Context Navigation

kLdrModPE.h@ 3525

Visit:

Last change on this file since 3525 was 3525, checked in by bird, 18 years ago
made the format headers usable externally.
Property svn:keywords set to `Id`
File size: 15.0 KB

Line
1	/* $Id: kLdrModPE.h 3525 2007-08-19 22:14:55Z bird $ */
2
3	#ifndef __kLdrModPE_h__
4	#define __kLdrModPE_h__
5
6
7	/*******************************************************************************
8	* Header Files *
9	*******************************************************************************/
10	#include "kLdrBase.h"
11
12
13	/*******************************************************************************
14	* Defined Constants And Macros *
15	*******************************************************************************/
16	#ifndef IMAGE_NT_SIGNATURE
17	# define IMAGE_NT_SIGNATURE KLDR_LE2H_U32('P' \| ('E' << 8))
18	#endif
19
20	/* file header */
21	#define IMAGE_FILE_MACHINE_I386 0x014c
22	#define IMAGE_FILE_MACHINE_AMD64 0x8664
23
24	#define IMAGE_FILE_RELOCS_STRIPPED 0x0001
25	#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002
26	#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004
27	#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008
28	#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010
29	#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020
30	#define IMAGE_FILE_16BIT_MACHINE 0x0040
31	#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080
32	#define IMAGE_FILE_32BIT_MACHINE 0x0100
33	#define IMAGE_FILE_DEBUG_STRIPPED 0x0200
34	#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400
35	#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800
36	#define IMAGE_FILE_SYSTEM 0x1000
37	#define IMAGE_FILE_DLL 0x2000
38	#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000
39	#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000
40
41
42	/* optional header */
43	#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10B
44	#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20B
45
46	#define IMAGE_SUBSYSTEM_UNKNOWN 0x0
47	#define IMAGE_SUBSYSTEM_NATIVE 0x1
48	#define IMAGE_SUBSYSTEM_WINDOWS_GUI 0x2
49	#define IMAGE_SUBSYSTEM_WINDOWS_CUI 0x3
50	#define IMAGE_SUBSYSTEM_OS2_GUI 0x4
51	#define IMAGE_SUBSYSTEM_OS2_CUI 0x5
52	#define IMAGE_SUBSYSTEM_POSIX_CUI 0x7
53
54	#define IMAGE_LIBRARY_PROCESS_INIT 0x0001
55	#define IMAGE_LIBRARY_PROCESS_TERM 0x0002
56	#define IMAGE_LIBRARY_THREAD_INIT 0x0004
57	#define IMAGE_LIBRARY_THREAD_TERM 0x0008
58	#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200
59	#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400
60	#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800
61	#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000
62	#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
63
64	#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 0x10
65
66	#define IMAGE_DIRECTORY_ENTRY_EXPORT 0x0
67	#define IMAGE_DIRECTORY_ENTRY_IMPORT 0x1
68	#define IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2
69	#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x3
70	#define IMAGE_DIRECTORY_ENTRY_SECURITY 0x4
71	#define IMAGE_DIRECTORY_ENTRY_BASERELOC 0x5
72	#define IMAGE_DIRECTORY_ENTRY_DEBUG 0x6
73	#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 0x7
74	#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
75	#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x8
76	#define IMAGE_DIRECTORY_ENTRY_TLS 0x9
77	#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0xa
78	#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0xb
79	#define IMAGE_DIRECTORY_ENTRY_IAT 0xc
80	#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0xd
81	#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0xe
82
83
84	/* section header */
85	#define IMAGE_SIZEOF_SHORT_NAME 0x8
86
87	#define IMAGE_SCN_TYPE_REG 0x00000000
88	#define IMAGE_SCN_TYPE_DSECT 0x00000001
89	#define IMAGE_SCN_TYPE_NOLOAD 0x00000002
90	#define IMAGE_SCN_TYPE_GROUP 0x00000004
91	#define IMAGE_SCN_TYPE_NO_PAD 0x00000008
92	#define IMAGE_SCN_TYPE_COPY 0x00000010
93
94	#define IMAGE_SCN_CNT_CODE 0x00000020
95	#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040
96	#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080
97
98	#define IMAGE_SCN_LNK_OTHER 0x00000100
99	#define IMAGE_SCN_LNK_INFO 0x00000200
100	#define IMAGE_SCN_TYPE_OVER 0x00000400
101	#define IMAGE_SCN_LNK_REMOVE 0x00000800
102	#define IMAGE_SCN_LNK_COMDAT 0x00001000
103	#define IMAGE_SCN_MEM_PROTECTED 0x00004000
104	#define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000
105	#define IMAGE_SCN_GPREL 0x00008000
106	#define IMAGE_SCN_MEM_FARDATA 0x00008000
107	#define IMAGE_SCN_MEM_SYSHEAP 0x00010000
108	#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
109	#define IMAGE_SCN_MEM_16BIT 0x00020000
110	#define IMAGE_SCN_MEM_LOCKED 0x00040000
111	#define IMAGE_SCN_MEM_PRELOAD 0x00080000
112
113	#define IMAGE_SCN_ALIGN_1BYTES 0x00100000
114	#define IMAGE_SCN_ALIGN_2BYTES 0x00200000
115	#define IMAGE_SCN_ALIGN_4BYTES 0x00300000
116	#define IMAGE_SCN_ALIGN_8BYTES 0x00400000
117	#define IMAGE_SCN_ALIGN_16BYTES 0x00500000
118	#define IMAGE_SCN_ALIGN_32BYTES 0x00600000
119	#define IMAGE_SCN_ALIGN_64BYTES 0x00700000
120	#define IMAGE_SCN_ALIGN_128BYTES 0x00800000
121	#define IMAGE_SCN_ALIGN_256BYTES 0x00900000
122	#define IMAGE_SCN_ALIGN_512BYTES 0x00A00000
123	#define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000
124	#define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000
125	#define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000
126	#define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000
127	#define IMAGE_SCN_ALIGN_MASK 0x00F00000
128
129	#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000
130	#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000
131	#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000
132	#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000
133	#define IMAGE_SCN_MEM_SHARED 0x10000000
134	#define IMAGE_SCN_MEM_EXECUTE 0x20000000
135	#define IMAGE_SCN_MEM_READ 0x40000000
136	#define IMAGE_SCN_MEM_WRITE 0x80000000
137
138
139	/* relocations */
140	#define IMAGE_REL_BASED_ABSOLUTE 0x0
141	#define IMAGE_REL_BASED_HIGH 0x1
142	#define IMAGE_REL_BASED_LOW 0x2
143	#define IMAGE_REL_BASED_HIGHLOW 0x3
144	#define IMAGE_REL_BASED_HIGHADJ 0x4
145	#define IMAGE_REL_BASED_MIPS_JMPADDR 0x5
146	#define IMAGE_REL_BASED_SECTION 0x6
147	#define IMAGE_REL_BASED_REL32 0x7
148	/#define IMAGE_REL_BASED_RESERVED1 0x8 /
149	#define IMAGE_REL_BASED_MIPS_JMPADDR16 0x9
150	#define IMAGE_REL_BASED_IA64_IMM64 0x9
151	#define IMAGE_REL_BASED_DIR64 0xa
152	#define IMAGE_REL_BASED_HIGH3ADJ 0xb
153
154	/* imports */
155	#define IMAGE_ORDINAL_FLAG32 0x80000000
156	#define IMAGE_ORDINAL32(ord) ((ord) & 0xffff)
157	#define IMAGE_SNAP_BY_ORDINAL32(ord) (!!((ord) & IMAGE_ORDINAL_FLAG32))
158
159	#define IMAGE_ORDINAL_FLAG64 0x8000000000000000ULL
160	#define IMAGE_ORDINAL64(ord) ((ord) & 0xffff)
161	#define IMAGE_SNAP_BY_ORDINAL64(ord) (!!((ord) & IMAGE_ORDINAL_FLAG64))
162
163
164	/* dll/tls entry points argument */
165	#define DLL_PROCESS_DETACH 0
166	#define DLL_PROCESS_ATTACH 1
167	#define DLL_THREAD_ATTACH 2
168	#define DLL_THREAD_DETACH 3
169
170
171	/*******************************************************************************
172	* Structures and Typedefs *
173	*******************************************************************************/
174	#pragma pack(4)
175
176	typedef struct _IMAGE_FILE_HEADER
177	{
178	uint16_t Machine;
179	uint16_t NumberOfSections;
180	uint32_t TimeDateStamp;
181	uint32_t PointerToSymbolTable;
182	uint32_t NumberOfSymbols;
183	uint16_t SizeOfOptionalHeader;
184	uint16_t Characteristics;
185	} IMAGE_FILE_HEADER;
186	typedef IMAGE_FILE_HEADER *PIMAGE_FILE_HEADER;
187
188
189	typedef struct _IMAGE_DATA_DIRECTORY
190	{
191	uint32_t VirtualAddress;
192	uint32_t Size;
193	} IMAGE_DATA_DIRECTORY;
194	typedef IMAGE_DATA_DIRECTORY *PIMAGE_DATA_DIRECTORY;
195
196
197	typedef struct _IMAGE_OPTIONAL_HEADER32
198	{
199	uint16_t Magic;
200	uint8_t MajorLinkerVersion;
201	uint8_t MinorLinkerVersion;
202	uint32_t SizeOfCode;
203	uint32_t SizeOfInitializedData;
204	uint32_t SizeOfUninitializedData;
205	uint32_t AddressOfEntryPoint;
206	uint32_t BaseOfCode;
207	uint32_t BaseOfData;
208	uint32_t ImageBase;
209	uint32_t SectionAlignment;
210	uint32_t FileAlignment;
211	uint16_t MajorOperatingSystemVersion;
212	uint16_t MinorOperatingSystemVersion;
213	uint16_t MajorImageVersion;
214	uint16_t MinorImageVersion;
215	uint16_t MajorSubsystemVersion;
216	uint16_t MinorSubsystemVersion;
217	uint32_t Win32VersionValue;
218	uint32_t SizeOfImage;
219	uint32_t SizeOfHeaders;
220	uint32_t CheckSum;
221	uint16_t Subsystem;
222	uint16_t DllCharacteristics;
223	uint32_t SizeOfStackReserve;
224	uint32_t SizeOfStackCommit;
225	uint32_t SizeOfHeapReserve;
226	uint32_t SizeOfHeapCommit;
227	uint32_t LoaderFlags;
228	uint32_t NumberOfRvaAndSizes;
229	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
230	} IMAGE_OPTIONAL_HEADER32;
231	typedef IMAGE_OPTIONAL_HEADER32 *PIMAGE_OPTIONAL_HEADER32;
232
233	typedef struct _IMAGE_OPTIONAL_HEADER64
234	{
235	uint16_t Magic;
236	uint8_t MajorLinkerVersion;
237	uint8_t MinorLinkerVersion;
238	uint32_t SizeOfCode;
239	uint32_t SizeOfInitializedData;
240	uint32_t SizeOfUninitializedData;
241	uint32_t AddressOfEntryPoint;
242	uint32_t BaseOfCode;
243	uint64_t ImageBase;
244	uint32_t SectionAlignment;
245	uint32_t FileAlignment;
246	uint16_t MajorOperatingSystemVersion;
247	uint16_t MinorOperatingSystemVersion;
248	uint16_t MajorImageVersion;
249	uint16_t MinorImageVersion;
250	uint16_t MajorSubsystemVersion;
251	uint16_t MinorSubsystemVersion;
252	uint32_t Win32VersionValue;
253	uint32_t SizeOfImage;
254	uint32_t SizeOfHeaders;
255	uint32_t CheckSum;
256	uint16_t Subsystem;
257	uint16_t DllCharacteristics;
258	uint64_t SizeOfStackReserve;
259	uint64_t SizeOfStackCommit;
260	uint64_t SizeOfHeapReserve;
261	uint64_t SizeOfHeapCommit;
262	uint32_t LoaderFlags;
263	uint32_t NumberOfRvaAndSizes;
264	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
265	} IMAGE_OPTIONAL_HEADER64;
266	typedef IMAGE_OPTIONAL_HEADER64 *PIMAGE_OPTIONAL_HEADER64;
267
268
269	typedef struct _IMAGE_NT_HEADERS
270	{
271	uint32_t Signature;
272	IMAGE_FILE_HEADER FileHeader;
273	IMAGE_OPTIONAL_HEADER32 OptionalHeader;
274	} IMAGE_NT_HEADERS32;
275	typedef IMAGE_NT_HEADERS32 *PIMAGE_NT_HEADERS32;
276
277	typedef struct _IMAGE_NT_HEADERS64
278	{
279	uint32_t Signature;
280	IMAGE_FILE_HEADER FileHeader;
281	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
282	} IMAGE_NT_HEADERS64;
283	typedef IMAGE_NT_HEADERS64 *PIMAGE_NT_HEADERS64;
284
285
286	typedef struct _IMAGE_SECTION_HEADER
287	{
288	uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
289	union
290	{
291	uint32_t PhysicalAddress;
292	uint32_t VirtualSize;
293	} Misc;
294	uint32_t VirtualAddress;
295	uint32_t SizeOfRawData;
296	uint32_t PointerToRawData;
297	uint32_t PointerToRelocations;
298	uint32_t PointerToLinenumbers;
299	uint16_t NumberOfRelocations;
300	uint16_t NumberOfLinenumbers;
301	uint32_t Characteristics;
302	} IMAGE_SECTION_HEADER;
303	typedef IMAGE_SECTION_HEADER *PIMAGE_SECTION_HEADER;
304
305
306	typedef struct _IMAGE_BASE_RELOCATION
307	{
308	uint32_t VirtualAddress;
309	uint32_t SizeOfBlock;
310	} IMAGE_BASE_RELOCATION;
311	typedef IMAGE_BASE_RELOCATION *PIMAGE_BASE_RELOCATION;
312
313
314	typedef struct _IMAGE_EXPORT_DIRECTORY
315	{
316	uint32_t Characteristics;
317	uint32_t TimeDateStamp;
318	uint16_t MajorVersion;
319	uint16_t MinorVersion;
320	uint32_t Name;
321	uint32_t Base;
322	uint32_t NumberOfFunctions;
323	uint32_t NumberOfNames;
324	uint32_t AddressOfFunctions;
325	uint32_t AddressOfNames;
326	uint32_t AddressOfNameOrdinals;
327	} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
328
329
330	typedef struct _IMAGE_IMPORT_DESCRIPTOR
331	{
332	union
333	{
334	uint32_t Characteristics;
335	uint32_t OriginalFirstThunk;
336	} u;
337	uint32_t TimeDateStamp;
338	uint32_t ForwarderChain;
339	uint32_t Name;
340	uint32_t FirstThunk;
341	} IMAGE_IMPORT_DESCRIPTOR;
342	typedef IMAGE_IMPORT_DESCRIPTOR *PIMAGE_IMPORT_DESCRIPTOR;
343
344
345	typedef struct _IMAGE_IMPORT_BY_NAME
346	{
347	uint16_t Hint;
348	uint8_t Name[1];
349	} IMAGE_IMPORT_BY_NAME;
350	typedef IMAGE_IMPORT_BY_NAME *PIMAGE_IMPORT_BY_NAME;
351
352
353	/* The image_thunk_data32/64 structures are not very helpful except for getting RSI. keep them around till all the code has been converted. */
354	typedef struct _IMAGE_THUNK_DATA64
355	{
356	union
357	{
358	uint64_t ForwarderString;
359	uint64_t Function;
360	uint64_t Ordinal;
361	uint64_t AddressOfData;
362	} u1;
363	} IMAGE_THUNK_DATA64;
364	typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64;
365
366	typedef struct _IMAGE_THUNK_DATA32
367	{
368	union
369	{
370	uint32_t ForwarderString;
371	uint32_t Function;
372	uint32_t Ordinal;
373	uint32_t AddressOfData;
374	} u1;
375	} IMAGE_THUNK_DATA32;
376	typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32;
377
378
379	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32
380	{
381	uint32_t Size;
382	uint32_t TimeDateStamp;
383	uint16_t MajorVersion;
384	uint16_t MinorVersion;
385	uint32_t GlobalFlagsClear;
386	uint32_t GlobalFlagsSet;
387	uint32_t CriticalSectionDefaultTimeout;
388	uint32_t DeCommitFreeBlockThreshold;
389	uint32_t DeCommitTotalFreeThreshold;
390	uint32_t LockPrefixTable;
391	uint32_t MaximumAllocationSize;
392	uint32_t VirtualMemoryThreshold;
393	uint32_t ProcessHeapFlags;
394	uint32_t ProcessAffinityMask;
395	uint16_t CSDVersion;
396	uint16_t Reserved1;
397	uint32_t EditList;
398	uint32_t SecurityCookie;
399	uint32_t SEHandlerTable;
400	uint32_t SEHandlerCount;
401	} IMAGE_LOAD_CONFIG_DIRECTORY32;
402	typedef IMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY32;
403
404	typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64
405	{
406	uint32_t Size;
407	uint32_t TimeDateStamp;
408	uint16_t MajorVersion;
409	uint16_t MinorVersion;
410	uint32_t GlobalFlagsClear;
411	uint32_t GlobalFlagsSet;
412	uint32_t CriticalSectionDefaultTimeout;
413	uint64_t DeCommitFreeBlockThreshold;
414	uint64_t DeCommitTotalFreeThreshold;
415	uint64_t LockPrefixTable;
416	uint64_t MaximumAllocationSize;
417	uint64_t VirtualMemoryThreshold;
418	uint64_t ProcessAffinityMask;
419	uint32_t ProcessHeapFlags;
420	uint16_t CSDVersion;
421	uint16_t Reserved1;
422	uint64_t EditList;
423	uint64_t SecurityCookie;
424	uint64_t SEHandlerTable;
425	uint64_t SEHandlerCount;
426	} IMAGE_LOAD_CONFIG_DIRECTORY64;
427	typedef IMAGE_LOAD_CONFIG_DIRECTORY64 *PIMAGE_LOAD_CONFIG_DIRECTORY64;
428
429	typedef struct _IMAGE_DEBUG_DIRECTORY
430	{
431	uint32_t Characteristics;
432	uint32_t TimeDateStamp;
433	uint16_t MajorVersion;
434	uint16_t MinorVersion;
435	uint32_t Type;
436	uint32_t SizeOfData;
437	uint32_t AddressOfRawData;
438	uint32_t PointerToRawData;
439	} IMAGE_DEBUG_DIRECTORY;
440	typedef IMAGE_DEBUG_DIRECTORY *PIMAGE_DEBUG_DIRECTORY;
441
442	#define IMAGE_DEBUG_TYPE_UNKNOWN 0
443	#define IMAGE_DEBUG_TYPE_COFF 1
444	#define IMAGE_DEBUG_TYPE_CODEVIEW 2 /* 4.0 */
445	#define IMAGE_DEBUG_TYPE_FPO 3 /* FPO = frame pointer omission */
446	#define IMAGE_DEBUG_TYPE_MISC 4
447	#define IMAGE_DEBUG_TYPE_EXCEPTION 5
448	#define IMAGE_DEBUG_TYPE_FIXUP 6
449	#define IMAGE_DEBUG_TYPE_BORLAND 9
450
451	typedef struct _IMAGE_TLS_DIRECTORY32
452	{
453	uint32_t StartAddressOfRawData;
454	uint32_t EndAddressOfRawData;
455	uint32_t AddressOfIndex;
456	uint32_t AddressOfCallBacks;
457	uint32_t SizeOfZeroFill;
458	uint32_t Characteristics;
459	} IMAGE_TLS_DIRECTORY32;
460	typedef IMAGE_TLS_DIRECTORY32 *PIMAGE_TLS_DIRECTORY32;
461
462	typedef struct _IMAGE_TLS_DIRECTORY64
463	{
464	uint64_t StartAddressOfRawData;
465	uint64_t EndAddressOfRawData;
466	uint64_t AddressOfIndex;
467	uint64_t AddressOfCallBacks;
468	uint32_t SizeOfZeroFill;
469	uint32_t Characteristics;
470	} IMAGE_TLS_DIRECTORY64;
471	typedef IMAGE_TLS_DIRECTORY64 *PIMAGE_TLS_DIRECTORY64;
472
473
474	#pragma pack()
475
476	#endif
477

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/kLdr/kLdrModPE.h@ 3525

Download in other formats: