1 //! PE/COFF definitions. 2 //! 3 //! These definitions are independent of read/write support, although we do implement 4 //! some traits useful for those. 5 //! 6 //! This module is based heavily on "winnt.h" (10.0.17763.0). 7 8 #![allow(missing_docs)] 9 10 use crate::endian::{LittleEndian as LE, U16Bytes, U32Bytes, I32, U16, U32, U64}; 11 use crate::pod::Pod; 12 13 /// MZ 14 pub const IMAGE_DOS_SIGNATURE: u16 = 0x5A4D; 15 /// NE 16 pub const IMAGE_OS2_SIGNATURE: u16 = 0x454E; 17 /// LE 18 pub const IMAGE_OS2_SIGNATURE_LE: u16 = 0x454C; 19 /// LE 20 pub const IMAGE_VXD_SIGNATURE: u16 = 0x454C; 21 /// PE00 22 pub const IMAGE_NT_SIGNATURE: u32 = 0x0000_4550; 23 24 /// DOS .EXE header 25 #[derive(Debug, Clone, Copy)] 26 #[repr(C)] 27 pub struct ImageDosHeader { 28 /// Magic number 29 pub e_magic: U16<LE>, 30 /// Bytes on last page of file 31 pub e_cblp: U16<LE>, 32 /// Pages in file 33 pub e_cp: U16<LE>, 34 /// Relocations 35 pub e_crlc: U16<LE>, 36 /// Size of header in paragraphs 37 pub e_cparhdr: U16<LE>, 38 /// Minimum extra paragraphs needed 39 pub e_minalloc: U16<LE>, 40 /// Maximum extra paragraphs needed 41 pub e_maxalloc: U16<LE>, 42 /// Initial (relative) SS value 43 pub e_ss: U16<LE>, 44 /// Initial SP value 45 pub e_sp: U16<LE>, 46 /// Checksum 47 pub e_csum: U16<LE>, 48 /// Initial IP value 49 pub e_ip: U16<LE>, 50 /// Initial (relative) CS value 51 pub e_cs: U16<LE>, 52 /// File address of relocation table 53 pub e_lfarlc: U16<LE>, 54 /// Overlay number 55 pub e_ovno: U16<LE>, 56 /// Reserved words 57 pub e_res: [U16<LE>; 4], 58 /// OEM identifier (for e_oeminfo) 59 pub e_oemid: U16<LE>, 60 /// OEM information; e_oemid specific 61 pub e_oeminfo: U16<LE>, 62 /// Reserved words 63 pub e_res2: [U16<LE>; 10], 64 /// File address of new exe header 65 pub e_lfanew: U32<LE>, 66 } 67 68 /// OS/2 .EXE header 69 #[derive(Debug, Clone, Copy)] 70 #[repr(C)] 71 pub struct ImageOs2Header { 72 /// Magic number 73 pub ne_magic: U16<LE>, 74 /// Version number 75 pub ne_ver: i8, 76 /// Revision number 77 pub ne_rev: i8, 78 /// Offset of Entry Table 79 pub ne_enttab: U16<LE>, 80 /// Number of bytes in Entry Table 81 pub ne_cbenttab: U16<LE>, 82 /// Checksum of whole file 83 pub ne_crc: I32<LE>, 84 /// Flag word 85 pub ne_flags: U16<LE>, 86 /// Automatic data segment number 87 pub ne_autodata: U16<LE>, 88 /// Initial heap allocation 89 pub ne_heap: U16<LE>, 90 /// Initial stack allocation 91 pub ne_stack: U16<LE>, 92 /// Initial CS:IP setting 93 pub ne_csip: I32<LE>, 94 /// Initial SS:SP setting 95 pub ne_sssp: I32<LE>, 96 /// Count of file segments 97 pub ne_cseg: U16<LE>, 98 /// Entries in Module Reference Table 99 pub ne_cmod: U16<LE>, 100 /// Size of non-resident name table 101 pub ne_cbnrestab: U16<LE>, 102 /// Offset of Segment Table 103 pub ne_segtab: U16<LE>, 104 /// Offset of Resource Table 105 pub ne_rsrctab: U16<LE>, 106 /// Offset of resident name table 107 pub ne_restab: U16<LE>, 108 /// Offset of Module Reference Table 109 pub ne_modtab: U16<LE>, 110 /// Offset of Imported Names Table 111 pub ne_imptab: U16<LE>, 112 /// Offset of Non-resident Names Table 113 pub ne_nrestab: I32<LE>, 114 /// Count of movable entries 115 pub ne_cmovent: U16<LE>, 116 /// Segment alignment shift count 117 pub ne_align: U16<LE>, 118 /// Count of resource segments 119 pub ne_cres: U16<LE>, 120 /// Target Operating system 121 pub ne_exetyp: u8, 122 /// Other .EXE flags 123 pub ne_flagsothers: u8, 124 /// offset to return thunks 125 pub ne_pretthunks: U16<LE>, 126 /// offset to segment ref. bytes 127 pub ne_psegrefbytes: U16<LE>, 128 /// Minimum code swap area size 129 pub ne_swaparea: U16<LE>, 130 /// Expected Windows version number 131 pub ne_expver: U16<LE>, 132 } 133 134 /// Windows VXD header 135 #[derive(Debug, Clone, Copy)] 136 #[repr(C)] 137 pub struct ImageVxdHeader { 138 /// Magic number 139 pub e32_magic: U16<LE>, 140 /// The byte ordering for the VXD 141 pub e32_border: u8, 142 /// The word ordering for the VXD 143 pub e32_worder: u8, 144 /// The EXE format level for now = 0 145 pub e32_level: U32<LE>, 146 /// The CPU type 147 pub e32_cpu: U16<LE>, 148 /// The OS type 149 pub e32_os: U16<LE>, 150 /// Module version 151 pub e32_ver: U32<LE>, 152 /// Module flags 153 pub e32_mflags: U32<LE>, 154 /// Module # pages 155 pub e32_mpages: U32<LE>, 156 /// Object # for instruction pointer 157 pub e32_startobj: U32<LE>, 158 /// Extended instruction pointer 159 pub e32_eip: U32<LE>, 160 /// Object # for stack pointer 161 pub e32_stackobj: U32<LE>, 162 /// Extended stack pointer 163 pub e32_esp: U32<LE>, 164 /// VXD page size 165 pub e32_pagesize: U32<LE>, 166 /// Last page size in VXD 167 pub e32_lastpagesize: U32<LE>, 168 /// Fixup section size 169 pub e32_fixupsize: U32<LE>, 170 /// Fixup section checksum 171 pub e32_fixupsum: U32<LE>, 172 /// Loader section size 173 pub e32_ldrsize: U32<LE>, 174 /// Loader section checksum 175 pub e32_ldrsum: U32<LE>, 176 /// Object table offset 177 pub e32_objtab: U32<LE>, 178 /// Number of objects in module 179 pub e32_objcnt: U32<LE>, 180 /// Object page map offset 181 pub e32_objmap: U32<LE>, 182 /// Object iterated data map offset 183 pub e32_itermap: U32<LE>, 184 /// Offset of Resource Table 185 pub e32_rsrctab: U32<LE>, 186 /// Number of resource entries 187 pub e32_rsrccnt: U32<LE>, 188 /// Offset of resident name table 189 pub e32_restab: U32<LE>, 190 /// Offset of Entry Table 191 pub e32_enttab: U32<LE>, 192 /// Offset of Module Directive Table 193 pub e32_dirtab: U32<LE>, 194 /// Number of module directives 195 pub e32_dircnt: U32<LE>, 196 /// Offset of Fixup Page Table 197 pub e32_fpagetab: U32<LE>, 198 /// Offset of Fixup Record Table 199 pub e32_frectab: U32<LE>, 200 /// Offset of Import Module Name Table 201 pub e32_impmod: U32<LE>, 202 /// Number of entries in Import Module Name Table 203 pub e32_impmodcnt: U32<LE>, 204 /// Offset of Import Procedure Name Table 205 pub e32_impproc: U32<LE>, 206 /// Offset of Per-Page Checksum Table 207 pub e32_pagesum: U32<LE>, 208 /// Offset of Enumerated Data Pages 209 pub e32_datapage: U32<LE>, 210 /// Number of preload pages 211 pub e32_preload: U32<LE>, 212 /// Offset of Non-resident Names Table 213 pub e32_nrestab: U32<LE>, 214 /// Size of Non-resident Name Table 215 pub e32_cbnrestab: U32<LE>, 216 /// Non-resident Name Table Checksum 217 pub e32_nressum: U32<LE>, 218 /// Object # for automatic data object 219 pub e32_autodata: U32<LE>, 220 /// Offset of the debugging information 221 pub e32_debuginfo: U32<LE>, 222 /// The length of the debugging info. in bytes 223 pub e32_debuglen: U32<LE>, 224 /// Number of instance pages in preload section of VXD file 225 pub e32_instpreload: U32<LE>, 226 /// Number of instance pages in demand load section of VXD file 227 pub e32_instdemand: U32<LE>, 228 /// Size of heap - for 16-bit apps 229 pub e32_heapsize: U32<LE>, 230 /// Reserved words 231 pub e32_res3: [u8; 12], 232 pub e32_winresoff: U32<LE>, 233 pub e32_winreslen: U32<LE>, 234 /// Device ID for VxD 235 pub e32_devid: U16<LE>, 236 /// DDK version for VxD 237 pub e32_ddkver: U16<LE>, 238 } 239 240 /// A PE rich header entry. 241 /// 242 /// Rich headers have no official documentation, but have been heavily 243 /// reversed-engineered and documented in the wild, e.g.: 244 /// * `http://www.ntcore.com/files/richsign.htm` 245 /// * `https://www.researchgate.net/figure/Structure-of-the-Rich-Header_fig1_318145388` 246 /// 247 /// This data is "masked", i.e. XORed with a checksum derived from the file data. 248 #[derive(Debug, Clone, Copy)] 249 #[repr(C)] 250 pub struct MaskedRichHeaderEntry { 251 pub masked_comp_id: U32<LE>, 252 pub masked_count: U32<LE>, 253 } 254 255 // 256 // File header format. 257 // 258 259 #[derive(Debug, Clone, Copy)] 260 #[repr(C)] 261 pub struct ImageFileHeader { 262 pub machine: U16<LE>, 263 pub number_of_sections: U16<LE>, 264 pub time_date_stamp: U32<LE>, 265 pub pointer_to_symbol_table: U32<LE>, 266 pub number_of_symbols: U32<LE>, 267 pub size_of_optional_header: U16<LE>, 268 pub characteristics: U16<LE>, 269 } 270 271 pub const IMAGE_SIZEOF_FILE_HEADER: usize = 20; 272 273 /// Relocation info stripped from file. 274 pub const IMAGE_FILE_RELOCS_STRIPPED: u16 = 0x0001; 275 /// File is executable (i.e. no unresolved external references). 276 pub const IMAGE_FILE_EXECUTABLE_IMAGE: u16 = 0x0002; 277 /// Line nunbers stripped from file. 278 pub const IMAGE_FILE_LINE_NUMS_STRIPPED: u16 = 0x0004; 279 /// Local symbols stripped from file. 280 pub const IMAGE_FILE_LOCAL_SYMS_STRIPPED: u16 = 0x0008; 281 /// Aggressively trim working set 282 pub const IMAGE_FILE_AGGRESIVE_WS_TRIM: u16 = 0x0010; 283 /// App can handle >2gb addresses 284 pub const IMAGE_FILE_LARGE_ADDRESS_AWARE: u16 = 0x0020; 285 /// Bytes of machine word are reversed. 286 pub const IMAGE_FILE_BYTES_REVERSED_LO: u16 = 0x0080; 287 /// 32 bit word machine. 288 pub const IMAGE_FILE_32BIT_MACHINE: u16 = 0x0100; 289 /// Debugging info stripped from file in .DBG file 290 pub const IMAGE_FILE_DEBUG_STRIPPED: u16 = 0x0200; 291 /// If Image is on removable media, copy and run from the swap file. 292 pub const IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP: u16 = 0x0400; 293 /// If Image is on Net, copy and run from the swap file. 294 pub const IMAGE_FILE_NET_RUN_FROM_SWAP: u16 = 0x0800; 295 /// System File. 296 pub const IMAGE_FILE_SYSTEM: u16 = 0x1000; 297 /// File is a DLL. 298 pub const IMAGE_FILE_DLL: u16 = 0x2000; 299 /// File should only be run on a UP machine 300 pub const IMAGE_FILE_UP_SYSTEM_ONLY: u16 = 0x4000; 301 /// Bytes of machine word are reversed. 302 pub const IMAGE_FILE_BYTES_REVERSED_HI: u16 = 0x8000; 303 304 pub const IMAGE_FILE_MACHINE_UNKNOWN: u16 = 0; 305 /// Useful for indicating we want to interact with the host and not a WoW guest. 306 pub const IMAGE_FILE_MACHINE_TARGET_HOST: u16 = 0x0001; 307 /// Intel 386. 308 pub const IMAGE_FILE_MACHINE_I386: u16 = 0x014c; 309 /// MIPS little-endian, 0x160 big-endian 310 pub const IMAGE_FILE_MACHINE_R3000: u16 = 0x0162; 311 /// MIPS little-endian 312 pub const IMAGE_FILE_MACHINE_R4000: u16 = 0x0166; 313 /// MIPS little-endian 314 pub const IMAGE_FILE_MACHINE_R10000: u16 = 0x0168; 315 /// MIPS little-endian WCE v2 316 pub const IMAGE_FILE_MACHINE_WCEMIPSV2: u16 = 0x0169; 317 /// Alpha_AXP 318 pub const IMAGE_FILE_MACHINE_ALPHA: u16 = 0x0184; 319 /// SH3 little-endian 320 pub const IMAGE_FILE_MACHINE_SH3: u16 = 0x01a2; 321 pub const IMAGE_FILE_MACHINE_SH3DSP: u16 = 0x01a3; 322 /// SH3E little-endian 323 pub const IMAGE_FILE_MACHINE_SH3E: u16 = 0x01a4; 324 /// SH4 little-endian 325 pub const IMAGE_FILE_MACHINE_SH4: u16 = 0x01a6; 326 /// SH5 327 pub const IMAGE_FILE_MACHINE_SH5: u16 = 0x01a8; 328 /// ARM Little-Endian 329 pub const IMAGE_FILE_MACHINE_ARM: u16 = 0x01c0; 330 /// ARM Thumb/Thumb-2 Little-Endian 331 pub const IMAGE_FILE_MACHINE_THUMB: u16 = 0x01c2; 332 /// ARM Thumb-2 Little-Endian 333 pub const IMAGE_FILE_MACHINE_ARMNT: u16 = 0x01c4; 334 pub const IMAGE_FILE_MACHINE_AM33: u16 = 0x01d3; 335 /// IBM PowerPC Little-Endian 336 pub const IMAGE_FILE_MACHINE_POWERPC: u16 = 0x01F0; 337 pub const IMAGE_FILE_MACHINE_POWERPCFP: u16 = 0x01f1; 338 /// Intel 64 339 pub const IMAGE_FILE_MACHINE_IA64: u16 = 0x0200; 340 /// MIPS 341 pub const IMAGE_FILE_MACHINE_MIPS16: u16 = 0x0266; 342 /// ALPHA64 343 pub const IMAGE_FILE_MACHINE_ALPHA64: u16 = 0x0284; 344 /// MIPS 345 pub const IMAGE_FILE_MACHINE_MIPSFPU: u16 = 0x0366; 346 /// MIPS 347 pub const IMAGE_FILE_MACHINE_MIPSFPU16: u16 = 0x0466; 348 pub const IMAGE_FILE_MACHINE_AXP64: u16 = IMAGE_FILE_MACHINE_ALPHA64; 349 /// Infineon 350 pub const IMAGE_FILE_MACHINE_TRICORE: u16 = 0x0520; 351 pub const IMAGE_FILE_MACHINE_CEF: u16 = 0x0CEF; 352 /// EFI Byte Code 353 pub const IMAGE_FILE_MACHINE_EBC: u16 = 0x0EBC; 354 /// AMD64 (K8) 355 pub const IMAGE_FILE_MACHINE_AMD64: u16 = 0x8664; 356 /// M32R little-endian 357 pub const IMAGE_FILE_MACHINE_M32R: u16 = 0x9041; 358 /// ARM64 Little-Endian 359 pub const IMAGE_FILE_MACHINE_ARM64: u16 = 0xAA64; 360 pub const IMAGE_FILE_MACHINE_CEE: u16 = 0xC0EE; 361 /// RISCV32 362 pub const IMAGE_FILE_MACHINE_RISCV32: u16 = 0x5032; 363 /// RISCV64 364 pub const IMAGE_FILE_MACHINE_RISCV64: u16 = 0x5064; 365 /// RISCV128 366 pub const IMAGE_FILE_MACHINE_RISCV128: u16 = 0x5128; 367 368 // 369 // Directory format. 370 // 371 372 #[derive(Debug, Clone, Copy)] 373 #[repr(C)] 374 pub struct ImageDataDirectory { 375 pub virtual_address: U32<LE>, 376 pub size: U32<LE>, 377 } 378 379 pub const IMAGE_NUMBEROF_DIRECTORY_ENTRIES: usize = 16; 380 381 // 382 // Optional header format. 383 // 384 385 #[derive(Debug, Clone, Copy)] 386 #[repr(C)] 387 pub struct ImageOptionalHeader32 { 388 // Standard fields. 389 pub magic: U16<LE>, 390 pub major_linker_version: u8, 391 pub minor_linker_version: u8, 392 pub size_of_code: U32<LE>, 393 pub size_of_initialized_data: U32<LE>, 394 pub size_of_uninitialized_data: U32<LE>, 395 pub address_of_entry_point: U32<LE>, 396 pub base_of_code: U32<LE>, 397 pub base_of_data: U32<LE>, 398 399 // NT additional fields. 400 pub image_base: U32<LE>, 401 pub section_alignment: U32<LE>, 402 pub file_alignment: U32<LE>, 403 pub major_operating_system_version: U16<LE>, 404 pub minor_operating_system_version: U16<LE>, 405 pub major_image_version: U16<LE>, 406 pub minor_image_version: U16<LE>, 407 pub major_subsystem_version: U16<LE>, 408 pub minor_subsystem_version: U16<LE>, 409 pub win32_version_value: U32<LE>, 410 pub size_of_image: U32<LE>, 411 pub size_of_headers: U32<LE>, 412 pub check_sum: U32<LE>, 413 pub subsystem: U16<LE>, 414 pub dll_characteristics: U16<LE>, 415 pub size_of_stack_reserve: U32<LE>, 416 pub size_of_stack_commit: U32<LE>, 417 pub size_of_heap_reserve: U32<LE>, 418 pub size_of_heap_commit: U32<LE>, 419 pub loader_flags: U32<LE>, 420 pub number_of_rva_and_sizes: U32<LE>, 421 //pub data_directory: [ImageDataDirectory; IMAGE_NUMBEROF_DIRECTORY_ENTRIES], 422 } 423 424 #[derive(Debug, Clone, Copy)] 425 #[repr(C)] 426 pub struct ImageRomOptionalHeader { 427 pub magic: U16<LE>, 428 pub major_linker_version: u8, 429 pub minor_linker_version: u8, 430 pub size_of_code: U32<LE>, 431 pub size_of_initialized_data: U32<LE>, 432 pub size_of_uninitialized_data: U32<LE>, 433 pub address_of_entry_point: U32<LE>, 434 pub base_of_code: U32<LE>, 435 pub base_of_data: U32<LE>, 436 pub base_of_bss: U32<LE>, 437 pub gpr_mask: U32<LE>, 438 pub cpr_mask: [U32<LE>; 4], 439 pub gp_value: U32<LE>, 440 } 441 442 #[derive(Debug, Clone, Copy)] 443 #[repr(C)] 444 pub struct ImageOptionalHeader64 { 445 pub magic: U16<LE>, 446 pub major_linker_version: u8, 447 pub minor_linker_version: u8, 448 pub size_of_code: U32<LE>, 449 pub size_of_initialized_data: U32<LE>, 450 pub size_of_uninitialized_data: U32<LE>, 451 pub address_of_entry_point: U32<LE>, 452 pub base_of_code: U32<LE>, 453 pub image_base: U64<LE>, 454 pub section_alignment: U32<LE>, 455 pub file_alignment: U32<LE>, 456 pub major_operating_system_version: U16<LE>, 457 pub minor_operating_system_version: U16<LE>, 458 pub major_image_version: U16<LE>, 459 pub minor_image_version: U16<LE>, 460 pub major_subsystem_version: U16<LE>, 461 pub minor_subsystem_version: U16<LE>, 462 pub win32_version_value: U32<LE>, 463 pub size_of_image: U32<LE>, 464 pub size_of_headers: U32<LE>, 465 pub check_sum: U32<LE>, 466 pub subsystem: U16<LE>, 467 pub dll_characteristics: U16<LE>, 468 pub size_of_stack_reserve: U64<LE>, 469 pub size_of_stack_commit: U64<LE>, 470 pub size_of_heap_reserve: U64<LE>, 471 pub size_of_heap_commit: U64<LE>, 472 pub loader_flags: U32<LE>, 473 pub number_of_rva_and_sizes: U32<LE>, 474 //pub data_directory: [ImageDataDirectory; IMAGE_NUMBEROF_DIRECTORY_ENTRIES], 475 } 476 477 pub const IMAGE_NT_OPTIONAL_HDR32_MAGIC: u16 = 0x10b; 478 pub const IMAGE_NT_OPTIONAL_HDR64_MAGIC: u16 = 0x20b; 479 pub const IMAGE_ROM_OPTIONAL_HDR_MAGIC: u16 = 0x107; 480 481 #[derive(Debug, Clone, Copy)] 482 #[repr(C)] 483 pub struct ImageNtHeaders64 { 484 pub signature: U32<LE>, 485 pub file_header: ImageFileHeader, 486 pub optional_header: ImageOptionalHeader64, 487 } 488 489 #[derive(Debug, Clone, Copy)] 490 #[repr(C)] 491 pub struct ImageNtHeaders32 { 492 pub signature: U32<LE>, 493 pub file_header: ImageFileHeader, 494 pub optional_header: ImageOptionalHeader32, 495 } 496 497 #[derive(Debug, Clone, Copy)] 498 #[repr(C)] 499 pub struct ImageRomHeaders { 500 pub file_header: ImageFileHeader, 501 pub optional_header: ImageRomOptionalHeader, 502 } 503 504 // Values for `ImageOptionalHeader*::subsystem`. 505 506 /// Unknown subsystem. 507 pub const IMAGE_SUBSYSTEM_UNKNOWN: u16 = 0; 508 /// Image doesn't require a subsystem. 509 pub const IMAGE_SUBSYSTEM_NATIVE: u16 = 1; 510 /// Image runs in the Windows GUI subsystem. 511 pub const IMAGE_SUBSYSTEM_WINDOWS_GUI: u16 = 2; 512 /// Image runs in the Windows character subsystem. 513 pub const IMAGE_SUBSYSTEM_WINDOWS_CUI: u16 = 3; 514 /// image runs in the OS/2 character subsystem. 515 pub const IMAGE_SUBSYSTEM_OS2_CUI: u16 = 5; 516 /// image runs in the Posix character subsystem. 517 pub const IMAGE_SUBSYSTEM_POSIX_CUI: u16 = 7; 518 /// image is a native Win9x driver. 519 pub const IMAGE_SUBSYSTEM_NATIVE_WINDOWS: u16 = 8; 520 /// Image runs in the Windows CE subsystem. 521 pub const IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: u16 = 9; 522 pub const IMAGE_SUBSYSTEM_EFI_APPLICATION: u16 = 10; 523 pub const IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: u16 = 11; 524 pub const IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: u16 = 12; 525 pub const IMAGE_SUBSYSTEM_EFI_ROM: u16 = 13; 526 pub const IMAGE_SUBSYSTEM_XBOX: u16 = 14; 527 pub const IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: u16 = 16; 528 pub const IMAGE_SUBSYSTEM_XBOX_CODE_CATALOG: u16 = 17; 529 530 // Values for `ImageOptionalHeader*::dll_characteristics`. 531 532 // IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved. 533 // IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved. 534 // IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved. 535 // IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved. 536 /// Image can handle a high entropy 64-bit virtual address space. 537 pub const IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA: u16 = 0x0020; 538 /// DLL can move. 539 pub const IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE: u16 = 0x0040; 540 /// Code Integrity Image 541 pub const IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY: u16 = 0x0080; 542 /// Image is NX compatible 543 pub const IMAGE_DLLCHARACTERISTICS_NX_COMPAT: u16 = 0x0100; 544 /// Image understands isolation and doesn't want it 545 pub const IMAGE_DLLCHARACTERISTICS_NO_ISOLATION: u16 = 0x0200; 546 /// Image does not use SEH. No SE handler may reside in this image 547 pub const IMAGE_DLLCHARACTERISTICS_NO_SEH: u16 = 0x0400; 548 /// Do not bind this image. 549 pub const IMAGE_DLLCHARACTERISTICS_NO_BIND: u16 = 0x0800; 550 /// Image should execute in an AppContainer 551 pub const IMAGE_DLLCHARACTERISTICS_APPCONTAINER: u16 = 0x1000; 552 /// Driver uses WDM model 553 pub const IMAGE_DLLCHARACTERISTICS_WDM_DRIVER: u16 = 0x2000; 554 /// Image supports Control Flow Guard. 555 pub const IMAGE_DLLCHARACTERISTICS_GUARD_CF: u16 = 0x4000; 556 pub const IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE: u16 = 0x8000; 557 558 // Indices for `ImageOptionalHeader*::data_directory`. 559 560 /// Export Directory 561 pub const IMAGE_DIRECTORY_ENTRY_EXPORT: usize = 0; 562 /// Import Directory 563 pub const IMAGE_DIRECTORY_ENTRY_IMPORT: usize = 1; 564 /// Resource Directory 565 pub const IMAGE_DIRECTORY_ENTRY_RESOURCE: usize = 2; 566 /// Exception Directory 567 pub const IMAGE_DIRECTORY_ENTRY_EXCEPTION: usize = 3; 568 /// Security Directory 569 pub const IMAGE_DIRECTORY_ENTRY_SECURITY: usize = 4; 570 /// Base Relocation Table 571 pub const IMAGE_DIRECTORY_ENTRY_BASERELOC: usize = 5; 572 /// Debug Directory 573 pub const IMAGE_DIRECTORY_ENTRY_DEBUG: usize = 6; 574 // IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage) 575 /// Architecture Specific Data 576 pub const IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: usize = 7; 577 /// RVA of GP 578 pub const IMAGE_DIRECTORY_ENTRY_GLOBALPTR: usize = 8; 579 /// TLS Directory 580 pub const IMAGE_DIRECTORY_ENTRY_TLS: usize = 9; 581 /// Load Configuration Directory 582 pub const IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: usize = 10; 583 /// Bound Import Directory in headers 584 pub const IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: usize = 11; 585 /// Import Address Table 586 pub const IMAGE_DIRECTORY_ENTRY_IAT: usize = 12; 587 /// Delay Load Import Descriptors 588 pub const IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: usize = 13; 589 /// COM Runtime descriptor 590 pub const IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: usize = 14; 591 592 #[derive(Debug, Clone, Copy)] 593 #[repr(C)] 594 pub struct Guid { 595 pub data1: U32<LE>, 596 pub data2: U16<LE>, 597 pub data3: U16<LE>, 598 pub data4: [u8; 8], 599 } 600 601 pub type ClsId = Guid; 602 603 /// Non-COFF Object file header 604 #[derive(Debug, Clone, Copy)] 605 #[repr(C)] 606 pub struct AnonObjectHeader { 607 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 608 pub sig1: U16<LE>, 609 /// Must be 0xffff 610 pub sig2: U16<LE>, 611 /// >= 1 (implies the ClsId field is present) 612 pub version: U16<LE>, 613 pub machine: U16<LE>, 614 pub time_date_stamp: U32<LE>, 615 /// Used to invoke CoCreateInstance 616 pub class_id: ClsId, 617 /// Size of data that follows the header 618 pub size_of_data: U32<LE>, 619 } 620 621 #[derive(Debug, Clone, Copy)] 622 #[repr(C)] 623 pub struct AnonObjectHeaderV2 { 624 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 625 pub sig1: U16<LE>, 626 /// Must be 0xffff 627 pub sig2: U16<LE>, 628 /// >= 2 (implies the Flags field is present - otherwise V1) 629 pub version: U16<LE>, 630 pub machine: U16<LE>, 631 pub time_date_stamp: U32<LE>, 632 /// Used to invoke CoCreateInstance 633 pub class_id: ClsId, 634 /// Size of data that follows the header 635 pub size_of_data: U32<LE>, 636 /// 0x1 -> contains metadata 637 pub flags: U32<LE>, 638 /// Size of CLR metadata 639 pub meta_data_size: U32<LE>, 640 /// Offset of CLR metadata 641 pub meta_data_offset: U32<LE>, 642 } 643 644 #[derive(Debug, Clone, Copy)] 645 #[repr(C)] 646 pub struct AnonObjectHeaderBigobj { 647 /* same as ANON_OBJECT_HEADER_V2 */ 648 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 649 pub sig1: U16<LE>, 650 /// Must be 0xffff 651 pub sig2: U16<LE>, 652 /// >= 2 (implies the Flags field is present) 653 pub version: U16<LE>, 654 /// Actual machine - IMAGE_FILE_MACHINE_xxx 655 pub machine: U16<LE>, 656 pub time_date_stamp: U32<LE>, 657 /// {D1BAA1C7-BAEE-4ba9-AF20-FAF66AA4DCB8} 658 pub class_id: ClsId, 659 /// Size of data that follows the header 660 pub size_of_data: U32<LE>, 661 /// 0x1 -> contains metadata 662 pub flags: U32<LE>, 663 /// Size of CLR metadata 664 pub meta_data_size: U32<LE>, 665 /// Offset of CLR metadata 666 pub meta_data_offset: U32<LE>, 667 668 /* bigobj specifics */ 669 /// extended from WORD 670 pub number_of_sections: U32<LE>, 671 pub pointer_to_symbol_table: U32<LE>, 672 pub number_of_symbols: U32<LE>, 673 } 674 675 pub const IMAGE_SIZEOF_SHORT_NAME: usize = 8; 676 677 // 678 // Section header format. 679 // 680 681 #[derive(Debug, Default, Clone, Copy)] 682 #[repr(C)] 683 pub struct ImageSectionHeader { 684 pub name: [u8; IMAGE_SIZEOF_SHORT_NAME], 685 pub virtual_size: U32<LE>, 686 pub virtual_address: U32<LE>, 687 pub size_of_raw_data: U32<LE>, 688 pub pointer_to_raw_data: U32<LE>, 689 pub pointer_to_relocations: U32<LE>, 690 pub pointer_to_linenumbers: U32<LE>, 691 pub number_of_relocations: U16<LE>, 692 pub number_of_linenumbers: U16<LE>, 693 pub characteristics: U32<LE>, 694 } 695 696 pub const IMAGE_SIZEOF_SECTION_HEADER: usize = 40; 697 698 // Values for `ImageSectionHeader::characteristics`. 699 700 // IMAGE_SCN_TYPE_REG 0x00000000 // Reserved. 701 // IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved. 702 // IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved. 703 // IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved. 704 /// Reserved. 705 pub const IMAGE_SCN_TYPE_NO_PAD: u32 = 0x0000_0008; 706 // IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved. 707 708 /// Section contains code. 709 pub const IMAGE_SCN_CNT_CODE: u32 = 0x0000_0020; 710 /// Section contains initialized data. 711 pub const IMAGE_SCN_CNT_INITIALIZED_DATA: u32 = 0x0000_0040; 712 /// Section contains uninitialized data. 713 pub const IMAGE_SCN_CNT_UNINITIALIZED_DATA: u32 = 0x0000_0080; 714 715 /// Reserved. 716 pub const IMAGE_SCN_LNK_OTHER: u32 = 0x0000_0100; 717 /// Section contains comments or some other type of information. 718 pub const IMAGE_SCN_LNK_INFO: u32 = 0x0000_0200; 719 // IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved. 720 /// Section contents will not become part of image. 721 pub const IMAGE_SCN_LNK_REMOVE: u32 = 0x0000_0800; 722 /// Section contents comdat. 723 pub const IMAGE_SCN_LNK_COMDAT: u32 = 0x0000_1000; 724 // 0x00002000 // Reserved. 725 // IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000 726 /// Reset speculative exceptions handling bits in the TLB entries for this section. 727 pub const IMAGE_SCN_NO_DEFER_SPEC_EXC: u32 = 0x0000_4000; 728 /// Section content can be accessed relative to GP 729 pub const IMAGE_SCN_GPREL: u32 = 0x0000_8000; 730 pub const IMAGE_SCN_MEM_FARDATA: u32 = 0x0000_8000; 731 // IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000 732 pub const IMAGE_SCN_MEM_PURGEABLE: u32 = 0x0002_0000; 733 pub const IMAGE_SCN_MEM_16BIT: u32 = 0x0002_0000; 734 pub const IMAGE_SCN_MEM_LOCKED: u32 = 0x0004_0000; 735 pub const IMAGE_SCN_MEM_PRELOAD: u32 = 0x0008_0000; 736 737 pub const IMAGE_SCN_ALIGN_1BYTES: u32 = 0x0010_0000; 738 pub const IMAGE_SCN_ALIGN_2BYTES: u32 = 0x0020_0000; 739 pub const IMAGE_SCN_ALIGN_4BYTES: u32 = 0x0030_0000; 740 pub const IMAGE_SCN_ALIGN_8BYTES: u32 = 0x0040_0000; 741 /// Default alignment if no others are specified. 742 pub const IMAGE_SCN_ALIGN_16BYTES: u32 = 0x0050_0000; 743 pub const IMAGE_SCN_ALIGN_32BYTES: u32 = 0x0060_0000; 744 pub const IMAGE_SCN_ALIGN_64BYTES: u32 = 0x0070_0000; 745 pub const IMAGE_SCN_ALIGN_128BYTES: u32 = 0x0080_0000; 746 pub const IMAGE_SCN_ALIGN_256BYTES: u32 = 0x0090_0000; 747 pub const IMAGE_SCN_ALIGN_512BYTES: u32 = 0x00A0_0000; 748 pub const IMAGE_SCN_ALIGN_1024BYTES: u32 = 0x00B0_0000; 749 pub const IMAGE_SCN_ALIGN_2048BYTES: u32 = 0x00C0_0000; 750 pub const IMAGE_SCN_ALIGN_4096BYTES: u32 = 0x00D0_0000; 751 pub const IMAGE_SCN_ALIGN_8192BYTES: u32 = 0x00E0_0000; 752 // Unused 0x00F0_0000 753 pub const IMAGE_SCN_ALIGN_MASK: u32 = 0x00F0_0000; 754 755 /// Section contains extended relocations. 756 pub const IMAGE_SCN_LNK_NRELOC_OVFL: u32 = 0x0100_0000; 757 /// Section can be discarded. 758 pub const IMAGE_SCN_MEM_DISCARDABLE: u32 = 0x0200_0000; 759 /// Section is not cachable. 760 pub const IMAGE_SCN_MEM_NOT_CACHED: u32 = 0x0400_0000; 761 /// Section is not pageable. 762 pub const IMAGE_SCN_MEM_NOT_PAGED: u32 = 0x0800_0000; 763 /// Section is shareable. 764 pub const IMAGE_SCN_MEM_SHARED: u32 = 0x1000_0000; 765 /// Section is executable. 766 pub const IMAGE_SCN_MEM_EXECUTE: u32 = 0x2000_0000; 767 /// Section is readable. 768 pub const IMAGE_SCN_MEM_READ: u32 = 0x4000_0000; 769 /// Section is writeable. 770 pub const IMAGE_SCN_MEM_WRITE: u32 = 0x8000_0000; 771 772 // 773 // TLS Characteristic Flags 774 // 775 /// Tls index is scaled 776 pub const IMAGE_SCN_SCALE_INDEX: u32 = 0x0000_0001; 777 778 // 779 // Symbol format. 780 // 781 782 // This struct has alignment 1. 783 #[derive(Debug, Clone, Copy)] 784 #[repr(C)] 785 pub struct ImageSymbol { 786 /// If first 4 bytes are 0, then second 4 bytes are offset into string table. 787 pub name: [u8; 8], 788 pub value: U32Bytes<LE>, 789 pub section_number: U16Bytes<LE>, 790 pub typ: U16Bytes<LE>, 791 pub storage_class: u8, 792 pub number_of_aux_symbols: u8, 793 } 794 795 pub const IMAGE_SIZEOF_SYMBOL: usize = 18; 796 797 #[derive(Debug, Clone, Copy)] 798 #[repr(C)] 799 pub struct ImageSymbolBytes(pub [u8; IMAGE_SIZEOF_SYMBOL]); 800 801 // This struct has alignment 1. 802 #[derive(Debug, Clone, Copy)] 803 #[repr(C)] 804 pub struct ImageSymbolEx { 805 /// If first 4 bytes are 0, then second 4 bytes are offset into string table. 806 pub name: [u8; 8], 807 pub value: U32Bytes<LE>, 808 pub section_number: U32Bytes<LE>, 809 pub typ: U16Bytes<LE>, 810 pub storage_class: u8, 811 pub number_of_aux_symbols: u8, 812 } 813 814 pub const IMAGE_SIZEOF_SYMBOL_EX: usize = 20; 815 816 #[derive(Debug, Clone, Copy)] 817 #[repr(C)] 818 pub struct ImageSymbolExBytes(pub [u8; IMAGE_SIZEOF_SYMBOL_EX]); 819 820 // Values for `ImageSymbol::section_number`. 821 // 822 // Symbols have a section number of the section in which they are 823 // defined. Otherwise, section numbers have the following meanings: 824 825 /// Symbol is undefined or is common. 826 pub const IMAGE_SYM_UNDEFINED: u16 = 0; 827 /// Symbol is an absolute value. 828 pub const IMAGE_SYM_ABSOLUTE: u16 = 0xffff; 829 /// Symbol is a special debug item. 830 pub const IMAGE_SYM_DEBUG: u16 = 0xfffe; 831 /// Values 0xFF00-0xFFFF are special 832 pub const IMAGE_SYM_SECTION_MAX: u16 = 0xFEFF; 833 pub const IMAGE_SYM_SECTION_MAX_EX: u32 = 0x7fff_ffff; 834 835 // Values for `ImageSymbol::typ` (basic component). 836 837 /// no type. 838 pub const IMAGE_SYM_TYPE_NULL: u16 = 0x0000; 839 pub const IMAGE_SYM_TYPE_VOID: u16 = 0x0001; 840 /// type character. 841 pub const IMAGE_SYM_TYPE_CHAR: u16 = 0x0002; 842 /// type short integer. 843 pub const IMAGE_SYM_TYPE_SHORT: u16 = 0x0003; 844 pub const IMAGE_SYM_TYPE_INT: u16 = 0x0004; 845 pub const IMAGE_SYM_TYPE_LONG: u16 = 0x0005; 846 pub const IMAGE_SYM_TYPE_FLOAT: u16 = 0x0006; 847 pub const IMAGE_SYM_TYPE_DOUBLE: u16 = 0x0007; 848 pub const IMAGE_SYM_TYPE_STRUCT: u16 = 0x0008; 849 pub const IMAGE_SYM_TYPE_UNION: u16 = 0x0009; 850 /// enumeration. 851 pub const IMAGE_SYM_TYPE_ENUM: u16 = 0x000A; 852 /// member of enumeration. 853 pub const IMAGE_SYM_TYPE_MOE: u16 = 0x000B; 854 pub const IMAGE_SYM_TYPE_BYTE: u16 = 0x000C; 855 pub const IMAGE_SYM_TYPE_WORD: u16 = 0x000D; 856 pub const IMAGE_SYM_TYPE_UINT: u16 = 0x000E; 857 pub const IMAGE_SYM_TYPE_DWORD: u16 = 0x000F; 858 pub const IMAGE_SYM_TYPE_PCODE: u16 = 0x8000; 859 860 // Values for `ImageSymbol::typ` (derived component). 861 862 /// no derived type. 863 pub const IMAGE_SYM_DTYPE_NULL: u16 = 0; 864 /// pointer. 865 pub const IMAGE_SYM_DTYPE_POINTER: u16 = 1; 866 /// function. 867 pub const IMAGE_SYM_DTYPE_FUNCTION: u16 = 2; 868 /// array. 869 pub const IMAGE_SYM_DTYPE_ARRAY: u16 = 3; 870 871 // Values for `ImageSymbol::storage_class`. 872 pub const IMAGE_SYM_CLASS_END_OF_FUNCTION: u8 = 0xff; 873 pub const IMAGE_SYM_CLASS_NULL: u8 = 0x00; 874 pub const IMAGE_SYM_CLASS_AUTOMATIC: u8 = 0x01; 875 pub const IMAGE_SYM_CLASS_EXTERNAL: u8 = 0x02; 876 pub const IMAGE_SYM_CLASS_STATIC: u8 = 0x03; 877 pub const IMAGE_SYM_CLASS_REGISTER: u8 = 0x04; 878 pub const IMAGE_SYM_CLASS_EXTERNAL_DEF: u8 = 0x05; 879 pub const IMAGE_SYM_CLASS_LABEL: u8 = 0x06; 880 pub const IMAGE_SYM_CLASS_UNDEFINED_LABEL: u8 = 0x07; 881 pub const IMAGE_SYM_CLASS_MEMBER_OF_STRUCT: u8 = 0x08; 882 pub const IMAGE_SYM_CLASS_ARGUMENT: u8 = 0x09; 883 pub const IMAGE_SYM_CLASS_STRUCT_TAG: u8 = 0x0A; 884 pub const IMAGE_SYM_CLASS_MEMBER_OF_UNION: u8 = 0x0B; 885 pub const IMAGE_SYM_CLASS_UNION_TAG: u8 = 0x0C; 886 pub const IMAGE_SYM_CLASS_TYPE_DEFINITION: u8 = 0x0D; 887 pub const IMAGE_SYM_CLASS_UNDEFINED_STATIC: u8 = 0x0E; 888 pub const IMAGE_SYM_CLASS_ENUM_TAG: u8 = 0x0F; 889 pub const IMAGE_SYM_CLASS_MEMBER_OF_ENUM: u8 = 0x10; 890 pub const IMAGE_SYM_CLASS_REGISTER_PARAM: u8 = 0x11; 891 pub const IMAGE_SYM_CLASS_BIT_FIELD: u8 = 0x12; 892 893 pub const IMAGE_SYM_CLASS_FAR_EXTERNAL: u8 = 0x44; 894 895 pub const IMAGE_SYM_CLASS_BLOCK: u8 = 0x64; 896 pub const IMAGE_SYM_CLASS_FUNCTION: u8 = 0x65; 897 pub const IMAGE_SYM_CLASS_END_OF_STRUCT: u8 = 0x66; 898 pub const IMAGE_SYM_CLASS_FILE: u8 = 0x67; 899 // new 900 pub const IMAGE_SYM_CLASS_SECTION: u8 = 0x68; 901 pub const IMAGE_SYM_CLASS_WEAK_EXTERNAL: u8 = 0x69; 902 903 pub const IMAGE_SYM_CLASS_CLR_TOKEN: u8 = 0x6B; 904 905 // type packing constants 906 907 pub const N_BTMASK: u16 = 0x000F; 908 pub const N_TMASK: u16 = 0x0030; 909 pub const N_TMASK1: u16 = 0x00C0; 910 pub const N_TMASK2: u16 = 0x00F0; 911 pub const N_BTSHFT: usize = 4; 912 pub const N_TSHIFT: usize = 2; 913 914 pub const IMAGE_SYM_DTYPE_SHIFT: usize = N_BTSHFT; 915 916 impl ImageSymbol { 917 #[inline] base_type(&self) -> u16918 pub fn base_type(&self) -> u16 { 919 self.typ.get(LE) & N_BTMASK 920 } 921 922 #[inline] derived_type(&self) -> u16923 pub fn derived_type(&self) -> u16 { 924 (self.typ.get(LE) & N_TMASK) >> N_BTSHFT 925 } 926 } 927 928 impl ImageSymbolEx { 929 #[inline] base_type(&self) -> u16930 pub fn base_type(&self) -> u16 { 931 self.typ.get(LE) & N_BTMASK 932 } 933 934 #[inline] derived_type(&self) -> u16935 pub fn derived_type(&self) -> u16 { 936 (self.typ.get(LE) & N_TMASK) >> N_BTSHFT 937 } 938 } 939 940 // 941 // Auxiliary entry format. 942 // 943 944 // Used for both ImageSymbol and ImageSymbolEx (with padding). 945 // This struct has alignment 1. 946 #[derive(Debug, Clone, Copy)] 947 #[repr(C)] 948 pub struct ImageAuxSymbolTokenDef { 949 /// IMAGE_AUX_SYMBOL_TYPE 950 pub aux_type: u8, 951 /// Must be 0 952 pub reserved1: u8, 953 pub symbol_table_index: U32Bytes<LE>, 954 /// Must be 0 955 pub reserved2: [u8; 12], 956 } 957 958 pub const IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF: u16 = 1; 959 960 /// Auxiliary symbol format 1: function definitions. 961 // This struct has alignment 1. 962 #[derive(Debug, Clone, Copy)] 963 #[repr(C)] 964 pub struct ImageAuxSymbolFunction { 965 pub tag_index: U32Bytes<LE>, 966 pub total_size: U32Bytes<LE>, 967 pub pointer_to_linenumber: U32Bytes<LE>, 968 pub pointer_to_next_function: U32Bytes<LE>, 969 pub unused: [u8; 2], 970 } 971 972 /// Auxiliary symbol format 2: .bf and .ef symbols. 973 // This struct has alignment 1. 974 #[derive(Debug, Clone, Copy)] 975 #[repr(C)] 976 pub struct ImageAuxSymbolFunctionBeginEnd { 977 pub unused1: [u8; 4], 978 /// declaration line number 979 pub linenumber: U16Bytes<LE>, 980 pub unused2: [u8; 6], 981 pub pointer_to_next_function: U32Bytes<LE>, 982 pub unused3: [u8; 2], 983 } 984 985 /// Auxiliary symbol format 3: weak externals. 986 /// 987 /// Used for both `ImageSymbol` and `ImageSymbolEx` (both with padding). 988 // This struct has alignment 1. 989 #[derive(Debug, Clone, Copy)] 990 #[repr(C)] 991 pub struct ImageAuxSymbolWeak { 992 /// the weak extern default symbol index 993 pub weak_default_sym_index: U32Bytes<LE>, 994 pub weak_search_type: U32Bytes<LE>, 995 } 996 997 /// Auxiliary symbol format 5: sections. 998 /// 999 /// Used for both `ImageSymbol` and `ImageSymbolEx` (with padding). 1000 // This struct has alignment 1. 1001 #[derive(Debug, Clone, Copy)] 1002 #[repr(C)] 1003 pub struct ImageAuxSymbolSection { 1004 /// section length 1005 pub length: U32Bytes<LE>, 1006 /// number of relocation entries 1007 pub number_of_relocations: U16Bytes<LE>, 1008 /// number of line numbers 1009 pub number_of_linenumbers: U16Bytes<LE>, 1010 /// checksum for communal 1011 pub check_sum: U32Bytes<LE>, 1012 /// section number to associate with 1013 pub number: U16Bytes<LE>, 1014 /// communal selection type 1015 pub selection: u8, 1016 pub reserved: u8, 1017 /// high bits of the section number 1018 pub high_number: U16Bytes<LE>, 1019 } 1020 1021 // Used for both ImageSymbol and ImageSymbolEx (both with padding). 1022 // This struct has alignment 1. 1023 #[derive(Debug, Clone, Copy)] 1024 #[repr(C)] 1025 pub struct ImageAuxSymbolCrc { 1026 pub crc: U32Bytes<LE>, 1027 } 1028 1029 // 1030 // Communal selection types. 1031 // 1032 1033 pub const IMAGE_COMDAT_SELECT_NODUPLICATES: u8 = 1; 1034 pub const IMAGE_COMDAT_SELECT_ANY: u8 = 2; 1035 pub const IMAGE_COMDAT_SELECT_SAME_SIZE: u8 = 3; 1036 pub const IMAGE_COMDAT_SELECT_EXACT_MATCH: u8 = 4; 1037 pub const IMAGE_COMDAT_SELECT_ASSOCIATIVE: u8 = 5; 1038 pub const IMAGE_COMDAT_SELECT_LARGEST: u8 = 6; 1039 pub const IMAGE_COMDAT_SELECT_NEWEST: u8 = 7; 1040 1041 pub const IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY: u16 = 1; 1042 pub const IMAGE_WEAK_EXTERN_SEARCH_LIBRARY: u16 = 2; 1043 pub const IMAGE_WEAK_EXTERN_SEARCH_ALIAS: u16 = 3; 1044 pub const IMAGE_WEAK_EXTERN_ANTI_DEPENDENCY: u16 = 4; 1045 1046 // 1047 // Relocation format. 1048 // 1049 1050 // This struct has alignment 1. 1051 #[derive(Debug, Clone, Copy)] 1052 #[repr(C)] 1053 pub struct ImageRelocation { 1054 /// Also `RelocCount` when IMAGE_SCN_LNK_NRELOC_OVFL is set 1055 pub virtual_address: U32Bytes<LE>, 1056 pub symbol_table_index: U32Bytes<LE>, 1057 pub typ: U16Bytes<LE>, 1058 } 1059 1060 // 1061 // I386 relocation types. 1062 // 1063 /// Reference is absolute, no relocation is necessary 1064 pub const IMAGE_REL_I386_ABSOLUTE: u16 = 0x0000; 1065 /// Direct 16-bit reference to the symbols virtual address 1066 pub const IMAGE_REL_I386_DIR16: u16 = 0x0001; 1067 /// PC-relative 16-bit reference to the symbols virtual address 1068 pub const IMAGE_REL_I386_REL16: u16 = 0x0002; 1069 /// Direct 32-bit reference to the symbols virtual address 1070 pub const IMAGE_REL_I386_DIR32: u16 = 0x0006; 1071 /// Direct 32-bit reference to the symbols virtual address, base not included 1072 pub const IMAGE_REL_I386_DIR32NB: u16 = 0x0007; 1073 /// Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 1074 pub const IMAGE_REL_I386_SEG12: u16 = 0x0009; 1075 pub const IMAGE_REL_I386_SECTION: u16 = 0x000A; 1076 pub const IMAGE_REL_I386_SECREL: u16 = 0x000B; 1077 /// clr token 1078 pub const IMAGE_REL_I386_TOKEN: u16 = 0x000C; 1079 /// 7 bit offset from base of section containing target 1080 pub const IMAGE_REL_I386_SECREL7: u16 = 0x000D; 1081 /// PC-relative 32-bit reference to the symbols virtual address 1082 pub const IMAGE_REL_I386_REL32: u16 = 0x0014; 1083 1084 // 1085 // MIPS relocation types. 1086 // 1087 /// Reference is absolute, no relocation is necessary 1088 pub const IMAGE_REL_MIPS_ABSOLUTE: u16 = 0x0000; 1089 pub const IMAGE_REL_MIPS_REFHALF: u16 = 0x0001; 1090 pub const IMAGE_REL_MIPS_REFWORD: u16 = 0x0002; 1091 pub const IMAGE_REL_MIPS_JMPADDR: u16 = 0x0003; 1092 pub const IMAGE_REL_MIPS_REFHI: u16 = 0x0004; 1093 pub const IMAGE_REL_MIPS_REFLO: u16 = 0x0005; 1094 pub const IMAGE_REL_MIPS_GPREL: u16 = 0x0006; 1095 pub const IMAGE_REL_MIPS_LITERAL: u16 = 0x0007; 1096 pub const IMAGE_REL_MIPS_SECTION: u16 = 0x000A; 1097 pub const IMAGE_REL_MIPS_SECREL: u16 = 0x000B; 1098 /// Low 16-bit section relative referemce (used for >32k TLS) 1099 pub const IMAGE_REL_MIPS_SECRELLO: u16 = 0x000C; 1100 /// High 16-bit section relative reference (used for >32k TLS) 1101 pub const IMAGE_REL_MIPS_SECRELHI: u16 = 0x000D; 1102 /// clr token 1103 pub const IMAGE_REL_MIPS_TOKEN: u16 = 0x000E; 1104 pub const IMAGE_REL_MIPS_JMPADDR16: u16 = 0x0010; 1105 pub const IMAGE_REL_MIPS_REFWORDNB: u16 = 0x0022; 1106 pub const IMAGE_REL_MIPS_PAIR: u16 = 0x0025; 1107 1108 // 1109 // Alpha Relocation types. 1110 // 1111 pub const IMAGE_REL_ALPHA_ABSOLUTE: u16 = 0x0000; 1112 pub const IMAGE_REL_ALPHA_REFLONG: u16 = 0x0001; 1113 pub const IMAGE_REL_ALPHA_REFQUAD: u16 = 0x0002; 1114 pub const IMAGE_REL_ALPHA_GPREL32: u16 = 0x0003; 1115 pub const IMAGE_REL_ALPHA_LITERAL: u16 = 0x0004; 1116 pub const IMAGE_REL_ALPHA_LITUSE: u16 = 0x0005; 1117 pub const IMAGE_REL_ALPHA_GPDISP: u16 = 0x0006; 1118 pub const IMAGE_REL_ALPHA_BRADDR: u16 = 0x0007; 1119 pub const IMAGE_REL_ALPHA_HINT: u16 = 0x0008; 1120 pub const IMAGE_REL_ALPHA_INLINE_REFLONG: u16 = 0x0009; 1121 pub const IMAGE_REL_ALPHA_REFHI: u16 = 0x000A; 1122 pub const IMAGE_REL_ALPHA_REFLO: u16 = 0x000B; 1123 pub const IMAGE_REL_ALPHA_PAIR: u16 = 0x000C; 1124 pub const IMAGE_REL_ALPHA_MATCH: u16 = 0x000D; 1125 pub const IMAGE_REL_ALPHA_SECTION: u16 = 0x000E; 1126 pub const IMAGE_REL_ALPHA_SECREL: u16 = 0x000F; 1127 pub const IMAGE_REL_ALPHA_REFLONGNB: u16 = 0x0010; 1128 /// Low 16-bit section relative reference 1129 pub const IMAGE_REL_ALPHA_SECRELLO: u16 = 0x0011; 1130 /// High 16-bit section relative reference 1131 pub const IMAGE_REL_ALPHA_SECRELHI: u16 = 0x0012; 1132 /// High 16 bits of 48 bit reference 1133 pub const IMAGE_REL_ALPHA_REFQ3: u16 = 0x0013; 1134 /// Middle 16 bits of 48 bit reference 1135 pub const IMAGE_REL_ALPHA_REFQ2: u16 = 0x0014; 1136 /// Low 16 bits of 48 bit reference 1137 pub const IMAGE_REL_ALPHA_REFQ1: u16 = 0x0015; 1138 /// Low 16-bit GP relative reference 1139 pub const IMAGE_REL_ALPHA_GPRELLO: u16 = 0x0016; 1140 /// High 16-bit GP relative reference 1141 pub const IMAGE_REL_ALPHA_GPRELHI: u16 = 0x0017; 1142 1143 // 1144 // IBM PowerPC relocation types. 1145 // 1146 /// NOP 1147 pub const IMAGE_REL_PPC_ABSOLUTE: u16 = 0x0000; 1148 /// 64-bit address 1149 pub const IMAGE_REL_PPC_ADDR64: u16 = 0x0001; 1150 /// 32-bit address 1151 pub const IMAGE_REL_PPC_ADDR32: u16 = 0x0002; 1152 /// 26-bit address, shifted left 2 (branch absolute) 1153 pub const IMAGE_REL_PPC_ADDR24: u16 = 0x0003; 1154 /// 16-bit address 1155 pub const IMAGE_REL_PPC_ADDR16: u16 = 0x0004; 1156 /// 16-bit address, shifted left 2 (load doubleword) 1157 pub const IMAGE_REL_PPC_ADDR14: u16 = 0x0005; 1158 /// 26-bit PC-relative offset, shifted left 2 (branch relative) 1159 pub const IMAGE_REL_PPC_REL24: u16 = 0x0006; 1160 /// 16-bit PC-relative offset, shifted left 2 (br cond relative) 1161 pub const IMAGE_REL_PPC_REL14: u16 = 0x0007; 1162 /// 16-bit offset from TOC base 1163 pub const IMAGE_REL_PPC_TOCREL16: u16 = 0x0008; 1164 /// 16-bit offset from TOC base, shifted left 2 (load doubleword) 1165 pub const IMAGE_REL_PPC_TOCREL14: u16 = 0x0009; 1166 1167 /// 32-bit addr w/o image base 1168 pub const IMAGE_REL_PPC_ADDR32NB: u16 = 0x000A; 1169 /// va of containing section (as in an image sectionhdr) 1170 pub const IMAGE_REL_PPC_SECREL: u16 = 0x000B; 1171 /// sectionheader number 1172 pub const IMAGE_REL_PPC_SECTION: u16 = 0x000C; 1173 /// substitute TOC restore instruction iff symbol is glue code 1174 pub const IMAGE_REL_PPC_IFGLUE: u16 = 0x000D; 1175 /// symbol is glue code; virtual address is TOC restore instruction 1176 pub const IMAGE_REL_PPC_IMGLUE: u16 = 0x000E; 1177 /// va of containing section (limited to 16 bits) 1178 pub const IMAGE_REL_PPC_SECREL16: u16 = 0x000F; 1179 pub const IMAGE_REL_PPC_REFHI: u16 = 0x0010; 1180 pub const IMAGE_REL_PPC_REFLO: u16 = 0x0011; 1181 pub const IMAGE_REL_PPC_PAIR: u16 = 0x0012; 1182 /// Low 16-bit section relative reference (used for >32k TLS) 1183 pub const IMAGE_REL_PPC_SECRELLO: u16 = 0x0013; 1184 /// High 16-bit section relative reference (used for >32k TLS) 1185 pub const IMAGE_REL_PPC_SECRELHI: u16 = 0x0014; 1186 pub const IMAGE_REL_PPC_GPREL: u16 = 0x0015; 1187 /// clr token 1188 pub const IMAGE_REL_PPC_TOKEN: u16 = 0x0016; 1189 1190 /// mask to isolate above values in IMAGE_RELOCATION.Type 1191 pub const IMAGE_REL_PPC_TYPEMASK: u16 = 0x00FF; 1192 1193 // Flag bits in `ImageRelocation::typ`. 1194 1195 /// subtract reloc value rather than adding it 1196 pub const IMAGE_REL_PPC_NEG: u16 = 0x0100; 1197 /// fix branch prediction bit to predict branch taken 1198 pub const IMAGE_REL_PPC_BRTAKEN: u16 = 0x0200; 1199 /// fix branch prediction bit to predict branch not taken 1200 pub const IMAGE_REL_PPC_BRNTAKEN: u16 = 0x0400; 1201 /// toc slot defined in file (or, data in toc) 1202 pub const IMAGE_REL_PPC_TOCDEFN: u16 = 0x0800; 1203 1204 // 1205 // Hitachi SH3 relocation types. 1206 // 1207 /// No relocation 1208 pub const IMAGE_REL_SH3_ABSOLUTE: u16 = 0x0000; 1209 /// 16 bit direct 1210 pub const IMAGE_REL_SH3_DIRECT16: u16 = 0x0001; 1211 /// 32 bit direct 1212 pub const IMAGE_REL_SH3_DIRECT32: u16 = 0x0002; 1213 /// 8 bit direct, -128..255 1214 pub const IMAGE_REL_SH3_DIRECT8: u16 = 0x0003; 1215 /// 8 bit direct .W (0 ext.) 1216 pub const IMAGE_REL_SH3_DIRECT8_WORD: u16 = 0x0004; 1217 /// 8 bit direct .L (0 ext.) 1218 pub const IMAGE_REL_SH3_DIRECT8_LONG: u16 = 0x0005; 1219 /// 4 bit direct (0 ext.) 1220 pub const IMAGE_REL_SH3_DIRECT4: u16 = 0x0006; 1221 /// 4 bit direct .W (0 ext.) 1222 pub const IMAGE_REL_SH3_DIRECT4_WORD: u16 = 0x0007; 1223 /// 4 bit direct .L (0 ext.) 1224 pub const IMAGE_REL_SH3_DIRECT4_LONG: u16 = 0x0008; 1225 /// 8 bit PC relative .W 1226 pub const IMAGE_REL_SH3_PCREL8_WORD: u16 = 0x0009; 1227 /// 8 bit PC relative .L 1228 pub const IMAGE_REL_SH3_PCREL8_LONG: u16 = 0x000A; 1229 /// 12 LSB PC relative .W 1230 pub const IMAGE_REL_SH3_PCREL12_WORD: u16 = 0x000B; 1231 /// Start of EXE section 1232 pub const IMAGE_REL_SH3_STARTOF_SECTION: u16 = 0x000C; 1233 /// Size of EXE section 1234 pub const IMAGE_REL_SH3_SIZEOF_SECTION: u16 = 0x000D; 1235 /// Section table index 1236 pub const IMAGE_REL_SH3_SECTION: u16 = 0x000E; 1237 /// Offset within section 1238 pub const IMAGE_REL_SH3_SECREL: u16 = 0x000F; 1239 /// 32 bit direct not based 1240 pub const IMAGE_REL_SH3_DIRECT32_NB: u16 = 0x0010; 1241 /// GP-relative addressing 1242 pub const IMAGE_REL_SH3_GPREL4_LONG: u16 = 0x0011; 1243 /// clr token 1244 pub const IMAGE_REL_SH3_TOKEN: u16 = 0x0012; 1245 /// Offset from current instruction in longwords 1246 /// if not NOMODE, insert the inverse of the low bit at bit 32 to select PTA/PTB 1247 pub const IMAGE_REL_SHM_PCRELPT: u16 = 0x0013; 1248 /// Low bits of 32-bit address 1249 pub const IMAGE_REL_SHM_REFLO: u16 = 0x0014; 1250 /// High bits of 32-bit address 1251 pub const IMAGE_REL_SHM_REFHALF: u16 = 0x0015; 1252 /// Low bits of relative reference 1253 pub const IMAGE_REL_SHM_RELLO: u16 = 0x0016; 1254 /// High bits of relative reference 1255 pub const IMAGE_REL_SHM_RELHALF: u16 = 0x0017; 1256 /// offset operand for relocation 1257 pub const IMAGE_REL_SHM_PAIR: u16 = 0x0018; 1258 1259 /// relocation ignores section mode 1260 pub const IMAGE_REL_SH_NOMODE: u16 = 0x8000; 1261 1262 /// No relocation required 1263 pub const IMAGE_REL_ARM_ABSOLUTE: u16 = 0x0000; 1264 /// 32 bit address 1265 pub const IMAGE_REL_ARM_ADDR32: u16 = 0x0001; 1266 /// 32 bit address w/o image base 1267 pub const IMAGE_REL_ARM_ADDR32NB: u16 = 0x0002; 1268 /// 24 bit offset << 2 & sign ext. 1269 pub const IMAGE_REL_ARM_BRANCH24: u16 = 0x0003; 1270 /// Thumb: 2 11 bit offsets 1271 pub const IMAGE_REL_ARM_BRANCH11: u16 = 0x0004; 1272 /// clr token 1273 pub const IMAGE_REL_ARM_TOKEN: u16 = 0x0005; 1274 /// GP-relative addressing (ARM) 1275 pub const IMAGE_REL_ARM_GPREL12: u16 = 0x0006; 1276 /// GP-relative addressing (Thumb) 1277 pub const IMAGE_REL_ARM_GPREL7: u16 = 0x0007; 1278 pub const IMAGE_REL_ARM_BLX24: u16 = 0x0008; 1279 pub const IMAGE_REL_ARM_BLX11: u16 = 0x0009; 1280 /// Section table index 1281 pub const IMAGE_REL_ARM_SECTION: u16 = 0x000E; 1282 /// Offset within section 1283 pub const IMAGE_REL_ARM_SECREL: u16 = 0x000F; 1284 /// ARM: MOVW/MOVT 1285 pub const IMAGE_REL_ARM_MOV32A: u16 = 0x0010; 1286 /// ARM: MOVW/MOVT (deprecated) 1287 pub const IMAGE_REL_ARM_MOV32: u16 = 0x0010; 1288 /// Thumb: MOVW/MOVT 1289 pub const IMAGE_REL_ARM_MOV32T: u16 = 0x0011; 1290 /// Thumb: MOVW/MOVT (deprecated) 1291 pub const IMAGE_REL_THUMB_MOV32: u16 = 0x0011; 1292 /// Thumb: 32-bit conditional B 1293 pub const IMAGE_REL_ARM_BRANCH20T: u16 = 0x0012; 1294 /// Thumb: 32-bit conditional B (deprecated) 1295 pub const IMAGE_REL_THUMB_BRANCH20: u16 = 0x0012; 1296 /// Thumb: 32-bit B or BL 1297 pub const IMAGE_REL_ARM_BRANCH24T: u16 = 0x0014; 1298 /// Thumb: 32-bit B or BL (deprecated) 1299 pub const IMAGE_REL_THUMB_BRANCH24: u16 = 0x0014; 1300 /// Thumb: BLX immediate 1301 pub const IMAGE_REL_ARM_BLX23T: u16 = 0x0015; 1302 /// Thumb: BLX immediate (deprecated) 1303 pub const IMAGE_REL_THUMB_BLX23: u16 = 0x0015; 1304 1305 pub const IMAGE_REL_AM_ABSOLUTE: u16 = 0x0000; 1306 pub const IMAGE_REL_AM_ADDR32: u16 = 0x0001; 1307 pub const IMAGE_REL_AM_ADDR32NB: u16 = 0x0002; 1308 pub const IMAGE_REL_AM_CALL32: u16 = 0x0003; 1309 pub const IMAGE_REL_AM_FUNCINFO: u16 = 0x0004; 1310 pub const IMAGE_REL_AM_REL32_1: u16 = 0x0005; 1311 pub const IMAGE_REL_AM_REL32_2: u16 = 0x0006; 1312 pub const IMAGE_REL_AM_SECREL: u16 = 0x0007; 1313 pub const IMAGE_REL_AM_SECTION: u16 = 0x0008; 1314 pub const IMAGE_REL_AM_TOKEN: u16 = 0x0009; 1315 1316 // 1317 // ARM64 relocations types. 1318 // 1319 1320 /// No relocation required 1321 pub const IMAGE_REL_ARM64_ABSOLUTE: u16 = 0x0000; 1322 /// 32 bit address. Review! do we need it? 1323 pub const IMAGE_REL_ARM64_ADDR32: u16 = 0x0001; 1324 /// 32 bit address w/o image base (RVA: for Data/PData/XData) 1325 pub const IMAGE_REL_ARM64_ADDR32NB: u16 = 0x0002; 1326 /// 26 bit offset << 2 & sign ext. for B & BL 1327 pub const IMAGE_REL_ARM64_BRANCH26: u16 = 0x0003; 1328 /// ADRP 1329 pub const IMAGE_REL_ARM64_PAGEBASE_REL21: u16 = 0x0004; 1330 /// ADR 1331 pub const IMAGE_REL_ARM64_REL21: u16 = 0x0005; 1332 /// ADD/ADDS (immediate) with zero shift, for page offset 1333 pub const IMAGE_REL_ARM64_PAGEOFFSET_12A: u16 = 0x0006; 1334 /// LDR (indexed, unsigned immediate), for page offset 1335 pub const IMAGE_REL_ARM64_PAGEOFFSET_12L: u16 = 0x0007; 1336 /// Offset within section 1337 pub const IMAGE_REL_ARM64_SECREL: u16 = 0x0008; 1338 /// ADD/ADDS (immediate) with zero shift, for bit 0:11 of section offset 1339 pub const IMAGE_REL_ARM64_SECREL_LOW12A: u16 = 0x0009; 1340 /// ADD/ADDS (immediate) with zero shift, for bit 12:23 of section offset 1341 pub const IMAGE_REL_ARM64_SECREL_HIGH12A: u16 = 0x000A; 1342 /// LDR (indexed, unsigned immediate), for bit 0:11 of section offset 1343 pub const IMAGE_REL_ARM64_SECREL_LOW12L: u16 = 0x000B; 1344 pub const IMAGE_REL_ARM64_TOKEN: u16 = 0x000C; 1345 /// Section table index 1346 pub const IMAGE_REL_ARM64_SECTION: u16 = 0x000D; 1347 /// 64 bit address 1348 pub const IMAGE_REL_ARM64_ADDR64: u16 = 0x000E; 1349 /// 19 bit offset << 2 & sign ext. for conditional B 1350 pub const IMAGE_REL_ARM64_BRANCH19: u16 = 0x000F; 1351 1352 // 1353 // x64 relocations 1354 // 1355 /// Reference is absolute, no relocation is necessary 1356 pub const IMAGE_REL_AMD64_ABSOLUTE: u16 = 0x0000; 1357 /// 64-bit address (VA). 1358 pub const IMAGE_REL_AMD64_ADDR64: u16 = 0x0001; 1359 /// 32-bit address (VA). 1360 pub const IMAGE_REL_AMD64_ADDR32: u16 = 0x0002; 1361 /// 32-bit address w/o image base (RVA). 1362 pub const IMAGE_REL_AMD64_ADDR32NB: u16 = 0x0003; 1363 /// 32-bit relative address from byte following reloc 1364 pub const IMAGE_REL_AMD64_REL32: u16 = 0x0004; 1365 /// 32-bit relative address from byte distance 1 from reloc 1366 pub const IMAGE_REL_AMD64_REL32_1: u16 = 0x0005; 1367 /// 32-bit relative address from byte distance 2 from reloc 1368 pub const IMAGE_REL_AMD64_REL32_2: u16 = 0x0006; 1369 /// 32-bit relative address from byte distance 3 from reloc 1370 pub const IMAGE_REL_AMD64_REL32_3: u16 = 0x0007; 1371 /// 32-bit relative address from byte distance 4 from reloc 1372 pub const IMAGE_REL_AMD64_REL32_4: u16 = 0x0008; 1373 /// 32-bit relative address from byte distance 5 from reloc 1374 pub const IMAGE_REL_AMD64_REL32_5: u16 = 0x0009; 1375 /// Section index 1376 pub const IMAGE_REL_AMD64_SECTION: u16 = 0x000A; 1377 /// 32 bit offset from base of section containing target 1378 pub const IMAGE_REL_AMD64_SECREL: u16 = 0x000B; 1379 /// 7 bit unsigned offset from base of section containing target 1380 pub const IMAGE_REL_AMD64_SECREL7: u16 = 0x000C; 1381 /// 32 bit metadata token 1382 pub const IMAGE_REL_AMD64_TOKEN: u16 = 0x000D; 1383 /// 32 bit signed span-dependent value emitted into object 1384 pub const IMAGE_REL_AMD64_SREL32: u16 = 0x000E; 1385 pub const IMAGE_REL_AMD64_PAIR: u16 = 0x000F; 1386 /// 32 bit signed span-dependent value applied at link time 1387 pub const IMAGE_REL_AMD64_SSPAN32: u16 = 0x0010; 1388 pub const IMAGE_REL_AMD64_EHANDLER: u16 = 0x0011; 1389 /// Indirect branch to an import 1390 pub const IMAGE_REL_AMD64_IMPORT_BR: u16 = 0x0012; 1391 /// Indirect call to an import 1392 pub const IMAGE_REL_AMD64_IMPORT_CALL: u16 = 0x0013; 1393 /// Indirect branch to a CFG check 1394 pub const IMAGE_REL_AMD64_CFG_BR: u16 = 0x0014; 1395 /// Indirect branch to a CFG check, with REX.W prefix 1396 pub const IMAGE_REL_AMD64_CFG_BR_REX: u16 = 0x0015; 1397 /// Indirect call to a CFG check 1398 pub const IMAGE_REL_AMD64_CFG_CALL: u16 = 0x0016; 1399 /// Indirect branch to a target in RAX (no CFG) 1400 pub const IMAGE_REL_AMD64_INDIR_BR: u16 = 0x0017; 1401 /// Indirect branch to a target in RAX, with REX.W prefix (no CFG) 1402 pub const IMAGE_REL_AMD64_INDIR_BR_REX: u16 = 0x0018; 1403 /// Indirect call to a target in RAX (no CFG) 1404 pub const IMAGE_REL_AMD64_INDIR_CALL: u16 = 0x0019; 1405 /// Indirect branch for a switch table using Reg 0 (RAX) 1406 pub const IMAGE_REL_AMD64_INDIR_BR_SWITCHTABLE_FIRST: u16 = 0x0020; 1407 /// Indirect branch for a switch table using Reg 15 (R15) 1408 pub const IMAGE_REL_AMD64_INDIR_BR_SWITCHTABLE_LAST: u16 = 0x002F; 1409 1410 // 1411 // IA64 relocation types. 1412 // 1413 pub const IMAGE_REL_IA64_ABSOLUTE: u16 = 0x0000; 1414 pub const IMAGE_REL_IA64_IMM14: u16 = 0x0001; 1415 pub const IMAGE_REL_IA64_IMM22: u16 = 0x0002; 1416 pub const IMAGE_REL_IA64_IMM64: u16 = 0x0003; 1417 pub const IMAGE_REL_IA64_DIR32: u16 = 0x0004; 1418 pub const IMAGE_REL_IA64_DIR64: u16 = 0x0005; 1419 pub const IMAGE_REL_IA64_PCREL21B: u16 = 0x0006; 1420 pub const IMAGE_REL_IA64_PCREL21M: u16 = 0x0007; 1421 pub const IMAGE_REL_IA64_PCREL21F: u16 = 0x0008; 1422 pub const IMAGE_REL_IA64_GPREL22: u16 = 0x0009; 1423 pub const IMAGE_REL_IA64_LTOFF22: u16 = 0x000A; 1424 pub const IMAGE_REL_IA64_SECTION: u16 = 0x000B; 1425 pub const IMAGE_REL_IA64_SECREL22: u16 = 0x000C; 1426 pub const IMAGE_REL_IA64_SECREL64I: u16 = 0x000D; 1427 pub const IMAGE_REL_IA64_SECREL32: u16 = 0x000E; 1428 // 1429 pub const IMAGE_REL_IA64_DIR32NB: u16 = 0x0010; 1430 pub const IMAGE_REL_IA64_SREL14: u16 = 0x0011; 1431 pub const IMAGE_REL_IA64_SREL22: u16 = 0x0012; 1432 pub const IMAGE_REL_IA64_SREL32: u16 = 0x0013; 1433 pub const IMAGE_REL_IA64_UREL32: u16 = 0x0014; 1434 /// This is always a BRL and never converted 1435 pub const IMAGE_REL_IA64_PCREL60X: u16 = 0x0015; 1436 /// If possible, convert to MBB bundle with NOP.B in slot 1 1437 pub const IMAGE_REL_IA64_PCREL60B: u16 = 0x0016; 1438 /// If possible, convert to MFB bundle with NOP.F in slot 1 1439 pub const IMAGE_REL_IA64_PCREL60F: u16 = 0x0017; 1440 /// If possible, convert to MIB bundle with NOP.I in slot 1 1441 pub const IMAGE_REL_IA64_PCREL60I: u16 = 0x0018; 1442 /// If possible, convert to MMB bundle with NOP.M in slot 1 1443 pub const IMAGE_REL_IA64_PCREL60M: u16 = 0x0019; 1444 pub const IMAGE_REL_IA64_IMMGPREL64: u16 = 0x001A; 1445 /// clr token 1446 pub const IMAGE_REL_IA64_TOKEN: u16 = 0x001B; 1447 pub const IMAGE_REL_IA64_GPREL32: u16 = 0x001C; 1448 pub const IMAGE_REL_IA64_ADDEND: u16 = 0x001F; 1449 1450 // 1451 // CEF relocation types. 1452 // 1453 /// Reference is absolute, no relocation is necessary 1454 pub const IMAGE_REL_CEF_ABSOLUTE: u16 = 0x0000; 1455 /// 32-bit address (VA). 1456 pub const IMAGE_REL_CEF_ADDR32: u16 = 0x0001; 1457 /// 64-bit address (VA). 1458 pub const IMAGE_REL_CEF_ADDR64: u16 = 0x0002; 1459 /// 32-bit address w/o image base (RVA). 1460 pub const IMAGE_REL_CEF_ADDR32NB: u16 = 0x0003; 1461 /// Section index 1462 pub const IMAGE_REL_CEF_SECTION: u16 = 0x0004; 1463 /// 32 bit offset from base of section containing target 1464 pub const IMAGE_REL_CEF_SECREL: u16 = 0x0005; 1465 /// 32 bit metadata token 1466 pub const IMAGE_REL_CEF_TOKEN: u16 = 0x0006; 1467 1468 // 1469 // clr relocation types. 1470 // 1471 /// Reference is absolute, no relocation is necessary 1472 pub const IMAGE_REL_CEE_ABSOLUTE: u16 = 0x0000; 1473 /// 32-bit address (VA). 1474 pub const IMAGE_REL_CEE_ADDR32: u16 = 0x0001; 1475 /// 64-bit address (VA). 1476 pub const IMAGE_REL_CEE_ADDR64: u16 = 0x0002; 1477 /// 32-bit address w/o image base (RVA). 1478 pub const IMAGE_REL_CEE_ADDR32NB: u16 = 0x0003; 1479 /// Section index 1480 pub const IMAGE_REL_CEE_SECTION: u16 = 0x0004; 1481 /// 32 bit offset from base of section containing target 1482 pub const IMAGE_REL_CEE_SECREL: u16 = 0x0005; 1483 /// 32 bit metadata token 1484 pub const IMAGE_REL_CEE_TOKEN: u16 = 0x0006; 1485 1486 /// No relocation required 1487 pub const IMAGE_REL_M32R_ABSOLUTE: u16 = 0x0000; 1488 /// 32 bit address 1489 pub const IMAGE_REL_M32R_ADDR32: u16 = 0x0001; 1490 /// 32 bit address w/o image base 1491 pub const IMAGE_REL_M32R_ADDR32NB: u16 = 0x0002; 1492 /// 24 bit address 1493 pub const IMAGE_REL_M32R_ADDR24: u16 = 0x0003; 1494 /// GP relative addressing 1495 pub const IMAGE_REL_M32R_GPREL16: u16 = 0x0004; 1496 /// 24 bit offset << 2 & sign ext. 1497 pub const IMAGE_REL_M32R_PCREL24: u16 = 0x0005; 1498 /// 16 bit offset << 2 & sign ext. 1499 pub const IMAGE_REL_M32R_PCREL16: u16 = 0x0006; 1500 /// 8 bit offset << 2 & sign ext. 1501 pub const IMAGE_REL_M32R_PCREL8: u16 = 0x0007; 1502 /// 16 MSBs 1503 pub const IMAGE_REL_M32R_REFHALF: u16 = 0x0008; 1504 /// 16 MSBs; adj for LSB sign ext. 1505 pub const IMAGE_REL_M32R_REFHI: u16 = 0x0009; 1506 /// 16 LSBs 1507 pub const IMAGE_REL_M32R_REFLO: u16 = 0x000A; 1508 /// Link HI and LO 1509 pub const IMAGE_REL_M32R_PAIR: u16 = 0x000B; 1510 /// Section table index 1511 pub const IMAGE_REL_M32R_SECTION: u16 = 0x000C; 1512 /// 32 bit section relative reference 1513 pub const IMAGE_REL_M32R_SECREL32: u16 = 0x000D; 1514 /// clr token 1515 pub const IMAGE_REL_M32R_TOKEN: u16 = 0x000E; 1516 1517 /// No relocation required 1518 pub const IMAGE_REL_EBC_ABSOLUTE: u16 = 0x0000; 1519 /// 32 bit address w/o image base 1520 pub const IMAGE_REL_EBC_ADDR32NB: u16 = 0x0001; 1521 /// 32-bit relative address from byte following reloc 1522 pub const IMAGE_REL_EBC_REL32: u16 = 0x0002; 1523 /// Section table index 1524 pub const IMAGE_REL_EBC_SECTION: u16 = 0x0003; 1525 /// Offset within section 1526 pub const IMAGE_REL_EBC_SECREL: u16 = 0x0004; 1527 1528 /* 1529 // TODO? 1530 #define EXT_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */ \ 1531 Value |= (((ULONGLONG)((*(Address) >> InstPos) & (((ULONGLONG)1 << Size) - 1))) << ValPos) // Intel-IA64-Filler 1532 1533 #define INS_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */\ 1534 *(PDWORD)Address = (*(PDWORD)Address & ~(((1 << Size) - 1) << InstPos)) | /* Intel-IA64-Filler */\ 1535 ((DWORD)((((ULONGLONG)Value >> ValPos) & (((ULONGLONG)1 << Size) - 1))) << InstPos) // Intel-IA64-Filler 1536 */ 1537 1538 /// Intel-IA64-Filler 1539 pub const EMARCH_ENC_I17_IMM7B_INST_WORD_X: u16 = 3; 1540 /// Intel-IA64-Filler 1541 pub const EMARCH_ENC_I17_IMM7B_SIZE_X: u16 = 7; 1542 /// Intel-IA64-Filler 1543 pub const EMARCH_ENC_I17_IMM7B_INST_WORD_POS_X: u16 = 4; 1544 /// Intel-IA64-Filler 1545 pub const EMARCH_ENC_I17_IMM7B_VAL_POS_X: u16 = 0; 1546 1547 /// Intel-IA64-Filler 1548 pub const EMARCH_ENC_I17_IMM9D_INST_WORD_X: u16 = 3; 1549 /// Intel-IA64-Filler 1550 pub const EMARCH_ENC_I17_IMM9D_SIZE_X: u16 = 9; 1551 /// Intel-IA64-Filler 1552 pub const EMARCH_ENC_I17_IMM9D_INST_WORD_POS_X: u16 = 18; 1553 /// Intel-IA64-Filler 1554 pub const EMARCH_ENC_I17_IMM9D_VAL_POS_X: u16 = 7; 1555 1556 /// Intel-IA64-Filler 1557 pub const EMARCH_ENC_I17_IMM5C_INST_WORD_X: u16 = 3; 1558 /// Intel-IA64-Filler 1559 pub const EMARCH_ENC_I17_IMM5C_SIZE_X: u16 = 5; 1560 /// Intel-IA64-Filler 1561 pub const EMARCH_ENC_I17_IMM5C_INST_WORD_POS_X: u16 = 13; 1562 /// Intel-IA64-Filler 1563 pub const EMARCH_ENC_I17_IMM5C_VAL_POS_X: u16 = 16; 1564 1565 /// Intel-IA64-Filler 1566 pub const EMARCH_ENC_I17_IC_INST_WORD_X: u16 = 3; 1567 /// Intel-IA64-Filler 1568 pub const EMARCH_ENC_I17_IC_SIZE_X: u16 = 1; 1569 /// Intel-IA64-Filler 1570 pub const EMARCH_ENC_I17_IC_INST_WORD_POS_X: u16 = 12; 1571 /// Intel-IA64-Filler 1572 pub const EMARCH_ENC_I17_IC_VAL_POS_X: u16 = 21; 1573 1574 /// Intel-IA64-Filler 1575 pub const EMARCH_ENC_I17_IMM41A_INST_WORD_X: u16 = 1; 1576 /// Intel-IA64-Filler 1577 pub const EMARCH_ENC_I17_IMM41A_SIZE_X: u16 = 10; 1578 /// Intel-IA64-Filler 1579 pub const EMARCH_ENC_I17_IMM41A_INST_WORD_POS_X: u16 = 14; 1580 /// Intel-IA64-Filler 1581 pub const EMARCH_ENC_I17_IMM41A_VAL_POS_X: u16 = 22; 1582 1583 /// Intel-IA64-Filler 1584 pub const EMARCH_ENC_I17_IMM41B_INST_WORD_X: u16 = 1; 1585 /// Intel-IA64-Filler 1586 pub const EMARCH_ENC_I17_IMM41B_SIZE_X: u16 = 8; 1587 /// Intel-IA64-Filler 1588 pub const EMARCH_ENC_I17_IMM41B_INST_WORD_POS_X: u16 = 24; 1589 /// Intel-IA64-Filler 1590 pub const EMARCH_ENC_I17_IMM41B_VAL_POS_X: u16 = 32; 1591 1592 /// Intel-IA64-Filler 1593 pub const EMARCH_ENC_I17_IMM41C_INST_WORD_X: u16 = 2; 1594 /// Intel-IA64-Filler 1595 pub const EMARCH_ENC_I17_IMM41C_SIZE_X: u16 = 23; 1596 /// Intel-IA64-Filler 1597 pub const EMARCH_ENC_I17_IMM41C_INST_WORD_POS_X: u16 = 0; 1598 /// Intel-IA64-Filler 1599 pub const EMARCH_ENC_I17_IMM41C_VAL_POS_X: u16 = 40; 1600 1601 /// Intel-IA64-Filler 1602 pub const EMARCH_ENC_I17_SIGN_INST_WORD_X: u16 = 3; 1603 /// Intel-IA64-Filler 1604 pub const EMARCH_ENC_I17_SIGN_SIZE_X: u16 = 1; 1605 /// Intel-IA64-Filler 1606 pub const EMARCH_ENC_I17_SIGN_INST_WORD_POS_X: u16 = 27; 1607 /// Intel-IA64-Filler 1608 pub const EMARCH_ENC_I17_SIGN_VAL_POS_X: u16 = 63; 1609 1610 /// Intel-IA64-Filler 1611 pub const X3_OPCODE_INST_WORD_X: u16 = 3; 1612 /// Intel-IA64-Filler 1613 pub const X3_OPCODE_SIZE_X: u16 = 4; 1614 /// Intel-IA64-Filler 1615 pub const X3_OPCODE_INST_WORD_POS_X: u16 = 28; 1616 /// Intel-IA64-Filler 1617 pub const X3_OPCODE_SIGN_VAL_POS_X: u16 = 0; 1618 1619 /// Intel-IA64-Filler 1620 pub const X3_I_INST_WORD_X: u16 = 3; 1621 /// Intel-IA64-Filler 1622 pub const X3_I_SIZE_X: u16 = 1; 1623 /// Intel-IA64-Filler 1624 pub const X3_I_INST_WORD_POS_X: u16 = 27; 1625 /// Intel-IA64-Filler 1626 pub const X3_I_SIGN_VAL_POS_X: u16 = 59; 1627 1628 /// Intel-IA64-Filler 1629 pub const X3_D_WH_INST_WORD_X: u16 = 3; 1630 /// Intel-IA64-Filler 1631 pub const X3_D_WH_SIZE_X: u16 = 3; 1632 /// Intel-IA64-Filler 1633 pub const X3_D_WH_INST_WORD_POS_X: u16 = 24; 1634 /// Intel-IA64-Filler 1635 pub const X3_D_WH_SIGN_VAL_POS_X: u16 = 0; 1636 1637 /// Intel-IA64-Filler 1638 pub const X3_IMM20_INST_WORD_X: u16 = 3; 1639 /// Intel-IA64-Filler 1640 pub const X3_IMM20_SIZE_X: u16 = 20; 1641 /// Intel-IA64-Filler 1642 pub const X3_IMM20_INST_WORD_POS_X: u16 = 4; 1643 /// Intel-IA64-Filler 1644 pub const X3_IMM20_SIGN_VAL_POS_X: u16 = 0; 1645 1646 /// Intel-IA64-Filler 1647 pub const X3_IMM39_1_INST_WORD_X: u16 = 2; 1648 /// Intel-IA64-Filler 1649 pub const X3_IMM39_1_SIZE_X: u16 = 23; 1650 /// Intel-IA64-Filler 1651 pub const X3_IMM39_1_INST_WORD_POS_X: u16 = 0; 1652 /// Intel-IA64-Filler 1653 pub const X3_IMM39_1_SIGN_VAL_POS_X: u16 = 36; 1654 1655 /// Intel-IA64-Filler 1656 pub const X3_IMM39_2_INST_WORD_X: u16 = 1; 1657 /// Intel-IA64-Filler 1658 pub const X3_IMM39_2_SIZE_X: u16 = 16; 1659 /// Intel-IA64-Filler 1660 pub const X3_IMM39_2_INST_WORD_POS_X: u16 = 16; 1661 /// Intel-IA64-Filler 1662 pub const X3_IMM39_2_SIGN_VAL_POS_X: u16 = 20; 1663 1664 /// Intel-IA64-Filler 1665 pub const X3_P_INST_WORD_X: u16 = 3; 1666 /// Intel-IA64-Filler 1667 pub const X3_P_SIZE_X: u16 = 4; 1668 /// Intel-IA64-Filler 1669 pub const X3_P_INST_WORD_POS_X: u16 = 0; 1670 /// Intel-IA64-Filler 1671 pub const X3_P_SIGN_VAL_POS_X: u16 = 0; 1672 1673 /// Intel-IA64-Filler 1674 pub const X3_TMPLT_INST_WORD_X: u16 = 0; 1675 /// Intel-IA64-Filler 1676 pub const X3_TMPLT_SIZE_X: u16 = 4; 1677 /// Intel-IA64-Filler 1678 pub const X3_TMPLT_INST_WORD_POS_X: u16 = 0; 1679 /// Intel-IA64-Filler 1680 pub const X3_TMPLT_SIGN_VAL_POS_X: u16 = 0; 1681 1682 /// Intel-IA64-Filler 1683 pub const X3_BTYPE_QP_INST_WORD_X: u16 = 2; 1684 /// Intel-IA64-Filler 1685 pub const X3_BTYPE_QP_SIZE_X: u16 = 9; 1686 /// Intel-IA64-Filler 1687 pub const X3_BTYPE_QP_INST_WORD_POS_X: u16 = 23; 1688 /// Intel-IA64-Filler 1689 pub const X3_BTYPE_QP_INST_VAL_POS_X: u16 = 0; 1690 1691 /// Intel-IA64-Filler 1692 pub const X3_EMPTY_INST_WORD_X: u16 = 1; 1693 /// Intel-IA64-Filler 1694 pub const X3_EMPTY_SIZE_X: u16 = 2; 1695 /// Intel-IA64-Filler 1696 pub const X3_EMPTY_INST_WORD_POS_X: u16 = 14; 1697 /// Intel-IA64-Filler 1698 pub const X3_EMPTY_INST_VAL_POS_X: u16 = 0; 1699 1700 // 1701 // Line number format. 1702 // 1703 1704 // This struct has alignment 1. 1705 #[derive(Debug, Clone, Copy)] 1706 #[repr(C)] 1707 pub struct ImageLinenumber { 1708 /// Symbol table index of function name if Linenumber is 0. 1709 /// Otherwise virtual address of line number. 1710 pub symbol_table_index_or_virtual_address: U32Bytes<LE>, 1711 /// Line number. 1712 pub linenumber: U16Bytes<LE>, 1713 } 1714 1715 // 1716 // Based relocation format. 1717 // 1718 1719 #[derive(Debug, Clone, Copy)] 1720 #[repr(C)] 1721 pub struct ImageBaseRelocation { 1722 pub virtual_address: U32<LE>, 1723 pub size_of_block: U32<LE>, 1724 // pub type_offset[1]: U16<LE>, 1725 } 1726 1727 // 1728 // Based relocation types. 1729 // 1730 1731 pub const IMAGE_REL_BASED_ABSOLUTE: u16 = 0; 1732 pub const IMAGE_REL_BASED_HIGH: u16 = 1; 1733 pub const IMAGE_REL_BASED_LOW: u16 = 2; 1734 pub const IMAGE_REL_BASED_HIGHLOW: u16 = 3; 1735 pub const IMAGE_REL_BASED_HIGHADJ: u16 = 4; 1736 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_5: u16 = 5; 1737 pub const IMAGE_REL_BASED_RESERVED: u16 = 6; 1738 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_7: u16 = 7; 1739 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_8: u16 = 8; 1740 pub const IMAGE_REL_BASED_MACHINE_SPECIFIC_9: u16 = 9; 1741 pub const IMAGE_REL_BASED_DIR64: u16 = 10; 1742 1743 // 1744 // Platform-specific based relocation types. 1745 // 1746 1747 pub const IMAGE_REL_BASED_IA64_IMM64: u16 = 9; 1748 1749 pub const IMAGE_REL_BASED_MIPS_JMPADDR: u16 = 5; 1750 pub const IMAGE_REL_BASED_MIPS_JMPADDR16: u16 = 9; 1751 1752 pub const IMAGE_REL_BASED_ARM_MOV32: u16 = 5; 1753 pub const IMAGE_REL_BASED_THUMB_MOV32: u16 = 7; 1754 1755 pub const IMAGE_REL_BASED_RISCV_HIGH20: u16 = 5; 1756 pub const IMAGE_REL_BASED_RISCV_LOW12I: u16 = 7; 1757 pub const IMAGE_REL_BASED_RISCV_LOW12S: u16 = 8; 1758 1759 // 1760 // Archive format. 1761 // 1762 1763 pub const IMAGE_ARCHIVE_START_SIZE: usize = 8; 1764 pub const IMAGE_ARCHIVE_START: &[u8; 8] = b"!<arch>\n"; 1765 pub const IMAGE_ARCHIVE_END: &[u8] = b"`\n"; 1766 pub const IMAGE_ARCHIVE_PAD: &[u8] = b"\n"; 1767 pub const IMAGE_ARCHIVE_LINKER_MEMBER: &[u8; 16] = b"/ "; 1768 pub const IMAGE_ARCHIVE_LONGNAMES_MEMBER: &[u8; 16] = b"// "; 1769 pub const IMAGE_ARCHIVE_HYBRIDMAP_MEMBER: &[u8; 16] = b"/<HYBRIDMAP>/ "; 1770 1771 #[derive(Debug, Clone, Copy)] 1772 #[repr(C)] 1773 pub struct ImageArchiveMemberHeader { 1774 /// File member name - `/' terminated. 1775 pub name: [u8; 16], 1776 /// File member date - decimal. 1777 pub date: [u8; 12], 1778 /// File member user id - decimal. 1779 pub user_id: [u8; 6], 1780 /// File member group id - decimal. 1781 pub group_id: [u8; 6], 1782 /// File member mode - octal. 1783 pub mode: [u8; 8], 1784 /// File member size - decimal. 1785 pub size: [u8; 10], 1786 /// String to end header. 1787 pub end_header: [u8; 2], 1788 } 1789 1790 pub const IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR: u16 = 60; 1791 1792 // 1793 // DLL support. 1794 // 1795 1796 // 1797 // Export Format 1798 // 1799 1800 #[derive(Debug, Clone, Copy)] 1801 #[repr(C)] 1802 pub struct ImageExportDirectory { 1803 pub characteristics: U32<LE>, 1804 pub time_date_stamp: U32<LE>, 1805 pub major_version: U16<LE>, 1806 pub minor_version: U16<LE>, 1807 pub name: U32<LE>, 1808 pub base: U32<LE>, 1809 pub number_of_functions: U32<LE>, 1810 pub number_of_names: U32<LE>, 1811 /// RVA from base of image 1812 pub address_of_functions: U32<LE>, 1813 /// RVA from base of image 1814 pub address_of_names: U32<LE>, 1815 /// RVA from base of image 1816 pub address_of_name_ordinals: U32<LE>, 1817 } 1818 1819 // 1820 // Import Format 1821 // 1822 1823 #[derive(Debug, Clone, Copy)] 1824 #[repr(C)] 1825 pub struct ImageImportByName { 1826 pub hint: U16<LE>, 1827 //pub name: [i8; 1], 1828 } 1829 1830 #[derive(Debug, Clone, Copy)] 1831 #[repr(C)] 1832 pub struct ImageThunkData64(pub U64<LE>); 1833 /* 1834 union { 1835 /// PBYTE 1836 pub forwarder_string: U64<LE>, 1837 /// PDWORD 1838 pub function: U64<LE>, 1839 pub ordinal: U64<LE>, 1840 /// PIMAGE_IMPORT_BY_NAME 1841 pub address_of_data: U64<LE>, 1842 } u1; 1843 */ 1844 1845 #[derive(Debug, Clone, Copy)] 1846 #[repr(C)] 1847 pub struct ImageThunkData32(pub U32<LE>); 1848 /* 1849 union { 1850 /// PBYTE 1851 pub forwarder_string: U32<LE>, 1852 /// PDWORD 1853 pub function: U32<LE>, 1854 pub ordinal: U32<LE>, 1855 /// PIMAGE_IMPORT_BY_NAME 1856 pub address_of_data: U32<LE>, 1857 } u1; 1858 } 1859 */ 1860 1861 pub const IMAGE_ORDINAL_FLAG64: u64 = 0x8000000000000000; 1862 pub const IMAGE_ORDINAL_FLAG32: u32 = 0x80000000; 1863 1864 /* 1865 #define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff) 1866 #define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff) 1867 #define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0) 1868 #define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0) 1869 1870 */ 1871 1872 // 1873 // Thread Local Storage 1874 // 1875 1876 #[derive(Debug, Clone, Copy)] 1877 #[repr(C)] 1878 pub struct ImageTlsDirectory64 { 1879 pub start_address_of_raw_data: U64<LE>, 1880 pub end_address_of_raw_data: U64<LE>, 1881 /// PDWORD 1882 pub address_of_index: U64<LE>, 1883 /// PIMAGE_TLS_CALLBACK *; 1884 pub address_of_call_backs: U64<LE>, 1885 pub size_of_zero_fill: U32<LE>, 1886 pub characteristics: U32<LE>, 1887 } 1888 1889 #[derive(Debug, Clone, Copy)] 1890 #[repr(C)] 1891 pub struct ImageTlsDirectory32 { 1892 pub start_address_of_raw_data: U32<LE>, 1893 pub end_address_of_raw_data: U32<LE>, 1894 /// PDWORD 1895 pub address_of_index: U32<LE>, 1896 /// PIMAGE_TLS_CALLBACK * 1897 pub address_of_call_backs: U32<LE>, 1898 pub size_of_zero_fill: U32<LE>, 1899 pub characteristics: U32<LE>, 1900 } 1901 1902 #[derive(Debug, Clone, Copy)] 1903 #[repr(C)] 1904 pub struct ImageImportDescriptor { 1905 /// RVA to original unbound IAT (`ImageThunkData32`/`ImageThunkData64`) 1906 /// 0 for terminating null import descriptor 1907 pub original_first_thunk: U32Bytes<LE>, 1908 /// 0 if not bound, 1909 /// -1 if bound, and real date\time stamp 1910 /// in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) 1911 /// O.W. date/time stamp of DLL bound to (Old BIND) 1912 pub time_date_stamp: U32Bytes<LE>, 1913 /// -1 if no forwarders 1914 pub forwarder_chain: U32Bytes<LE>, 1915 pub name: U32Bytes<LE>, 1916 /// RVA to IAT (if bound this IAT has actual addresses) 1917 pub first_thunk: U32Bytes<LE>, 1918 } 1919 1920 impl ImageImportDescriptor { 1921 /// Tell whether this import descriptor is the null descriptor 1922 /// (used to mark the end of the iterator array in a PE) is_null(&self) -> bool1923 pub fn is_null(&self) -> bool { 1924 self.original_first_thunk.get(LE) == 0 1925 && self.time_date_stamp.get(LE) == 0 1926 && self.forwarder_chain.get(LE) == 0 1927 && self.name.get(LE) == 0 1928 && self.first_thunk.get(LE) == 0 1929 } 1930 } 1931 1932 // 1933 // New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ] 1934 // 1935 1936 #[derive(Debug, Clone, Copy)] 1937 #[repr(C)] 1938 pub struct ImageBoundImportDescriptor { 1939 pub time_date_stamp: U32<LE>, 1940 pub offset_module_name: U16<LE>, 1941 pub number_of_module_forwarder_refs: U16<LE>, 1942 // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows 1943 } 1944 1945 #[derive(Debug, Clone, Copy)] 1946 #[repr(C)] 1947 pub struct ImageBoundForwarderRef { 1948 pub time_date_stamp: U32<LE>, 1949 pub offset_module_name: U16<LE>, 1950 pub reserved: U16<LE>, 1951 } 1952 1953 #[derive(Debug, Clone, Copy)] 1954 #[repr(C)] 1955 pub struct ImageDelayloadDescriptor { 1956 pub attributes: U32<LE>, 1957 1958 /// RVA to the name of the target library (NULL-terminate ASCII string) 1959 pub dll_name_rva: U32<LE>, 1960 /// RVA to the HMODULE caching location (PHMODULE) 1961 pub module_handle_rva: U32<LE>, 1962 /// RVA to the start of the IAT (PIMAGE_THUNK_DATA) 1963 pub import_address_table_rva: U32<LE>, 1964 /// RVA to the start of the name table (PIMAGE_THUNK_DATA::AddressOfData) 1965 pub import_name_table_rva: U32<LE>, 1966 /// RVA to an optional bound IAT 1967 pub bound_import_address_table_rva: U32<LE>, 1968 /// RVA to an optional unload info table 1969 pub unload_information_table_rva: U32<LE>, 1970 /// 0 if not bound, otherwise, date/time of the target DLL 1971 pub time_date_stamp: U32<LE>, 1972 } 1973 1974 /// Delay load version 2 flag for `ImageDelayloadDescriptor::attributes`. 1975 pub const IMAGE_DELAYLOAD_RVA_BASED: u32 = 0x8000_0000; 1976 1977 // 1978 // Resource Format. 1979 // 1980 1981 // 1982 // Resource directory consists of two counts, following by a variable length 1983 // array of directory entries. The first count is the number of entries at 1984 // beginning of the array that have actual names associated with each entry. 1985 // The entries are in ascending order, case insensitive strings. The second 1986 // count is the number of entries that immediately follow the named entries. 1987 // This second count identifies the number of entries that have 16-bit integer 1988 // Ids as their name. These entries are also sorted in ascending order. 1989 // 1990 // This structure allows fast lookup by either name or number, but for any 1991 // given resource entry only one form of lookup is supported, not both. 1992 // This is consistant with the syntax of the .RC file and the .RES file. 1993 // 1994 1995 #[derive(Debug, Clone, Copy)] 1996 #[repr(C)] 1997 pub struct ImageResourceDirectory { 1998 pub characteristics: U32<LE>, 1999 pub time_date_stamp: U32<LE>, 2000 pub major_version: U16<LE>, 2001 pub minor_version: U16<LE>, 2002 pub number_of_named_entries: U16<LE>, 2003 pub number_of_id_entries: U16<LE>, 2004 // DirectoryEntries[ImageResourceDirectoryEntry]; 2005 } 2006 2007 pub const IMAGE_RESOURCE_NAME_IS_STRING: u32 = 0x8000_0000; 2008 pub const IMAGE_RESOURCE_DATA_IS_DIRECTORY: u32 = 0x8000_0000; 2009 // 2010 // Each directory contains the 32-bit Name of the entry and an offset, 2011 // relative to the beginning of the resource directory of the data associated 2012 // with this directory entry. If the name of the entry is an actual text 2013 // string instead of an integer Id, then the high order bit of the name field 2014 // is set to one and the low order 31-bits are an offset, relative to the 2015 // beginning of the resource directory of the string, which is of type 2016 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the 2017 // low-order 16-bits are the integer Id that identify this resource directory 2018 // entry. If the directory entry is yet another resource directory (i.e. a 2019 // subdirectory), then the high order bit of the offset field will be 2020 // set to indicate this. Otherwise the high bit is clear and the offset 2021 // field points to a resource data entry. 2022 // 2023 2024 #[derive(Debug, Clone, Copy)] 2025 #[repr(C)] 2026 pub struct ImageResourceDirectoryEntry { 2027 pub name_or_id: U32<LE>, 2028 pub offset_to_data_or_directory: U32<LE>, 2029 } 2030 2031 // 2032 // For resource directory entries that have actual string names, the Name 2033 // field of the directory entry points to an object of the following type. 2034 // All of these string objects are stored together after the last resource 2035 // directory entry and before the first resource data object. This minimizes 2036 // the impact of these variable length objects on the alignment of the fixed 2037 // size directory entry objects. 2038 // 2039 2040 #[derive(Debug, Clone, Copy)] 2041 #[repr(C)] 2042 pub struct ImageResourceDirectoryString { 2043 pub length: U16<LE>, 2044 //pub name_string: [i8; 1], 2045 } 2046 2047 #[derive(Debug, Clone, Copy)] 2048 #[repr(C)] 2049 pub struct ImageResourceDirStringU { 2050 pub length: U16<LE>, 2051 //pub name_string: [U16<LE>; 1], 2052 } 2053 2054 // 2055 // Each resource data entry describes a leaf node in the resource directory 2056 // tree. It contains an offset, relative to the beginning of the resource 2057 // directory of the data for the resource, a size field that gives the number 2058 // of bytes of data at that offset, a CodePage that should be used when 2059 // decoding code point values within the resource data. Typically for new 2060 // applications the code page would be the unicode code page. 2061 // 2062 2063 #[derive(Debug, Clone, Copy)] 2064 #[repr(C)] 2065 pub struct ImageResourceDataEntry { 2066 pub offset_to_data: U32<LE>, 2067 pub size: U32<LE>, 2068 pub code_page: U32<LE>, 2069 pub reserved: U32<LE>, 2070 } 2071 2072 // 2073 // Code Integrity in loadconfig (CI) 2074 // 2075 2076 #[derive(Debug, Clone, Copy)] 2077 #[repr(C)] 2078 pub struct ImageLoadConfigCodeIntegrity { 2079 /// Flags to indicate if CI information is available, etc. 2080 pub flags: U16<LE>, 2081 /// 0xFFFF means not available 2082 pub catalog: U16<LE>, 2083 pub catalog_offset: U32<LE>, 2084 /// Additional bitmask to be defined later 2085 pub reserved: U32<LE>, 2086 } 2087 2088 // 2089 // Dynamic value relocation table in loadconfig 2090 // 2091 2092 #[derive(Debug, Clone, Copy)] 2093 #[repr(C)] 2094 pub struct ImageDynamicRelocationTable { 2095 pub version: U32<LE>, 2096 pub size: U32<LE>, 2097 // DynamicRelocations: [ImageDynamicRelocation; 0], 2098 } 2099 2100 // 2101 // Dynamic value relocation entries following IMAGE_DYNAMIC_RELOCATION_TABLE 2102 // 2103 2104 #[derive(Debug, Clone, Copy)] 2105 #[repr(C)] 2106 pub struct ImageDynamicRelocation32 { 2107 pub symbol: U32<LE>, 2108 pub base_reloc_size: U32<LE>, 2109 // BaseRelocations: [ImageBaseRelocation; 0], 2110 } 2111 2112 #[derive(Debug, Clone, Copy)] 2113 #[repr(C)] 2114 pub struct ImageDynamicRelocation64 { 2115 pub symbol: U64<LE>, 2116 pub base_reloc_size: U32<LE>, 2117 // BaseRelocations: [ImageBaseRelocation; 0], 2118 } 2119 2120 #[derive(Debug, Clone, Copy)] 2121 #[repr(C)] 2122 pub struct ImageDynamicRelocation32V2 { 2123 pub header_size: U32<LE>, 2124 pub fixup_info_size: U32<LE>, 2125 pub symbol: U32<LE>, 2126 pub symbol_group: U32<LE>, 2127 pub flags: U32<LE>, 2128 // ... variable length header fields 2129 // pub fixup_info: [u8; fixup_info_size] 2130 } 2131 2132 #[derive(Debug, Clone, Copy)] 2133 #[repr(C)] 2134 pub struct ImageDynamicRelocation64V2 { 2135 pub header_size: U32<LE>, 2136 pub fixup_info_size: U32<LE>, 2137 pub symbol: U64<LE>, 2138 pub symbol_group: U32<LE>, 2139 pub flags: U32<LE>, 2140 // ... variable length header fields 2141 // pub fixup_info[u8; fixup_info_size] 2142 } 2143 2144 // 2145 // Defined symbolic dynamic relocation entries. 2146 // 2147 2148 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_RF_PROLOGUE: u32 = 0x0000_0001; 2149 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_RF_EPILOGUE: u32 = 0x0000_0002; 2150 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER: u32 = 0x0000_0003; 2151 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_INDIR_CONTROL_TRANSFER: u32 = 0x0000_0004; 2152 pub const IMAGE_DYNAMIC_RELOCATION_GUARD_SWITCHTABLE_BRANCH: u32 = 0x0000_0005; 2153 2154 // This struct has alignment 1. 2155 #[derive(Debug, Clone, Copy)] 2156 #[repr(C)] 2157 pub struct ImagePrologueDynamicRelocationHeader { 2158 pub prologue_byte_count: u8, 2159 // pub prologue_bytes: [u8; prologue_byte_count], 2160 } 2161 2162 // This struct has alignment 1. 2163 #[derive(Debug, Clone, Copy)] 2164 #[repr(C)] 2165 pub struct ImageEpilogueDynamicRelocationHeader { 2166 pub epilogue_count: U32Bytes<LE>, 2167 pub epilogue_byte_count: u8, 2168 pub branch_descriptor_element_size: u8, 2169 pub branch_descriptor_count: U16Bytes<LE>, 2170 // pub branch_descriptors[...], 2171 // pub branch_descriptor_bit_map[...], 2172 } 2173 2174 /* 2175 // TODO? bitfields 2176 // TODO: unaligned? 2177 #[derive(Debug, Clone, Copy)] 2178 #[repr(C)] 2179 pub struct ImageImportControlTransferDynamicRelocation { 2180 DWORD PageRelativeOffset : 12; 2181 DWORD IndirectCall : 1; 2182 DWORD IATIndex : 19; 2183 } 2184 2185 // TODO: unaligned? 2186 #[derive(Debug, Clone, Copy)] 2187 #[repr(C)] 2188 pub struct ImageIndirControlTransferDynamicRelocation { 2189 WORD PageRelativeOffset : 12; 2190 WORD IndirectCall : 1; 2191 WORD RexWPrefix : 1; 2192 WORD CfgCheck : 1; 2193 WORD Reserved : 1; 2194 } 2195 2196 // TODO: unaligned? 2197 #[derive(Debug, Clone, Copy)] 2198 #[repr(C)] 2199 pub struct ImageSwitchtableBranchDynamicRelocation { 2200 WORD PageRelativeOffset : 12; 2201 WORD RegisterNumber : 4; 2202 } 2203 */ 2204 2205 // 2206 // Load Configuration Directory Entry 2207 // 2208 2209 #[derive(Debug, Clone, Copy)] 2210 #[repr(C)] 2211 pub struct ImageLoadConfigDirectory32 { 2212 pub size: U32<LE>, 2213 pub time_date_stamp: U32<LE>, 2214 pub major_version: U16<LE>, 2215 pub minor_version: U16<LE>, 2216 pub global_flags_clear: U32<LE>, 2217 pub global_flags_set: U32<LE>, 2218 pub critical_section_default_timeout: U32<LE>, 2219 pub de_commit_free_block_threshold: U32<LE>, 2220 pub de_commit_total_free_threshold: U32<LE>, 2221 /// VA 2222 pub lock_prefix_table: U32<LE>, 2223 pub maximum_allocation_size: U32<LE>, 2224 pub virtual_memory_threshold: U32<LE>, 2225 pub process_heap_flags: U32<LE>, 2226 pub process_affinity_mask: U32<LE>, 2227 pub csd_version: U16<LE>, 2228 pub dependent_load_flags: U16<LE>, 2229 /// VA 2230 pub edit_list: U32<LE>, 2231 /// VA 2232 pub security_cookie: U32<LE>, 2233 /// VA 2234 pub sehandler_table: U32<LE>, 2235 pub sehandler_count: U32<LE>, 2236 /// VA 2237 pub guard_cf_check_function_pointer: U32<LE>, 2238 /// VA 2239 pub guard_cf_dispatch_function_pointer: U32<LE>, 2240 /// VA 2241 pub guard_cf_function_table: U32<LE>, 2242 pub guard_cf_function_count: U32<LE>, 2243 pub guard_flags: U32<LE>, 2244 pub code_integrity: ImageLoadConfigCodeIntegrity, 2245 /// VA 2246 pub guard_address_taken_iat_entry_table: U32<LE>, 2247 pub guard_address_taken_iat_entry_count: U32<LE>, 2248 /// VA 2249 pub guard_long_jump_target_table: U32<LE>, 2250 pub guard_long_jump_target_count: U32<LE>, 2251 /// VA 2252 pub dynamic_value_reloc_table: U32<LE>, 2253 pub chpe_metadata_pointer: U32<LE>, 2254 /// VA 2255 pub guard_rf_failure_routine: U32<LE>, 2256 /// VA 2257 pub guard_rf_failure_routine_function_pointer: U32<LE>, 2258 pub dynamic_value_reloc_table_offset: U32<LE>, 2259 pub dynamic_value_reloc_table_section: U16<LE>, 2260 pub reserved2: U16<LE>, 2261 /// VA 2262 pub guard_rf_verify_stack_pointer_function_pointer: U32<LE>, 2263 pub hot_patch_table_offset: U32<LE>, 2264 pub reserved3: U32<LE>, 2265 /// VA 2266 pub enclave_configuration_pointer: U32<LE>, 2267 /// VA 2268 pub volatile_metadata_pointer: U32<LE>, 2269 } 2270 2271 #[derive(Debug, Clone, Copy)] 2272 #[repr(C)] 2273 pub struct ImageLoadConfigDirectory64 { 2274 pub size: U32<LE>, 2275 pub time_date_stamp: U32<LE>, 2276 pub major_version: U16<LE>, 2277 pub minor_version: U16<LE>, 2278 pub global_flags_clear: U32<LE>, 2279 pub global_flags_set: U32<LE>, 2280 pub critical_section_default_timeout: U32<LE>, 2281 pub de_commit_free_block_threshold: U64<LE>, 2282 pub de_commit_total_free_threshold: U64<LE>, 2283 /// VA 2284 pub lock_prefix_table: U64<LE>, 2285 pub maximum_allocation_size: U64<LE>, 2286 pub virtual_memory_threshold: U64<LE>, 2287 pub process_affinity_mask: U64<LE>, 2288 pub process_heap_flags: U32<LE>, 2289 pub csd_version: U16<LE>, 2290 pub dependent_load_flags: U16<LE>, 2291 /// VA 2292 pub edit_list: U64<LE>, 2293 /// VA 2294 pub security_cookie: U64<LE>, 2295 /// VA 2296 pub sehandler_table: U64<LE>, 2297 pub sehandler_count: U64<LE>, 2298 /// VA 2299 pub guard_cf_check_function_pointer: U64<LE>, 2300 /// VA 2301 pub guard_cf_dispatch_function_pointer: U64<LE>, 2302 /// VA 2303 pub guard_cf_function_table: U64<LE>, 2304 pub guard_cf_function_count: U64<LE>, 2305 pub guard_flags: U32<LE>, 2306 pub code_integrity: ImageLoadConfigCodeIntegrity, 2307 /// VA 2308 pub guard_address_taken_iat_entry_table: U64<LE>, 2309 pub guard_address_taken_iat_entry_count: U64<LE>, 2310 /// VA 2311 pub guard_long_jump_target_table: U64<LE>, 2312 pub guard_long_jump_target_count: U64<LE>, 2313 /// VA 2314 pub dynamic_value_reloc_table: U64<LE>, 2315 /// VA 2316 pub chpe_metadata_pointer: U64<LE>, 2317 /// VA 2318 pub guard_rf_failure_routine: U64<LE>, 2319 /// VA 2320 pub guard_rf_failure_routine_function_pointer: U64<LE>, 2321 pub dynamic_value_reloc_table_offset: U32<LE>, 2322 pub dynamic_value_reloc_table_section: U16<LE>, 2323 pub reserved2: U16<LE>, 2324 /// VA 2325 pub guard_rf_verify_stack_pointer_function_pointer: U64<LE>, 2326 pub hot_patch_table_offset: U32<LE>, 2327 pub reserved3: U32<LE>, 2328 /// VA 2329 pub enclave_configuration_pointer: U64<LE>, 2330 /// VA 2331 pub volatile_metadata_pointer: U64<LE>, 2332 } 2333 2334 #[derive(Debug, Clone, Copy)] 2335 #[repr(C)] 2336 pub struct ImageHotPatchInfo { 2337 pub version: U32<LE>, 2338 pub size: U32<LE>, 2339 pub sequence_number: U32<LE>, 2340 pub base_image_list: U32<LE>, 2341 pub base_image_count: U32<LE>, 2342 /// Version 2 and later 2343 pub buffer_offset: U32<LE>, 2344 /// Version 3 and later 2345 pub extra_patch_size: U32<LE>, 2346 } 2347 2348 #[derive(Debug, Clone, Copy)] 2349 #[repr(C)] 2350 pub struct ImageHotPatchBase { 2351 pub sequence_number: U32<LE>, 2352 pub flags: U32<LE>, 2353 pub original_time_date_stamp: U32<LE>, 2354 pub original_check_sum: U32<LE>, 2355 pub code_integrity_info: U32<LE>, 2356 pub code_integrity_size: U32<LE>, 2357 pub patch_table: U32<LE>, 2358 /// Version 2 and later 2359 pub buffer_offset: U32<LE>, 2360 } 2361 2362 #[derive(Debug, Clone, Copy)] 2363 #[repr(C)] 2364 pub struct ImageHotPatchHashes { 2365 pub sha256: [u8; 32], 2366 pub sha1: [u8; 20], 2367 } 2368 2369 pub const IMAGE_HOT_PATCH_BASE_OBLIGATORY: u32 = 0x0000_0001; 2370 pub const IMAGE_HOT_PATCH_BASE_CAN_ROLL_BACK: u32 = 0x0000_0002; 2371 2372 pub const IMAGE_HOT_PATCH_CHUNK_INVERSE: u32 = 0x8000_0000; 2373 pub const IMAGE_HOT_PATCH_CHUNK_OBLIGATORY: u32 = 0x4000_0000; 2374 pub const IMAGE_HOT_PATCH_CHUNK_RESERVED: u32 = 0x3FF0_3000; 2375 pub const IMAGE_HOT_PATCH_CHUNK_TYPE: u32 = 0x000F_C000; 2376 pub const IMAGE_HOT_PATCH_CHUNK_SOURCE_RVA: u32 = 0x0000_8000; 2377 pub const IMAGE_HOT_PATCH_CHUNK_TARGET_RVA: u32 = 0x0000_4000; 2378 pub const IMAGE_HOT_PATCH_CHUNK_SIZE: u32 = 0x0000_0FFF; 2379 2380 pub const IMAGE_HOT_PATCH_NONE: u32 = 0x0000_0000; 2381 pub const IMAGE_HOT_PATCH_FUNCTION: u32 = 0x0001_C000; 2382 pub const IMAGE_HOT_PATCH_ABSOLUTE: u32 = 0x0002_C000; 2383 pub const IMAGE_HOT_PATCH_REL32: u32 = 0x0003_C000; 2384 pub const IMAGE_HOT_PATCH_CALL_TARGET: u32 = 0x0004_4000; 2385 pub const IMAGE_HOT_PATCH_INDIRECT: u32 = 0x0005_C000; 2386 pub const IMAGE_HOT_PATCH_NO_CALL_TARGET: u32 = 0x0006_4000; 2387 pub const IMAGE_HOT_PATCH_DYNAMIC_VALUE: u32 = 0x0007_8000; 2388 2389 /// Module performs control flow integrity checks using system-supplied support 2390 pub const IMAGE_GUARD_CF_INSTRUMENTED: u32 = 0x0000_0100; 2391 /// Module performs control flow and write integrity checks 2392 pub const IMAGE_GUARD_CFW_INSTRUMENTED: u32 = 0x0000_0200; 2393 /// Module contains valid control flow target metadata 2394 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_PRESENT: u32 = 0x0000_0400; 2395 /// Module does not make use of the /GS security cookie 2396 pub const IMAGE_GUARD_SECURITY_COOKIE_UNUSED: u32 = 0x0000_0800; 2397 /// Module supports read only delay load IAT 2398 pub const IMAGE_GUARD_PROTECT_DELAYLOAD_IAT: u32 = 0x0000_1000; 2399 /// Delayload import table in its own .didat section (with nothing else in it) that can be freely reprotected 2400 pub const IMAGE_GUARD_DELAYLOAD_IAT_IN_ITS_OWN_SECTION: u32 = 0x0000_2000; 2401 /// Module contains suppressed export information. 2402 /// 2403 /// This also infers that the address taken taken IAT table is also present in the load config. 2404 pub const IMAGE_GUARD_CF_EXPORT_SUPPRESSION_INFO_PRESENT: u32 = 0x0000_4000; 2405 /// Module enables suppression of exports 2406 pub const IMAGE_GUARD_CF_ENABLE_EXPORT_SUPPRESSION: u32 = 0x0000_8000; 2407 /// Module contains longjmp target information 2408 pub const IMAGE_GUARD_CF_LONGJUMP_TABLE_PRESENT: u32 = 0x0001_0000; 2409 /// Module contains return flow instrumentation and metadata 2410 pub const IMAGE_GUARD_RF_INSTRUMENTED: u32 = 0x0002_0000; 2411 /// Module requests that the OS enable return flow protection 2412 pub const IMAGE_GUARD_RF_ENABLE: u32 = 0x0004_0000; 2413 /// Module requests that the OS enable return flow protection in strict mode 2414 pub const IMAGE_GUARD_RF_STRICT: u32 = 0x0008_0000; 2415 /// Module was built with retpoline support 2416 pub const IMAGE_GUARD_RETPOLINE_PRESENT: u32 = 0x0010_0000; 2417 2418 /// Stride of Guard CF function table encoded in these bits (additional count of bytes per element) 2419 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_SIZE_MASK: u32 = 0xF000_0000; 2420 /// Shift to right-justify Guard CF function table stride 2421 pub const IMAGE_GUARD_CF_FUNCTION_TABLE_SIZE_SHIFT: u32 = 28; 2422 2423 // 2424 // GFIDS table entry flags. 2425 // 2426 2427 /// The containing GFID entry is suppressed 2428 pub const IMAGE_GUARD_FLAG_FID_SUPPRESSED: u16 = 0x01; 2429 /// The containing GFID entry is export suppressed 2430 pub const IMAGE_GUARD_FLAG_EXPORT_SUPPRESSED: u16 = 0x02; 2431 2432 // 2433 // WIN CE Exception table format 2434 // 2435 2436 // 2437 // Function table entry format. Function table is pointed to by the 2438 // IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. 2439 // 2440 2441 /* 2442 // TODO? bitfields 2443 #[derive(Debug, Clone, Copy)] 2444 #[repr(C)] 2445 pub struct ImageCeRuntimeFunctionEntry { 2446 pub func_start: U32<LE>, 2447 DWORD PrologLen : 8; 2448 DWORD FuncLen : 22; 2449 DWORD ThirtyTwoBit : 1; 2450 DWORD ExceptionFlag : 1; 2451 } 2452 */ 2453 2454 #[derive(Debug, Clone, Copy)] 2455 #[repr(C)] 2456 pub struct ImageArmRuntimeFunctionEntry { 2457 pub begin_address: U32<LE>, 2458 pub unwind_data: U32<LE>, 2459 } 2460 2461 #[derive(Debug, Clone, Copy)] 2462 #[repr(C)] 2463 pub struct ImageArm64RuntimeFunctionEntry { 2464 pub begin_address: U32<LE>, 2465 pub unwind_data: U32<LE>, 2466 } 2467 2468 #[derive(Debug, Clone, Copy)] 2469 #[repr(C)] 2470 pub struct ImageAlpha64RuntimeFunctionEntry { 2471 pub begin_address: U64<LE>, 2472 pub end_address: U64<LE>, 2473 pub exception_handler: U64<LE>, 2474 pub handler_data: U64<LE>, 2475 pub prolog_end_address: U64<LE>, 2476 } 2477 2478 #[derive(Debug, Clone, Copy)] 2479 #[repr(C)] 2480 pub struct ImageAlphaRuntimeFunctionEntry { 2481 pub begin_address: U32<LE>, 2482 pub end_address: U32<LE>, 2483 pub exception_handler: U32<LE>, 2484 pub handler_data: U32<LE>, 2485 pub prolog_end_address: U32<LE>, 2486 } 2487 2488 #[derive(Debug, Clone, Copy)] 2489 #[repr(C)] 2490 pub struct ImageRuntimeFunctionEntry { 2491 pub begin_address: U32<LE>, 2492 pub end_address: U32<LE>, 2493 pub unwind_info_address_or_data: U32<LE>, 2494 } 2495 2496 // 2497 // Sofware enclave information 2498 // 2499 2500 pub const IMAGE_ENCLAVE_LONG_ID_LENGTH: usize = 32; 2501 pub const IMAGE_ENCLAVE_SHORT_ID_LENGTH: usize = 16; 2502 2503 #[derive(Debug, Clone, Copy)] 2504 #[repr(C)] 2505 pub struct ImageEnclaveConfig32 { 2506 pub size: U32<LE>, 2507 pub minimum_required_config_size: U32<LE>, 2508 pub policy_flags: U32<LE>, 2509 pub number_of_imports: U32<LE>, 2510 pub import_list: U32<LE>, 2511 pub import_entry_size: U32<LE>, 2512 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2513 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2514 pub image_version: U32<LE>, 2515 pub security_version: U32<LE>, 2516 pub enclave_size: U32<LE>, 2517 pub number_of_threads: U32<LE>, 2518 pub enclave_flags: U32<LE>, 2519 } 2520 2521 #[derive(Debug, Clone, Copy)] 2522 #[repr(C)] 2523 pub struct ImageEnclaveConfig64 { 2524 pub size: U32<LE>, 2525 pub minimum_required_config_size: U32<LE>, 2526 pub policy_flags: U32<LE>, 2527 pub number_of_imports: U32<LE>, 2528 pub import_list: U32<LE>, 2529 pub import_entry_size: U32<LE>, 2530 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2531 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2532 pub image_version: U32<LE>, 2533 pub security_version: U32<LE>, 2534 pub enclave_size: U64<LE>, 2535 pub number_of_threads: U32<LE>, 2536 pub enclave_flags: U32<LE>, 2537 } 2538 2539 //pub const IMAGE_ENCLAVE_MINIMUM_CONFIG_SIZE: usize = FIELD_OFFSET(IMAGE_ENCLAVE_CONFIG, EnclaveFlags); 2540 2541 pub const IMAGE_ENCLAVE_POLICY_DEBUGGABLE: u32 = 0x0000_0001; 2542 2543 pub const IMAGE_ENCLAVE_FLAG_PRIMARY_IMAGE: u32 = 0x0000_0001; 2544 2545 #[derive(Debug, Clone, Copy)] 2546 #[repr(C)] 2547 pub struct ImageEnclaveImport { 2548 pub match_type: U32<LE>, 2549 pub minimum_security_version: U32<LE>, 2550 pub unique_or_author_id: [u8; IMAGE_ENCLAVE_LONG_ID_LENGTH], 2551 pub family_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2552 pub image_id: [u8; IMAGE_ENCLAVE_SHORT_ID_LENGTH], 2553 pub import_name: U32<LE>, 2554 pub reserved: U32<LE>, 2555 } 2556 2557 pub const IMAGE_ENCLAVE_IMPORT_MATCH_NONE: u32 = 0x0000_0000; 2558 pub const IMAGE_ENCLAVE_IMPORT_MATCH_UNIQUE_ID: u32 = 0x0000_0001; 2559 pub const IMAGE_ENCLAVE_IMPORT_MATCH_AUTHOR_ID: u32 = 0x0000_0002; 2560 pub const IMAGE_ENCLAVE_IMPORT_MATCH_FAMILY_ID: u32 = 0x0000_0003; 2561 pub const IMAGE_ENCLAVE_IMPORT_MATCH_IMAGE_ID: u32 = 0x0000_0004; 2562 2563 // 2564 // Debug Format 2565 // 2566 2567 #[derive(Debug, Clone, Copy)] 2568 #[repr(C)] 2569 pub struct ImageDebugDirectory { 2570 pub characteristics: U32<LE>, 2571 pub time_date_stamp: U32<LE>, 2572 pub major_version: U16<LE>, 2573 pub minor_version: U16<LE>, 2574 pub typ: U32<LE>, 2575 pub size_of_data: U32<LE>, 2576 pub address_of_raw_data: U32<LE>, 2577 pub pointer_to_raw_data: U32<LE>, 2578 } 2579 2580 pub const IMAGE_DEBUG_TYPE_UNKNOWN: u32 = 0; 2581 pub const IMAGE_DEBUG_TYPE_COFF: u32 = 1; 2582 pub const IMAGE_DEBUG_TYPE_CODEVIEW: u32 = 2; 2583 pub const IMAGE_DEBUG_TYPE_FPO: u32 = 3; 2584 pub const IMAGE_DEBUG_TYPE_MISC: u32 = 4; 2585 pub const IMAGE_DEBUG_TYPE_EXCEPTION: u32 = 5; 2586 pub const IMAGE_DEBUG_TYPE_FIXUP: u32 = 6; 2587 pub const IMAGE_DEBUG_TYPE_OMAP_TO_SRC: u32 = 7; 2588 pub const IMAGE_DEBUG_TYPE_OMAP_FROM_SRC: u32 = 8; 2589 pub const IMAGE_DEBUG_TYPE_BORLAND: u32 = 9; 2590 pub const IMAGE_DEBUG_TYPE_RESERVED10: u32 = 10; 2591 pub const IMAGE_DEBUG_TYPE_CLSID: u32 = 11; 2592 pub const IMAGE_DEBUG_TYPE_VC_FEATURE: u32 = 12; 2593 pub const IMAGE_DEBUG_TYPE_POGO: u32 = 13; 2594 pub const IMAGE_DEBUG_TYPE_ILTCG: u32 = 14; 2595 pub const IMAGE_DEBUG_TYPE_MPX: u32 = 15; 2596 pub const IMAGE_DEBUG_TYPE_REPRO: u32 = 16; 2597 2598 #[derive(Debug, Clone, Copy)] 2599 #[repr(C)] 2600 pub struct ImageCoffSymbolsHeader { 2601 pub number_of_symbols: U32<LE>, 2602 pub lva_to_first_symbol: U32<LE>, 2603 pub number_of_linenumbers: U32<LE>, 2604 pub lva_to_first_linenumber: U32<LE>, 2605 pub rva_to_first_byte_of_code: U32<LE>, 2606 pub rva_to_last_byte_of_code: U32<LE>, 2607 pub rva_to_first_byte_of_data: U32<LE>, 2608 pub rva_to_last_byte_of_data: U32<LE>, 2609 } 2610 2611 pub const FRAME_FPO: u16 = 0; 2612 pub const FRAME_TRAP: u16 = 1; 2613 pub const FRAME_TSS: u16 = 2; 2614 pub const FRAME_NONFPO: u16 = 3; 2615 2616 /* 2617 // TODO? bitfields 2618 #[derive(Debug, Clone, Copy)] 2619 #[repr(C)] 2620 pub struct FpoData { 2621 /// offset 1st byte of function code 2622 pub ul_off_start: U32<LE>, 2623 /// # bytes in function 2624 pub cb_proc_size: U32<LE>, 2625 /// # bytes in locals/4 2626 pub cdw_locals: U32<LE>, 2627 /// # bytes in params/4 2628 pub cdw_params: U16<LE>, 2629 /// # bytes in prolog 2630 WORD cbProlog : 8; 2631 /// # regs saved 2632 WORD cbRegs : 3; 2633 /// TRUE if SEH in func 2634 WORD fHasSEH : 1; 2635 /// TRUE if EBP has been allocated 2636 WORD fUseBP : 1; 2637 /// reserved for future use 2638 WORD reserved : 1; 2639 /// frame type 2640 WORD cbFrame : 2; 2641 } 2642 pub const SIZEOF_RFPO_DATA: usize = 16; 2643 */ 2644 2645 pub const IMAGE_DEBUG_MISC_EXENAME: u16 = 1; 2646 2647 #[derive(Debug, Clone, Copy)] 2648 #[repr(C)] 2649 pub struct ImageDebugMisc { 2650 /// type of misc data, see defines 2651 pub data_type: U32<LE>, 2652 /// total length of record, rounded to four byte multiple. 2653 pub length: U32<LE>, 2654 /// TRUE if data is unicode string 2655 pub unicode: u8, 2656 pub reserved: [u8; 3], 2657 // Actual data 2658 //pub data: [u8; 1], 2659 } 2660 2661 // 2662 // Function table extracted from MIPS/ALPHA/IA64 images. Does not contain 2663 // information needed only for runtime support. Just those fields for 2664 // each entry needed by a debugger. 2665 // 2666 2667 #[derive(Debug, Clone, Copy)] 2668 #[repr(C)] 2669 pub struct ImageFunctionEntry { 2670 pub starting_address: U32<LE>, 2671 pub ending_address: U32<LE>, 2672 pub end_of_prologue: U32<LE>, 2673 } 2674 2675 #[derive(Debug, Clone, Copy)] 2676 #[repr(C)] 2677 pub struct ImageFunctionEntry64 { 2678 pub starting_address: U64<LE>, 2679 pub ending_address: U64<LE>, 2680 pub end_of_prologue_or_unwind_info_address: U64<LE>, 2681 } 2682 2683 // 2684 // Debugging information can be stripped from an image file and placed 2685 // in a separate .DBG file, whose file name part is the same as the 2686 // image file name part (e.g. symbols for CMD.EXE could be stripped 2687 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED 2688 // flag in the Characteristics field of the file header. The beginning of 2689 // the .DBG file contains the following structure which captures certain 2690 // information from the image file. This allows a debug to proceed even if 2691 // the original image file is not accessable. This header is followed by 2692 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more 2693 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in 2694 // the image file contain file offsets relative to the beginning of the 2695 // .DBG file. 2696 // 2697 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure 2698 // is left in the image file, but not mapped. This allows a debugger to 2699 // compute the name of the .DBG file, from the name of the image in the 2700 // IMAGE_DEBUG_MISC structure. 2701 // 2702 2703 #[derive(Debug, Clone, Copy)] 2704 #[repr(C)] 2705 pub struct ImageSeparateDebugHeader { 2706 pub signature: U16<LE>, 2707 pub flags: U16<LE>, 2708 pub machine: U16<LE>, 2709 pub characteristics: U16<LE>, 2710 pub time_date_stamp: U32<LE>, 2711 pub check_sum: U32<LE>, 2712 pub image_base: U32<LE>, 2713 pub size_of_image: U32<LE>, 2714 pub number_of_sections: U32<LE>, 2715 pub exported_names_size: U32<LE>, 2716 pub debug_directory_size: U32<LE>, 2717 pub section_alignment: U32<LE>, 2718 pub reserved: [U32<LE>; 2], 2719 } 2720 2721 #[derive(Debug, Clone, Copy)] 2722 #[repr(C)] 2723 pub struct NonPagedDebugInfo { 2724 pub signature: U16<LE>, 2725 pub flags: U16<LE>, 2726 pub size: U32<LE>, 2727 pub machine: U16<LE>, 2728 pub characteristics: U16<LE>, 2729 pub time_date_stamp: U32<LE>, 2730 pub check_sum: U32<LE>, 2731 pub size_of_image: U32<LE>, 2732 pub image_base: U64<LE>, 2733 //debug_directory_size 2734 //ImageDebugDirectory 2735 } 2736 2737 pub const IMAGE_SEPARATE_DEBUG_SIGNATURE: u16 = 0x4944; 2738 pub const NON_PAGED_DEBUG_SIGNATURE: u16 = 0x494E; 2739 2740 pub const IMAGE_SEPARATE_DEBUG_FLAGS_MASK: u16 = 0x8000; 2741 /// when DBG was updated, the old checksum didn't match. 2742 pub const IMAGE_SEPARATE_DEBUG_MISMATCH: u16 = 0x8000; 2743 2744 // 2745 // The .arch section is made up of headers, each describing an amask position/value 2746 // pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header 2747 // and entry arrays) are terminiated by a quadword of 0xffffffffL. 2748 // 2749 // NOTE: There may be quadwords of 0 sprinkled around and must be skipped. 2750 // 2751 2752 /* 2753 // TODO? bitfields 2754 #[derive(Debug, Clone, Copy)] 2755 #[repr(C)] 2756 pub struct ImageArchitectureHeader { 2757 /// 1 -> code section depends on mask bit 2758 /// 0 -> new instruction depends on mask bit 2759 unsigned int AmaskValue: 1; 2760 /// MBZ 2761 int :7; 2762 /// Amask bit in question for this fixup 2763 unsigned int AmaskShift: 8; 2764 /// MBZ 2765 int :16; 2766 /// RVA into .arch section to array of ARCHITECTURE_ENTRY's 2767 pub first_entry_rva: U32<LE>, 2768 } 2769 */ 2770 2771 #[derive(Debug, Clone, Copy)] 2772 #[repr(C)] 2773 pub struct ImageArchitectureEntry { 2774 /// RVA of instruction to fixup 2775 pub fixup_inst_rva: U32<LE>, 2776 /// fixup instruction (see alphaops.h) 2777 pub new_inst: U32<LE>, 2778 } 2779 2780 // The following structure defines the new import object. Note the values of the first two fields, 2781 // which must be set as stated in order to differentiate old and new import members. 2782 // Following this structure, the linker emits two null-terminated strings used to recreate the 2783 // import at the time of use. The first string is the import's name, the second is the dll's name. 2784 2785 pub const IMPORT_OBJECT_HDR_SIG2: u16 = 0xffff; 2786 2787 #[derive(Debug, Clone, Copy)] 2788 #[repr(C)] 2789 pub struct ImportObjectHeader { 2790 /// Must be IMAGE_FILE_MACHINE_UNKNOWN 2791 pub sig1: U16<LE>, 2792 /// Must be IMPORT_OBJECT_HDR_SIG2. 2793 pub sig2: U16<LE>, 2794 pub version: U16<LE>, 2795 pub machine: U16<LE>, 2796 /// Time/date stamp 2797 pub time_date_stamp: U32<LE>, 2798 /// particularly useful for incremental links 2799 pub size_of_data: U32<LE>, 2800 2801 /// if grf & IMPORT_OBJECT_ORDINAL 2802 pub ordinal_or_hint: U16<LE>, 2803 2804 // WORD Type : 2; 2805 // WORD NameType : 3; 2806 // WORD Reserved : 11; 2807 pub name_type: U16<LE>, 2808 } 2809 2810 pub const IMPORT_OBJECT_CODE: u16 = 0; 2811 pub const IMPORT_OBJECT_DATA: u16 = 1; 2812 pub const IMPORT_OBJECT_CONST: u16 = 2; 2813 2814 /// Import by ordinal 2815 pub const IMPORT_OBJECT_ORDINAL: u16 = 0; 2816 /// Import name == public symbol name. 2817 pub const IMPORT_OBJECT_NAME: u16 = 1; 2818 /// Import name == public symbol name skipping leading ?, @, or optionally _. 2819 pub const IMPORT_OBJECT_NAME_NO_PREFIX: u16 = 2; 2820 /// Import name == public symbol name skipping leading ?, @, or optionally _ and truncating at first @. 2821 pub const IMPORT_OBJECT_NAME_UNDECORATE: u16 = 3; 2822 /// Import name == a name is explicitly provided after the DLL name. 2823 pub const IMPORT_OBJECT_NAME_EXPORTAS: u16 = 4; 2824 2825 // COM+ Header entry point flags. 2826 pub const COMIMAGE_FLAGS_ILONLY: u32 = 0x0000_0001; 2827 pub const COMIMAGE_FLAGS_32BITREQUIRED: u32 = 0x0000_0002; 2828 pub const COMIMAGE_FLAGS_IL_LIBRARY: u32 = 0x0000_0004; 2829 pub const COMIMAGE_FLAGS_STRONGNAMESIGNED: u32 = 0x0000_0008; 2830 pub const COMIMAGE_FLAGS_NATIVE_ENTRYPOINT: u32 = 0x0000_0010; 2831 pub const COMIMAGE_FLAGS_TRACKDEBUGDATA: u32 = 0x0001_0000; 2832 pub const COMIMAGE_FLAGS_32BITPREFERRED: u32 = 0x0002_0000; 2833 2834 // Version flags for image. 2835 pub const COR_VERSION_MAJOR_V2: u16 = 2; 2836 pub const COR_VERSION_MAJOR: u16 = COR_VERSION_MAJOR_V2; 2837 pub const COR_VERSION_MINOR: u16 = 5; 2838 pub const COR_DELETED_NAME_LENGTH: usize = 8; 2839 pub const COR_VTABLEGAP_NAME_LENGTH: usize = 8; 2840 2841 // Maximum size of a NativeType descriptor. 2842 pub const NATIVE_TYPE_MAX_CB: u16 = 1; 2843 pub const COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE: u16 = 0xFF; 2844 2845 // Consts for the MIH FLAGS 2846 pub const IMAGE_COR_MIH_METHODRVA: u16 = 0x01; 2847 pub const IMAGE_COR_MIH_EHRVA: u16 = 0x02; 2848 pub const IMAGE_COR_MIH_BASICBLOCK: u16 = 0x08; 2849 2850 // V-table constants 2851 /// V-table slots are 32-bits in size. 2852 pub const COR_VTABLE_32BIT: u16 = 0x01; 2853 /// V-table slots are 64-bits in size. 2854 pub const COR_VTABLE_64BIT: u16 = 0x02; 2855 /// If set, transition from unmanaged. 2856 pub const COR_VTABLE_FROM_UNMANAGED: u16 = 0x04; 2857 /// If set, transition from unmanaged with keeping the current appdomain. 2858 pub const COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN: u16 = 0x08; 2859 /// Call most derived method described by 2860 pub const COR_VTABLE_CALL_MOST_DERIVED: u16 = 0x10; 2861 2862 // EATJ constants 2863 /// Size of a jump thunk reserved range. 2864 pub const IMAGE_COR_EATJ_THUNK_SIZE: usize = 32; 2865 2866 // Max name lengths 2867 pub const MAX_CLASS_NAME: usize = 1024; 2868 pub const MAX_PACKAGE_NAME: usize = 1024; 2869 2870 // CLR 2.0 header structure. 2871 #[derive(Debug, Clone, Copy)] 2872 #[repr(C)] 2873 pub struct ImageCor20Header { 2874 // Header versioning 2875 pub cb: U32<LE>, 2876 pub major_runtime_version: U16<LE>, 2877 pub minor_runtime_version: U16<LE>, 2878 2879 // Symbol table and startup information 2880 pub meta_data: ImageDataDirectory, 2881 pub flags: U32<LE>, 2882 2883 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, EntryPointToken represents a managed entrypoint. 2884 // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, EntryPointRVA represents an RVA to a native entrypoint. 2885 pub entry_point_token_or_rva: U32<LE>, 2886 2887 // Binding information 2888 pub resources: ImageDataDirectory, 2889 pub strong_name_signature: ImageDataDirectory, 2890 2891 // Regular fixup and binding information 2892 pub code_manager_table: ImageDataDirectory, 2893 pub vtable_fixups: ImageDataDirectory, 2894 pub export_address_table_jumps: ImageDataDirectory, 2895 2896 // Precompiled image info (internal use only - set to zero) 2897 pub managed_native_header: ImageDataDirectory, 2898 } 2899 2900 unsafe_impl_pod!( 2901 ImageDosHeader, 2902 ImageOs2Header, 2903 ImageVxdHeader, 2904 ImageFileHeader, 2905 ImageDataDirectory, 2906 ImageOptionalHeader32, 2907 ImageRomOptionalHeader, 2908 ImageOptionalHeader64, 2909 ImageNtHeaders64, 2910 ImageNtHeaders32, 2911 ImageRomHeaders, 2912 Guid, 2913 AnonObjectHeader, 2914 AnonObjectHeaderV2, 2915 AnonObjectHeaderBigobj, 2916 ImageSectionHeader, 2917 ImageSymbol, 2918 ImageSymbolBytes, 2919 ImageSymbolEx, 2920 ImageSymbolExBytes, 2921 ImageAuxSymbolTokenDef, 2922 ImageAuxSymbolFunction, 2923 ImageAuxSymbolFunctionBeginEnd, 2924 ImageAuxSymbolWeak, 2925 ImageAuxSymbolSection, 2926 ImageAuxSymbolCrc, 2927 ImageRelocation, 2928 ImageLinenumber, 2929 ImageBaseRelocation, 2930 ImageArchiveMemberHeader, 2931 ImageExportDirectory, 2932 ImageImportByName, 2933 ImageThunkData64, 2934 ImageThunkData32, 2935 ImageTlsDirectory64, 2936 ImageTlsDirectory32, 2937 ImageImportDescriptor, 2938 ImageBoundImportDescriptor, 2939 ImageBoundForwarderRef, 2940 ImageDelayloadDescriptor, 2941 ImageResourceDirectory, 2942 ImageResourceDirectoryEntry, 2943 ImageResourceDirectoryString, 2944 ImageResourceDirStringU, 2945 ImageResourceDataEntry, 2946 ImageLoadConfigCodeIntegrity, 2947 ImageDynamicRelocationTable, 2948 ImageDynamicRelocation32, 2949 ImageDynamicRelocation64, 2950 ImageDynamicRelocation32V2, 2951 ImageDynamicRelocation64V2, 2952 ImagePrologueDynamicRelocationHeader, 2953 ImageEpilogueDynamicRelocationHeader, 2954 //ImageImportControlTransferDynamicRelocation, 2955 //ImageIndirControlTransferDynamicRelocation, 2956 //ImageSwitchtableBranchDynamicRelocation, 2957 ImageLoadConfigDirectory32, 2958 ImageLoadConfigDirectory64, 2959 ImageHotPatchInfo, 2960 ImageHotPatchBase, 2961 ImageHotPatchHashes, 2962 //ImageCeRuntimeFunctionEntry, 2963 ImageArmRuntimeFunctionEntry, 2964 ImageArm64RuntimeFunctionEntry, 2965 ImageAlpha64RuntimeFunctionEntry, 2966 ImageAlphaRuntimeFunctionEntry, 2967 ImageRuntimeFunctionEntry, 2968 ImageEnclaveConfig32, 2969 ImageEnclaveConfig64, 2970 ImageEnclaveImport, 2971 ImageDebugDirectory, 2972 ImageCoffSymbolsHeader, 2973 //FpoData, 2974 ImageDebugMisc, 2975 ImageFunctionEntry, 2976 ImageFunctionEntry64, 2977 ImageSeparateDebugHeader, 2978 NonPagedDebugInfo, 2979 //ImageArchitectureHeader, 2980 ImageArchitectureEntry, 2981 ImportObjectHeader, 2982 ImageCor20Header, 2983 MaskedRichHeaderEntry, 2984 ); 2985