summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--include/perk/perk.h2
-rw-r--r--include/perk/perk_meta.h2
-rw-r--r--include/perk/perk_structs.h765
-rw-r--r--src/logic/pe_get_image_meta.c6
-rw-r--r--src/reader/pe_read_import_header.c6
5 files changed, 220 insertions, 561 deletions
diff --git a/include/perk/perk.h b/include/perk/perk.h
index 187392e..43c9913 100644
--- a/include/perk/perk.h
+++ b/include/perk/perk.h
@@ -175,7 +175,7 @@ perk_api int pe_read_optional_header (const union pe_opt_hdr *, struct pe_met
perk_api int pe_read_section_header (const struct pe_sec_hdr *, struct pe_meta_sec_hdr *);
perk_api int pe_read_export_header (const struct pe_export_hdr *, struct pe_meta_export_hdr *);
perk_api int pe_read_import_header (const struct pe_import_hdr *, struct pe_meta_import_hdr *);
-perk_api int pe_read_import_lookup_item(const struct pe_import_lookup_item *, struct pe_meta_import_lookup_item *, uint32_t magic);
+perk_api int pe_read_import_lookup_item(const union pe_import_lookup_item *, struct pe_meta_import_lookup_item *, uint32_t magic);
#ifdef __cplusplus
}
diff --git a/include/perk/perk_meta.h b/include/perk/perk_meta.h
index 8ca8f53..e3dfab7 100644
--- a/include/perk/perk_meta.h
+++ b/include/perk/perk_meta.h
@@ -211,7 +211,7 @@ struct pe_meta_import_hdr {
uint32_t count;
char * name;
struct pe_meta_import_lookup_item * items;
- struct pe_import_lookup_item * aitems;
+ union pe_import_lookup_item * aitems;
};
diff --git a/include/perk/perk_structs.h b/include/perk/perk_structs.h
index 11c6d5a..4a03a27 100644
--- a/include/perk/perk_structs.h
+++ b/include/perk/perk_structs.h
@@ -5,464 +5,217 @@
extern "C" {
#endif
-/* pe_image_dos_header... */
-#define PE_DOS_MAGIC_BS 0x02
-#define PE_DOS_CBLP_BS 0x02
-#define PE_DOS_CP_BS 0x02
-#define PE_DOS_CRLC_BS 0x02
-#define PE_DOS_CPARHDR_BS 0x02
-#define PE_DOS_MINALLOC_BS 0x02
-#define PE_DOS_MAXALLOC_BS 0x02
-#define PE_DOS_SS_BS 0x02
-#define PE_DOS_SP_BS 0x02
-#define PE_DOS_CSUM_BS 0x02
-#define PE_DOS_IP_BS 0x02
-#define PE_DOS_CS_BS 0x02
-#define PE_DOS_LFARLC_BS 0x02
-#define PE_DOS_OVNO_BS 0x02
-#define PE_DOS_RES_BS 0x08
-#define PE_DOS_OEMID_BS 0x02
-#define PE_DOS_OEMINFO_BS 0x02
-#define PE_DOS_RES2_BS 0x14
-#define PE_DOS_LFANEW_BS 0x04
-
struct pe_image_dos_hdr {
- unsigned char dos_magic [PE_DOS_MAGIC_BS]; /* 0x00 */
- unsigned char dos_cblp [PE_DOS_CBLP_BS]; /* 0x02 */
- unsigned char dos_cp [PE_DOS_CP_BS]; /* 0x04 */
- unsigned char dos_crlc [PE_DOS_CRLC_BS]; /* 0x06 */
- unsigned char dos_cparhdr [PE_DOS_CPARHDR_BS]; /* 0x08 */
- unsigned char dos_minalloc [PE_DOS_MINALLOC_BS]; /* 0x0a */
- unsigned char dos_maxalloc [PE_DOS_MAXALLOC_BS]; /* 0x0c */
- unsigned char dos_ss [PE_DOS_SS_BS]; /* 0x0e */
- unsigned char dos_sp [PE_DOS_SP_BS]; /* 0x10 */
- unsigned char dos_csum [PE_DOS_CSUM_BS]; /* 0x12 */
- unsigned char dos_ip [PE_DOS_IP_BS]; /* 0x14 */
- unsigned char dos_cs [PE_DOS_CS_BS]; /* 0x16 */
- unsigned char dos_lfarlc [PE_DOS_LFARLC_BS]; /* 0x18 */
- unsigned char dos_ovno [PE_DOS_OVNO_BS]; /* 0x1a */
- unsigned char dos_res [PE_DOS_RES_BS]; /* 0x1c */
- unsigned char dos_oemid [PE_DOS_OEMID_BS]; /* 0x24 */
- unsigned char dos_oeminfo [PE_DOS_OEMINFO_BS]; /* 0x26 */
- unsigned char dos_res2 [PE_DOS_RES2_BS]; /* 0x28 */
- unsigned char dos_lfanew [PE_DOS_LFANEW_BS]; /* 0x3c */
+ unsigned char dos_magic [0x02]; /* 0x00 */
+ unsigned char dos_cblp [0x02]; /* 0x02 */
+ unsigned char dos_cp [0x02]; /* 0x04 */
+ unsigned char dos_crlc [0x02]; /* 0x06 */
+ unsigned char dos_cparhdr [0x02]; /* 0x08 */
+ unsigned char dos_minalloc [0x02]; /* 0x0a */
+ unsigned char dos_maxalloc [0x02]; /* 0x0c */
+ unsigned char dos_ss [0x02]; /* 0x0e */
+ unsigned char dos_sp [0x02]; /* 0x10 */
+ unsigned char dos_csum [0x02]; /* 0x12 */
+ unsigned char dos_ip [0x02]; /* 0x14 */
+ unsigned char dos_cs [0x02]; /* 0x16 */
+ unsigned char dos_lfarlc [0x02]; /* 0x18 */
+ unsigned char dos_ovno [0x02]; /* 0x1a */
+ unsigned char dos_res [0x08]; /* 0x1c */
+ unsigned char dos_oemid [0x02]; /* 0x24 */
+ unsigned char dos_oeminfo [0x02]; /* 0x26 */
+ unsigned char dos_res2 [0x14]; /* 0x28 */
+ unsigned char dos_lfanew [0x04]; /* 0x3c */
};
-#undef PE_DOS_MAGIC_BS
-#undef PE_DOS_CBLP_BS
-#undef PE_DOS_CP_BS
-#undef PE_DOS_CRLC_BS
-#undef PE_DOS_CPARHDR_BS
-#undef PE_DOS_MINALLOC_BS
-#undef PE_DOS_MAXALLOC_BS
-#undef PE_DOS_SS_BS
-#undef PE_DOS_SP_BS
-#undef PE_DOS_CSUM_BS
-#undef PE_DOS_IP_BS
-#undef PE_DOS_CS_BS
-#undef PE_DOS_LFARLC_BS
-#undef PE_DOS_OVNO_BS
-#undef PE_DOS_RES_BS
-#undef PE_DOS_OEMID_BS
-#undef PE_DOS_OEMINFO_BS
-#undef PE_DOS_RES2_BS
-#undef PE_DOS_LFANEW_BS
-
-
-/* pe_coff_file_header... */
-#define PE_SIGNATURE_BS 0x04
-#define PE_MACHINE_BS 0x02
-#define PE_NUMBER_OF_SECTIONS_BS 0x02
-#define PE_TIME_DATE_STAMP_BS 0x04
-#define PE_POINTER_TO_SYMBOL_TABLE_BS 0x04
-#define PE_NUMBER_OF_SYMBOLS_BS 0x04
-#define PE_SIZE_OF_OPTIONAL_HEADER_BS 0x02
-#define PE_CHARACTERISTICS_BS 0x02
struct pe_coff_file_hdr {
- unsigned char signature [PE_SIGNATURE_BS]; /* 0x00 */
- unsigned char machine [PE_MACHINE_BS]; /* 0x04 */
- unsigned char num_of_sections [PE_NUMBER_OF_SECTIONS_BS]; /* 0x06 */
- unsigned char time_date_stamp [PE_TIME_DATE_STAMP_BS]; /* 0x08 */
- unsigned char ptr_to_sym_tbl [PE_POINTER_TO_SYMBOL_TABLE_BS]; /* 0x0c */
- unsigned char num_of_syms [PE_NUMBER_OF_SYMBOLS_BS]; /* 0x10 */
- unsigned char size_of_opt_hdr [PE_SIZE_OF_OPTIONAL_HEADER_BS]; /* 0x14 */
- unsigned char characteristics [PE_CHARACTERISTICS_BS]; /* 0x16 */
+ unsigned char signature [0x04]; /* 0x00 */
+ unsigned char machine [0x02]; /* 0x04 */
+ unsigned char num_of_sections [0x02]; /* 0x06 */
+ unsigned char time_date_stamp [0x04]; /* 0x08 */
+ unsigned char ptr_to_sym_tbl [0x04]; /* 0x0c */
+ unsigned char num_of_syms [0x04]; /* 0x10 */
+ unsigned char size_of_opt_hdr [0x02]; /* 0x14 */
+ unsigned char characteristics [0x02]; /* 0x16 */
};
-#undef PE_SIGNATURE_BS
-#undef PE_MACHINE_BS
-#undef PE_NUMBER_OF_SECTIONS_BS
-#undef PE_TIME_DATE_STAMP_BS
-#undef PE_POINTER_TO_SYMBOL_TABLE_BS
-#undef PE_NUMBER_OF_SYMBOLS_BS
-#undef PE_SIZE_OF_OPTIONAL_HEADER_BS
-#undef PE_CHARACTERISTICS_BS
-
-
-/* pe32_optional_header... */
-#define PE_MAGIC_BS 0x02
-#define PE_MAJOR_LINKER_VERSION_BS 0x01
-#define PE_MINOR_LINKER_VERSION_BS 0x01
-#define PE_SIZE_OF_CODE_BS 0x04
-#define PE_SIZE_OF_INITIALIZED_DATA_BS 0x04
-#define PE_SIZE_OF_UNINITIALIZED_DATA_BS 0x04
-#define PE_ADDRESS_OF_ENTRY_POINT_BS 0x04
-#define PE_BASE_OF_CODE_BS 0x04
-#define PE_BASE_OF_DATA_BS 0x04
-#define PE_IMAGE_BASE_BS 0x04
-#define PE_SECTION_ALIGNMENT_BS 0x04
-#define PE_FILE_ALIGNMENT_BS 0x04
-#define PE_MAJOR_OPERATING_SYSTEM_VERSION_BS 0x02
-#define PE_MINOR_OPERATING_SYSTEM_VERSION_BS 0x02
-#define PE_MAJOR_IMAGE_VERSION_BS 0x02
-#define PE_MINOR_IMAGE_VERSION_BS 0x02
-#define PE_MAJOR_SUBSYSTEM_VERSION_BS 0x02
-#define PE_MINOR_SUBSYSTEM_VERSION_BS 0x02
-#define PE_WIN32_VERSION_VALUE_BS 0x04
-#define PE_SIZE_OF_IMAGE_BS 0x04
-#define PE_SIZE_OF_HEADERS_BS 0x04
-#define PE_CHECK_SUM_BS 0x04
-#define PE_SUBSYSTEM_BS 0x02
-#define PE_DLL_CHARACTERISTICS_BS 0x02
-#define PE_SIZE_OF_STACK_RESERVE_BS 0x04
-#define PE_SIZE_OF_STACK_COMMIT_BS 0x04
-#define PE_SIZE_OF_HEAP_RESERVE_BS 0x04
-#define PE_SIZE_OF_HEAP_COMMIT_BS 0x04
-#define PE_LOADER_FLAGS_BS 0x04
-#define PE_NUMBER_OF_RVA_AND_SIZES_BS 0x04
-#define PE_EXPORT_TABLE_BS 0x08
-#define PE_IMPORT_TABLE_BS 0x08
-#define PE_RESOURCE_TABLE_BS 0x08
-#define PE_EXCEPTION_TABLE_BS 0x08
-#define PE_CERTIFICATE_TABLE_BS 0x08
-#define PE_BASE_RELOCATION_TABLE_BS 0x08
-#define PE_DEBUG_BS 0x08
-#define PE_ARCHITECTURE_BS 0x08
-#define PE_GLOBAL_PTR_BS 0x08
-#define PE_TLS_TABLE_BS 0x08
-#define PE_LOAD_CONFIG_TABLE_BS 0x08
-#define PE_BOUND_IMPORT_BS 0x08
-#define PE_IAT_BS 0x08
-#define PE_DELAY_IMPORT_DESCRIPTOR_BS 0x08
-#define PE_CLR_RUNTIME_HEADER_BS 0x08
-#define PE_RESERVED__MUST_BE_ZERO_BS 0x08
struct pe_opt_hdr_std {
- unsigned char magic [PE_MAGIC_BS]; /* 0x00 */
- unsigned char major_linker_ver [PE_MAJOR_LINKER_VERSION_BS]; /* 0x02 */
- unsigned char minor_linker_ver [PE_MINOR_LINKER_VERSION_BS]; /* 0x03 */
- unsigned char size_of_code [PE_SIZE_OF_CODE_BS]; /* 0x04 */
- unsigned char size_of_initialized_data [PE_SIZE_OF_INITIALIZED_DATA_BS]; /* 0x08 */
- unsigned char size_of_uninitialized_data [PE_SIZE_OF_UNINITIALIZED_DATA_BS]; /* 0x0c */
- unsigned char entry_point [PE_ADDRESS_OF_ENTRY_POINT_BS]; /* 0x10 */
- unsigned char base_of_code [PE_BASE_OF_CODE_BS]; /* 0x14 */
+ unsigned char magic [0x02]; /* 0x00 */
+ unsigned char major_linker_ver [0x01]; /* 0x02 */
+ unsigned char minor_linker_ver [0x01]; /* 0x03 */
+ unsigned char size_of_code [0x04]; /* 0x04 */
+ unsigned char size_of_initialized_data [0x04]; /* 0x08 */
+ unsigned char size_of_uninitialized_data [0x04]; /* 0x0c */
+ unsigned char entry_point [0x04]; /* 0x10 */
+ unsigned char base_of_code [0x04]; /* 0x14 */
};
struct pe_opt_hdr_align {
- unsigned char section_align [PE_SECTION_ALIGNMENT_BS]; /* 0x20 */
- unsigned char file_align [PE_FILE_ALIGNMENT_BS]; /* 0x24 */
+ unsigned char section_align [0x04]; /* 0x20 */
+ unsigned char file_align [0x04]; /* 0x24 */
};
struct pe_opt_hdr_vers {
- unsigned char major_os_ver [PE_MAJOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x28 */
- unsigned char minor_os_ver [PE_MINOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x2a */
- unsigned char major_image_ver [PE_MAJOR_IMAGE_VERSION_BS]; /* 0x2c */
- unsigned char minor_image_ver [PE_MINOR_IMAGE_VERSION_BS]; /* 0x2e */
- unsigned char major_subsys_ver [PE_MAJOR_SUBSYSTEM_VERSION_BS]; /* 0x30 */
- unsigned char minor_subsys_ver [PE_MINOR_SUBSYSTEM_VERSION_BS]; /* 0x32 */
- unsigned char win32_ver [PE_WIN32_VERSION_VALUE_BS]; /* 0x34 */
+ unsigned char major_os_ver [0x02]; /* 0x28 */
+ unsigned char minor_os_ver [0x02]; /* 0x2a */
+ unsigned char major_image_ver [0x02]; /* 0x2c */
+ unsigned char minor_image_ver [0x02]; /* 0x2e */
+ unsigned char major_subsys_ver [0x02]; /* 0x30 */
+ unsigned char minor_subsys_ver [0x02]; /* 0x32 */
+ unsigned char win32_ver [0x04]; /* 0x34 */
};
struct pe_opt_hdr_img {
- unsigned char size_of_image [PE_SIZE_OF_IMAGE_BS]; /* 0x38 */
- unsigned char size_of_headers [PE_SIZE_OF_HEADERS_BS]; /* 0x3c */
- unsigned char checksum [PE_CHECK_SUM_BS]; /* 0x40 */
- unsigned char subsystem [PE_SUBSYSTEM_BS]; /* 0x44 */
- unsigned char dll_characteristics [PE_DLL_CHARACTERISTICS_BS]; /* 0x46 */
+ unsigned char size_of_image [0x04]; /* 0x38 */
+ unsigned char size_of_headers [0x04]; /* 0x3c */
+ unsigned char checksum [0x04]; /* 0x40 */
+ unsigned char subsystem [0x02]; /* 0x44 */
+ unsigned char dll_characteristics [0x02]; /* 0x46 */
};
struct pe_opt_hdr_ldr {
- unsigned char loader_flags [PE_LOADER_FLAGS_BS];
- unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS];
+ unsigned char loader_flags [0x04];
+ unsigned char rva_and_sizes [0x04];
};
struct pe_opt_hdr_dirs {
- unsigned char export_tbl [PE_EXPORT_TABLE_BS];
- unsigned char import_tbl [PE_IMPORT_TABLE_BS];
- unsigned char resource_tbl [PE_RESOURCE_TABLE_BS];
- unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS];
- unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS];
- unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS];
- unsigned char debug [PE_DEBUG_BS];
- unsigned char arch [PE_ARCHITECTURE_BS];
- unsigned char global_ptr [PE_GLOBAL_PTR_BS];
- unsigned char tls_tbl [PE_TLS_TABLE_BS];
- unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS];
- unsigned char bound_import [PE_BOUND_IMPORT_BS];
- unsigned char iat [PE_IAT_BS];
- unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS];
- unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS];
- unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS];
+ unsigned char export_tbl [0x08];
+ unsigned char import_tbl [0x08];
+ unsigned char resource_tbl [0x08];
+ unsigned char exception_tbl [0x08];
+ unsigned char certificate_tbl [0x08];
+ unsigned char base_reloc_tbl [0x08];
+ unsigned char debug [0x08];
+ unsigned char arch [0x08];
+ unsigned char global_ptr [0x08];
+ unsigned char tls_tbl [0x08];
+ unsigned char load_config_tbl [0x08];
+ unsigned char bound_import [0x08];
+ unsigned char iat [0x08];
+ unsigned char delay_import_descriptor [0x08];
+ unsigned char clr_runtime_hdr [0x08];
+ unsigned char reserved [0x08];
};
struct pe_data_dirs {
- unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS];
- unsigned char export_tbl [PE_EXPORT_TABLE_BS];
- unsigned char import_tbl [PE_IMPORT_TABLE_BS];
- unsigned char resource_tbl [PE_RESOURCE_TABLE_BS];
- unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS];
- unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS];
- unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS];
- unsigned char debug [PE_DEBUG_BS];
- unsigned char arch [PE_ARCHITECTURE_BS];
- unsigned char global_ptr [PE_GLOBAL_PTR_BS];
- unsigned char tls_tbl [PE_TLS_TABLE_BS];
- unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS];
- unsigned char bound_import [PE_BOUND_IMPORT_BS];
- unsigned char iat [PE_IAT_BS];
- unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS];
- unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS];
- unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS];
+ unsigned char rva_and_sizes [0x04];
+ unsigned char export_tbl [0x08];
+ unsigned char import_tbl [0x08];
+ unsigned char resource_tbl [0x08];
+ unsigned char exception_tbl [0x08];
+ unsigned char certificate_tbl [0x08];
+ unsigned char base_reloc_tbl [0x08];
+ unsigned char debug [0x08];
+ unsigned char arch [0x08];
+ unsigned char global_ptr [0x08];
+ unsigned char tls_tbl [0x08];
+ unsigned char load_config_tbl [0x08];
+ unsigned char bound_import [0x08];
+ unsigned char iat [0x08];
+ unsigned char delay_import_descriptor [0x08];
+ unsigned char clr_runtime_hdr [0x08];
+ unsigned char reserved [0x08];
};
struct pe_opt_hdr_32 {
- unsigned char magic [PE_MAGIC_BS]; /* 0x00 */
- unsigned char major_linker_ver [PE_MAJOR_LINKER_VERSION_BS]; /* 0x02 */
- unsigned char minor_linker_ver [PE_MINOR_LINKER_VERSION_BS]; /* 0x03 */
- unsigned char size_of_code [PE_SIZE_OF_CODE_BS]; /* 0x04 */
- unsigned char size_of_initialized_data [PE_SIZE_OF_INITIALIZED_DATA_BS]; /* 0x08 */
- unsigned char size_of_uninitialized_data [PE_SIZE_OF_UNINITIALIZED_DATA_BS]; /* 0x0c */
- unsigned char entry_point [PE_ADDRESS_OF_ENTRY_POINT_BS]; /* 0x10 */
- unsigned char base_of_code [PE_BASE_OF_CODE_BS]; /* 0x14 */
- unsigned char base_of_data [PE_BASE_OF_DATA_BS]; /* 0x18 */
- unsigned char image_base [PE_IMAGE_BASE_BS]; /* 0x1c */
- unsigned char section_align [PE_SECTION_ALIGNMENT_BS]; /* 0x20 */
- unsigned char file_align [PE_FILE_ALIGNMENT_BS]; /* 0x24 */
- unsigned char major_os_ver [PE_MAJOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x28 */
- unsigned char minor_or_ver [PE_MINOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x2a */
- unsigned char major_image_ver [PE_MAJOR_IMAGE_VERSION_BS]; /* 0x2c */
- unsigned char minor_image_ver [PE_MINOR_IMAGE_VERSION_BS]; /* 0x2e */
- unsigned char major_subsys_ver [PE_MAJOR_SUBSYSTEM_VERSION_BS]; /* 0x30 */
- unsigned char minor_subsys_ver [PE_MINOR_SUBSYSTEM_VERSION_BS]; /* 0x32 */
- unsigned char win32_ver [PE_WIN32_VERSION_VALUE_BS]; /* 0x34 */
- unsigned char size_of_image [PE_SIZE_OF_IMAGE_BS]; /* 0x38 */
- unsigned char size_of_headers [PE_SIZE_OF_HEADERS_BS]; /* 0x3c */
- unsigned char checksum [PE_CHECK_SUM_BS]; /* 0x40 */
- unsigned char subsystem [PE_SUBSYSTEM_BS]; /* 0x44 */
- unsigned char dll_characteristics [PE_DLL_CHARACTERISTICS_BS]; /* 0x46 */
- unsigned char size_of_stack_reserve [PE_SIZE_OF_STACK_RESERVE_BS]; /* 0x48 */
- unsigned char size_of_stack_commit [PE_SIZE_OF_STACK_COMMIT_BS]; /* 0x4c */
- unsigned char size_of_heap_reserve [PE_SIZE_OF_HEAP_RESERVE_BS]; /* 0x50 */
- unsigned char size_of_heap_commit [PE_SIZE_OF_HEAP_COMMIT_BS]; /* 0x54 */
- unsigned char loader_flags [PE_LOADER_FLAGS_BS]; /* 0x58 */
- unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS]; /* 0x5c */
- unsigned char export_tbl [PE_EXPORT_TABLE_BS]; /* 0x60 */
- unsigned char import_tbl [PE_IMPORT_TABLE_BS]; /* 0x68 */
- unsigned char resource_tbl [PE_RESOURCE_TABLE_BS]; /* 0x70 */
- unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS]; /* 0x78 */
- unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS]; /* 0x80 */
- unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS]; /* 0x88 */
- unsigned char debug [PE_DEBUG_BS]; /* 0x90 */
- unsigned char arch [PE_ARCHITECTURE_BS]; /* 0x98 */
- unsigned char global_ptr [PE_GLOBAL_PTR_BS]; /* 0xa0 */
- unsigned char tls_tbl [PE_TLS_TABLE_BS]; /* 0xa8 */
- unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS]; /* 0xb0 */
- unsigned char bound_import [PE_BOUND_IMPORT_BS]; /* 0xb8 */
- unsigned char iat [PE_IAT_BS]; /* 0xc0 */
- unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS]; /* 0xc8 */
- unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS]; /* 0xd0 */
- unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS]; /* 0xd8 */
+ unsigned char magic [0x02]; /* 0x00 */
+ unsigned char major_linker_ver [0x01]; /* 0x02 */
+ unsigned char minor_linker_ver [0x01]; /* 0x03 */
+ unsigned char size_of_code [0x04]; /* 0x04 */
+ unsigned char size_of_initialized_data [0x04]; /* 0x08 */
+ unsigned char size_of_uninitialized_data [0x04]; /* 0x0c */
+ unsigned char entry_point [0x04]; /* 0x10 */
+ unsigned char base_of_code [0x04]; /* 0x14 */
+ unsigned char base_of_data [0x04]; /* 0x18 */
+ unsigned char image_base [0x04]; /* 0x1c */
+ unsigned char section_align [0x04]; /* 0x20 */
+ unsigned char file_align [0x04]; /* 0x24 */
+ unsigned char major_os_ver [0x02]; /* 0x28 */
+ unsigned char minor_os_ver [0x02]; /* 0x2a */
+ unsigned char major_image_ver [0x02]; /* 0x2c */
+ unsigned char minor_image_ver [0x02]; /* 0x2e */
+ unsigned char major_subsys_ver [0x02]; /* 0x30 */
+ unsigned char minor_subsys_ver [0x02]; /* 0x32 */
+ unsigned char win32_ver [0x04]; /* 0x34 */
+ unsigned char size_of_image [0x04]; /* 0x38 */
+ unsigned char size_of_headers [0x04]; /* 0x3c */
+ unsigned char checksum [0x04]; /* 0x40 */
+ unsigned char subsystem [0x02]; /* 0x44 */
+ unsigned char dll_characteristics [0x02]; /* 0x46 */
+ unsigned char size_of_stack_reserve [0x04]; /* 0x48 */
+ unsigned char size_of_stack_commit [0x04]; /* 0x4c */
+ unsigned char size_of_heap_reserve [0x04]; /* 0x50 */
+ unsigned char size_of_heap_commit [0x04]; /* 0x54 */
+ unsigned char loader_flags [0x04]; /* 0x58 */
+ unsigned char rva_and_sizes [0x04]; /* 0x5c */
+ unsigned char export_tbl [0x08]; /* 0x60 */
+ unsigned char import_tbl [0x08]; /* 0x68 */
+ unsigned char resource_tbl [0x08]; /* 0x70 */
+ unsigned char exception_tbl [0x08]; /* 0x78 */
+ unsigned char certificate_tbl [0x08]; /* 0x80 */
+ unsigned char base_reloc_tbl [0x08]; /* 0x88 */
+ unsigned char debug [0x08]; /* 0x90 */
+ unsigned char arch [0x08]; /* 0x98 */
+ unsigned char global_ptr [0x08]; /* 0xa0 */
+ unsigned char tls_tbl [0x08]; /* 0xa8 */
+ unsigned char load_config_tbl [0x08]; /* 0xb0 */
+ unsigned char bound_import [0x08]; /* 0xb8 */
+ unsigned char iat [0x08]; /* 0xc0 */
+ unsigned char delay_import_descriptor [0x08]; /* 0xc8 */
+ unsigned char clr_runtime_hdr [0x08]; /* 0xd0 */
+ unsigned char reserved [0x08]; /* 0xd8 */
};
-#undef PE_MAGIC_BS
-#undef PE_MAJOR_LINKER_VERSION_BS
-#undef PE_MINOR_LINKER_VERSION_BS
-#undef PE_SIZE_OF_CODE_BS
-#undef PE_SIZE_OF_INITIALIZED_DATA_BS
-#undef PE_SIZE_OF_UNINITIALIZED_DATA_BS
-#undef PE_ADDRESS_OF_ENTRY_POINT_BS
-#undef PE_BASE_OF_CODE_BS
-#undef PE_BASE_OF_DATA_BS
-#undef PE_IMAGE_BASE_BS
-#undef PE_SECTION_ALIGNMENT_BS
-#undef PE_FILE_ALIGNMENT_BS
-#undef PE_MAJOR_OPERATING_SYSTEM_VERSION_BS
-#undef PE_MINOR_OPERATING_SYSTEM_VERSION_BS
-#undef PE_MAJOR_IMAGE_VERSION_BS
-#undef PE_MINOR_IMAGE_VERSION_BS
-#undef PE_MAJOR_SUBSYSTEM_VERSION_BS
-#undef PE_MINOR_SUBSYSTEM_VERSION_BS
-#undef PE_WIN32_VERSION_VALUE_BS
-#undef PE_SIZE_OF_IMAGE_BS
-#undef PE_SIZE_OF_HEADERS_BS
-#undef PE_CHECK_SUM_BS
-#undef PE_SUBSYSTEM_BS
-#undef PE_DLL_CHARACTERISTICS_BS
-#undef PE_SIZE_OF_STACK_RESERVE_BS
-#undef PE_SIZE_OF_STACK_COMMIT_BS
-#undef PE_SIZE_OF_HEAP_RESERVE_BS
-#undef PE_SIZE_OF_HEAP_COMMIT_BS
-#undef PE_LOADER_FLAGS_BS
-#undef PE_NUMBER_OF_RVA_AND_SIZES_BS
-#undef PE_EXPORT_TABLE_BS
-#undef PE_IMPORT_TABLE_BS
-#undef PE_RESOURCE_TABLE_BS
-#undef PE_EXCEPTION_TABLE_BS
-#undef PE_CERTIFICATE_TABLE_BS
-#undef PE_BASE_RELOCATION_TABLE_BS
-#undef PE_DEBUG_BS
-#undef PE_ARCHITECTURE_BS
-#undef PE_GLOBAL_PTR_BS
-#undef PE_TLS_TABLE_BS
-#undef PE_LOAD_CONFIG_TABLE_BS
-#undef PE_BOUND_IMPORT_BS
-#undef PE_IAT_BS
-#undef PE_DELAY_IMPORT_DESCRIPTOR_BS
-#undef PE_CLR_RUNTIME_HEADER_BS
-#undef PE_RESERVED__MUST_BE_ZERO_BS
-
-
-/* pe64_optional_header... */
-#define PE_MAGIC_BS 0x02
-#define PE_MAJOR_LINKER_VERSION_BS 0x01
-#define PE_MINOR_LINKER_VERSION_BS 0x01
-#define PE_SIZE_OF_CODE_BS 0x04
-#define PE_SIZE_OF_INITIALIZED_DATA_BS 0x04
-#define PE_SIZE_OF_UNINITIALIZED_DATA_BS 0x04
-#define PE_ADDRESS_OF_ENTRY_POINT_BS 0x04
-#define PE_BASE_OF_CODE_BS 0x04
-#define PE_IMAGE_BASE_BS 0x08
-#define PE_SECTION_ALIGNMENT_BS 0x04
-#define PE_FILE_ALIGNMENT_BS 0x04
-#define PE_MAJOR_OPERATING_SYSTEM_VERSION_BS 0x02
-#define PE_MINOR_OPERATING_SYSTEM_VERSION_BS 0x02
-#define PE_MAJOR_IMAGE_VERSION_BS 0x02
-#define PE_MINOR_IMAGE_VERSION_BS 0x02
-#define PE_MAJOR_SUBSYSTEM_VERSION_BS 0x02
-#define PE_MINOR_SUBSYSTEM_VERSION_BS 0x02
-#define PE_WIN32_VERSION_VALUE_BS 0x04
-#define PE_SIZE_OF_IMAGE_BS 0x04
-#define PE_SIZE_OF_HEADERS_BS 0x04
-#define PE_CHECK_SUM_BS 0x04
-#define PE_SUBSYSTEM_BS 0x02
-#define PE_DLL_CHARACTERISTICS_BS 0x02
-#define PE_SIZE_OF_STACK_RESERVE_BS 0x08
-#define PE_SIZE_OF_STACK_COMMIT_BS 0x08
-#define PE_SIZE_OF_HEAP_RESERVE_BS 0x08
-#define PE_SIZE_OF_HEAP_COMMIT_BS 0x08
-#define PE_LOADER_FLAGS_BS 0x04
-#define PE_NUMBER_OF_RVA_AND_SIZES_BS 0x04
-#define PE_EXPORT_TABLE_BS 0x08
-#define PE_IMPORT_TABLE_BS 0x08
-#define PE_RESOURCE_TABLE_BS 0x08
-#define PE_EXCEPTION_TABLE_BS 0x08
-#define PE_CERTIFICATE_TABLE_BS 0x08
-#define PE_BASE_RELOCATION_TABLE_BS 0x08
-#define PE_DEBUG_BS 0x08
-#define PE_ARCHITECTURE_BS 0x08
-#define PE_GLOBAL_PTR_BS 0x08
-#define PE_TLS_TABLE_BS 0x08
-#define PE_LOAD_CONFIG_TABLE_BS 0x08
-#define PE_BOUND_IMPORT_BS 0x08
-#define PE_IAT_BS 0x08
-#define PE_DELAY_IMPORT_DESCRIPTOR_BS 0x08
-#define PE_CLR_RUNTIME_HEADER_BS 0x08
-#define PE_RESERVED__MUST_BE_ZERO_BS 0x08
struct pe_opt_hdr_64 {
- unsigned char magic [PE_MAGIC_BS]; /* 0x00 */
- unsigned char major_linker_ver [PE_MAJOR_LINKER_VERSION_BS]; /* 0x02 */
- unsigned char minor_linker_ver [PE_MINOR_LINKER_VERSION_BS]; /* 0x03 */
- unsigned char size_of_code [PE_SIZE_OF_CODE_BS]; /* 0x04 */
- unsigned char size_of_initialized_data [PE_SIZE_OF_INITIALIZED_DATA_BS]; /* 0x08 */
- unsigned char size_of_uninitialized_data [PE_SIZE_OF_UNINITIALIZED_DATA_BS]; /* 0x0c */
- unsigned char entry_point [PE_ADDRESS_OF_ENTRY_POINT_BS]; /* 0x10 */
- unsigned char base_of_code [PE_BASE_OF_CODE_BS]; /* 0x14 */
- unsigned char image_base [PE_IMAGE_BASE_BS]; /* 0x18 */
- unsigned char section_align [PE_SECTION_ALIGNMENT_BS]; /* 0x20 */
- unsigned char file_align [PE_FILE_ALIGNMENT_BS]; /* 0x24 */
- unsigned char major_os_ver [PE_MAJOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x28 */
- unsigned char minor_or_ver [PE_MINOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x2a */
- unsigned char major_image_ver [PE_MAJOR_IMAGE_VERSION_BS]; /* 0x2c */
- unsigned char minor_image_ver [PE_MINOR_IMAGE_VERSION_BS]; /* 0x2e */
- unsigned char major_subsys_ver [PE_MAJOR_SUBSYSTEM_VERSION_BS]; /* 0x30 */
- unsigned char minor_subsys_ver [PE_MINOR_SUBSYSTEM_VERSION_BS]; /* 0x32 */
- unsigned char win32_ver [PE_WIN32_VERSION_VALUE_BS]; /* 0x34 */
- unsigned char size_of_image [PE_SIZE_OF_IMAGE_BS]; /* 0x38 */
- unsigned char size_of_headers [PE_SIZE_OF_HEADERS_BS]; /* 0x3c */
- unsigned char checksum [PE_CHECK_SUM_BS]; /* 0x40 */
- unsigned char subsystem [PE_SUBSYSTEM_BS]; /* 0x44 */
- unsigned char dll_characteristics [PE_DLL_CHARACTERISTICS_BS]; /* 0x46 */
- unsigned char size_of_stack_reserve [PE_SIZE_OF_STACK_RESERVE_BS]; /* 0x48 */
- unsigned char size_of_stack_commit [PE_SIZE_OF_STACK_COMMIT_BS]; /* 0x50 */
- unsigned char size_of_heap_reserve [PE_SIZE_OF_HEAP_RESERVE_BS]; /* 0x58 */
- unsigned char size_of_heap_commit [PE_SIZE_OF_HEAP_COMMIT_BS]; /* 0x60 */
- unsigned char loader_flags [PE_LOADER_FLAGS_BS]; /* 0x68 */
- unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS]; /* 0x6c */
- unsigned char export_tbl [PE_EXPORT_TABLE_BS]; /* 0x70 */
- unsigned char import_tbl [PE_IMPORT_TABLE_BS]; /* 0x78 */
- unsigned char resource_tbl [PE_RESOURCE_TABLE_BS]; /* 0x80 */
- unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS]; /* 0x88 */
- unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS]; /* 0x90 */
- unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS]; /* 0x98 */
- unsigned char debug [PE_DEBUG_BS]; /* 0xa0 */
- unsigned char arch [PE_ARCHITECTURE_BS]; /* 0xa8 */
- unsigned char global_ptr [PE_GLOBAL_PTR_BS]; /* 0xb0 */
- unsigned char tls_tbl [PE_TLS_TABLE_BS]; /* 0xb8 */
- unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS]; /* 0xc0 */
- unsigned char bound_import [PE_BOUND_IMPORT_BS]; /* 0xc8 */
- unsigned char iat [PE_IAT_BS]; /* 0xd0 */
- unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS]; /* 0xd8 */
- unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS]; /* 0xe0 */
- unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS]; /* 0xe8 */
+ unsigned char magic [0x02]; /* 0x00 */
+ unsigned char major_linker_ver [0x01]; /* 0x02 */
+ unsigned char minor_linker_ver [0x01]; /* 0x03 */
+ unsigned char size_of_code [0x04]; /* 0x04 */
+ unsigned char size_of_initialized_data [0x04]; /* 0x08 */
+ unsigned char size_of_uninitialized_data [0x04]; /* 0x0c */
+ unsigned char entry_point [0x04]; /* 0x10 */
+ unsigned char base_of_code [0x04]; /* 0x14 */
+ unsigned char image_base [0x08]; /* 0x18 */
+ unsigned char section_align [0x04]; /* 0x20 */
+ unsigned char file_align [0x04]; /* 0x24 */
+ unsigned char major_os_ver [0x02]; /* 0x28 */
+ unsigned char minor_os_ver [0x02]; /* 0x2a */
+ unsigned char major_image_ver [0x02]; /* 0x2c */
+ unsigned char minor_image_ver [0x02]; /* 0x2e */
+ unsigned char major_subsys_ver [0x02]; /* 0x30 */
+ unsigned char minor_subsys_ver [0x02]; /* 0x32 */
+ unsigned char win32_ver [0x04]; /* 0x34 */
+ unsigned char size_of_image [0x04]; /* 0x38 */
+ unsigned char size_of_headers [0x04]; /* 0x3c */
+ unsigned char checksum [0x04]; /* 0x40 */
+ unsigned char subsystem [0x02]; /* 0x44 */
+ unsigned char dll_characteristics [0x02]; /* 0x46 */
+ unsigned char size_of_stack_reserve [0x08]; /* 0x48 */
+ unsigned char size_of_stack_commit [0x08]; /* 0x50 */
+ unsigned char size_of_heap_reserve [0x08]; /* 0x58 */
+ unsigned char size_of_heap_commit [0x08]; /* 0x60 */
+ unsigned char loader_flags [0x04]; /* 0x68 */
+ unsigned char rva_and_sizes [0x04]; /* 0x6c */
+ unsigned char export_tbl [0x08]; /* 0x70 */
+ unsigned char import_tbl [0x08]; /* 0x78 */
+ unsigned char resource_tbl [0x08]; /* 0x80 */
+ unsigned char exception_tbl [0x08]; /* 0x88 */
+ unsigned char certificate_tbl [0x08]; /* 0x90 */
+ unsigned char base_reloc_tbl [0x08]; /* 0x98 */
+ unsigned char debug [0x08]; /* 0xa0 */
+ unsigned char arch [0x08]; /* 0xa8 */
+ unsigned char global_ptr [0x08]; /* 0xb0 */
+ unsigned char tls_tbl [0x08]; /* 0xb8 */
+ unsigned char load_config_tbl [0x08]; /* 0xc0 */
+ unsigned char bound_import [0x08]; /* 0xc8 */
+ unsigned char iat [0x08]; /* 0xd0 */
+ unsigned char delay_import_descriptor [0x08]; /* 0xd8 */
+ unsigned char clr_runtime_hdr [0x08]; /* 0xe0 */
+ unsigned char reserved [0x08]; /* 0xe8 */
};
-#undef PE_MAGIC_BS
-#undef PE_MAJOR_LINKER_VERSION_BS
-#undef PE_MINOR_LINKER_VERSION_BS
-#undef PE_SIZE_OF_CODE_BS
-#undef PE_SIZE_OF_INITIALIZED_DATA_BS
-#undef PE_SIZE_OF_UNINITIALIZED_DATA_BS
-#undef PE_ADDRESS_OF_ENTRY_POINT_BS
-#undef PE_BASE_OF_CODE_BS
-#undef PE_IMAGE_BASE_BS
-#undef PE_SECTION_ALIGNMENT_BS
-#undef PE_FILE_ALIGNMENT_BS
-#undef PE_MAJOR_OPERATING_SYSTEM_VERSION_BS
-#undef PE_MINOR_OPERATING_SYSTEM_VERSION_BS
-#undef PE_MAJOR_IMAGE_VERSION_BS
-#undef PE_MINOR_IMAGE_VERSION_BS
-#undef PE_MAJOR_SUBSYSTEM_VERSION_BS
-#undef PE_MINOR_SUBSYSTEM_VERSION_BS
-#undef PE_WIN32_VERSION_VALUE_BS
-#undef PE_SIZE_OF_IMAGE_BS
-#undef PE_SIZE_OF_HEADERS_BS
-#undef PE_CHECK_SUM_BS
-#undef PE_SUBSYSTEM_BS
-#undef PE_DLL_CHARACTERISTICS_BS
-#undef PE_SIZE_OF_STACK_RESERVE_BS
-#undef PE_SIZE_OF_STACK_COMMIT_BS
-#undef PE_SIZE_OF_HEAP_RESERVE_BS
-#undef PE_SIZE_OF_HEAP_COMMIT_BS
-#undef PE_LOADER_FLAGS_BS
-#undef PE_NUMBER_OF_RVA_AND_SIZES_BS
-#undef PE_EXPORT_TABLE_BS
-#undef PE_IMPORT_TABLE_BS
-#undef PE_RESOURCE_TABLE_BS
-#undef PE_EXCEPTION_TABLE_BS
-#undef PE_CERTIFICATE_TABLE_BS
-#undef PE_BASE_RELOCATION_TABLE_BS
-#undef PE_DEBUG_BS
-#undef PE_ARCHITECTURE_BS
-#undef PE_GLOBAL_PTR_BS
-#undef PE_TLS_TABLE_BS
-#undef PE_LOAD_CONFIG_TABLE_BS
-#undef PE_BOUND_IMPORT_BS
-#undef PE_IAT_BS
-#undef PE_DELAY_IMPORT_DESCRIPTOR_BS
-#undef PE_CLR_RUNTIME_HEADER_BS
-#undef PE_RESERVED__MUST_BE_ZERO_BS
union pe_opt_hdr {
struct pe_opt_hdr_32 opt_hdr_32;
@@ -470,163 +223,69 @@ union pe_opt_hdr {
};
-/* pe_image_data_directory... */
-#define PE_VIRTUAL_ADDRESS_BS 0x04
-#define PE_SIZE_BS 0x04
-
struct pe_image_data_dir {
- unsigned char rva [PE_VIRTUAL_ADDRESS_BS]; /* 0x00 */
- unsigned char size [PE_SIZE_BS]; /* 0x04 */
+ unsigned char rva [0x04]; /* 0x00 */
+ unsigned char size [0x04]; /* 0x04 */
};
-#undef PE_VIRTUAL_ADDRESS_BS
-#undef PE_SIZE_BS
-
-
-/* pe_section_table... */
-#define PE_NAME_BS 0x08
-#define PE_VIRTUAL_SIZE_BS 0x04
-#define PE_VIRTUAL_ADDRESS_BS 0x04
-#define PE_SIZE_OF_RAW_DATA_BS 0x04
-#define PE_POINTER_TO_RAW_DATA_BS 0x04
-#define PE_POINTER_TO_RELOCATIONS_BS 0x04
-#define PE_POINTER_TO_LINENUMBERS_BS 0x04
-#define PE_NUMBER_OF_RELOCATIONS_BS 0x02
-#define PE_NUMBER_OF_LINENUMBERS_BS 0x02
-#define PE_CHARACTERISTICS_BS 0x04
struct pe_sec_hdr {
- unsigned char name [PE_NAME_BS]; /* 0x00 */
- unsigned char virtual_size [PE_VIRTUAL_SIZE_BS]; /* 0x08 */
- unsigned char virtual_addr [PE_VIRTUAL_ADDRESS_BS]; /* 0x0c */
- unsigned char size_of_raw_data [PE_SIZE_OF_RAW_DATA_BS]; /* 0x10 */
- unsigned char ptr_to_raw_data [PE_POINTER_TO_RAW_DATA_BS]; /* 0x14 */
- unsigned char ptr_to_relocs [PE_POINTER_TO_RELOCATIONS_BS]; /* 0x18 */
- unsigned char ptr_to_line_nums [PE_POINTER_TO_LINENUMBERS_BS]; /* 0x1c */
- unsigned char num_of_relocs [PE_NUMBER_OF_RELOCATIONS_BS]; /* 0x20 */
- unsigned char num_of_line_nums [PE_NUMBER_OF_LINENUMBERS_BS]; /* 0x22 */
- unsigned char characteristics [PE_CHARACTERISTICS_BS]; /* 0x24 */
+ unsigned char name [0x08]; /* 0x00 */
+ unsigned char virtual_size [0x04]; /* 0x08 */
+ unsigned char virtual_addr [0x04]; /* 0x0c */
+ unsigned char size_of_raw_data [0x04]; /* 0x10 */
+ unsigned char ptr_to_raw_data [0x04]; /* 0x14 */
+ unsigned char ptr_to_relocs [0x04]; /* 0x18 */
+ unsigned char ptr_to_line_nums [0x04]; /* 0x1c */
+ unsigned char num_of_relocs [0x02]; /* 0x20 */
+ unsigned char num_of_line_nums [0x02]; /* 0x22 */
+ unsigned char characteristics [0x04]; /* 0x24 */
};
-#undef PE_NAME_BS
-#undef PE_VIRTUAL_SIZE_BS
-#undef PE_VIRTUAL_ADDRESS_BS
-#undef PE_SIZE_OF_RAW_DATA_BS
-#undef PE_POINTER_TO_RAW_DATA_BS
-#undef PE_POINTER_TO_RELOCATIONS_BS
-#undef PE_POINTER_TO_LINENUMBERS_BS
-#undef PE_NUMBER_OF_RELOCATIONS_BS
-#undef PE_NUMBER_OF_LINENUMBERS_BS
-#undef PE_CHARACTERISTICS_BS
-
-
-/* pe_export_directory_table... */
-#define PE_EXPORT_FLAGS_BS 0x04
-#define PE_TIME_DATE_STAMP_BS 0x04
-#define PE_MAJOR_VERSION_BS 0x02
-#define PE_MINOR_VERSION_BS 0x02
-#define PE_NAME_RVA_BS 0x04
-#define PE_ORDINAL_BASE_BS 0x04
-#define PE_ADDRESS_TABLE_ENTRIES_BS 0x04
-#define PE_NUMBER_OF_NAME_POINTERS_BS 0x04
-#define PE_EXPORT_ADDRESS_TABLE_RVA_BS 0x04
-#define PE_NAME_POINTER_RVA_BS 0x04
-#define PE_ORDINAL_TABLE_RVA_BS 0x04
struct pe_export_hdr {
- unsigned char export_flags [PE_EXPORT_FLAGS_BS]; /* 0x00 */
- unsigned char time_date_stamp [PE_TIME_DATE_STAMP_BS]; /* 0x04 */
- unsigned char major_ver [PE_MAJOR_VERSION_BS]; /* 0x08 */
- unsigned char minor_ver [PE_MINOR_VERSION_BS]; /* 0x0a */
- unsigned char name_rva [PE_NAME_RVA_BS]; /* 0x0c */
- unsigned char ordinal_base [PE_ORDINAL_BASE_BS]; /* 0x10 */
- unsigned char addr_tbl_entries [PE_ADDRESS_TABLE_ENTRIES_BS]; /* 0x14 */
- unsigned char num_of_name_ptrs [PE_NUMBER_OF_NAME_POINTERS_BS]; /* 0x18 */
- unsigned char export_addr_tbl_rva [PE_EXPORT_ADDRESS_TABLE_RVA_BS]; /* 0x1c */
- unsigned char name_ptr_rva [PE_NAME_POINTER_RVA_BS]; /* 0x20 */
- unsigned char ordinal_tbl_rva [PE_ORDINAL_TABLE_RVA_BS]; /* 0x24 */
+ unsigned char export_flags [0x04]; /* 0x00 */
+ unsigned char time_date_stamp [0x04]; /* 0x04 */
+ unsigned char major_ver [0x02]; /* 0x08 */
+ unsigned char minor_ver [0x02]; /* 0x0a */
+ unsigned char name_rva [0x04]; /* 0x0c */
+ unsigned char ordinal_base [0x04]; /* 0x10 */
+ unsigned char addr_tbl_entries [0x04]; /* 0x14 */
+ unsigned char num_of_name_ptrs [0x04]; /* 0x18 */
+ unsigned char export_addr_tbl_rva [0x04]; /* 0x1c */
+ unsigned char name_ptr_rva [0x04]; /* 0x20 */
+ unsigned char ordinal_tbl_rva [0x04]; /* 0x24 */
};
-#undef PE_EXPORT_FLAGS_BS
-#undef PE_TIME_DATE_STAMP_BS
-#undef PE_MAJOR_VERSION_BS
-#undef PE_MINOR_VERSION_BS
-#undef PE_NAME_RVA_BS
-#undef PE_ORDINAL_BASE_BS
-#undef PE_ADDRESS_TABLE_ENTRIES_BS
-#undef PE_NUMBER_OF_NAME_POINTERS_BS
-#undef PE_EXPORT_ADDRESS_TABLE_RVA_BS
-#undef PE_NAME_POINTER_RVA_BS
-#undef PE_ORDINAL_TABLE_RVA_BS
-
-
-/* pe_export_address_table... */
-#define PE_EXPORT_RVA_BS 0x04
-#define PE_FORWARDER_RVA_BS 0x04
union pe_export_addr_tbl {
- unsigned char export_rva [PE_EXPORT_RVA_BS]; /* 0x00 */
- unsigned char forwarder_rva [PE_FORWARDER_RVA_BS]; /* 0x00 */
+ unsigned char export_rva [0x04]; /* 0x00 */
+ unsigned char forwarder_rva [0x04]; /* 0x00 */
};
-#undef PE_EXPORT_RVA_BS
-#undef PE_FORWARDER_RVA_BS
-
-/* image: pe_import_table_entry_lookup_item... */
-#define PE_IMPORT_LOOKUP_ENTRY_PE64_BS 0x08
-#define PE_IMPORT_LOOKUP_ENTRY_PE32_BS 0x04
-#define PE_HINT_NAME_TABLE_RVA_BS 0x04
-#define PE_ORDINAL_NUMBER_BS 0x02
-
-struct pe_import_lookup_item {
- union {
- unsigned char import_lookup_entry_64 [PE_IMPORT_LOOKUP_ENTRY_PE64_BS]; /* 0x00 */
- unsigned char import_lookup_entry_32 [PE_IMPORT_LOOKUP_ENTRY_PE32_BS]; /* 0x00 */
- unsigned char hint_name_tbl_rva [PE_HINT_NAME_TABLE_RVA_BS]; /* 0x00 */
- unsigned char ordinal_number [PE_ORDINAL_NUMBER_BS]; /* 0x00 */
- } u;
+union pe_import_lookup_item {
+ unsigned char import_lookup_entry_64 [0x08]; /* 0x00 */
+ unsigned char import_lookup_entry_32 [0x04]; /* 0x00 */
+ unsigned char hint_name_tbl_rva [0x04]; /* 0x00 */
+ unsigned char ordinal_number [0x02]; /* 0x00 */
};
-#undef PE_IMPORT_LOOKUP_ENTRY_PE64_BS
-#undef PE_IMPORT_LOOKUP_ENTRY_PE32_BS
-#undef PE_HINT_NAME_TABLE_RVA_BS
-#undef PE_ORDINAL_NUMBER_BS
-
-
-/* image: pe_import_directory_table_entry... */
-#define PE_IMPORT_LOOKUP_TABLE_RVA_BS 0x04
-#define PE_TIME_DATE_STAMP_BS 0x04
-#define PE_FORWARDER_CHAIN_BS 0x04
-#define PE_NAME_RVA_BS 0x04
-#define PE_IMPORT_ADDRESS_TABLE_RVA_BS 0x04
struct pe_import_hdr {
- unsigned char import_lookup_tbl_rva [PE_IMPORT_LOOKUP_TABLE_RVA_BS]; /* 0x00 */
- unsigned char time_date_stamp [PE_TIME_DATE_STAMP_BS]; /* 0x04 */
- unsigned char forwarder_chain [PE_FORWARDER_CHAIN_BS]; /* 0x08 */
- unsigned char name_rva [PE_NAME_RVA_BS]; /* 0x0c */
- unsigned char import_addr_tbl_rva [PE_IMPORT_ADDRESS_TABLE_RVA_BS]; /* 0x10 */
+ unsigned char import_lookup_tbl_rva [0x04]; /* 0x00 */
+ unsigned char time_date_stamp [0x04]; /* 0x04 */
+ unsigned char forwarder_chain [0x04]; /* 0x08 */
+ unsigned char name_rva [0x04]; /* 0x0c */
+ unsigned char import_addr_tbl_rva [0x04]; /* 0x10 */
};
-#undef PE_IMPORT_LOOKUP_TABLE_RVA_BS
-#undef PE_TIME_DATE_STAMP_BS
-#undef PE_FORWARDER_CHAIN_BS
-#undef PE_NAME_RVA_BS
-#undef PE_IMPORT_ADDRESS_TABLE_RVA_BS
-
-
-/* pe_hint_name_table_padded... */
-#define PE_HINT_BS 0x02
-#define PE_NAME_BS 0x02
struct pe_hint_name_entry {
- unsigned char hint [PE_HINT_BS]; /* 0x00 */
- unsigned char name [PE_NAME_BS]; /* 0x02 */
+ unsigned char hint [0x02]; /* 0x00 */
+ unsigned char name [0x02]; /* 0x02 */
};
-#undef PE_HINT_BS
-#undef PE_NAME_BS
#ifdef __cplusplus
}
diff --git a/src/logic/pe_get_image_meta.c b/src/logic/pe_get_image_meta.c
index 9dd0481..6d90b37 100644
--- a/src/logic/pe_get_image_meta.c
+++ b/src/logic/pe_get_image_meta.c
@@ -105,7 +105,7 @@ int pe_get_image_meta(const struct pe_raw_image * image, struct pe_image_meta **
/* .idata */
struct pe_import_hdr * pidata;
- struct pe_import_lookup_item * pitem;
+ union pe_import_lookup_item * pitem;
i = pe_get_named_section_index(m,".idata");
s = pe_get_block_section_index(m,&m->opt.dirs.import_tbl);
@@ -137,13 +137,13 @@ int pe_get_image_meta(const struct pe_raw_image * image, struct pe_image_meta **
+ m->idata[i].name_rva - m->hidata->virtual_addr;
if (m->idata[i].import_lookup_tbl_rva)
- m->idata[i].aitems = (struct pe_import_lookup_item *)(base + m->hidata->ptr_to_raw_data
+ m->idata[i].aitems = (union pe_import_lookup_item *)(base + m->hidata->ptr_to_raw_data
+ m->idata[i].import_lookup_tbl_rva - m->hidata->virtual_addr);
/* items */
m->idata[i].count = 0;
if (m->idata[i].import_lookup_tbl_rva) {
- for (pitem=m->idata[i].aitems; *(uint32_t *)pitem->u.hint_name_tbl_rva; pitem++)
+ for (pitem=m->idata[i].aitems; *(uint32_t *)pitem->hint_name_tbl_rva; pitem++)
m->idata[i].count++;
if (!(m->idata[i].items = calloc(m->idata[i].count,sizeof(*(m->idata[i].items)))))
diff --git a/src/reader/pe_read_import_header.c b/src/reader/pe_read_import_header.c
index 50434e4..885adf6 100644
--- a/src/reader/pe_read_import_header.c
+++ b/src/reader/pe_read_import_header.c
@@ -27,17 +27,17 @@ int pe_read_import_header(const struct pe_import_hdr * p, struct pe_meta_import_
}
int pe_read_import_lookup_item(
- const struct pe_import_lookup_item * p,
+ const union pe_import_lookup_item * p,
struct pe_meta_import_lookup_item * m,
uint32_t magic)
{
switch (magic) {
case PE_MAGIC_PE32:
- m->u.import_lookup_entry_64 = pe_read_long(p->u.import_lookup_entry_32);
+ m->u.import_lookup_entry_64 = pe_read_long(p->import_lookup_entry_32);
return 0;
case PE_MAGIC_PE32_PLUS:
- m->u.import_lookup_entry_64 = pe_read_quad(p->u.import_lookup_entry_64);
+ m->u.import_lookup_entry_64 = pe_read_quad(p->import_lookup_entry_64);
return 0;
default: