Context Navigation

source: trunk/kLdr/kLdrModPE.h@ 2856

Visit:

Last change on this file since 2856 was 2856, checked in by bird, 19 years ago
More code.
Property svn:keywords set to `Id`
File size: 14.6 KB

Line
1	/* $Id: kLdrModPE.h 2856 2006-11-04 22:19:33Z bird $ */
2
3	#ifndef __kLdrModPE_h__
4	#define __kLdrModPE_h__
5
6
7	/*******************************************************************************
8	* Defined Constants And Macros *
9	*******************************************************************************/
10	#ifndef IMAGE_NT_SIGNATURE
11	# define IMAGE_NT_SIGNATURE KLDRHLP_LE2H_U32('P' \| ('E' << 8))
12	#endif
13
14	/* file header */
15	#define IMAGE_FILE_MACHINE_I386 0x014c
16	#define IMAGE_FILE_MACHINE_AMD64 0x8664
17
18	#define IMAGE_FILE_RELOCS_STRIPPED 0x0001
19	#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002
20	#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004
21	#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008
22	#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010
23	#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020
24	#define IMAGE_FILE_16BIT_MACHINE 0x0040
25	#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080
26	#define IMAGE_FILE_32BIT_MACHINE 0x0100
27	#define IMAGE_FILE_DEBUG_STRIPPED 0x0200
28	#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400
29	#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800
30	#define IMAGE_FILE_SYSTEM 0x1000
31	#define IMAGE_FILE_DLL 0x2000
32	#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
33	#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
34
35
36	/* optional header */
37	#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10B
38	#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20B
39
40	#define IMAGE_SUBSYSTEM_UNKNOWN 0x0
41	#define IMAGE_SUBSYSTEM_NATIVE 0x1
42	#define IMAGE_SUBSYSTEM_WINDOWS_GUI 0x2
43	#define IMAGE_SUBSYSTEM_WINDOWS_CUI 0x3
44	#define IMAGE_SUBSYSTEM_OS2_GUI 0x4
45	#define IMAGE_SUBSYSTEM_OS2_CUI 0x5
46	#define IMAGE_SUBSYSTEM_POSIX_CUI 0x7
47
48	#define IMAGE_LIBRARY_PROCESS_INIT 0x0001
49	#define IMAGE_LIBRARY_PROCESS_TERM 0x0002
50	#define IMAGE_LIBRARY_THREAD_INIT 0x0004
51	#define IMAGE_LIBRARY_THREAD_TERM 0x0008
52	#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200
53	#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400
54	#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800
55	#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
56	#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
57
58	#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 0x10
59
60	#define IMAGE_DIRECTORY_ENTRY_EXPORT 0x0
61	#define IMAGE_DIRECTORY_ENTRY_IMPORT 0x1
62	#define IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2
63	#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x3
64	#define IMAGE_DIRECTORY_ENTRY_SECURITY 0x4
65	#define IMAGE_DIRECTORY_ENTRY_BASERELOC 0x5
66	#define IMAGE_DIRECTORY_ENTRY_DEBUG 0x6
67	#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 0x7
68	#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
69	#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x8
70	#define IMAGE_DIRECTORY_ENTRY_TLS 0x9
71	#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0xa
72	#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0xb
73	#define IMAGE_DIRECTORY_ENTRY_IAT 0xc
74	#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0xd
75	#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0xe
76
77
78	/* section header */
79	#define IMAGE_SIZEOF_SHORT_NAME 0x8
80
81	#define IMAGE_SCN_TYPE_REG 0x00000000
82	#define IMAGE_SCN_TYPE_DSECT 0x00000001
83	#define IMAGE_SCN_TYPE_NOLOAD 0x00000002
84	#define IMAGE_SCN_TYPE_GROUP 0x00000004
85	#define IMAGE_SCN_TYPE_NO_PAD 0x00000008
86	#define IMAGE_SCN_TYPE_COPY 0x00000010
87
88	#define IMAGE_SCN_CNT_CODE 0x00000020
89	#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040
90	#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080
91
92	#define IMAGE_SCN_LNK_OTHER 0x00000100
93	#define IMAGE_SCN_LNK_INFO 0x00000200
94	#define IMAGE_SCN_TYPE_OVER 0x00000400
95	#define IMAGE_SCN_LNK_REMOVE 0x00000800
96	#define IMAGE_SCN_LNK_COMDAT 0x00001000
97	#define IMAGE_SCN_MEM_PROTECTED 0x00004000
98	#define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000
99	#define IMAGE_SCN_GPREL 0x00008000
100	#define IMAGE_SCN_MEM_FARDATA 0x00008000
101	#define IMAGE_SCN_MEM_SYSHEAP 0x00010000
102	#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
103	#define IMAGE_SCN_MEM_16BIT 0x00020000
104	#define IMAGE_SCN_MEM_LOCKED 0x00040000
105	#define IMAGE_SCN_MEM_PRELOAD 0x00080000
106
107	#define IMAGE_SCN_ALIGN_1BYTES 0x00100000
108	#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
109	#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
110	#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
111	#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
112	#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
113	#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
114	#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
115	#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
116	#define IMAGE_SCN_ALIGN_512BYTES 0x00A00000
117	#define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000
118	#define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000
119	#define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000
120	#define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000
121	#define IMAGE_SCN_ALIGN_MASK 0x00F00000
122
123	#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000
124	#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000
125	#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000
126	#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000
127	#define IMAGE_SCN_MEM_SHARED 0x10000000
128	#define IMAGE_SCN_MEM_EXECUTE 0x20000000
129	#define IMAGE_SCN_MEM_READ 0x40000000
130	#define IMAGE_SCN_MEM_WRITE 0x80000000
131
132
133	/* relocations */
134	#define IMAGE_REL_BASED_ABSOLUTE 0x0
135	#define IMAGE_REL_BASED_HIGH 0x1
136	#define IMAGE_REL_BASED_LOW 0x2
137	#define IMAGE_REL_BASED_HIGHLOW 0x3
138	#define IMAGE_REL_BASED_HIGHADJ 0x4
139	#define IMAGE_REL_BASED_MIPS_JMPADDR 0x5
140	#define IMAGE_REL_BASED_MIPS_JMPADDR16 0x9
141	#define IMAGE_REL_BASED_IA64_IMM64 0x9
142	#define IMAGE_REL_BASED_DIR64 0xa
143	#define IMAGE_REL_BASED_HIGH3ADJ 0xb
144
145
146	/* imports */
147	#define IMAGE_ORDINAL_FLAG32 0x80000000
148	#define IMAGE_ORDINAL32(ord) ((ord) & 0xffff)
149	#define IMAGE_SNAP_BY_ORDINAL32(ord) (!!((ord) & IMAGE_ORDINAL_FLAG32))
150
151	#define IMAGE_ORDINAL_FLAG64 0x8000000000000000ULL
152	#define IMAGE_ORDINAL64(ord) ((ord) & 0xffff)
153	#define IMAGE_SNAP_BY_ORDINAL64(ord) (!!((ord) & IMAGE_ORDINAL_FLAG64))
154
155
156	/* dll/tls entry points argument */
157	#define DLL_PROCESS_DETACH 0
158	#define DLL_PROCESS_ATTACH 1
159	#define DLL_THREAD_ATTACH 2
160	#define DLL_THREAD_DETACH 3
161
162
163	/*******************************************************************************
164	* Structures and Typedefs *
165	*******************************************************************************/
166	#pragma pack(4)
167
168	typedef struct _IMAGE_FILE_HEADER
169	{
170	uint16_t Machine;
171	uint16_t NumberOfSections;
172	uint32_t TimeDateStamp;
173	uint32_t PointerToSymbolTable;
174	uint32_t NumberOfSymbols;
175	uint16_t SizeOfOptionalHeader;
176	uint16_t Characteristics;
177	} IMAGE_FILE_HEADER;
178	typedef IMAGE_FILE_HEADER *PIMAGE_FILE_HEADER;
179
180
181	typedef struct _IMAGE_DATA_DIRECTORY
182	{
183	uint32_t VirtualAddress;
184	uint32_t Size;
185	} IMAGE_DATA_DIRECTORY;
186	typedef IMAGE_DATA_DIRECTORY *PIMAGE_DATA_DIRECTORY;
187
188
189	typedef struct _IMAGE_OPTIONAL_HEADER32
190	{
191	uint16_t Magic;
192	uint8_t MajorLinkerVersion;
193	uint8_t MinorLinkerVersion;
194	uint32_t SizeOfCode;
195	uint32_t SizeOfInitializedData;
196	uint32_t SizeOfUninitializedData;
197	uint32_t AddressOfEntryPoint;
198	uint32_t BaseOfCode;
199	uint32_t BaseOfData;
200	uint32_t ImageBase;
201	uint32_t SectionAlignment;
202	uint32_t FileAlignment;
203	uint16_t MajorOperatingSystemVersion;
204	uint16_t MinorOperatingSystemVersion;
205	uint16_t MajorImageVersion;
206	uint16_t MinorImageVersion;
207	uint16_t MajorSubsystemVersion;
208	uint16_t MinorSubsystemVersion;
209	uint32_t Win32VersionValue;
210	uint32_t SizeOfImage;
211	uint32_t SizeOfHeaders;
212	uint32_t CheckSum;
213	uint16_t Subsystem;
214	uint16_t DllCharacteristics;
215	uint32_t SizeOfStackReserve;
216	uint32_t SizeOfStackCommit;
217	uint32_t SizeOfHeapReserve;
218	uint32_t SizeOfHeapCommit;
219	uint32_t LoaderFlags;
220	uint32_t NumberOfRvaAndSizes;
221	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
222	} IMAGE_OPTIONAL_HEADER32;
223	typedef IMAGE_OPTIONAL_HEADER32 *PIMAGE_OPTIONAL_HEADER32;
224
225	typedef struct _IMAGE_OPTIONAL_HEADER64
226	{
227	uint16_t Magic;
228	uint8_t MajorLinkerVersion;
229	uint8_t MinorLinkerVersion;
230	uint32_t SizeOfCode;
231	uint32_t SizeOfInitializedData;
232	uint32_t SizeOfUninitializedData;
233	uint32_t AddressOfEntryPoint;
234	uint32_t BaseOfCode;
235	uint64_t ImageBase;
236	uint32_t SectionAlignment;
237	uint32_t FileAlignment;
238	uint16_t MajorOperatingSystemVersion;
239	uint16_t MinorOperatingSystemVersion;
240	uint16_t MajorImageVersion;
241	uint16_t MinorImageVersion;
242	uint16_t MajorSubsystemVersion;
243	uint16_t MinorSubsystemVersion;
244	uint32_t Win32VersionValue;
245	uint32_t SizeOfImage;
246	uint32_t SizeOfHeaders;
247	uint32_t CheckSum;
248	uint16_t Subsystem;
249	uint16_t DllCharacteristics;
250	uint64_t SizeOfStackReserve;
251	uint64_t SizeOfStackCommit;
252	uint64_t SizeOfHeapReserve;
253	uint64_t SizeOfHeapCommit;
254	uint32_t LoaderFlags;
255	uint32_t NumberOfRvaAndSizes;
256	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
257	} IMAGE_OPTIONAL_HEADER64;
258	typedef IMAGE_OPTIONAL_HEADER64 *PIMAGE_OPTIONAL_HEADER64;
259
260
261	typedef struct _IMAGE_NT_HEADERS
262	{
263	uint32_t Signature;
264	IMAGE_FILE_HEADER FileHeader;
265	IMAGE_OPTIONAL_HEADER32 OptionalHeader;
266	} IMAGE_NT_HEADERS32;
267	typedef IMAGE_NT_HEADERS32 *PIMAGE_NT_HEADERS32;
268
269	typedef struct _IMAGE_NT_HEADERS64
270	{
271	uint32_t Signature;
272	IMAGE_FILE_HEADER FileHeader;
273	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
274	} IMAGE_NT_HEADERS64;
275	typedef IMAGE_NT_HEADERS64 *PIMAGE_NT_HEADERS64;
276
277
278	typedef struct _IMAGE_SECTION_HEADER
279	{
280	uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
281	union
282	{
283	uint32_t PhysicalAddress;
284	uint32_t VirtualSize;
285	} Misc;
286	uint32_t VirtualAddress;
287	uint32_t SizeOfRawData;
288	uint32_t PointerToRawData;
289	uint32_t PointerToRelocations;
290	uint32_t PointerToLinenumbers;
291	uint16_t NumberOfRelocations;
292	uint16_t NumberOfLinenumbers;
293	uint32_t Characteristics;
294	} IMAGE_SECTION_HEADER;
295	typedef IMAGE_SECTION_HEADER *PIMAGE_SECTION_HEADER;
296
297
298	typedef struct _IMAGE_BASE_RELOCATION
299	{
300	uint32_t VirtualAddress;
301	uint32_t SizeOfBlock;
302	} IMAGE_BASE_RELOCATION;
303	typedef IMAGE_BASE_RELOCATION *PIMAGE_BASE_RELOCATION;
304
305
306	typedef struct _IMAGE_EXPORT_DIRECTORY
307	{
308	uint32_t Characteristics;
309	uint32_t TimeDateStamp;
310	uint16_t MajorVersion;
311	uint16_t MinorVersion;
312	uint32_t Name;
313	uint32_t Base;
314	uint32_t NumberOfFunctions;
315	uint32_t NumberOfNames;
316	uint32_t AddressOfFunctions;
317	uint32_t AddressOfNames;
318	uint32_t AddressOfNameOrdinals;
319	} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
320
321
322	typedef struct _IMAGE_IMPORT_DESCRIPTOR
323	{
324	union
325	{
326	uint32_t Characteristics;
327	uint32_t OriginalFirstThunk;
328	} u;
329	uint32_t TimeDateStamp;
330	uint32_t ForwarderChain;
331	uint32_t Name;
332	uint32_t FirstThunk;
333	} IMAGE_IMPORT_DESCRIPTOR;
334	typedef IMAGE_IMPORT_DESCRIPTOR *PIMAGE_IMPORT_DESCRIPTOR;
335
336
337	typedef struct _IMAGE_IMPORT_BY_NAME
338	{
339	uint16_t Hint;
340	uint8_t Name[1];
341	} IMAGE_IMPORT_BY_NAME;
342	typedef IMAGE_IMPORT_BY_NAME *PIMAGE_IMPORT_BY_NAME;
343
344
345	/* The image_thunk_data32/64 structures are not very helpful except for getting RSI. keep them around till all the code has been converted. */
346	typedef struct _IMAGE_THUNK_DATA64
347	{
348	union
349	{
350	uint64_t ForwarderString;
351	uint64_t Function;
352	uint64_t Ordinal;
353	uint64_t AddressOfData;
354	} u1;
355	} IMAGE_THUNK_DATA64;
356	typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64;
357
358	typedef struct _IMAGE_THUNK_DATA32
359	{
360	union
361	{
362	uint32_t ForwarderString;
363	uint32_t Function;
364	uint32_t Ordinal;
365	uint32_t AddressOfData;
366	} u1;
367	} IMAGE_THUNK_DATA32;
368	typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32;
369
370
371	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32
372	{
373	uint32_t Size;
374	uint32_t TimeDateStamp;
375	uint16_t MajorVersion;
376	uint16_t MinorVersion;
377	uint32_t GlobalFlagsClear;
378	uint32_t GlobalFlagsSet;
379	uint32_t CriticalSectionDefaultTimeout;
380	uint32_t DeCommitFreeBlockThreshold;
381	uint32_t DeCommitTotalFreeThreshold;
382	uint32_t LockPrefixTable;
383	uint32_t MaximumAllocationSize;
384	uint32_t VirtualMemoryThreshold;
385	uint32_t ProcessHeapFlags;
386	uint32_t ProcessAffinityMask;
387	uint16_t CSDVersion;
388	uint16_t Reserved1;
389	uint32_t EditList;
390	uint32_t SecurityCookie;
391	uint32_t SEHandlerTable;
392	uint32_t SEHandlerCount;
393	} IMAGE_LOAD_CONFIG_DIRECTORY32;
394	typedef IMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY32;
395
396	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64
397	{
398	uint32_t Size;
399	uint32_t TimeDateStamp;
400	uint16_t MajorVersion;
401	uint16_t MinorVersion;
402	uint32_t GlobalFlagsClear;
403	uint32_t GlobalFlagsSet;
404	uint32_t CriticalSectionDefaultTimeout;
405	uint64_t DeCommitFreeBlockThreshold;
406	uint64_t DeCommitTotalFreeThreshold;
407	uint64_t LockPrefixTable;
408	uint64_t MaximumAllocationSize;
409	uint64_t VirtualMemoryThreshold;
410	uint64_t ProcessAffinityMask;
411	uint32_t ProcessHeapFlags;
412	uint16_t CSDVersion;
413	uint16_t Reserved1;
414	uint64_t EditList;
415	uint64_t SecurityCookie;
416	uint64_t SEHandlerTable;
417	uint64_t SEHandlerCount;
418	} IMAGE_LOAD_CONFIG_DIRECTORY64;
419	typedef IMAGE_LOAD_CONFIG_DIRECTORY64 *PIMAGE_LOAD_CONFIG_DIRECTORY64;
420
421	typedef struct _IMAGE_DEBUG_DIRECTORY
422	{
423	uint32_t Characteristics;
424	uint32_t TimeDateStamp;
425	uint16_t MajorVersion;
426	uint16_t MinorVersion;
427	uint32_t Type;
428	uint32_t SizeOfData;
429	uint32_t AddressOfRawData;
430	uint32_t PointerToRawData;
431	} IMAGE_DEBUG_DIRECTORY;
432	typedef IMAGE_DEBUG_DIRECTORY *PIMAGE_DEBUG_DIRECTORY;
433
434	#define IMAGE_DEBUG_TYPE_UNKNOWN 0
435	#define IMAGE_DEBUG_TYPE_COFF 1
436	#define IMAGE_DEBUG_TYPE_CODEVIEW 2 /* 4.0 */
437	#define IMAGE_DEBUG_TYPE_FPO 3 /* FPO = frame pointer omission */
438	#define IMAGE_DEBUG_TYPE_MISC 4
439	#define IMAGE_DEBUG_TYPE_EXCEPTION 5
440	#define IMAGE_DEBUG_TYPE_FIXUP 6
441	#define IMAGE_DEBUG_TYPE_BORLAND 9
442
443	typedef struct _IMAGE_TLS_DIRECTORY32
444	{
445	uint32_t StartAddressOfRawData;
446	uint32_t EndAddressOfRawData;
447	uint32_t AddressOfIndex;
448	uint32_t AddressOfCallBacks;
449	uint32_t SizeOfZeroFill;
450	uint32_t Characteristics;
451	} IMAGE_TLS_DIRECTORY32;
452	typedef IMAGE_TLS_DIRECTORY32 *PIMAGE_TLS_DIRECTORY32;
453
454	typedef struct _IMAGE_TLS_DIRECTORY64
455	{
456	uint64_t StartAddressOfRawData;
457	uint64_t EndAddressOfRawData;
458	uint64_t AddressOfIndex;
459	uint64_t AddressOfCallBacks;
460	uint32_t SizeOfZeroFill;
461	uint32_t Characteristics;
462	} IMAGE_TLS_DIRECTORY64;
463	typedef IMAGE_TLS_DIRECTORY64 *PIMAGE_TLS_DIRECTORY64;
464
465
466	#pragma pack()
467
468	#endif
469

Note: See TracBrowser for help on using the repository browser.

Download in other formats: