Context Navigation

source: trunk/kLdr/kLdrModPE.h@ 3232

Visit:

Last change on this file since 3232 was 2857, checked in by bird, 19 years ago
Only the mapping left now.
Property svn:keywords set to `Id`
File size: 14.7 KB

Line
1	/* $Id: kLdrModPE.h 2857 2006-11-05 04:12:13Z bird $ */
2
3	#ifndef __kLdrModPE_h__
4	#define __kLdrModPE_h__
5
6
7	/*******************************************************************************
8	* Defined Constants And Macros *
9	*******************************************************************************/
10	#ifndef IMAGE_NT_SIGNATURE
11	# define IMAGE_NT_SIGNATURE KLDRHLP_LE2H_U32('P' \| ('E' << 8))
12	#endif
13
14	/* file header */
15	#define IMAGE_FILE_MACHINE_I386 0x014c
16	#define IMAGE_FILE_MACHINE_AMD64 0x8664
17
18	#define IMAGE_FILE_RELOCS_STRIPPED 0x0001
19	#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002
20	#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004
21	#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008
22	#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010
23	#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020
24	#define IMAGE_FILE_16BIT_MACHINE 0x0040
25	#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080
26	#define IMAGE_FILE_32BIT_MACHINE 0x0100
27	#define IMAGE_FILE_DEBUG_STRIPPED 0x0200
28	#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400
29	#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800
30	#define IMAGE_FILE_SYSTEM 0x1000
31	#define IMAGE_FILE_DLL 0x2000
32	#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
33	#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
34
35
36	/* optional header */
37	#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10B
38	#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20B
39
40	#define IMAGE_SUBSYSTEM_UNKNOWN 0x0
41	#define IMAGE_SUBSYSTEM_NATIVE 0x1
42	#define IMAGE_SUBSYSTEM_WINDOWS_GUI 0x2
43	#define IMAGE_SUBSYSTEM_WINDOWS_CUI 0x3
44	#define IMAGE_SUBSYSTEM_OS2_GUI 0x4
45	#define IMAGE_SUBSYSTEM_OS2_CUI 0x5
46	#define IMAGE_SUBSYSTEM_POSIX_CUI 0x7
47
48	#define IMAGE_LIBRARY_PROCESS_INIT 0x0001
49	#define IMAGE_LIBRARY_PROCESS_TERM 0x0002
50	#define IMAGE_LIBRARY_THREAD_INIT 0x0004
51	#define IMAGE_LIBRARY_THREAD_TERM 0x0008
52	#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200
53	#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400
54	#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800
55	#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
56	#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
57
58	#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 0x10
59
60	#define IMAGE_DIRECTORY_ENTRY_EXPORT 0x0
61	#define IMAGE_DIRECTORY_ENTRY_IMPORT 0x1
62	#define IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2
63	#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x3
64	#define IMAGE_DIRECTORY_ENTRY_SECURITY 0x4
65	#define IMAGE_DIRECTORY_ENTRY_BASERELOC 0x5
66	#define IMAGE_DIRECTORY_ENTRY_DEBUG 0x6
67	#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 0x7
68	#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
69	#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x8
70	#define IMAGE_DIRECTORY_ENTRY_TLS 0x9
71	#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0xa
72	#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0xb
73	#define IMAGE_DIRECTORY_ENTRY_IAT 0xc
74	#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0xd
75	#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0xe
76
77
78	/* section header */
79	#define IMAGE_SIZEOF_SHORT_NAME 0x8
80
81	#define IMAGE_SCN_TYPE_REG 0x00000000
82	#define IMAGE_SCN_TYPE_DSECT 0x00000001
83	#define IMAGE_SCN_TYPE_NOLOAD 0x00000002
84	#define IMAGE_SCN_TYPE_GROUP 0x00000004
85	#define IMAGE_SCN_TYPE_NO_PAD 0x00000008
86	#define IMAGE_SCN_TYPE_COPY 0x00000010
87
88	#define IMAGE_SCN_CNT_CODE 0x00000020
89	#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040
90	#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080
91
92	#define IMAGE_SCN_LNK_OTHER 0x00000100
93	#define IMAGE_SCN_LNK_INFO 0x00000200
94	#define IMAGE_SCN_TYPE_OVER 0x00000400
95	#define IMAGE_SCN_LNK_REMOVE 0x00000800
96	#define IMAGE_SCN_LNK_COMDAT 0x00001000
97	#define IMAGE_SCN_MEM_PROTECTED 0x00004000
98	#define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000
99	#define IMAGE_SCN_GPREL 0x00008000
100	#define IMAGE_SCN_MEM_FARDATA 0x00008000
101	#define IMAGE_SCN_MEM_SYSHEAP 0x00010000
102	#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
103	#define IMAGE_SCN_MEM_16BIT 0x00020000
104	#define IMAGE_SCN_MEM_LOCKED 0x00040000
105	#define IMAGE_SCN_MEM_PRELOAD 0x00080000
106
107	#define IMAGE_SCN_ALIGN_1BYTES 0x00100000
108	#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
109	#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
110	#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
111	#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
112	#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
113	#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
114	#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
115	#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
116	#define IMAGE_SCN_ALIGN_512BYTES 0x00A00000
117	#define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000
118	#define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000
119	#define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000
120	#define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000
121	#define IMAGE_SCN_ALIGN_MASK 0x00F00000
122
123	#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000
124	#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000
125	#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000
126	#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000
127	#define IMAGE_SCN_MEM_SHARED 0x10000000
128	#define IMAGE_SCN_MEM_EXECUTE 0x20000000
129	#define IMAGE_SCN_MEM_READ 0x40000000
130	#define IMAGE_SCN_MEM_WRITE 0x80000000
131
132
133	/* relocations */
134	#define IMAGE_REL_BASED_ABSOLUTE 0x0
135	#define IMAGE_REL_BASED_HIGH 0x1
136	#define IMAGE_REL_BASED_LOW 0x2
137	#define IMAGE_REL_BASED_HIGHLOW 0x3
138	#define IMAGE_REL_BASED_HIGHADJ 0x4
139	#define IMAGE_REL_BASED_MIPS_JMPADDR 0x5
140	#define IMAGE_REL_BASED_SECTION 0x6
141	#define IMAGE_REL_BASED_REL32 0x7
142	/#define IMAGE_REL_BASED_RESERVED1 0x8 /
143	#define IMAGE_REL_BASED_MIPS_JMPADDR16 0x9
144	#define IMAGE_REL_BASED_IA64_IMM64 0x9
145	#define IMAGE_REL_BASED_DIR64 0xa
146	#define IMAGE_REL_BASED_HIGH3ADJ 0xb
147
148	/* imports */
149	#define IMAGE_ORDINAL_FLAG32 0x80000000
150	#define IMAGE_ORDINAL32(ord) ((ord) & 0xffff)
151	#define IMAGE_SNAP_BY_ORDINAL32(ord) (!!((ord) & IMAGE_ORDINAL_FLAG32))
152
153	#define IMAGE_ORDINAL_FLAG64 0x8000000000000000ULL
154	#define IMAGE_ORDINAL64(ord) ((ord) & 0xffff)
155	#define IMAGE_SNAP_BY_ORDINAL64(ord) (!!((ord) & IMAGE_ORDINAL_FLAG64))
156
157
158	/* dll/tls entry points argument */
159	#define DLL_PROCESS_DETACH 0
160	#define DLL_PROCESS_ATTACH 1
161	#define DLL_THREAD_ATTACH 2
162	#define DLL_THREAD_DETACH 3
163
164
165	/*******************************************************************************
166	* Structures and Typedefs *
167	*******************************************************************************/
168	#pragma pack(4)
169
170	typedef struct _IMAGE_FILE_HEADER
171	{
172	uint16_t Machine;
173	uint16_t NumberOfSections;
174	uint32_t TimeDateStamp;
175	uint32_t PointerToSymbolTable;
176	uint32_t NumberOfSymbols;
177	uint16_t SizeOfOptionalHeader;
178	uint16_t Characteristics;
179	} IMAGE_FILE_HEADER;
180	typedef IMAGE_FILE_HEADER *PIMAGE_FILE_HEADER;
181
182
183	typedef struct _IMAGE_DATA_DIRECTORY
184	{
185	uint32_t VirtualAddress;
186	uint32_t Size;
187	} IMAGE_DATA_DIRECTORY;
188	typedef IMAGE_DATA_DIRECTORY *PIMAGE_DATA_DIRECTORY;
189
190
191	typedef struct _IMAGE_OPTIONAL_HEADER32
192	{
193	uint16_t Magic;
194	uint8_t MajorLinkerVersion;
195	uint8_t MinorLinkerVersion;
196	uint32_t SizeOfCode;
197	uint32_t SizeOfInitializedData;
198	uint32_t SizeOfUninitializedData;
199	uint32_t AddressOfEntryPoint;
200	uint32_t BaseOfCode;
201	uint32_t BaseOfData;
202	uint32_t ImageBase;
203	uint32_t SectionAlignment;
204	uint32_t FileAlignment;
205	uint16_t MajorOperatingSystemVersion;
206	uint16_t MinorOperatingSystemVersion;
207	uint16_t MajorImageVersion;
208	uint16_t MinorImageVersion;
209	uint16_t MajorSubsystemVersion;
210	uint16_t MinorSubsystemVersion;
211	uint32_t Win32VersionValue;
212	uint32_t SizeOfImage;
213	uint32_t SizeOfHeaders;
214	uint32_t CheckSum;
215	uint16_t Subsystem;
216	uint16_t DllCharacteristics;
217	uint32_t SizeOfStackReserve;
218	uint32_t SizeOfStackCommit;
219	uint32_t SizeOfHeapReserve;
220	uint32_t SizeOfHeapCommit;
221	uint32_t LoaderFlags;
222	uint32_t NumberOfRvaAndSizes;
223	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
224	} IMAGE_OPTIONAL_HEADER32;
225	typedef IMAGE_OPTIONAL_HEADER32 *PIMAGE_OPTIONAL_HEADER32;
226
227	typedef struct _IMAGE_OPTIONAL_HEADER64
228	{
229	uint16_t Magic;
230	uint8_t MajorLinkerVersion;
231	uint8_t MinorLinkerVersion;
232	uint32_t SizeOfCode;
233	uint32_t SizeOfInitializedData;
234	uint32_t SizeOfUninitializedData;
235	uint32_t AddressOfEntryPoint;
236	uint32_t BaseOfCode;
237	uint64_t ImageBase;
238	uint32_t SectionAlignment;
239	uint32_t FileAlignment;
240	uint16_t MajorOperatingSystemVersion;
241	uint16_t MinorOperatingSystemVersion;
242	uint16_t MajorImageVersion;
243	uint16_t MinorImageVersion;
244	uint16_t MajorSubsystemVersion;
245	uint16_t MinorSubsystemVersion;
246	uint32_t Win32VersionValue;
247	uint32_t SizeOfImage;
248	uint32_t SizeOfHeaders;
249	uint32_t CheckSum;
250	uint16_t Subsystem;
251	uint16_t DllCharacteristics;
252	uint64_t SizeOfStackReserve;
253	uint64_t SizeOfStackCommit;
254	uint64_t SizeOfHeapReserve;
255	uint64_t SizeOfHeapCommit;
256	uint32_t LoaderFlags;
257	uint32_t NumberOfRvaAndSizes;
258	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
259	} IMAGE_OPTIONAL_HEADER64;
260	typedef IMAGE_OPTIONAL_HEADER64 *PIMAGE_OPTIONAL_HEADER64;
261
262
263	typedef struct _IMAGE_NT_HEADERS
264	{
265	uint32_t Signature;
266	IMAGE_FILE_HEADER FileHeader;
267	IMAGE_OPTIONAL_HEADER32 OptionalHeader;
268	} IMAGE_NT_HEADERS32;
269	typedef IMAGE_NT_HEADERS32 *PIMAGE_NT_HEADERS32;
270
271	typedef struct _IMAGE_NT_HEADERS64
272	{
273	uint32_t Signature;
274	IMAGE_FILE_HEADER FileHeader;
275	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
276	} IMAGE_NT_HEADERS64;
277	typedef IMAGE_NT_HEADERS64 *PIMAGE_NT_HEADERS64;
278
279
280	typedef struct _IMAGE_SECTION_HEADER
281	{
282	uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
283	union
284	{
285	uint32_t PhysicalAddress;
286	uint32_t VirtualSize;
287	} Misc;
288	uint32_t VirtualAddress;
289	uint32_t SizeOfRawData;
290	uint32_t PointerToRawData;
291	uint32_t PointerToRelocations;
292	uint32_t PointerToLinenumbers;
293	uint16_t NumberOfRelocations;
294	uint16_t NumberOfLinenumbers;
295	uint32_t Characteristics;
296	} IMAGE_SECTION_HEADER;
297	typedef IMAGE_SECTION_HEADER *PIMAGE_SECTION_HEADER;
298
299
300	typedef struct _IMAGE_BASE_RELOCATION
301	{
302	uint32_t VirtualAddress;
303	uint32_t SizeOfBlock;
304	} IMAGE_BASE_RELOCATION;
305	typedef IMAGE_BASE_RELOCATION *PIMAGE_BASE_RELOCATION;
306
307
308	typedef struct _IMAGE_EXPORT_DIRECTORY
309	{
310	uint32_t Characteristics;
311	uint32_t TimeDateStamp;
312	uint16_t MajorVersion;
313	uint16_t MinorVersion;
314	uint32_t Name;
315	uint32_t Base;
316	uint32_t NumberOfFunctions;
317	uint32_t NumberOfNames;
318	uint32_t AddressOfFunctions;
319	uint32_t AddressOfNames;
320	uint32_t AddressOfNameOrdinals;
321	} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
322
323
324	typedef struct _IMAGE_IMPORT_DESCRIPTOR
325	{
326	union
327	{
328	uint32_t Characteristics;
329	uint32_t OriginalFirstThunk;
330	} u;
331	uint32_t TimeDateStamp;
332	uint32_t ForwarderChain;
333	uint32_t Name;
334	uint32_t FirstThunk;
335	} IMAGE_IMPORT_DESCRIPTOR;
336	typedef IMAGE_IMPORT_DESCRIPTOR *PIMAGE_IMPORT_DESCRIPTOR;
337
338
339	typedef struct _IMAGE_IMPORT_BY_NAME
340	{
341	uint16_t Hint;
342	uint8_t Name[1];
343	} IMAGE_IMPORT_BY_NAME;
344	typedef IMAGE_IMPORT_BY_NAME *PIMAGE_IMPORT_BY_NAME;
345
346
347	/* The image_thunk_data32/64 structures are not very helpful except for getting RSI. keep them around till all the code has been converted. */
348	typedef struct _IMAGE_THUNK_DATA64
349	{
350	union
351	{
352	uint64_t ForwarderString;
353	uint64_t Function;
354	uint64_t Ordinal;
355	uint64_t AddressOfData;
356	} u1;
357	} IMAGE_THUNK_DATA64;
358	typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64;
359
360	typedef struct _IMAGE_THUNK_DATA32
361	{
362	union
363	{
364	uint32_t ForwarderString;
365	uint32_t Function;
366	uint32_t Ordinal;
367	uint32_t AddressOfData;
368	} u1;
369	} IMAGE_THUNK_DATA32;
370	typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32;
371
372
373	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32
374	{
375	uint32_t Size;
376	uint32_t TimeDateStamp;
377	uint16_t MajorVersion;
378	uint16_t MinorVersion;
379	uint32_t GlobalFlagsClear;
380	uint32_t GlobalFlagsSet;
381	uint32_t CriticalSectionDefaultTimeout;
382	uint32_t DeCommitFreeBlockThreshold;
383	uint32_t DeCommitTotalFreeThreshold;
384	uint32_t LockPrefixTable;
385	uint32_t MaximumAllocationSize;
386	uint32_t VirtualMemoryThreshold;
387	uint32_t ProcessHeapFlags;
388	uint32_t ProcessAffinityMask;
389	uint16_t CSDVersion;
390	uint16_t Reserved1;
391	uint32_t EditList;
392	uint32_t SecurityCookie;
393	uint32_t SEHandlerTable;
394	uint32_t SEHandlerCount;
395	} IMAGE_LOAD_CONFIG_DIRECTORY32;
396	typedef IMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY32;
397
398	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64
399	{
400	uint32_t Size;
401	uint32_t TimeDateStamp;
402	uint16_t MajorVersion;
403	uint16_t MinorVersion;
404	uint32_t GlobalFlagsClear;
405	uint32_t GlobalFlagsSet;
406	uint32_t CriticalSectionDefaultTimeout;
407	uint64_t DeCommitFreeBlockThreshold;
408	uint64_t DeCommitTotalFreeThreshold;
409	uint64_t LockPrefixTable;
410	uint64_t MaximumAllocationSize;
411	uint64_t VirtualMemoryThreshold;
412	uint64_t ProcessAffinityMask;
413	uint32_t ProcessHeapFlags;
414	uint16_t CSDVersion;
415	uint16_t Reserved1;
416	uint64_t EditList;
417	uint64_t SecurityCookie;
418	uint64_t SEHandlerTable;
419	uint64_t SEHandlerCount;
420	} IMAGE_LOAD_CONFIG_DIRECTORY64;
421	typedef IMAGE_LOAD_CONFIG_DIRECTORY64 *PIMAGE_LOAD_CONFIG_DIRECTORY64;
422
423	typedef struct _IMAGE_DEBUG_DIRECTORY
424	{
425	uint32_t Characteristics;
426	uint32_t TimeDateStamp;
427	uint16_t MajorVersion;
428	uint16_t MinorVersion;
429	uint32_t Type;
430	uint32_t SizeOfData;
431	uint32_t AddressOfRawData;
432	uint32_t PointerToRawData;
433	} IMAGE_DEBUG_DIRECTORY;
434	typedef IMAGE_DEBUG_DIRECTORY *PIMAGE_DEBUG_DIRECTORY;
435
436	#define IMAGE_DEBUG_TYPE_UNKNOWN 0
437	#define IMAGE_DEBUG_TYPE_COFF 1
438	#define IMAGE_DEBUG_TYPE_CODEVIEW 2 /* 4.0 */
439	#define IMAGE_DEBUG_TYPE_FPO 3 /* FPO = frame pointer omission */
440	#define IMAGE_DEBUG_TYPE_MISC 4
441	#define IMAGE_DEBUG_TYPE_EXCEPTION 5
442	#define IMAGE_DEBUG_TYPE_FIXUP 6
443	#define IMAGE_DEBUG_TYPE_BORLAND 9
444
445	typedef struct _IMAGE_TLS_DIRECTORY32
446	{
447	uint32_t StartAddressOfRawData;
448	uint32_t EndAddressOfRawData;
449	uint32_t AddressOfIndex;
450	uint32_t AddressOfCallBacks;
451	uint32_t SizeOfZeroFill;
452	uint32_t Characteristics;
453	} IMAGE_TLS_DIRECTORY32;
454	typedef IMAGE_TLS_DIRECTORY32 *PIMAGE_TLS_DIRECTORY32;
455
456	typedef struct _IMAGE_TLS_DIRECTORY64
457	{
458	uint64_t StartAddressOfRawData;
459	uint64_t EndAddressOfRawData;
460	uint64_t AddressOfIndex;
461	uint64_t AddressOfCallBacks;
462	uint32_t SizeOfZeroFill;
463	uint32_t Characteristics;
464	} IMAGE_TLS_DIRECTORY64;
465	typedef IMAGE_TLS_DIRECTORY64 *PIMAGE_TLS_DIRECTORY64;
466
467
468	#pragma pack()
469
470	#endif
471

Note: See TracBrowser for help on using the repository browser.

Download in other formats: