1 #pragma once 2 3 #define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x010b 4 #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x020b 5 6 #define IMAGE_DOS_MAGIC 0x5a4d 7 #define IMAGE_PE_MAGIC 0x00004550 8 #define IMAGE_SIZEOF_SHORT_NAME 8 9 10 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 11 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 12 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 13 14 #define IMAGE_FILE_MACHINE_I386 0x14c 15 #define IMAGE_FILE_MACHINE_AMD64 0x8664 16 #define IMAGE_FILE_MACHINE_IA64 0x0200 17 18 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 19 20 #define IMAGE_SCN_TYPE_NOLOAD 0x00000002 21 #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 22 #define IMAGE_SCN_CNT_CODE 0x00000020 23 #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 24 #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 25 #define IMAGE_SCN_LNK_OTHER 0x00000100 26 #define IMAGE_SCN_LNK_INFO 0x00000200 27 #define IMAGE_SCN_LNK_REMOVE 0x00000800 28 #define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 29 #define IMAGE_SCN_GPREL 0x00008000 30 #define IMAGE_SCN_MEM_PURGEABLE 0x00020000 31 #define IMAGE_SCN_MEM_LOCKED 0x00040000 32 #define IMAGE_SCN_MEM_PRELOAD 0x00080000 33 #define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 34 #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 35 #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 36 #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 37 #define IMAGE_SCN_MEM_SHARED 0x10000000 38 #define IMAGE_SCN_MEM_EXECUTE 0x20000000 39 #define IMAGE_SCN_MEM_READ 0x40000000 40 #define IMAGE_SCN_MEM_WRITE 0x80000000 41 42 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 43 44 #define IMAGE_REL_I386_ABSOLUTE 0x0001 45 #define IMAGE_REL_I386_DIR32 0x0006 46 47 #pragma pack(push,2) 48 typedef struct _IMAGE_DOS_HEADER { 49 WORD e_magic; 50 WORD e_cblp; 51 WORD e_cp; 52 WORD e_crlc; 53 WORD e_cparhdr; 54 WORD e_minalloc; 55 WORD e_maxalloc; 56 WORD e_ss; 57 WORD e_sp; 58 WORD e_csum; 59 WORD e_ip; 60 WORD e_cs; 61 WORD e_lfarlc; 62 WORD e_ovno; 63 WORD e_res[4]; 64 WORD e_oemid; 65 WORD e_oeminfo; 66 WORD e_res2[10]; 67 LONG e_lfanew; 68 } IMAGE_DOS_HEADER,*PIMAGE_DOS_HEADER; 69 #pragma pack(pop) 70 71 #pragma pack(push,4) 72 typedef struct _IMAGE_FILE_HEADER { 73 WORD Machine; 74 WORD NumberOfSections; 75 DWORD TimeDateStamp; 76 DWORD PointerToSymbolTable; 77 DWORD NumberOfSymbols; 78 WORD SizeOfOptionalHeader; 79 WORD Characteristics; 80 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 81 #pragma pack(pop) 82 83 typedef struct _IMAGE_DATA_DIRECTORY { 84 DWORD VirtualAddress; 85 DWORD Size; 86 } IMAGE_DATA_DIRECTORY,*PIMAGE_DATA_DIRECTORY; 87 88 typedef struct _IMAGE_OPTIONAL_HEADER32 { 89 WORD Magic; 90 BYTE MajorLinkerVersion; 91 BYTE MinorLinkerVersion; 92 DWORD SizeOfCode; 93 DWORD SizeOfInitializedData; 94 DWORD SizeOfUninitializedData; 95 DWORD AddressOfEntryPoint; 96 DWORD BaseOfCode; 97 DWORD BaseOfData; 98 DWORD ImageBase; 99 DWORD SectionAlignment; 100 DWORD FileAlignment; 101 WORD MajorOperatingSystemVersion; 102 WORD MinorOperatingSystemVersion; 103 WORD MajorImageVersion; 104 WORD MinorImageVersion; 105 WORD MajorSubsystemVersion; 106 WORD MinorSubsystemVersion; 107 DWORD Win32VersionValue; 108 DWORD SizeOfImage; 109 DWORD SizeOfHeaders; 110 DWORD CheckSum; 111 WORD Subsystem; 112 WORD DllCharacteristics; 113 DWORD SizeOfStackReserve; 114 DWORD SizeOfStackCommit; 115 DWORD SizeOfHeapReserve; 116 DWORD SizeOfHeapCommit; 117 DWORD LoaderFlags; 118 DWORD NumberOfRvaAndSizes; 119 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 120 } IMAGE_OPTIONAL_HEADER32,*PIMAGE_OPTIONAL_HEADER32; 121 122 typedef struct _IMAGE_OPTIONAL_HEADER64 { 123 WORD Magic; 124 BYTE MajorLinkerVersion; 125 BYTE MinorLinkerVersion; 126 DWORD SizeOfCode; 127 DWORD SizeOfInitializedData; 128 DWORD SizeOfUninitializedData; 129 DWORD AddressOfEntryPoint; 130 DWORD BaseOfCode; 131 ULONGLONG ImageBase; 132 DWORD SectionAlignment; 133 DWORD FileAlignment; 134 WORD MajorOperatingSystemVersion; 135 WORD MinorOperatingSystemVersion; 136 WORD MajorImageVersion; 137 WORD MinorImageVersion; 138 WORD MajorSubsystemVersion; 139 WORD MinorSubsystemVersion; 140 DWORD Win32VersionValue; 141 DWORD SizeOfImage; 142 DWORD SizeOfHeaders; 143 DWORD CheckSum; 144 WORD Subsystem; 145 WORD DllCharacteristics; 146 ULONGLONG SizeOfStackReserve; 147 ULONGLONG SizeOfStackCommit; 148 ULONGLONG SizeOfHeapReserve; 149 ULONGLONG SizeOfHeapCommit; 150 DWORD LoaderFlags; 151 DWORD NumberOfRvaAndSizes; 152 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 153 } IMAGE_OPTIONAL_HEADER64,*PIMAGE_OPTIONAL_HEADER64; 154 155 #ifdef _TARGET_PE64 156 typedef IMAGE_OPTIONAL_HEADER64 IMAGE_OPTIONAL_HEADER; 157 typedef PIMAGE_OPTIONAL_HEADER64 PIMAGE_OPTIONAL_HEADER; 158 #else 159 typedef IMAGE_OPTIONAL_HEADER32 IMAGE_OPTIONAL_HEADER; 160 typedef PIMAGE_OPTIONAL_HEADER32 PIMAGE_OPTIONAL_HEADER; 161 #endif 162 163 typedef struct _IMAGE_NT_HEADERS32 164 { 165 DWORD Signature; 166 IMAGE_FILE_HEADER FileHeader; 167 IMAGE_OPTIONAL_HEADER32 OptionalHeader; 168 } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32; 169 170 typedef struct _IMAGE_NT_HEADERS64 171 { 172 DWORD Signature; 173 IMAGE_FILE_HEADER FileHeader; 174 IMAGE_OPTIONAL_HEADER32 OptionalHeader; 175 } IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64; 176 177 #ifdef _TARGET_PE64 178 typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS; 179 typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS; 180 #else 181 typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS; 182 typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS; 183 #endif 184 185 typedef struct _IMAGE_SECTION_HEADER { 186 BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; 187 union { 188 DWORD PhysicalAddress; 189 DWORD VirtualSize; 190 } Misc; 191 DWORD VirtualAddress; 192 DWORD SizeOfRawData; 193 DWORD PointerToRawData; 194 DWORD PointerToRelocations; 195 DWORD PointerToLinenumbers; 196 WORD NumberOfRelocations; 197 WORD NumberOfLinenumbers; 198 DWORD Characteristics; 199 } IMAGE_SECTION_HEADER,*PIMAGE_SECTION_HEADER; 200 201 #pragma pack(push,4) 202 typedef struct _IMAGE_BASE_RELOCATION { 203 DWORD VirtualAddress; 204 DWORD SizeOfBlock; 205 // Followed by: WORD TypeOffset[ANYSIZE_ARRAY]; 206 } IMAGE_BASE_RELOCATION,*PIMAGE_BASE_RELOCATION; 207 #pragma pack(pop) 208 209 #ifndef UNALIGNED 210 #define UNALIGNED 211 #endif 212 213 #pragma pack(push,2) 214 typedef struct _IMAGE_RELOCATION { 215 union { 216 DWORD VirtualAddress; 217 DWORD RelocCount; 218 }; 219 DWORD SymbolTableIndex; 220 WORD Type; 221 } IMAGE_RELOCATION; 222 typedef struct _IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION; 223 #pragma pack(pop) 224 225 #pragma pack(push,2) 226 typedef struct _IMAGE_SYMBOL { 227 union { 228 BYTE ShortName[8]; 229 struct { 230 DWORD Short; 231 DWORD Long; 232 } Name; 233 DWORD LongName[2]; 234 } N; 235 DWORD Value; 236 SHORT SectionNumber; 237 WORD Type; 238 BYTE StorageClass; 239 BYTE NumberOfAuxSymbols; 240 } IMAGE_SYMBOL; 241 typedef struct _IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL; 242 #pragma pack(pop) 243 244 #define IMAGE_DOS_SIGNATURE 0x5A4D 245 #define IMAGE_OS2_SIGNATURE 0x454E 246 #define IMAGE_OS2_SIGNATURE_LE 0x454C 247 #define IMAGE_VXD_SIGNATURE 0x454C 248 #define IMAGE_NT_SIGNATURE 0x00004550 249 250 #define IMAGE_FIRST_SECTION(h) ((PIMAGE_SECTION_HEADER) ((ULONG_PTR)h+FIELD_OFFSET(IMAGE_NT_HEADERS,OptionalHeader)+((PIMAGE_NT_HEADERS)(h))->FileHeader.SizeOfOptionalHeader)) 251