1 //===-- llvm/BinaryFormat/COFF.h --------------------------------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file contains an definitions used in Windows COFF Files. 10 // 11 // Structures and enums defined within this file where created using 12 // information from Microsoft's publicly available PE/COFF format document: 13 // 14 // Microsoft Portable Executable and Common Object File Format Specification 15 // Revision 8.1 - February 15, 2008 16 // 17 // As of 5/2/2010, hosted by Microsoft at: 18 // http://www.microsoft.com/whdc/system/platform/firmware/pecoff.mspx 19 // 20 //===----------------------------------------------------------------------===// 21 22 #ifndef LLVM_BINARYFORMAT_COFF_H 23 #define LLVM_BINARYFORMAT_COFF_H 24 25 #include "llvm/Support/DataTypes.h" 26 #include <cassert> 27 28 namespace llvm { 29 namespace COFF { 30 31 // The maximum number of sections that a COFF object can have (inclusive). 32 const int32_t MaxNumberOfSections16 = 65279; 33 34 // The PE signature bytes that follows the DOS stub header. 35 static const char PEMagic[] = {'P', 'E', '\0', '\0'}; 36 37 static const char BigObjMagic[] = { 38 '\xc7', '\xa1', '\xba', '\xd1', '\xee', '\xba', '\xa9', '\x4b', 39 '\xaf', '\x20', '\xfa', '\xf6', '\x6a', '\xa4', '\xdc', '\xb8', 40 }; 41 42 static const char ClGlObjMagic[] = { 43 '\x38', '\xfe', '\xb3', '\x0c', '\xa5', '\xd9', '\xab', '\x4d', 44 '\xac', '\x9b', '\xd6', '\xb6', '\x22', '\x26', '\x53', '\xc2', 45 }; 46 47 // The signature bytes that start a .res file. 48 static const char WinResMagic[] = { 49 '\x00', '\x00', '\x00', '\x00', '\x20', '\x00', '\x00', '\x00', 50 '\xff', '\xff', '\x00', '\x00', '\xff', '\xff', '\x00', '\x00', 51 }; 52 53 // Sizes in bytes of various things in the COFF format. 54 enum { 55 Header16Size = 20, 56 Header32Size = 56, 57 NameSize = 8, 58 Symbol16Size = 18, 59 Symbol32Size = 20, 60 SectionSize = 40, 61 RelocationSize = 10 62 }; 63 64 struct header { 65 uint16_t Machine; 66 int32_t NumberOfSections; 67 uint32_t TimeDateStamp; 68 uint32_t PointerToSymbolTable; 69 uint32_t NumberOfSymbols; 70 uint16_t SizeOfOptionalHeader; 71 uint16_t Characteristics; 72 }; 73 74 struct BigObjHeader { 75 enum : uint16_t { MinBigObjectVersion = 2 }; 76 77 uint16_t Sig1; ///< Must be IMAGE_FILE_MACHINE_UNKNOWN (0). 78 uint16_t Sig2; ///< Must be 0xFFFF. 79 uint16_t Version; 80 uint16_t Machine; 81 uint32_t TimeDateStamp; 82 uint8_t UUID[16]; 83 uint32_t unused1; 84 uint32_t unused2; 85 uint32_t unused3; 86 uint32_t unused4; 87 uint32_t NumberOfSections; 88 uint32_t PointerToSymbolTable; 89 uint32_t NumberOfSymbols; 90 }; 91 92 enum MachineTypes : unsigned { 93 MT_Invalid = 0xffff, 94 95 IMAGE_FILE_MACHINE_UNKNOWN = 0x0, 96 IMAGE_FILE_MACHINE_AM33 = 0x1D3, 97 IMAGE_FILE_MACHINE_AMD64 = 0x8664, 98 IMAGE_FILE_MACHINE_ARM = 0x1C0, 99 IMAGE_FILE_MACHINE_ARMNT = 0x1C4, 100 IMAGE_FILE_MACHINE_ARM64 = 0xAA64, 101 IMAGE_FILE_MACHINE_ARM64EC = 0xA641, 102 IMAGE_FILE_MACHINE_ARM64X = 0xA64E, 103 IMAGE_FILE_MACHINE_EBC = 0xEBC, 104 IMAGE_FILE_MACHINE_I386 = 0x14C, 105 IMAGE_FILE_MACHINE_IA64 = 0x200, 106 IMAGE_FILE_MACHINE_M32R = 0x9041, 107 IMAGE_FILE_MACHINE_MIPS16 = 0x266, 108 IMAGE_FILE_MACHINE_MIPSFPU = 0x366, 109 IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466, 110 IMAGE_FILE_MACHINE_POWERPC = 0x1F0, 111 IMAGE_FILE_MACHINE_POWERPCFP = 0x1F1, 112 IMAGE_FILE_MACHINE_R4000 = 0x166, 113 IMAGE_FILE_MACHINE_RISCV32 = 0x5032, 114 IMAGE_FILE_MACHINE_RISCV64 = 0x5064, 115 IMAGE_FILE_MACHINE_RISCV128 = 0x5128, 116 IMAGE_FILE_MACHINE_SH3 = 0x1A2, 117 IMAGE_FILE_MACHINE_SH3DSP = 0x1A3, 118 IMAGE_FILE_MACHINE_SH4 = 0x1A6, 119 IMAGE_FILE_MACHINE_SH5 = 0x1A8, 120 IMAGE_FILE_MACHINE_THUMB = 0x1C2, 121 IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169 122 }; 123 124 template <typename T> bool isArm64EC(T Machine) { 125 return Machine == IMAGE_FILE_MACHINE_ARM64EC || 126 Machine == IMAGE_FILE_MACHINE_ARM64X; 127 } 128 129 template <typename T> bool isAnyArm64(T Machine) { 130 return Machine == IMAGE_FILE_MACHINE_ARM64 || isArm64EC(Machine); 131 } 132 133 template <typename T> bool is64Bit(T Machine) { 134 return Machine == IMAGE_FILE_MACHINE_AMD64 || isAnyArm64(Machine); 135 } 136 137 enum Characteristics : unsigned { 138 C_Invalid = 0, 139 140 /// The file does not contain base relocations and must be loaded at its 141 /// preferred base. If this cannot be done, the loader will error. 142 IMAGE_FILE_RELOCS_STRIPPED = 0x0001, 143 /// The file is valid and can be run. 144 IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002, 145 /// COFF line numbers have been stripped. This is deprecated and should be 146 /// 0. 147 IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004, 148 /// COFF symbol table entries for local symbols have been removed. This is 149 /// deprecated and should be 0. 150 IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008, 151 /// Aggressively trim working set. This is deprecated and must be 0. 152 IMAGE_FILE_AGGRESSIVE_WS_TRIM = 0x0010, 153 /// Image can handle > 2GiB addresses. 154 IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020, 155 /// Little endian: the LSB precedes the MSB in memory. This is deprecated 156 /// and should be 0. 157 IMAGE_FILE_BYTES_REVERSED_LO = 0x0080, 158 /// Machine is based on a 32bit word architecture. 159 IMAGE_FILE_32BIT_MACHINE = 0x0100, 160 /// Debugging info has been removed. 161 IMAGE_FILE_DEBUG_STRIPPED = 0x0200, 162 /// If the image is on removable media, fully load it and copy it to swap. 163 IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400, 164 /// If the image is on network media, fully load it and copy it to swap. 165 IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800, 166 /// The image file is a system file, not a user program. 167 IMAGE_FILE_SYSTEM = 0x1000, 168 /// The image file is a DLL. 169 IMAGE_FILE_DLL = 0x2000, 170 /// This file should only be run on a uniprocessor machine. 171 IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000, 172 /// Big endian: the MSB precedes the LSB in memory. This is deprecated 173 /// and should be 0. 174 IMAGE_FILE_BYTES_REVERSED_HI = 0x8000 175 }; 176 177 enum ResourceTypeID : unsigned { 178 RID_Cursor = 1, 179 RID_Bitmap = 2, 180 RID_Icon = 3, 181 RID_Menu = 4, 182 RID_Dialog = 5, 183 RID_String = 6, 184 RID_FontDir = 7, 185 RID_Font = 8, 186 RID_Accelerator = 9, 187 RID_RCData = 10, 188 RID_MessageTable = 11, 189 RID_Group_Cursor = 12, 190 RID_Group_Icon = 14, 191 RID_Version = 16, 192 RID_DLGInclude = 17, 193 RID_PlugPlay = 19, 194 RID_VXD = 20, 195 RID_AniCursor = 21, 196 RID_AniIcon = 22, 197 RID_HTML = 23, 198 RID_Manifest = 24, 199 }; 200 201 struct symbol { 202 char Name[NameSize]; 203 uint32_t Value; 204 int32_t SectionNumber; 205 uint16_t Type; 206 uint8_t StorageClass; 207 uint8_t NumberOfAuxSymbols; 208 }; 209 210 enum SymbolSectionNumber : int32_t { 211 IMAGE_SYM_DEBUG = -2, 212 IMAGE_SYM_ABSOLUTE = -1, 213 IMAGE_SYM_UNDEFINED = 0 214 }; 215 216 /// Storage class tells where and what the symbol represents 217 enum SymbolStorageClass { 218 SSC_Invalid = 0xff, 219 220 IMAGE_SYM_CLASS_END_OF_FUNCTION = -1, ///< Physical end of function 221 IMAGE_SYM_CLASS_NULL = 0, ///< No symbol 222 IMAGE_SYM_CLASS_AUTOMATIC = 1, ///< Stack variable 223 IMAGE_SYM_CLASS_EXTERNAL = 2, ///< External symbol 224 IMAGE_SYM_CLASS_STATIC = 3, ///< Static 225 IMAGE_SYM_CLASS_REGISTER = 4, ///< Register variable 226 IMAGE_SYM_CLASS_EXTERNAL_DEF = 5, ///< External definition 227 IMAGE_SYM_CLASS_LABEL = 6, ///< Label 228 IMAGE_SYM_CLASS_UNDEFINED_LABEL = 7, ///< Undefined label 229 IMAGE_SYM_CLASS_MEMBER_OF_STRUCT = 8, ///< Member of structure 230 IMAGE_SYM_CLASS_ARGUMENT = 9, ///< Function argument 231 IMAGE_SYM_CLASS_STRUCT_TAG = 10, ///< Structure tag 232 IMAGE_SYM_CLASS_MEMBER_OF_UNION = 11, ///< Member of union 233 IMAGE_SYM_CLASS_UNION_TAG = 12, ///< Union tag 234 IMAGE_SYM_CLASS_TYPE_DEFINITION = 13, ///< Type definition 235 IMAGE_SYM_CLASS_UNDEFINED_STATIC = 14, ///< Undefined static 236 IMAGE_SYM_CLASS_ENUM_TAG = 15, ///< Enumeration tag 237 IMAGE_SYM_CLASS_MEMBER_OF_ENUM = 16, ///< Member of enumeration 238 IMAGE_SYM_CLASS_REGISTER_PARAM = 17, ///< Register parameter 239 IMAGE_SYM_CLASS_BIT_FIELD = 18, ///< Bit field 240 /// ".bb" or ".eb" - beginning or end of block 241 IMAGE_SYM_CLASS_BLOCK = 100, 242 /// ".bf" or ".ef" - beginning or end of function 243 IMAGE_SYM_CLASS_FUNCTION = 101, 244 IMAGE_SYM_CLASS_END_OF_STRUCT = 102, ///< End of structure 245 IMAGE_SYM_CLASS_FILE = 103, ///< File name 246 /// Line number, reformatted as symbol 247 IMAGE_SYM_CLASS_SECTION = 104, 248 IMAGE_SYM_CLASS_WEAK_EXTERNAL = 105, ///< Duplicate tag 249 /// External symbol in dmert public lib 250 IMAGE_SYM_CLASS_CLR_TOKEN = 107 251 }; 252 253 enum SymbolBaseType : unsigned { 254 IMAGE_SYM_TYPE_NULL = 0, ///< No type information or unknown base type. 255 IMAGE_SYM_TYPE_VOID = 1, ///< Used with void pointers and functions. 256 IMAGE_SYM_TYPE_CHAR = 2, ///< A character (signed byte). 257 IMAGE_SYM_TYPE_SHORT = 3, ///< A 2-byte signed integer. 258 IMAGE_SYM_TYPE_INT = 4, ///< A natural integer type on the target. 259 IMAGE_SYM_TYPE_LONG = 5, ///< A 4-byte signed integer. 260 IMAGE_SYM_TYPE_FLOAT = 6, ///< A 4-byte floating-point number. 261 IMAGE_SYM_TYPE_DOUBLE = 7, ///< An 8-byte floating-point number. 262 IMAGE_SYM_TYPE_STRUCT = 8, ///< A structure. 263 IMAGE_SYM_TYPE_UNION = 9, ///< An union. 264 IMAGE_SYM_TYPE_ENUM = 10, ///< An enumerated type. 265 IMAGE_SYM_TYPE_MOE = 11, ///< A member of enumeration (a specific value). 266 IMAGE_SYM_TYPE_BYTE = 12, ///< A byte; unsigned 1-byte integer. 267 IMAGE_SYM_TYPE_WORD = 13, ///< A word; unsigned 2-byte integer. 268 IMAGE_SYM_TYPE_UINT = 14, ///< An unsigned integer of natural size. 269 IMAGE_SYM_TYPE_DWORD = 15 ///< An unsigned 4-byte integer. 270 }; 271 272 enum SymbolComplexType : unsigned { 273 IMAGE_SYM_DTYPE_NULL = 0, ///< No complex type; simple scalar variable. 274 IMAGE_SYM_DTYPE_POINTER = 1, ///< A pointer to base type. 275 IMAGE_SYM_DTYPE_FUNCTION = 2, ///< A function that returns a base type. 276 IMAGE_SYM_DTYPE_ARRAY = 3, ///< An array of base type. 277 278 /// Type is formed as (base + (derived << SCT_COMPLEX_TYPE_SHIFT)) 279 SCT_COMPLEX_TYPE_SHIFT = 4 280 }; 281 282 enum AuxSymbolType { IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF = 1 }; 283 284 struct section { 285 char Name[NameSize]; 286 uint32_t VirtualSize; 287 uint32_t VirtualAddress; 288 uint32_t SizeOfRawData; 289 uint32_t PointerToRawData; 290 uint32_t PointerToRelocations; 291 uint32_t PointerToLineNumbers; 292 uint16_t NumberOfRelocations; 293 uint16_t NumberOfLineNumbers; 294 uint32_t Characteristics; 295 }; 296 297 enum SectionCharacteristics : uint32_t { 298 SC_Invalid = 0xffffffff, 299 300 IMAGE_SCN_TYPE_NOLOAD = 0x00000002, 301 IMAGE_SCN_TYPE_NO_PAD = 0x00000008, 302 IMAGE_SCN_CNT_CODE = 0x00000020, 303 IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040, 304 IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080, 305 IMAGE_SCN_LNK_OTHER = 0x00000100, 306 IMAGE_SCN_LNK_INFO = 0x00000200, 307 IMAGE_SCN_LNK_REMOVE = 0x00000800, 308 IMAGE_SCN_LNK_COMDAT = 0x00001000, 309 IMAGE_SCN_GPREL = 0x00008000, 310 IMAGE_SCN_MEM_PURGEABLE = 0x00020000, 311 IMAGE_SCN_MEM_16BIT = 0x00020000, 312 IMAGE_SCN_MEM_LOCKED = 0x00040000, 313 IMAGE_SCN_MEM_PRELOAD = 0x00080000, 314 IMAGE_SCN_ALIGN_1BYTES = 0x00100000, 315 IMAGE_SCN_ALIGN_2BYTES = 0x00200000, 316 IMAGE_SCN_ALIGN_4BYTES = 0x00300000, 317 IMAGE_SCN_ALIGN_8BYTES = 0x00400000, 318 IMAGE_SCN_ALIGN_16BYTES = 0x00500000, 319 IMAGE_SCN_ALIGN_32BYTES = 0x00600000, 320 IMAGE_SCN_ALIGN_64BYTES = 0x00700000, 321 IMAGE_SCN_ALIGN_128BYTES = 0x00800000, 322 IMAGE_SCN_ALIGN_256BYTES = 0x00900000, 323 IMAGE_SCN_ALIGN_512BYTES = 0x00A00000, 324 IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000, 325 IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000, 326 IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000, 327 IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000, 328 IMAGE_SCN_ALIGN_MASK = 0x00F00000, 329 IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000, 330 IMAGE_SCN_MEM_DISCARDABLE = 0x02000000, 331 IMAGE_SCN_MEM_NOT_CACHED = 0x04000000, 332 IMAGE_SCN_MEM_NOT_PAGED = 0x08000000, 333 IMAGE_SCN_MEM_SHARED = 0x10000000, 334 IMAGE_SCN_MEM_EXECUTE = 0x20000000, 335 IMAGE_SCN_MEM_READ = 0x40000000, 336 IMAGE_SCN_MEM_WRITE = 0x80000000 337 }; 338 339 struct relocation { 340 uint32_t VirtualAddress; 341 uint32_t SymbolTableIndex; 342 uint16_t Type; 343 }; 344 345 enum RelocationTypeI386 : unsigned { 346 IMAGE_REL_I386_ABSOLUTE = 0x0000, 347 IMAGE_REL_I386_DIR16 = 0x0001, 348 IMAGE_REL_I386_REL16 = 0x0002, 349 IMAGE_REL_I386_DIR32 = 0x0006, 350 IMAGE_REL_I386_DIR32NB = 0x0007, 351 IMAGE_REL_I386_SEG12 = 0x0009, 352 IMAGE_REL_I386_SECTION = 0x000A, 353 IMAGE_REL_I386_SECREL = 0x000B, 354 IMAGE_REL_I386_TOKEN = 0x000C, 355 IMAGE_REL_I386_SECREL7 = 0x000D, 356 IMAGE_REL_I386_REL32 = 0x0014 357 }; 358 359 enum RelocationTypeAMD64 : unsigned { 360 IMAGE_REL_AMD64_ABSOLUTE = 0x0000, 361 IMAGE_REL_AMD64_ADDR64 = 0x0001, 362 IMAGE_REL_AMD64_ADDR32 = 0x0002, 363 IMAGE_REL_AMD64_ADDR32NB = 0x0003, 364 IMAGE_REL_AMD64_REL32 = 0x0004, 365 IMAGE_REL_AMD64_REL32_1 = 0x0005, 366 IMAGE_REL_AMD64_REL32_2 = 0x0006, 367 IMAGE_REL_AMD64_REL32_3 = 0x0007, 368 IMAGE_REL_AMD64_REL32_4 = 0x0008, 369 IMAGE_REL_AMD64_REL32_5 = 0x0009, 370 IMAGE_REL_AMD64_SECTION = 0x000A, 371 IMAGE_REL_AMD64_SECREL = 0x000B, 372 IMAGE_REL_AMD64_SECREL7 = 0x000C, 373 IMAGE_REL_AMD64_TOKEN = 0x000D, 374 IMAGE_REL_AMD64_SREL32 = 0x000E, 375 IMAGE_REL_AMD64_PAIR = 0x000F, 376 IMAGE_REL_AMD64_SSPAN32 = 0x0010 377 }; 378 379 enum RelocationTypesARM : unsigned { 380 IMAGE_REL_ARM_ABSOLUTE = 0x0000, 381 IMAGE_REL_ARM_ADDR32 = 0x0001, 382 IMAGE_REL_ARM_ADDR32NB = 0x0002, 383 IMAGE_REL_ARM_BRANCH24 = 0x0003, 384 IMAGE_REL_ARM_BRANCH11 = 0x0004, 385 IMAGE_REL_ARM_TOKEN = 0x0005, 386 IMAGE_REL_ARM_BLX24 = 0x0008, 387 IMAGE_REL_ARM_BLX11 = 0x0009, 388 IMAGE_REL_ARM_REL32 = 0x000A, 389 IMAGE_REL_ARM_SECTION = 0x000E, 390 IMAGE_REL_ARM_SECREL = 0x000F, 391 IMAGE_REL_ARM_MOV32A = 0x0010, 392 IMAGE_REL_ARM_MOV32T = 0x0011, 393 IMAGE_REL_ARM_BRANCH20T = 0x0012, 394 IMAGE_REL_ARM_BRANCH24T = 0x0014, 395 IMAGE_REL_ARM_BLX23T = 0x0015, 396 IMAGE_REL_ARM_PAIR = 0x0016, 397 }; 398 399 enum RelocationTypesARM64 : unsigned { 400 IMAGE_REL_ARM64_ABSOLUTE = 0x0000, 401 IMAGE_REL_ARM64_ADDR32 = 0x0001, 402 IMAGE_REL_ARM64_ADDR32NB = 0x0002, 403 IMAGE_REL_ARM64_BRANCH26 = 0x0003, 404 IMAGE_REL_ARM64_PAGEBASE_REL21 = 0x0004, 405 IMAGE_REL_ARM64_REL21 = 0x0005, 406 IMAGE_REL_ARM64_PAGEOFFSET_12A = 0x0006, 407 IMAGE_REL_ARM64_PAGEOFFSET_12L = 0x0007, 408 IMAGE_REL_ARM64_SECREL = 0x0008, 409 IMAGE_REL_ARM64_SECREL_LOW12A = 0x0009, 410 IMAGE_REL_ARM64_SECREL_HIGH12A = 0x000A, 411 IMAGE_REL_ARM64_SECREL_LOW12L = 0x000B, 412 IMAGE_REL_ARM64_TOKEN = 0x000C, 413 IMAGE_REL_ARM64_SECTION = 0x000D, 414 IMAGE_REL_ARM64_ADDR64 = 0x000E, 415 IMAGE_REL_ARM64_BRANCH19 = 0x000F, 416 IMAGE_REL_ARM64_BRANCH14 = 0x0010, 417 IMAGE_REL_ARM64_REL32 = 0x0011, 418 }; 419 420 enum COMDATType : uint8_t { 421 IMAGE_COMDAT_SELECT_NODUPLICATES = 1, 422 IMAGE_COMDAT_SELECT_ANY, 423 IMAGE_COMDAT_SELECT_SAME_SIZE, 424 IMAGE_COMDAT_SELECT_EXACT_MATCH, 425 IMAGE_COMDAT_SELECT_ASSOCIATIVE, 426 IMAGE_COMDAT_SELECT_LARGEST, 427 IMAGE_COMDAT_SELECT_NEWEST 428 }; 429 430 // Auxiliary Symbol Formats 431 struct AuxiliaryFunctionDefinition { 432 uint32_t TagIndex; 433 uint32_t TotalSize; 434 uint32_t PointerToLinenumber; 435 uint32_t PointerToNextFunction; 436 char unused[2]; 437 }; 438 439 struct AuxiliarybfAndefSymbol { 440 uint8_t unused1[4]; 441 uint16_t Linenumber; 442 uint8_t unused2[6]; 443 uint32_t PointerToNextFunction; 444 uint8_t unused3[2]; 445 }; 446 447 struct AuxiliaryWeakExternal { 448 uint32_t TagIndex; 449 uint32_t Characteristics; 450 uint8_t unused[10]; 451 }; 452 453 enum WeakExternalCharacteristics : unsigned { 454 IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY = 1, 455 IMAGE_WEAK_EXTERN_SEARCH_LIBRARY = 2, 456 IMAGE_WEAK_EXTERN_SEARCH_ALIAS = 3, 457 IMAGE_WEAK_EXTERN_ANTI_DEPENDENCY = 4 458 }; 459 460 struct AuxiliarySectionDefinition { 461 uint32_t Length; 462 uint16_t NumberOfRelocations; 463 uint16_t NumberOfLinenumbers; 464 uint32_t CheckSum; 465 uint32_t Number; 466 uint8_t Selection; 467 char unused; 468 }; 469 470 struct AuxiliaryCLRToken { 471 uint8_t AuxType; 472 uint8_t unused1; 473 uint32_t SymbolTableIndex; 474 char unused2[12]; 475 }; 476 477 union Auxiliary { 478 AuxiliaryFunctionDefinition FunctionDefinition; 479 AuxiliarybfAndefSymbol bfAndefSymbol; 480 AuxiliaryWeakExternal WeakExternal; 481 AuxiliarySectionDefinition SectionDefinition; 482 }; 483 484 /// The Import Directory Table. 485 /// 486 /// There is a single array of these and one entry per imported DLL. 487 struct ImportDirectoryTableEntry { 488 uint32_t ImportLookupTableRVA; 489 uint32_t TimeDateStamp; 490 uint32_t ForwarderChain; 491 uint32_t NameRVA; 492 uint32_t ImportAddressTableRVA; 493 }; 494 495 /// The PE32 Import Lookup Table. 496 /// 497 /// There is an array of these for each imported DLL. It represents either 498 /// the ordinal to import from the target DLL, or a name to lookup and import 499 /// from the target DLL. 500 /// 501 /// This also happens to be the same format used by the Import Address Table 502 /// when it is initially written out to the image. 503 struct ImportLookupTableEntry32 { 504 uint32_t data; 505 506 /// Is this entry specified by ordinal, or name? 507 bool isOrdinal() const { return data & 0x80000000; } 508 509 /// Get the ordinal value of this entry. isOrdinal must be true. 510 uint16_t getOrdinal() const { 511 assert(isOrdinal() && "ILT entry is not an ordinal!"); 512 return data & 0xFFFF; 513 } 514 515 /// Set the ordinal value and set isOrdinal to true. 516 void setOrdinal(uint16_t o) { 517 data = o; 518 data |= 0x80000000; 519 } 520 521 /// Get the Hint/Name entry RVA. isOrdinal must be false. 522 uint32_t getHintNameRVA() const { 523 assert(!isOrdinal() && "ILT entry is not a Hint/Name RVA!"); 524 return data; 525 } 526 527 /// Set the Hint/Name entry RVA and set isOrdinal to false. 528 void setHintNameRVA(uint32_t rva) { data = rva; } 529 }; 530 531 /// The DOS compatible header at the front of all PEs. 532 struct DOSHeader { 533 uint16_t Magic; 534 uint16_t UsedBytesInTheLastPage; 535 uint16_t FileSizeInPages; 536 uint16_t NumberOfRelocationItems; 537 uint16_t HeaderSizeInParagraphs; 538 uint16_t MinimumExtraParagraphs; 539 uint16_t MaximumExtraParagraphs; 540 uint16_t InitialRelativeSS; 541 uint16_t InitialSP; 542 uint16_t Checksum; 543 uint16_t InitialIP; 544 uint16_t InitialRelativeCS; 545 uint16_t AddressOfRelocationTable; 546 uint16_t OverlayNumber; 547 uint16_t Reserved[4]; 548 uint16_t OEMid; 549 uint16_t OEMinfo; 550 uint16_t Reserved2[10]; 551 uint32_t AddressOfNewExeHeader; 552 }; 553 554 struct PE32Header { 555 enum { PE32 = 0x10b, PE32_PLUS = 0x20b }; 556 557 uint16_t Magic; 558 uint8_t MajorLinkerVersion; 559 uint8_t MinorLinkerVersion; 560 uint32_t SizeOfCode; 561 uint32_t SizeOfInitializedData; 562 uint32_t SizeOfUninitializedData; 563 uint32_t AddressOfEntryPoint; // RVA 564 uint32_t BaseOfCode; // RVA 565 uint32_t BaseOfData; // RVA 566 uint64_t ImageBase; 567 uint32_t SectionAlignment; 568 uint32_t FileAlignment; 569 uint16_t MajorOperatingSystemVersion; 570 uint16_t MinorOperatingSystemVersion; 571 uint16_t MajorImageVersion; 572 uint16_t MinorImageVersion; 573 uint16_t MajorSubsystemVersion; 574 uint16_t MinorSubsystemVersion; 575 uint32_t Win32VersionValue; 576 uint32_t SizeOfImage; 577 uint32_t SizeOfHeaders; 578 uint32_t CheckSum; 579 uint16_t Subsystem; 580 // FIXME: This should be DllCharacteristics to match the COFF spec. 581 uint16_t DLLCharacteristics; 582 uint64_t SizeOfStackReserve; 583 uint64_t SizeOfStackCommit; 584 uint64_t SizeOfHeapReserve; 585 uint64_t SizeOfHeapCommit; 586 uint32_t LoaderFlags; 587 // FIXME: This should be NumberOfRvaAndSizes to match the COFF spec. 588 uint32_t NumberOfRvaAndSize; 589 }; 590 591 struct DataDirectory { 592 uint32_t RelativeVirtualAddress; 593 uint32_t Size; 594 }; 595 596 enum DataDirectoryIndex : unsigned { 597 EXPORT_TABLE = 0, 598 IMPORT_TABLE, 599 RESOURCE_TABLE, 600 EXCEPTION_TABLE, 601 CERTIFICATE_TABLE, 602 BASE_RELOCATION_TABLE, 603 DEBUG_DIRECTORY, 604 ARCHITECTURE, 605 GLOBAL_PTR, 606 TLS_TABLE, 607 LOAD_CONFIG_TABLE, 608 BOUND_IMPORT, 609 IAT, 610 DELAY_IMPORT_DESCRIPTOR, 611 CLR_RUNTIME_HEADER, 612 613 NUM_DATA_DIRECTORIES 614 }; 615 616 enum WindowsSubsystem : unsigned { 617 IMAGE_SUBSYSTEM_UNKNOWN = 0, ///< An unknown subsystem. 618 IMAGE_SUBSYSTEM_NATIVE = 1, ///< Device drivers and native Windows processes 619 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2, ///< The Windows GUI subsystem. 620 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3, ///< The Windows character subsystem. 621 IMAGE_SUBSYSTEM_OS2_CUI = 5, ///< The OS/2 character subsystem. 622 IMAGE_SUBSYSTEM_POSIX_CUI = 7, ///< The POSIX character subsystem. 623 IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8, ///< Native Windows 9x driver. 624 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9, ///< Windows CE. 625 IMAGE_SUBSYSTEM_EFI_APPLICATION = 10, ///< An EFI application. 626 IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11, ///< An EFI driver with boot 627 /// services. 628 IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12, ///< An EFI driver with run-time 629 /// services. 630 IMAGE_SUBSYSTEM_EFI_ROM = 13, ///< An EFI ROM image. 631 IMAGE_SUBSYSTEM_XBOX = 14, ///< XBOX. 632 IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16 ///< A BCD application. 633 }; 634 635 enum DLLCharacteristics : unsigned { 636 /// ASLR with 64 bit address space. 637 IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020, 638 /// DLL can be relocated at load time. 639 IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040, 640 /// Code integrity checks are enforced. 641 IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080, 642 ///< Image is NX compatible. 643 IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100, 644 /// Isolation aware, but do not isolate the image. 645 IMAGE_DLL_CHARACTERISTICS_NO_ISOLATION = 0x0200, 646 /// Does not use structured exception handling (SEH). No SEH handler may be 647 /// called in this image. 648 IMAGE_DLL_CHARACTERISTICS_NO_SEH = 0x0400, 649 /// Do not bind the image. 650 IMAGE_DLL_CHARACTERISTICS_NO_BIND = 0x0800, 651 ///< Image should execute in an AppContainer. 652 IMAGE_DLL_CHARACTERISTICS_APPCONTAINER = 0x1000, 653 ///< A WDM driver. 654 IMAGE_DLL_CHARACTERISTICS_WDM_DRIVER = 0x2000, 655 ///< Image supports Control Flow Guard. 656 IMAGE_DLL_CHARACTERISTICS_GUARD_CF = 0x4000, 657 /// Terminal Server aware. 658 IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000 659 }; 660 661 enum ExtendedDLLCharacteristics : unsigned { 662 /// Image is CET compatible 663 IMAGE_DLL_CHARACTERISTICS_EX_CET_COMPAT = 0x0001 664 }; 665 666 enum DebugType : unsigned { 667 IMAGE_DEBUG_TYPE_UNKNOWN = 0, 668 IMAGE_DEBUG_TYPE_COFF = 1, 669 IMAGE_DEBUG_TYPE_CODEVIEW = 2, 670 IMAGE_DEBUG_TYPE_FPO = 3, 671 IMAGE_DEBUG_TYPE_MISC = 4, 672 IMAGE_DEBUG_TYPE_EXCEPTION = 5, 673 IMAGE_DEBUG_TYPE_FIXUP = 6, 674 IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7, 675 IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8, 676 IMAGE_DEBUG_TYPE_BORLAND = 9, 677 IMAGE_DEBUG_TYPE_RESERVED10 = 10, 678 IMAGE_DEBUG_TYPE_CLSID = 11, 679 IMAGE_DEBUG_TYPE_VC_FEATURE = 12, 680 IMAGE_DEBUG_TYPE_POGO = 13, 681 IMAGE_DEBUG_TYPE_ILTCG = 14, 682 IMAGE_DEBUG_TYPE_MPX = 15, 683 IMAGE_DEBUG_TYPE_REPRO = 16, 684 IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS = 20, 685 }; 686 687 enum BaseRelocationType : unsigned { 688 IMAGE_REL_BASED_ABSOLUTE = 0, 689 IMAGE_REL_BASED_HIGH = 1, 690 IMAGE_REL_BASED_LOW = 2, 691 IMAGE_REL_BASED_HIGHLOW = 3, 692 IMAGE_REL_BASED_HIGHADJ = 4, 693 IMAGE_REL_BASED_MIPS_JMPADDR = 5, 694 IMAGE_REL_BASED_ARM_MOV32A = 5, 695 IMAGE_REL_BASED_ARM_MOV32T = 7, 696 IMAGE_REL_BASED_MIPS_JMPADDR16 = 9, 697 IMAGE_REL_BASED_DIR64 = 10 698 }; 699 700 enum ImportType : unsigned { 701 IMPORT_CODE = 0, 702 IMPORT_DATA = 1, 703 IMPORT_CONST = 2 704 }; 705 706 enum ImportNameType : unsigned { 707 /// Import is by ordinal. This indicates that the value in the Ordinal/Hint 708 /// field of the import header is the import's ordinal. If this constant is 709 /// not specified, then the Ordinal/Hint field should always be interpreted 710 /// as the import's hint. 711 IMPORT_ORDINAL = 0, 712 /// The import name is identical to the public symbol name 713 IMPORT_NAME = 1, 714 /// The import name is the public symbol name, but skipping the leading ?, 715 /// @, or optionally _. 716 IMPORT_NAME_NOPREFIX = 2, 717 /// The import name is the public symbol name, but skipping the leading ?, 718 /// @, or optionally _, and truncating at the first @. 719 IMPORT_NAME_UNDECORATE = 3, 720 /// The import name is specified as a separate string in the import library 721 /// object file. 722 IMPORT_NAME_EXPORTAS = 4 723 }; 724 725 enum class GuardFlags : uint32_t { 726 /// Module performs control flow integrity checks using system-supplied 727 /// support. 728 CF_INSTRUMENTED = 0x100, 729 /// Module performs control flow and write integrity checks. 730 CFW_INSTRUMENTED = 0x200, 731 /// Module contains valid control flow target metadata. 732 CF_FUNCTION_TABLE_PRESENT = 0x400, 733 /// Module does not make use of the /GS security cookie. 734 SECURITY_COOKIE_UNUSED = 0x800, 735 /// Module supports read only delay load IAT. 736 PROTECT_DELAYLOAD_IAT = 0x1000, 737 /// Delayload import table in its own .didat section (with nothing else in it) 738 /// that can be freely reprotected. 739 DELAYLOAD_IAT_IN_ITS_OWN_SECTION = 0x2000, 740 /// Module contains suppressed export information. This also infers that the 741 /// address taken IAT table is also present in the load config. 742 CF_EXPORT_SUPPRESSION_INFO_PRESENT = 0x4000, 743 /// Module enables suppression of exports. 744 CF_ENABLE_EXPORT_SUPPRESSION = 0x8000, 745 /// Module contains longjmp target information. 746 CF_LONGJUMP_TABLE_PRESENT = 0x10000, 747 /// Module contains EH continuation target information. 748 EH_CONTINUATION_TABLE_PRESENT = 0x400000, 749 /// Mask for the subfield that contains the stride of Control Flow Guard 750 /// function table entries (that is, the additional count of bytes per table 751 /// entry). 752 CF_FUNCTION_TABLE_SIZE_MASK = 0xF0000000, 753 CF_FUNCTION_TABLE_SIZE_5BYTES = 0x10000000, 754 CF_FUNCTION_TABLE_SIZE_6BYTES = 0x20000000, 755 CF_FUNCTION_TABLE_SIZE_7BYTES = 0x30000000, 756 CF_FUNCTION_TABLE_SIZE_8BYTES = 0x40000000, 757 CF_FUNCTION_TABLE_SIZE_9BYTES = 0x50000000, 758 CF_FUNCTION_TABLE_SIZE_10BYTES = 0x60000000, 759 CF_FUNCTION_TABLE_SIZE_11BYTES = 0x70000000, 760 CF_FUNCTION_TABLE_SIZE_12BYTES = 0x80000000, 761 CF_FUNCTION_TABLE_SIZE_13BYTES = 0x90000000, 762 CF_FUNCTION_TABLE_SIZE_14BYTES = 0xA0000000, 763 CF_FUNCTION_TABLE_SIZE_15BYTES = 0xB0000000, 764 CF_FUNCTION_TABLE_SIZE_16BYTES = 0xC0000000, 765 CF_FUNCTION_TABLE_SIZE_17BYTES = 0xD0000000, 766 CF_FUNCTION_TABLE_SIZE_18BYTES = 0xE0000000, 767 CF_FUNCTION_TABLE_SIZE_19BYTES = 0xF0000000, 768 }; 769 770 struct ImportHeader { 771 uint16_t Sig1; ///< Must be IMAGE_FILE_MACHINE_UNKNOWN (0). 772 uint16_t Sig2; ///< Must be 0xFFFF. 773 uint16_t Version; 774 uint16_t Machine; 775 uint32_t TimeDateStamp; 776 uint32_t SizeOfData; 777 uint16_t OrdinalHint; 778 uint16_t TypeInfo; 779 780 ImportType getType() const { return static_cast<ImportType>(TypeInfo & 0x3); } 781 782 ImportNameType getNameType() const { 783 return static_cast<ImportNameType>((TypeInfo & 0x1C) >> 2); 784 } 785 }; 786 787 enum CodeViewIdentifiers { 788 DEBUG_SECTION_MAGIC = 0x4, 789 DEBUG_HASHES_SECTION_MAGIC = 0x133C9C5 790 }; 791 792 // These flags show up in the @feat.00 symbol. They appear to be some kind of 793 // compiler features bitfield read by link.exe. 794 enum Feat00Flags : uint32_t { 795 // Object is compatible with /safeseh. 796 SafeSEH = 0x1, 797 // Object was compiled with /GS. 798 GuardStack = 0x100, 799 // Object was compiled with /sdl. 800 SDL = 0x200, 801 // Object was compiled with /guard:cf. 802 GuardCF = 0x800, 803 // Object was compiled with /guard:ehcont. 804 GuardEHCont = 0x4000, 805 // Object was compiled with /kernel. 806 Kernel = 0x40000000, 807 }; 808 809 inline bool isReservedSectionNumber(int32_t SectionNumber) { 810 return SectionNumber <= 0; 811 } 812 813 /// Encode section name based on string table offset. 814 /// The size of Out must be at least COFF::NameSize. 815 bool encodeSectionName(char *Out, uint64_t Offset); 816 817 } // End namespace COFF. 818 } // End namespace llvm. 819 820 #endif 821