfInitializedData; 95 DWORD SizeOfUninitializedData; 96 DWORD AddressOfEntryPoint; 97 DWORD BaseOfCode; 98 DWORD BaseOfData; 99 DWORD ImageBase; 100 DWORD SectionAlignment; 101 DWORD FileAlignment; 102 WORD MajorOperatingSystemVersion; 103 WORD MinorOperatingSystemVersion; 104 WORD MajorImageVersion; 105 WORD MinorImageVersion; 106 WORD MajorSubsystemVersion; 107 WORD MinorSubsystemVersion; 108 DWORD Win32VersionValue; 109 DWORD SizeOfImage; 110 DWORD SizeOfHeaders; 111 DWORD CheckSum; 112 WORD Subsystem; 113 WORD DllCharacteristics; 114 DWORD SizeOfStackReserve; 115 DWORD SizeOfStackCommit; 116 DWORD SizeOfHeapReserve; 117 DWORD SizeOfHeapCommit; 118 DWORD LoaderFlags; 119 DWORD NumberOfRvaAndSizes; 120 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 121 } IMAGE_OPTIONAL_HEADER32,*PIMAGE_OPTIONAL_HEADER32; 122 123 typedef struct _IMAGE_OPTIONAL_HEADER64 { 124 WORD Magic; 125 BYTE MajorLinkerVersion; 126 BYTE MinorLinkerVersion; 127 DWORD SizeOfCode; 128 DWORD SizeOfInitializedData; 129 DWORD SizeOfUninitializedData; 130 DWORD AddressOfEntryPoint; 131 DWORD BaseOfCode; 132 ULONGLONG ImageBase; 133 DWORD SectionAlignment; 134 DWORD FileAlignment; 135 WORD MajorOperatingSystemVersion; 136 WORD MinorOperatingSystemVersion; 137 WORD MajorImageVersion; 138 WORD MinorImageVersion; 139 WORD MajorSubsystemVersion; 140 WORD MinorSubsystemVersion; 141 DWORD Win32VersionValue; 142 DWORD SizeOfImage; 143 DWORD SizeOfHeaders; 144 DWORD CheckSum; 145 WORD Subsystem; 146 WORD DllCharacteristics; 147 ULONGLONG SizeOfStackReserve; 148 ULONGLONG SizeOfStackCommit; 149 ULONGLONG SizeOfHeapReserve; 150 ULONGLONG SizeOfHeapCommit; 151 DWORD LoaderFlags; 152 DWORD NumberOfRvaAndSizes; 153 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 154 } IMAGE_OPTIONAL_HEADER64,*PIMAGE_OPTIONAL_HEADER64; 155 156 #ifdef _TARGET_PE64 157 typedef IMAGE_OPTIONAL_HEADER64 IMAGE_OPTIONAL_HEADER; 158 typedef PIMAGE_OPTIONAL_HEADER64 PIMAGE_OPTIONAL_HEADER; 159 #else 160 typedef IMAGE_OPTIONAL_HEADER32 IMAGE_OPTIONAL_HEADER; 161 typedef PIMAGE_OPTIONAL_HEADER32 PIMAGE_OPTIONAL_HEADER; 162 #endif 163 164 typedef struct _IMAGE_NT_HEADERS32 165 { 166 DWORD Signature; 167 IMAGE_FILE_HEADER FileHeader; 168 IMAGE_OPTIONAL_HEADER32 OptionalHeader; 169 } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32; 170 171 typedef struct _IMAGE_NT_HEADERS64 172 { 173 DWORD Signature; 174 IMAGE_FILE_HEADER FileHeader; 175 IMAGE_OPTIONAL_HEADER32 OptionalHeader; 176 } IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64; 177 178 #ifdef _TARGET_PE64 179 typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS; 180 typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS; 181 #else 182 typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS; 183 typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS; 184 #endif 185 186 typedef struct _IMAGE_SECTION_HEADER { 187 BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; 188 union { 189 DWORD PhysicalAddress; 190 DWORD VirtualSize; 191 } Misc; 192 DWORD VirtualAddress; 193 DWORD SizeOfRawData; 194 DWORD PointerToRawData; 195 DWORD PointerToRelocations; 196 DWORD PointerToLinenumbers; 197 WORD NumberOfRelocations; 198 WORD NumberOfLinenumbers; 199 DWORD Characteristics; 200 } IMAGE_SECTION_HEADER,*PIMAGE_SECTION_HEADER; 201 202 #pragma pack(push,4) 203 typedef struct _IMAGE_BASE_RELOCATION { 204 DWORD VirtualAddress; 205 DWORD SizeOfBlock; 206 // Followed by: WORD TypeOffset[ANYSIZE_ARRAY]; 207 } IMAGE_BASE_RELOCATION,*PIMAGE_BASE_RELOCATION; 208 #pragma pack(pop) 209 210 #ifndef UNALIGNED 211 #define UNALIGNED 212 #endif 213 214 #pragma pack(push,2) 215 typedef struct _IMAGE_RELOCATION { 216 union { 217 DWORD VirtualAddress; 218 DWORD RelocCount; 219 }; 220 DWORD SymbolTableIndex; 221 WORD Type; 222 } IMAGE_RELOCATION; 223 typedef struct _IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION; 224 #pragma pack(pop) 225 226 #pragma pack(push,2) 227 typedef struct _IMAGE_SYMBOL { 228 union { 229 BYTE ShortName[8]; 230 struct { 231 DWORD Short; 232 DWORD Long; 233 } Name; 234 DWORD LongName[2]; 235 } N; 236 DWORD Value; 237 SHORT SectionNumber; 238 WORD Type; 239 BYTE StorageClass; 240 BYTE NumberOfAuxSymbols; 241 } IMAGE_SYMBOL; 242 typedef struct _IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL; 243 #pragma pack(pop) 244 245 #define IMAGE_DOS_SIGNATURE 0x5A4D 246 #define IMAGE_OS2_SIGNATURE 0x454E 247 #define IMAGE_OS2_SIGNATURE_LE 0x454C 248 #define IMAGE_VXD_SIGNATURE 0x454C 249 #define IMAGE_NT_SIGNATURE 0x00004550 250 251 #define IMAGE_FIRST_SECTION(h) ((PIMAGE_SECTION_HEADER) ((ULONG_PTR)h+FIELD_OFFSET(IMAGE_NT_HEADERS,OptionalHeader)+((PIMAGE_NT_HEADERS)(h))->FileHeader.SizeOfOptionalHeader)) 252