Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/kLdr/kLdrModPE.h@ 2827

Visit:

Last change on this file since 2827 was 2827, checked in by bird, 19 years ago
image format headers.
File size: 13.1 KB

Line
1	/* $Id: $ */
2
3	#ifndef __kLdrModPE_h__
4	#define __kLdrModPE_h__
5
6
7	/*******************************************************************************
8	* Defined Constants And Macros *
9	*******************************************************************************/
10	#ifndef IMAGE_NT_SIGNATURE
11	# define IMAGE_NT_SIGNATURE KLDRHLP_LE2H_U32('P' \| ('E' << 8))
12	#endif
13
14	/* file header */
15	#define IMAGE_FILE_MACHINE_I386 0x014c
16	#define IMAGE_FILE_MACHINE_AMD64 0x8664
17
18	#define IMAGE_FILE_RELOCS_STRIPPED 0x0001
19	#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002
20	#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004
21	#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008
22	#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010
23	#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020
24	#define IMAGE_FILE_16BIT_MACHINE 0x0040
25	#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080
26	#define IMAGE_FILE_32BIT_MACHINE 0x0100
27	#define IMAGE_FILE_DEBUG_STRIPPED 0x0200
28	#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400
29	#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800
30	#define IMAGE_FILE_SYSTEM 0x1000
31	#define IMAGE_FILE_DLL 0x2000
32	#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
33	#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
34
35
36	/* optional header */
37	#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10B
38	#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20B
39
40	#define IMAGE_SUBSYSTEM_UNKNOWN 0x0
41	#define IMAGE_SUBSYSTEM_NATIVE 0x1
42	#define IMAGE_SUBSYSTEM_WINDOWS_GUI 0x2
43	#define IMAGE_SUBSYSTEM_WINDOWS_CUI 0x3
44	#define IMAGE_SUBSYSTEM_OS2_GUI 0x4
45	#define IMAGE_SUBSYSTEM_OS2_CUI 0x5
46	#define IMAGE_SUBSYSTEM_POSIX_CUI 0x7
47
48	#define IMAGE_LIBRARY_PROCESS_INIT 0x0001
49	#define IMAGE_LIBRARY_PROCESS_TERM 0x0002
50	#define IMAGE_LIBRARY_THREAD_INIT 0x0004
51	#define IMAGE_LIBRARY_THREAD_TERM 0x0008
52	#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200
53	#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400
54	#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800
55	#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
56	#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
57
58	#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 0x10
59
60	#define IMAGE_DIRECTORY_ENTRY_EXPORT 0x0
61	#define IMAGE_DIRECTORY_ENTRY_IMPORT 0x1
62	#define IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2
63	#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x3
64	#define IMAGE_DIRECTORY_ENTRY_SECURITY 0x4
65	#define IMAGE_DIRECTORY_ENTRY_BASERELOC 0x5
66	#define IMAGE_DIRECTORY_ENTRY_DEBUG 0x6
67	#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 0x7
68	#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
69	#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x8
70	#define IMAGE_DIRECTORY_ENTRY_TLS 0x9
71	#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0xa
72	#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0xb
73	#define IMAGE_DIRECTORY_ENTRY_IAT 0xc
74	#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0xd
75	#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0xe
76
77
78	/* section header */
79	#define IMAGE_SIZEOF_SHORT_NAME 0x8
80
81	#define IMAGE_SCN_TYPE_REG 0x00000000
82	#define IMAGE_SCN_TYPE_DSECT 0x00000001
83	#define IMAGE_SCN_TYPE_NOLOAD 0x00000002
84	#define IMAGE_SCN_TYPE_GROUP 0x00000004
85	#define IMAGE_SCN_TYPE_NO_PAD 0x00000008
86	#define IMAGE_SCN_TYPE_COPY 0x00000010
87
88	#define IMAGE_SCN_CNT_CODE 0x00000020
89	#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040
90	#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080
91
92	#define IMAGE_SCN_LNK_OTHER 0x00000100
93	#define IMAGE_SCN_LNK_INFO 0x00000200
94	#define IMAGE_SCN_TYPE_OVER 0x00000400
95	#define IMAGE_SCN_LNK_REMOVE 0x00000800
96	#define IMAGE_SCN_LNK_COMDAT 0x00001000
97	#define IMAGE_SCN_MEM_PROTECTED 0x00004000
98	#define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000
99	#define IMAGE_SCN_GPREL 0x00008000
100	#define IMAGE_SCN_MEM_FARDATA 0x00008000
101	#define IMAGE_SCN_MEM_SYSHEAP 0x00010000
102	#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
103	#define IMAGE_SCN_MEM_16BIT 0x00020000
104	#define IMAGE_SCN_MEM_LOCKED 0x00040000
105	#define IMAGE_SCN_MEM_PRELOAD 0x00080000
106
107	#define IMAGE_SCN_ALIGN_1BYTES 0x00100000
108	#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
109	#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
110	#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
111	#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
112	#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
113	#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
114	#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
115	#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
116	#define IMAGE_SCN_ALIGN_512BYTES 0x00A00000
117	#define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000
118	#define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000
119	#define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000
120	#define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000
121	#define IMAGE_SCN_ALIGN_MASK 0x00F00000
122
123	#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000
124	#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000
125	#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000
126	#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000
127	#define IMAGE_SCN_MEM_SHARED 0x10000000
128	#define IMAGE_SCN_MEM_EXECUTE 0x20000000
129	#define IMAGE_SCN_MEM_READ 0x40000000
130	#define IMAGE_SCN_MEM_WRITE 0x80000000
131
132
133	/* relocations */
134	#define IMAGE_REL_BASED_ABSOLUTE 0x0
135	#define IMAGE_REL_BASED_HIGH 0x1
136	#define IMAGE_REL_BASED_LOW 0x2
137	#define IMAGE_REL_BASED_HIGHLOW 0x3
138	#define IMAGE_REL_BASED_HIGHADJ 0x4
139	#define IMAGE_REL_BASED_MIPS_JMPADDR 0x5
140	#define IMAGE_REL_BASED_MIPS_JMPADDR16 0x9
141	#define IMAGE_REL_BASED_IA64_IMM64 0x9
142	#define IMAGE_REL_BASED_DIR64 0xa
143	#define IMAGE_REL_BASED_HIGH3ADJ 0xb
144
145
146	/* imports */
147	#define IMAGE_ORDINAL_FLAG32 0x80000000
148	#define IMAGE_ORDINAL32(ord) ((ord) & 0xffff)
149	#define IMAGE_SNAP_BY_ORDINAL32(ord) (!!((ord) & IMAGE_ORDINAL_FLAG32))
150
151	#define IMAGE_ORDINAL_FLAG64 0x8000000000000000ULL
152	#define IMAGE_ORDINAL64(ord) ((ord) & 0xffff)
153	#define IMAGE_SNAP_BY_ORDINAL64(ord) (!!((ord) & IMAGE_ORDINAL_FLAG64))
154
155
156	/*******************************************************************************
157	* Structures and Typedefs *
158	*******************************************************************************/
159	#pragma pack(4)
160
161	typedef struct _IMAGE_FILE_HEADER
162	{
163	uint16_t Machine;
164	uint16_t NumberOfSections;
165	uint32_t TimeDateStamp;
166	uint32_t PointerToSymbolTable;
167	uint32_t NumberOfSymbols;
168	uint16_t SizeOfOptionalHeader;
169	uint16_t Characteristics;
170	} IMAGE_FILE_HEADER;
171	typedef IMAGE_FILE_HEADER *PIMAGE_FILE_HEADER;
172
173
174	typedef struct _IMAGE_DATA_DIRECTORY
175	{
176	uint32_t VirtualAddress;
177	uint32_t Size;
178	} IMAGE_DATA_DIRECTORY;
179	typedef IMAGE_DATA_DIRECTORY *PIMAGE_DATA_DIRECTORY;
180
181
182	typedef struct _IMAGE_OPTIONAL_HEADER32
183	{
184	uint16_t Magic;
185	uint8_t MajorLinkerVersion;
186	uint8_t MinorLinkerVersion;
187	uint32_t SizeOfCode;
188	uint32_t SizeOfInitializedData;
189	uint32_t SizeOfUninitializedData;
190	uint32_t AddressOfEntryPoint;
191	uint32_t BaseOfCode;
192	uint32_t BaseOfData;
193	uint32_t ImageBase;
194	uint32_t SectionAlignment;
195	uint32_t FileAlignment;
196	uint16_t MajorOperatingSystemVersion;
197	uint16_t MinorOperatingSystemVersion;
198	uint16_t MajorImageVersion;
199	uint16_t MinorImageVersion;
200	uint16_t MajorSubsystemVersion;
201	uint16_t MinorSubsystemVersion;
202	uint32_t Win32VersionValue;
203	uint32_t SizeOfImage;
204	uint32_t SizeOfHeaders;
205	uint32_t CheckSum;
206	uint16_t Subsystem;
207	uint16_t DllCharacteristics;
208	uint32_t SizeOfStackReserve;
209	uint32_t SizeOfStackCommit;
210	uint32_t SizeOfHeapReserve;
211	uint32_t SizeOfHeapCommit;
212	uint32_t LoaderFlags;
213	uint32_t NumberOfRvaAndSizes;
214	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
215	} IMAGE_OPTIONAL_HEADER32;
216	typedef IMAGE_OPTIONAL_HEADER32 *PIMAGE_OPTIONAL_HEADER32;
217
218	typedef struct _IMAGE_OPTIONAL_HEADER64
219	{
220	uint16_t Magic;
221	uint8_t MajorLinkerVersion;
222	uint8_t MinorLinkerVersion;
223	uint32_t SizeOfCode;
224	uint32_t SizeOfInitializedData;
225	uint32_t SizeOfUninitializedData;
226	uint32_t AddressOfEntryPoint;
227	uint32_t BaseOfCode;
228	uint64_t ImageBase;
229	uint32_t SectionAlignment;
230	uint32_t FileAlignment;
231	uint16_t MajorOperatingSystemVersion;
232	uint16_t MinorOperatingSystemVersion;
233	uint16_t MajorImageVersion;
234	uint16_t MinorImageVersion;
235	uint16_t MajorSubsystemVersion;
236	uint16_t MinorSubsystemVersion;
237	uint32_t Win32VersionValue;
238	uint32_t SizeOfImage;
239	uint32_t SizeOfHeaders;
240	uint32_t CheckSum;
241	uint16_t Subsystem;
242	uint16_t DllCharacteristics;
243	uint64_t SizeOfStackReserve;
244	uint64_t SizeOfStackCommit;
245	uint64_t SizeOfHeapReserve;
246	uint64_t SizeOfHeapCommit;
247	uint32_t LoaderFlags;
248	uint32_t NumberOfRvaAndSizes;
249	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
250	} IMAGE_OPTIONAL_HEADER64;
251	typedef IMAGE_OPTIONAL_HEADER64 *PIMAGE_OPTIONAL_HEADER64;
252
253
254	typedef struct _IMAGE_NT_HEADERS
255	{
256	uint32_t Signature;
257	IMAGE_FILE_HEADER FileHeader;
258	IMAGE_OPTIONAL_HEADER32 OptionalHeader;
259	} IMAGE_NT_HEADERS32;
260	typedef IMAGE_NT_HEADERS32 *PIMAGE_NT_HEADERS32;
261
262	typedef struct _IMAGE_NT_HEADERS64
263	{
264	uint32_t Signature;
265	IMAGE_FILE_HEADER FileHeader;
266	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
267	} IMAGE_NT_HEADERS64;
268	typedef IMAGE_NT_HEADERS64 *PIMAGE_NT_HEADERS64;
269
270
271	typedef struct _IMAGE_SECTION_HEADER
272	{
273	uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
274	union
275	{
276	uint32_t PhysicalAddress;
277	uint32_t VirtualSize;
278	} Misc;
279	uint32_t VirtualAddress;
280	uint32_t SizeOfRawData;
281	uint32_t PointerToRawData;
282	uint32_t PointerToRelocations;
283	uint32_t PointerToLinenumbers;
284	uint16_t NumberOfRelocations;
285	uint16_t NumberOfLinenumbers;
286	uint32_t Characteristics;
287	} IMAGE_SECTION_HEADER;
288	typedef IMAGE_SECTION_HEADER *PIMAGE_SECTION_HEADER;
289
290
291	typedef struct _IMAGE_BASE_RELOCATION
292	{
293	uint32_t VirtualAddress;
294	uint32_t SizeOfBlock;
295	} IMAGE_BASE_RELOCATION;
296	typedef IMAGE_BASE_RELOCATION *PIMAGE_BASE_RELOCATION;
297
298
299	typedef struct _IMAGE_EXPORT_DIRECTORY
300	{
301	uint32_t Characteristics;
302	uint32_t TimeDateStamp;
303	uint16_t MajorVersion;
304	uint16_t MinorVersion;
305	uint32_t Name;
306	uint32_t Base;
307	uint32_t NumberOfFunctions;
308	uint32_t NumberOfNames;
309	uint32_t AddressOfFunctions;
310	uint32_t AddressOfNames;
311	uint32_t AddressOfNameOrdinals;
312	} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
313
314
315	typedef struct _IMAGE_IMPORT_DESCRIPTOR
316	{
317	union
318	{
319	uint32_t Characteristics;
320	uint32_t OriginalFirstThunk;
321	} u;
322	uint32_t TimeDateStamp;
323	uint32_t ForwarderChain;
324	uint32_t Name;
325	uint32_t FirstThunk;
326	} IMAGE_IMPORT_DESCRIPTOR;
327	typedef IMAGE_IMPORT_DESCRIPTOR *PIMAGE_IMPORT_DESCRIPTOR;
328
329
330	typedef struct _IMAGE_IMPORT_BY_NAME
331	{
332	uint16_t Hint;
333	uint8_t Name[1];
334	} IMAGE_IMPORT_BY_NAME;
335	typedef IMAGE_IMPORT_BY_NAME *PIMAGE_IMPORT_BY_NAME;
336
337
338	/* The image_thunk_data32/64 structures are not very helpful except for getting RSI. keep them around till all the code has been converted. */
339	typedef struct _IMAGE_THUNK_DATA64
340	{
341	union
342	{
343	uint64_t ForwarderString;
344	uint64_t Function;
345	uint64_t Ordinal;
346	uint64_t AddressOfData;
347	} u1;
348	} IMAGE_THUNK_DATA64;
349	typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64;
350
351	typedef struct _IMAGE_THUNK_DATA32
352	{
353	union
354	{
355	uint32_t ForwarderString;
356	uint32_t Function;
357	uint32_t Ordinal;
358	uint32_t AddressOfData;
359	} u1;
360	} IMAGE_THUNK_DATA32;
361	typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32;
362
363
364	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32
365	{
366	uint32_t Size;
367	uint32_t TimeDateStamp;
368	uint16_t MajorVersion;
369	uint16_t MinorVersion;
370	uint32_t GlobalFlagsClear;
371	uint32_t GlobalFlagsSet;
372	uint32_t CriticalSectionDefaultTimeout;
373	uint32_t DeCommitFreeBlockThreshold;
374	uint32_t DeCommitTotalFreeThreshold;
375	uint32_t LockPrefixTable;
376	uint32_t MaximumAllocationSize;
377	uint32_t VirtualMemoryThreshold;
378	uint32_t ProcessHeapFlags;
379	uint32_t ProcessAffinityMask;
380	uint16_t CSDVersion;
381	uint16_t Reserved1;
382	uint32_t EditList;
383	uint32_t SecurityCookie;
384	uint32_t SEHandlerTable;
385	uint32_t SEHandlerCount;
386	} IMAGE_LOAD_CONFIG_DIRECTORY32;
387	typedef IMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY32;
388
389	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64
390	{
391	uint32_t Size;
392	uint32_t TimeDateStamp;
393	uint16_t MajorVersion;
394	uint16_t MinorVersion;
395	uint32_t GlobalFlagsClear;
396	uint32_t GlobalFlagsSet;
397	uint32_t CriticalSectionDefaultTimeout;
398	uint64_t DeCommitFreeBlockThreshold;
399	uint64_t DeCommitTotalFreeThreshold;
400	uint64_t LockPrefixTable;
401	uint64_t MaximumAllocationSize;
402	uint64_t VirtualMemoryThreshold;
403	uint64_t ProcessAffinityMask;
404	uint32_t ProcessHeapFlags;
405	uint16_t CSDVersion;
406	uint16_t Reserved1;
407	uint64_t EditList;
408	uint64_t SecurityCookie;
409	uint64_t SEHandlerTable;
410	uint64_t SEHandlerCount;
411	} IMAGE_LOAD_CONFIG_DIRECTORY64;
412	typedef IMAGE_LOAD_CONFIG_DIRECTORY64 *PIMAGE_LOAD_CONFIG_DIRECTORY64;
413
414	#pragma pack()
415
416	#endif
417

Note: See TracBrowser for help on using the repository browser.

Download in other formats: