1 #pragma once 2 3 #include "../../redasm.h" 4 #include "pe_constants.h" 5 6 #define IMAGE_FIRST_SECTION(ntheaders) reinterpret_cast<ImageSectionHeader*>(reinterpret_cast<size_t>(ntheaders) + \ 7 ntheaders->FileHeader.SizeOfOptionalHeader + 0x18) 8 9 namespace REDasm { 10 11 struct ImageDosHeader 12 { 13 u16 e_magic, e_cblp, e_cp, e_crlc, e_cparhdr; 14 u16 e_minalloc, e_maxalloc; 15 u16 e_ss, e_sp, e_csum, e_ip, e_cs; 16 u16 e_lfarlc, e_ovno, e_res[4]; 17 u16 e_oemid, e_oeminfo, e_res2[10]; 18 u32 e_lfanew; 19 }; 20 21 struct ImageFileHeader 22 { 23 u16 Machine, NumberOfSections; 24 u32 TimeDateStamp, PointerToSymbolTable, NumberOfSymbols; 25 u16 SizeOfOptionalHeader, Characteristics; 26 }; 27 28 struct ImageDataDirectory { u32 VirtualAddress, Size; }; 29 30 struct ImageOptionalHeader32 31 { 32 u16 Magic; 33 u8 MajorLinkerVersion, MinorLinkerVersion; 34 u32 SizeOfCode, SizeOfInitializedData, SizeOfUninitializedData; 35 u32 AddressOfEntryPoint, BaseOfCode, BaseOfData, ImageBase; 36 u32 SectionAlignment, FileAlignment; 37 u16 MajorOperatingSystemVersion, MinorOperatingSystemVersion; 38 u16 MajorImageVersion, MinorImageVersion; 39 u16 MajorSubsystemVersion, MinorSubsystemVersion; 40 u32 Win32VersionValue, SizeOfImage, SizeOfHeaders, CheckSum; 41 u16 Subsystem, DllCharacteristics; 42 u32 SizeOfStackReserve, SizeOfStackCommit; 43 u32 SizeOfHeapReserve, SizeOfHeapCommit; 44 u32 LoaderFlags, NumberOfRvaAndSizes; 45 ImageDataDirectory DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 46 }; 47 48 struct ImageOptionalHeader64 49 { 50 u16 Magic; 51 u8 MajorLinkerVersion, MinorLinkerVersion; 52 u32 SizeOfCode, SizeOfInitializedData, SizeOfUninitializedData; 53 u32 AddressOfEntryPoint, BaseOfCode; 54 u64 ImageBase; 55 u32 SectionAlignment, FileAlignment; 56 u16 MajorOperatingSystemVersion, MinorOperatingSystemVersion; 57 u16 MajorImageVersion, MinorImageVersion; 58 u16 MajorSubsystemVersion, MinorSubsystemVersion; 59 u32 Win32VersionValue, SizeOfImage, SizeOfHeaders; 60 u32 CheckSum; 61 u16 Subsystem, DllCharacteristics; 62 u64 SizeOfStackReserve, SizeOfStackCommit; 63 u64 SizeOfHeapReserve, SizeOfHeapCommit; 64 u32 LoaderFlags, NumberOfRvaAndSizes; 65 ImageDataDirectory DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 66 }; 67 68 struct ImageNtHeaders 69 { 70 u32 Signature; 71 ImageFileHeader FileHeader; 72 73 union 74 { 75 u16 OptionalHeaderMagic; 76 ImageOptionalHeader32 OptionalHeader32; 77 ImageOptionalHeader64 OptionalHeader64; 78 }; 79 }; 80 81 struct ImageSectionHeader 82 { 83 u8 Name[IMAGE_SIZEOF_SHORT_NAME]; 84 union { u32 PhysicalAddress, VirtualSize; } Misc; 85 86 u32 VirtualAddress, SizeOfRawData, PointerToRawData; 87 u32 PointerToRelocations, PointerToLinenumbers; 88 u16 NumberOfRelocations, NumberOfLinenumbers; 89 u32 Characteristics; 90 }; 91 92 struct ImageExportDirectory 93 { 94 u32 Characteristics, TimeDateStamp; 95 u16 MajorVersion, MinorVersion; 96 u32 Name, Base; 97 u32 NumberOfFunctions, NumberOfNames; 98 u32 AddressOfFunctions, AddressOfNames, AddressOfNameOrdinals; 99 }; 100 101 struct ImageDebugDirectory 102 { 103 u32 Characteristics, TimeDateStamp; 104 u16 MajorVersion, MinorVersion; 105 u32 Type, SizeOfData; 106 u32 AddressOfRawData, PointerToRawData; 107 }; 108 109 struct ImageBaseRelocation { u32 VirtualAddress, SizeOfBlock; /* u16 TypeOffset[1]; */ }; 110 111 struct ImageResourceDirectory 112 { 113 u32 Characteristics, TimeDateStamp; 114 u16 MajorVersion, MinorVersion; 115 u16 NumberOfNamedEntries, NumberOfIdEntries; 116 // ImageResourceDirectoryEntry DirectoryEntries[]; 117 }; 118 119 struct ImageResourceDirectoryEntry 120 { 121 union 122 { 123 struct { u32 NameOffset:31, NameIsString:1; }; 124 u32 Name; 125 u16 Id; 126 }; 127 128 union 129 { 130 u32 OffsetToData; 131 struct { u32 OffsetToDirectory:31, DataIsDirectory:1; }; 132 }; 133 }; 134 135 struct ImageResourceDirStringU { u16 Length; char NameString[1]; }; 136 struct ImageResourceDataEntry { u32 OffsetToData, Size, CodePage, Reserved; }; 137 138 struct ImageImportDescriptor 139 { 140 union { u32 Characteristics, OriginalFirstThunk; }; 141 142 u32 TimeDateStamp, ForwarderChain; 143 u32 Name, FirstThunk; 144 }; 145 146 struct ImageImportByName { u16 Hint; u8 Name[1]; }; 147 148 typedef u32 ImageThunkData32; 149 typedef u64 ImageThunkData64; 150 151 template<typename T> struct ImageTlsDirectory 152 { 153 T StartAddressOfRawData; 154 T EndAddressOfRawData; 155 T AddressOfIndex; 156 T AddressOfCallBacks; 157 u32 SizeOfZeroFill; 158 u32 Characteristics; 159 }; 160 161 typedef ImageTlsDirectory<u32> ImageTlsDirectory32; 162 typedef ImageTlsDirectory<u64> ImageTlsDirectory64; 163 164 struct ImageLoadConfigDirectory32 165 { 166 u32 Size, TimeDateStamp; 167 u16 MajorVersion, MinorVersion; 168 u32 GlobalFlagsClear, GlobalFlagsSet, CriticalSectionDefaultTimeout; 169 u32 DeCommitFreeBlockThreshold, DeCommitTotalFreeThreshold; 170 u32 LockPrefixTable; // VA 171 u32 MaximumAllocationSize, VirtualMemoryThreshold; 172 u32 ProcessHeapFlags, ProcessAffinityMask; 173 u16 CSDVersion, Reserved1; 174 u32 EditList; // VA 175 u32 SecurityCookie; // VA 176 u32 SEHandlerTable; // VA 177 u32 SEHandlerCount; 178 u32 GuardCFCheckFunctionPointer; // VA 179 u32 Reserved2; 180 u32 GuardCFFunctionTable; // VA 181 u32 GuardCFFunctionCount, GuardFlags; 182 }; 183 184 struct ImageLoadConfigDirectory64 185 { 186 u32 Size, TimeDateStamp; 187 u16 MajorVersion, MinorVersion; 188 u32 GlobalFlagsClear, GlobalFlagsSet, CriticalSectionDefaultTimeout; 189 u64 DeCommitFreeBlockThreshold, DeCommitTotalFreeThreshold; 190 u64 LockPrefixTable; // VA 191 u64 MaximumAllocationSize, VirtualMemoryThreshold; 192 u64 ProcessAffinityMask, ProcessHeapFlags; 193 u16 CSDVersion, Reserved1; 194 u64 EditList; // VA 195 u64 SecurityCookie; // VA 196 u64 SEHandlerTable; // VA 197 u64 SEHandlerCount; 198 u64 GuardCFCheckFunctionPointer; // VA 199 u64 Reserved2; 200 u64 GuardCFFunctionTable; // VA 201 u64 GuardCFFunctionCount; 202 u32 GuardFlags; 203 }; 204 205 struct ImageRuntimeFunctionEntry { u32 BeginAddress, EndAddress, UnwindInfoAddress; }; 206 207 union UnwindCodeU 208 { 209 struct { 210 u8 CodeOffset; 211 u8 UnwindOp : 4; 212 u8 OpInfo : 4; 213 }; 214 215 u16 FrameOffset; 216 }; 217 218 struct UnwindInfo 219 { 220 u8 Version : 3; 221 u8 Flags : 5; 222 u8 SizeOfProlog; 223 u8 CountOfCodes; 224 u8 FrameRegister : 4; 225 u8 FrameOffset : 4; 226 UnwindCodeU UnwindCode[1]; 227 }; 228 229 } // namespace REDasm 230