blob: 11c6d5a6e055e8cdbedf6d255c9795908ae7147f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
|
#ifndef PERK_STRUCTS_H
#define PERK_STRUCTS_H
#ifdef __cplusplus
extern "C" {
#endif
/* pe_image_dos_header... */
#define PE_DOS_MAGIC_BS 0x02
#define PE_DOS_CBLP_BS 0x02
#define PE_DOS_CP_BS 0x02
#define PE_DOS_CRLC_BS 0x02
#define PE_DOS_CPARHDR_BS 0x02
#define PE_DOS_MINALLOC_BS 0x02
#define PE_DOS_MAXALLOC_BS 0x02
#define PE_DOS_SS_BS 0x02
#define PE_DOS_SP_BS 0x02
#define PE_DOS_CSUM_BS 0x02
#define PE_DOS_IP_BS 0x02
#define PE_DOS_CS_BS 0x02
#define PE_DOS_LFARLC_BS 0x02
#define PE_DOS_OVNO_BS 0x02
#define PE_DOS_RES_BS 0x08
#define PE_DOS_OEMID_BS 0x02
#define PE_DOS_OEMINFO_BS 0x02
#define PE_DOS_RES2_BS 0x14
#define PE_DOS_LFANEW_BS 0x04
struct pe_image_dos_hdr {
unsigned char dos_magic [PE_DOS_MAGIC_BS]; /* 0x00 */
unsigned char dos_cblp [PE_DOS_CBLP_BS]; /* 0x02 */
unsigned char dos_cp [PE_DOS_CP_BS]; /* 0x04 */
unsigned char dos_crlc [PE_DOS_CRLC_BS]; /* 0x06 */
unsigned char dos_cparhdr [PE_DOS_CPARHDR_BS]; /* 0x08 */
unsigned char dos_minalloc [PE_DOS_MINALLOC_BS]; /* 0x0a */
unsigned char dos_maxalloc [PE_DOS_MAXALLOC_BS]; /* 0x0c */
unsigned char dos_ss [PE_DOS_SS_BS]; /* 0x0e */
unsigned char dos_sp [PE_DOS_SP_BS]; /* 0x10 */
unsigned char dos_csum [PE_DOS_CSUM_BS]; /* 0x12 */
unsigned char dos_ip [PE_DOS_IP_BS]; /* 0x14 */
unsigned char dos_cs [PE_DOS_CS_BS]; /* 0x16 */
unsigned char dos_lfarlc [PE_DOS_LFARLC_BS]; /* 0x18 */
unsigned char dos_ovno [PE_DOS_OVNO_BS]; /* 0x1a */
unsigned char dos_res [PE_DOS_RES_BS]; /* 0x1c */
unsigned char dos_oemid [PE_DOS_OEMID_BS]; /* 0x24 */
unsigned char dos_oeminfo [PE_DOS_OEMINFO_BS]; /* 0x26 */
unsigned char dos_res2 [PE_DOS_RES2_BS]; /* 0x28 */
unsigned char dos_lfanew [PE_DOS_LFANEW_BS]; /* 0x3c */
};
#undef PE_DOS_MAGIC_BS
#undef PE_DOS_CBLP_BS
#undef PE_DOS_CP_BS
#undef PE_DOS_CRLC_BS
#undef PE_DOS_CPARHDR_BS
#undef PE_DOS_MINALLOC_BS
#undef PE_DOS_MAXALLOC_BS
#undef PE_DOS_SS_BS
#undef PE_DOS_SP_BS
#undef PE_DOS_CSUM_BS
#undef PE_DOS_IP_BS
#undef PE_DOS_CS_BS
#undef PE_DOS_LFARLC_BS
#undef PE_DOS_OVNO_BS
#undef PE_DOS_RES_BS
#undef PE_DOS_OEMID_BS
#undef PE_DOS_OEMINFO_BS
#undef PE_DOS_RES2_BS
#undef PE_DOS_LFANEW_BS
/* pe_coff_file_header... */
#define PE_SIGNATURE_BS 0x04
#define PE_MACHINE_BS 0x02
#define PE_NUMBER_OF_SECTIONS_BS 0x02
#define PE_TIME_DATE_STAMP_BS 0x04
#define PE_POINTER_TO_SYMBOL_TABLE_BS 0x04
#define PE_NUMBER_OF_SYMBOLS_BS 0x04
#define PE_SIZE_OF_OPTIONAL_HEADER_BS 0x02
#define PE_CHARACTERISTICS_BS 0x02
struct pe_coff_file_hdr {
unsigned char signature [PE_SIGNATURE_BS]; /* 0x00 */
unsigned char machine [PE_MACHINE_BS]; /* 0x04 */
unsigned char num_of_sections [PE_NUMBER_OF_SECTIONS_BS]; /* 0x06 */
unsigned char time_date_stamp [PE_TIME_DATE_STAMP_BS]; /* 0x08 */
unsigned char ptr_to_sym_tbl [PE_POINTER_TO_SYMBOL_TABLE_BS]; /* 0x0c */
unsigned char num_of_syms [PE_NUMBER_OF_SYMBOLS_BS]; /* 0x10 */
unsigned char size_of_opt_hdr [PE_SIZE_OF_OPTIONAL_HEADER_BS]; /* 0x14 */
unsigned char characteristics [PE_CHARACTERISTICS_BS]; /* 0x16 */
};
#undef PE_SIGNATURE_BS
#undef PE_MACHINE_BS
#undef PE_NUMBER_OF_SECTIONS_BS
#undef PE_TIME_DATE_STAMP_BS
#undef PE_POINTER_TO_SYMBOL_TABLE_BS
#undef PE_NUMBER_OF_SYMBOLS_BS
#undef PE_SIZE_OF_OPTIONAL_HEADER_BS
#undef PE_CHARACTERISTICS_BS
/* pe32_optional_header... */
#define PE_MAGIC_BS 0x02
#define PE_MAJOR_LINKER_VERSION_BS 0x01
#define PE_MINOR_LINKER_VERSION_BS 0x01
#define PE_SIZE_OF_CODE_BS 0x04
#define PE_SIZE_OF_INITIALIZED_DATA_BS 0x04
#define PE_SIZE_OF_UNINITIALIZED_DATA_BS 0x04
#define PE_ADDRESS_OF_ENTRY_POINT_BS 0x04
#define PE_BASE_OF_CODE_BS 0x04
#define PE_BASE_OF_DATA_BS 0x04
#define PE_IMAGE_BASE_BS 0x04
#define PE_SECTION_ALIGNMENT_BS 0x04
#define PE_FILE_ALIGNMENT_BS 0x04
#define PE_MAJOR_OPERATING_SYSTEM_VERSION_BS 0x02
#define PE_MINOR_OPERATING_SYSTEM_VERSION_BS 0x02
#define PE_MAJOR_IMAGE_VERSION_BS 0x02
#define PE_MINOR_IMAGE_VERSION_BS 0x02
#define PE_MAJOR_SUBSYSTEM_VERSION_BS 0x02
#define PE_MINOR_SUBSYSTEM_VERSION_BS 0x02
#define PE_WIN32_VERSION_VALUE_BS 0x04
#define PE_SIZE_OF_IMAGE_BS 0x04
#define PE_SIZE_OF_HEADERS_BS 0x04
#define PE_CHECK_SUM_BS 0x04
#define PE_SUBSYSTEM_BS 0x02
#define PE_DLL_CHARACTERISTICS_BS 0x02
#define PE_SIZE_OF_STACK_RESERVE_BS 0x04
#define PE_SIZE_OF_STACK_COMMIT_BS 0x04
#define PE_SIZE_OF_HEAP_RESERVE_BS 0x04
#define PE_SIZE_OF_HEAP_COMMIT_BS 0x04
#define PE_LOADER_FLAGS_BS 0x04
#define PE_NUMBER_OF_RVA_AND_SIZES_BS 0x04
#define PE_EXPORT_TABLE_BS 0x08
#define PE_IMPORT_TABLE_BS 0x08
#define PE_RESOURCE_TABLE_BS 0x08
#define PE_EXCEPTION_TABLE_BS 0x08
#define PE_CERTIFICATE_TABLE_BS 0x08
#define PE_BASE_RELOCATION_TABLE_BS 0x08
#define PE_DEBUG_BS 0x08
#define PE_ARCHITECTURE_BS 0x08
#define PE_GLOBAL_PTR_BS 0x08
#define PE_TLS_TABLE_BS 0x08
#define PE_LOAD_CONFIG_TABLE_BS 0x08
#define PE_BOUND_IMPORT_BS 0x08
#define PE_IAT_BS 0x08
#define PE_DELAY_IMPORT_DESCRIPTOR_BS 0x08
#define PE_CLR_RUNTIME_HEADER_BS 0x08
#define PE_RESERVED__MUST_BE_ZERO_BS 0x08
struct pe_opt_hdr_std {
unsigned char magic [PE_MAGIC_BS]; /* 0x00 */
unsigned char major_linker_ver [PE_MAJOR_LINKER_VERSION_BS]; /* 0x02 */
unsigned char minor_linker_ver [PE_MINOR_LINKER_VERSION_BS]; /* 0x03 */
unsigned char size_of_code [PE_SIZE_OF_CODE_BS]; /* 0x04 */
unsigned char size_of_initialized_data [PE_SIZE_OF_INITIALIZED_DATA_BS]; /* 0x08 */
unsigned char size_of_uninitialized_data [PE_SIZE_OF_UNINITIALIZED_DATA_BS]; /* 0x0c */
unsigned char entry_point [PE_ADDRESS_OF_ENTRY_POINT_BS]; /* 0x10 */
unsigned char base_of_code [PE_BASE_OF_CODE_BS]; /* 0x14 */
};
struct pe_opt_hdr_align {
unsigned char section_align [PE_SECTION_ALIGNMENT_BS]; /* 0x20 */
unsigned char file_align [PE_FILE_ALIGNMENT_BS]; /* 0x24 */
};
struct pe_opt_hdr_vers {
unsigned char major_os_ver [PE_MAJOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x28 */
unsigned char minor_os_ver [PE_MINOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x2a */
unsigned char major_image_ver [PE_MAJOR_IMAGE_VERSION_BS]; /* 0x2c */
unsigned char minor_image_ver [PE_MINOR_IMAGE_VERSION_BS]; /* 0x2e */
unsigned char major_subsys_ver [PE_MAJOR_SUBSYSTEM_VERSION_BS]; /* 0x30 */
unsigned char minor_subsys_ver [PE_MINOR_SUBSYSTEM_VERSION_BS]; /* 0x32 */
unsigned char win32_ver [PE_WIN32_VERSION_VALUE_BS]; /* 0x34 */
};
struct pe_opt_hdr_img {
unsigned char size_of_image [PE_SIZE_OF_IMAGE_BS]; /* 0x38 */
unsigned char size_of_headers [PE_SIZE_OF_HEADERS_BS]; /* 0x3c */
unsigned char checksum [PE_CHECK_SUM_BS]; /* 0x40 */
unsigned char subsystem [PE_SUBSYSTEM_BS]; /* 0x44 */
unsigned char dll_characteristics [PE_DLL_CHARACTERISTICS_BS]; /* 0x46 */
};
struct pe_opt_hdr_ldr {
unsigned char loader_flags [PE_LOADER_FLAGS_BS];
unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS];
};
struct pe_opt_hdr_dirs {
unsigned char export_tbl [PE_EXPORT_TABLE_BS];
unsigned char import_tbl [PE_IMPORT_TABLE_BS];
unsigned char resource_tbl [PE_RESOURCE_TABLE_BS];
unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS];
unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS];
unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS];
unsigned char debug [PE_DEBUG_BS];
unsigned char arch [PE_ARCHITECTURE_BS];
unsigned char global_ptr [PE_GLOBAL_PTR_BS];
unsigned char tls_tbl [PE_TLS_TABLE_BS];
unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS];
unsigned char bound_import [PE_BOUND_IMPORT_BS];
unsigned char iat [PE_IAT_BS];
unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS];
unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS];
unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS];
};
struct pe_data_dirs {
unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS];
unsigned char export_tbl [PE_EXPORT_TABLE_BS];
unsigned char import_tbl [PE_IMPORT_TABLE_BS];
unsigned char resource_tbl [PE_RESOURCE_TABLE_BS];
unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS];
unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS];
unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS];
unsigned char debug [PE_DEBUG_BS];
unsigned char arch [PE_ARCHITECTURE_BS];
unsigned char global_ptr [PE_GLOBAL_PTR_BS];
unsigned char tls_tbl [PE_TLS_TABLE_BS];
unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS];
unsigned char bound_import [PE_BOUND_IMPORT_BS];
unsigned char iat [PE_IAT_BS];
unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS];
unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS];
unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS];
};
struct pe_opt_hdr_32 {
unsigned char magic [PE_MAGIC_BS]; /* 0x00 */
unsigned char major_linker_ver [PE_MAJOR_LINKER_VERSION_BS]; /* 0x02 */
unsigned char minor_linker_ver [PE_MINOR_LINKER_VERSION_BS]; /* 0x03 */
unsigned char size_of_code [PE_SIZE_OF_CODE_BS]; /* 0x04 */
unsigned char size_of_initialized_data [PE_SIZE_OF_INITIALIZED_DATA_BS]; /* 0x08 */
unsigned char size_of_uninitialized_data [PE_SIZE_OF_UNINITIALIZED_DATA_BS]; /* 0x0c */
unsigned char entry_point [PE_ADDRESS_OF_ENTRY_POINT_BS]; /* 0x10 */
unsigned char base_of_code [PE_BASE_OF_CODE_BS]; /* 0x14 */
unsigned char base_of_data [PE_BASE_OF_DATA_BS]; /* 0x18 */
unsigned char image_base [PE_IMAGE_BASE_BS]; /* 0x1c */
unsigned char section_align [PE_SECTION_ALIGNMENT_BS]; /* 0x20 */
unsigned char file_align [PE_FILE_ALIGNMENT_BS]; /* 0x24 */
unsigned char major_os_ver [PE_MAJOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x28 */
unsigned char minor_or_ver [PE_MINOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x2a */
unsigned char major_image_ver [PE_MAJOR_IMAGE_VERSION_BS]; /* 0x2c */
unsigned char minor_image_ver [PE_MINOR_IMAGE_VERSION_BS]; /* 0x2e */
unsigned char major_subsys_ver [PE_MAJOR_SUBSYSTEM_VERSION_BS]; /* 0x30 */
unsigned char minor_subsys_ver [PE_MINOR_SUBSYSTEM_VERSION_BS]; /* 0x32 */
unsigned char win32_ver [PE_WIN32_VERSION_VALUE_BS]; /* 0x34 */
unsigned char size_of_image [PE_SIZE_OF_IMAGE_BS]; /* 0x38 */
unsigned char size_of_headers [PE_SIZE_OF_HEADERS_BS]; /* 0x3c */
unsigned char checksum [PE_CHECK_SUM_BS]; /* 0x40 */
unsigned char subsystem [PE_SUBSYSTEM_BS]; /* 0x44 */
unsigned char dll_characteristics [PE_DLL_CHARACTERISTICS_BS]; /* 0x46 */
unsigned char size_of_stack_reserve [PE_SIZE_OF_STACK_RESERVE_BS]; /* 0x48 */
unsigned char size_of_stack_commit [PE_SIZE_OF_STACK_COMMIT_BS]; /* 0x4c */
unsigned char size_of_heap_reserve [PE_SIZE_OF_HEAP_RESERVE_BS]; /* 0x50 */
unsigned char size_of_heap_commit [PE_SIZE_OF_HEAP_COMMIT_BS]; /* 0x54 */
unsigned char loader_flags [PE_LOADER_FLAGS_BS]; /* 0x58 */
unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS]; /* 0x5c */
unsigned char export_tbl [PE_EXPORT_TABLE_BS]; /* 0x60 */
unsigned char import_tbl [PE_IMPORT_TABLE_BS]; /* 0x68 */
unsigned char resource_tbl [PE_RESOURCE_TABLE_BS]; /* 0x70 */
unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS]; /* 0x78 */
unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS]; /* 0x80 */
unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS]; /* 0x88 */
unsigned char debug [PE_DEBUG_BS]; /* 0x90 */
unsigned char arch [PE_ARCHITECTURE_BS]; /* 0x98 */
unsigned char global_ptr [PE_GLOBAL_PTR_BS]; /* 0xa0 */
unsigned char tls_tbl [PE_TLS_TABLE_BS]; /* 0xa8 */
unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS]; /* 0xb0 */
unsigned char bound_import [PE_BOUND_IMPORT_BS]; /* 0xb8 */
unsigned char iat [PE_IAT_BS]; /* 0xc0 */
unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS]; /* 0xc8 */
unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS]; /* 0xd0 */
unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS]; /* 0xd8 */
};
#undef PE_MAGIC_BS
#undef PE_MAJOR_LINKER_VERSION_BS
#undef PE_MINOR_LINKER_VERSION_BS
#undef PE_SIZE_OF_CODE_BS
#undef PE_SIZE_OF_INITIALIZED_DATA_BS
#undef PE_SIZE_OF_UNINITIALIZED_DATA_BS
#undef PE_ADDRESS_OF_ENTRY_POINT_BS
#undef PE_BASE_OF_CODE_BS
#undef PE_BASE_OF_DATA_BS
#undef PE_IMAGE_BASE_BS
#undef PE_SECTION_ALIGNMENT_BS
#undef PE_FILE_ALIGNMENT_BS
#undef PE_MAJOR_OPERATING_SYSTEM_VERSION_BS
#undef PE_MINOR_OPERATING_SYSTEM_VERSION_BS
#undef PE_MAJOR_IMAGE_VERSION_BS
#undef PE_MINOR_IMAGE_VERSION_BS
#undef PE_MAJOR_SUBSYSTEM_VERSION_BS
#undef PE_MINOR_SUBSYSTEM_VERSION_BS
#undef PE_WIN32_VERSION_VALUE_BS
#undef PE_SIZE_OF_IMAGE_BS
#undef PE_SIZE_OF_HEADERS_BS
#undef PE_CHECK_SUM_BS
#undef PE_SUBSYSTEM_BS
#undef PE_DLL_CHARACTERISTICS_BS
#undef PE_SIZE_OF_STACK_RESERVE_BS
#undef PE_SIZE_OF_STACK_COMMIT_BS
#undef PE_SIZE_OF_HEAP_RESERVE_BS
#undef PE_SIZE_OF_HEAP_COMMIT_BS
#undef PE_LOADER_FLAGS_BS
#undef PE_NUMBER_OF_RVA_AND_SIZES_BS
#undef PE_EXPORT_TABLE_BS
#undef PE_IMPORT_TABLE_BS
#undef PE_RESOURCE_TABLE_BS
#undef PE_EXCEPTION_TABLE_BS
#undef PE_CERTIFICATE_TABLE_BS
#undef PE_BASE_RELOCATION_TABLE_BS
#undef PE_DEBUG_BS
#undef PE_ARCHITECTURE_BS
#undef PE_GLOBAL_PTR_BS
#undef PE_TLS_TABLE_BS
#undef PE_LOAD_CONFIG_TABLE_BS
#undef PE_BOUND_IMPORT_BS
#undef PE_IAT_BS
#undef PE_DELAY_IMPORT_DESCRIPTOR_BS
#undef PE_CLR_RUNTIME_HEADER_BS
#undef PE_RESERVED__MUST_BE_ZERO_BS
/* pe64_optional_header... */
#define PE_MAGIC_BS 0x02
#define PE_MAJOR_LINKER_VERSION_BS 0x01
#define PE_MINOR_LINKER_VERSION_BS 0x01
#define PE_SIZE_OF_CODE_BS 0x04
#define PE_SIZE_OF_INITIALIZED_DATA_BS 0x04
#define PE_SIZE_OF_UNINITIALIZED_DATA_BS 0x04
#define PE_ADDRESS_OF_ENTRY_POINT_BS 0x04
#define PE_BASE_OF_CODE_BS 0x04
#define PE_IMAGE_BASE_BS 0x08
#define PE_SECTION_ALIGNMENT_BS 0x04
#define PE_FILE_ALIGNMENT_BS 0x04
#define PE_MAJOR_OPERATING_SYSTEM_VERSION_BS 0x02
#define PE_MINOR_OPERATING_SYSTEM_VERSION_BS 0x02
#define PE_MAJOR_IMAGE_VERSION_BS 0x02
#define PE_MINOR_IMAGE_VERSION_BS 0x02
#define PE_MAJOR_SUBSYSTEM_VERSION_BS 0x02
#define PE_MINOR_SUBSYSTEM_VERSION_BS 0x02
#define PE_WIN32_VERSION_VALUE_BS 0x04
#define PE_SIZE_OF_IMAGE_BS 0x04
#define PE_SIZE_OF_HEADERS_BS 0x04
#define PE_CHECK_SUM_BS 0x04
#define PE_SUBSYSTEM_BS 0x02
#define PE_DLL_CHARACTERISTICS_BS 0x02
#define PE_SIZE_OF_STACK_RESERVE_BS 0x08
#define PE_SIZE_OF_STACK_COMMIT_BS 0x08
#define PE_SIZE_OF_HEAP_RESERVE_BS 0x08
#define PE_SIZE_OF_HEAP_COMMIT_BS 0x08
#define PE_LOADER_FLAGS_BS 0x04
#define PE_NUMBER_OF_RVA_AND_SIZES_BS 0x04
#define PE_EXPORT_TABLE_BS 0x08
#define PE_IMPORT_TABLE_BS 0x08
#define PE_RESOURCE_TABLE_BS 0x08
#define PE_EXCEPTION_TABLE_BS 0x08
#define PE_CERTIFICATE_TABLE_BS 0x08
#define PE_BASE_RELOCATION_TABLE_BS 0x08
#define PE_DEBUG_BS 0x08
#define PE_ARCHITECTURE_BS 0x08
#define PE_GLOBAL_PTR_BS 0x08
#define PE_TLS_TABLE_BS 0x08
#define PE_LOAD_CONFIG_TABLE_BS 0x08
#define PE_BOUND_IMPORT_BS 0x08
#define PE_IAT_BS 0x08
#define PE_DELAY_IMPORT_DESCRIPTOR_BS 0x08
#define PE_CLR_RUNTIME_HEADER_BS 0x08
#define PE_RESERVED__MUST_BE_ZERO_BS 0x08
struct pe_opt_hdr_64 {
unsigned char magic [PE_MAGIC_BS]; /* 0x00 */
unsigned char major_linker_ver [PE_MAJOR_LINKER_VERSION_BS]; /* 0x02 */
unsigned char minor_linker_ver [PE_MINOR_LINKER_VERSION_BS]; /* 0x03 */
unsigned char size_of_code [PE_SIZE_OF_CODE_BS]; /* 0x04 */
unsigned char size_of_initialized_data [PE_SIZE_OF_INITIALIZED_DATA_BS]; /* 0x08 */
unsigned char size_of_uninitialized_data [PE_SIZE_OF_UNINITIALIZED_DATA_BS]; /* 0x0c */
unsigned char entry_point [PE_ADDRESS_OF_ENTRY_POINT_BS]; /* 0x10 */
unsigned char base_of_code [PE_BASE_OF_CODE_BS]; /* 0x14 */
unsigned char image_base [PE_IMAGE_BASE_BS]; /* 0x18 */
unsigned char section_align [PE_SECTION_ALIGNMENT_BS]; /* 0x20 */
unsigned char file_align [PE_FILE_ALIGNMENT_BS]; /* 0x24 */
unsigned char major_os_ver [PE_MAJOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x28 */
unsigned char minor_or_ver [PE_MINOR_OPERATING_SYSTEM_VERSION_BS]; /* 0x2a */
unsigned char major_image_ver [PE_MAJOR_IMAGE_VERSION_BS]; /* 0x2c */
unsigned char minor_image_ver [PE_MINOR_IMAGE_VERSION_BS]; /* 0x2e */
unsigned char major_subsys_ver [PE_MAJOR_SUBSYSTEM_VERSION_BS]; /* 0x30 */
unsigned char minor_subsys_ver [PE_MINOR_SUBSYSTEM_VERSION_BS]; /* 0x32 */
unsigned char win32_ver [PE_WIN32_VERSION_VALUE_BS]; /* 0x34 */
unsigned char size_of_image [PE_SIZE_OF_IMAGE_BS]; /* 0x38 */
unsigned char size_of_headers [PE_SIZE_OF_HEADERS_BS]; /* 0x3c */
unsigned char checksum [PE_CHECK_SUM_BS]; /* 0x40 */
unsigned char subsystem [PE_SUBSYSTEM_BS]; /* 0x44 */
unsigned char dll_characteristics [PE_DLL_CHARACTERISTICS_BS]; /* 0x46 */
unsigned char size_of_stack_reserve [PE_SIZE_OF_STACK_RESERVE_BS]; /* 0x48 */
unsigned char size_of_stack_commit [PE_SIZE_OF_STACK_COMMIT_BS]; /* 0x50 */
unsigned char size_of_heap_reserve [PE_SIZE_OF_HEAP_RESERVE_BS]; /* 0x58 */
unsigned char size_of_heap_commit [PE_SIZE_OF_HEAP_COMMIT_BS]; /* 0x60 */
unsigned char loader_flags [PE_LOADER_FLAGS_BS]; /* 0x68 */
unsigned char rva_and_sizes [PE_NUMBER_OF_RVA_AND_SIZES_BS]; /* 0x6c */
unsigned char export_tbl [PE_EXPORT_TABLE_BS]; /* 0x70 */
unsigned char import_tbl [PE_IMPORT_TABLE_BS]; /* 0x78 */
unsigned char resource_tbl [PE_RESOURCE_TABLE_BS]; /* 0x80 */
unsigned char exception_tbl [PE_EXCEPTION_TABLE_BS]; /* 0x88 */
unsigned char certificate_tbl [PE_CERTIFICATE_TABLE_BS]; /* 0x90 */
unsigned char base_reloc_tbl [PE_BASE_RELOCATION_TABLE_BS]; /* 0x98 */
unsigned char debug [PE_DEBUG_BS]; /* 0xa0 */
unsigned char arch [PE_ARCHITECTURE_BS]; /* 0xa8 */
unsigned char global_ptr [PE_GLOBAL_PTR_BS]; /* 0xb0 */
unsigned char tls_tbl [PE_TLS_TABLE_BS]; /* 0xb8 */
unsigned char load_config_tbl [PE_LOAD_CONFIG_TABLE_BS]; /* 0xc0 */
unsigned char bound_import [PE_BOUND_IMPORT_BS]; /* 0xc8 */
unsigned char iat [PE_IAT_BS]; /* 0xd0 */
unsigned char delay_import_descriptor [PE_DELAY_IMPORT_DESCRIPTOR_BS]; /* 0xd8 */
unsigned char clr_runtime_hdr [PE_CLR_RUNTIME_HEADER_BS]; /* 0xe0 */
unsigned char reserved [PE_RESERVED__MUST_BE_ZERO_BS]; /* 0xe8 */
};
#undef PE_MAGIC_BS
#undef PE_MAJOR_LINKER_VERSION_BS
#undef PE_MINOR_LINKER_VERSION_BS
#undef PE_SIZE_OF_CODE_BS
#undef PE_SIZE_OF_INITIALIZED_DATA_BS
#undef PE_SIZE_OF_UNINITIALIZED_DATA_BS
#undef PE_ADDRESS_OF_ENTRY_POINT_BS
#undef PE_BASE_OF_CODE_BS
#undef PE_IMAGE_BASE_BS
#undef PE_SECTION_ALIGNMENT_BS
#undef PE_FILE_ALIGNMENT_BS
#undef PE_MAJOR_OPERATING_SYSTEM_VERSION_BS
#undef PE_MINOR_OPERATING_SYSTEM_VERSION_BS
#undef PE_MAJOR_IMAGE_VERSION_BS
#undef PE_MINOR_IMAGE_VERSION_BS
#undef PE_MAJOR_SUBSYSTEM_VERSION_BS
#undef PE_MINOR_SUBSYSTEM_VERSION_BS
#undef PE_WIN32_VERSION_VALUE_BS
#undef PE_SIZE_OF_IMAGE_BS
#undef PE_SIZE_OF_HEADERS_BS
#undef PE_CHECK_SUM_BS
#undef PE_SUBSYSTEM_BS
#undef PE_DLL_CHARACTERISTICS_BS
#undef PE_SIZE_OF_STACK_RESERVE_BS
#undef PE_SIZE_OF_STACK_COMMIT_BS
#undef PE_SIZE_OF_HEAP_RESERVE_BS
#undef PE_SIZE_OF_HEAP_COMMIT_BS
#undef PE_LOADER_FLAGS_BS
#undef PE_NUMBER_OF_RVA_AND_SIZES_BS
#undef PE_EXPORT_TABLE_BS
#undef PE_IMPORT_TABLE_BS
#undef PE_RESOURCE_TABLE_BS
#undef PE_EXCEPTION_TABLE_BS
#undef PE_CERTIFICATE_TABLE_BS
#undef PE_BASE_RELOCATION_TABLE_BS
#undef PE_DEBUG_BS
#undef PE_ARCHITECTURE_BS
#undef PE_GLOBAL_PTR_BS
#undef PE_TLS_TABLE_BS
#undef PE_LOAD_CONFIG_TABLE_BS
#undef PE_BOUND_IMPORT_BS
#undef PE_IAT_BS
#undef PE_DELAY_IMPORT_DESCRIPTOR_BS
#undef PE_CLR_RUNTIME_HEADER_BS
#undef PE_RESERVED__MUST_BE_ZERO_BS
union pe_opt_hdr {
struct pe_opt_hdr_32 opt_hdr_32;
struct pe_opt_hdr_64 opt_hdr_64;
};
/* pe_image_data_directory... */
#define PE_VIRTUAL_ADDRESS_BS 0x04
#define PE_SIZE_BS 0x04
struct pe_image_data_dir {
unsigned char rva [PE_VIRTUAL_ADDRESS_BS]; /* 0x00 */
unsigned char size [PE_SIZE_BS]; /* 0x04 */
};
#undef PE_VIRTUAL_ADDRESS_BS
#undef PE_SIZE_BS
/* pe_section_table... */
#define PE_NAME_BS 0x08
#define PE_VIRTUAL_SIZE_BS 0x04
#define PE_VIRTUAL_ADDRESS_BS 0x04
#define PE_SIZE_OF_RAW_DATA_BS 0x04
#define PE_POINTER_TO_RAW_DATA_BS 0x04
#define PE_POINTER_TO_RELOCATIONS_BS 0x04
#define PE_POINTER_TO_LINENUMBERS_BS 0x04
#define PE_NUMBER_OF_RELOCATIONS_BS 0x02
#define PE_NUMBER_OF_LINENUMBERS_BS 0x02
#define PE_CHARACTERISTICS_BS 0x04
struct pe_sec_hdr {
unsigned char name [PE_NAME_BS]; /* 0x00 */
unsigned char virtual_size [PE_VIRTUAL_SIZE_BS]; /* 0x08 */
unsigned char virtual_addr [PE_VIRTUAL_ADDRESS_BS]; /* 0x0c */
unsigned char size_of_raw_data [PE_SIZE_OF_RAW_DATA_BS]; /* 0x10 */
unsigned char ptr_to_raw_data [PE_POINTER_TO_RAW_DATA_BS]; /* 0x14 */
unsigned char ptr_to_relocs [PE_POINTER_TO_RELOCATIONS_BS]; /* 0x18 */
unsigned char ptr_to_line_nums [PE_POINTER_TO_LINENUMBERS_BS]; /* 0x1c */
unsigned char num_of_relocs [PE_NUMBER_OF_RELOCATIONS_BS]; /* 0x20 */
unsigned char num_of_line_nums [PE_NUMBER_OF_LINENUMBERS_BS]; /* 0x22 */
unsigned char characteristics [PE_CHARACTERISTICS_BS]; /* 0x24 */
};
#undef PE_NAME_BS
#undef PE_VIRTUAL_SIZE_BS
#undef PE_VIRTUAL_ADDRESS_BS
#undef PE_SIZE_OF_RAW_DATA_BS
#undef PE_POINTER_TO_RAW_DATA_BS
#undef PE_POINTER_TO_RELOCATIONS_BS
#undef PE_POINTER_TO_LINENUMBERS_BS
#undef PE_NUMBER_OF_RELOCATIONS_BS
#undef PE_NUMBER_OF_LINENUMBERS_BS
#undef PE_CHARACTERISTICS_BS
/* pe_export_directory_table... */
#define PE_EXPORT_FLAGS_BS 0x04
#define PE_TIME_DATE_STAMP_BS 0x04
#define PE_MAJOR_VERSION_BS 0x02
#define PE_MINOR_VERSION_BS 0x02
#define PE_NAME_RVA_BS 0x04
#define PE_ORDINAL_BASE_BS 0x04
#define PE_ADDRESS_TABLE_ENTRIES_BS 0x04
#define PE_NUMBER_OF_NAME_POINTERS_BS 0x04
#define PE_EXPORT_ADDRESS_TABLE_RVA_BS 0x04
#define PE_NAME_POINTER_RVA_BS 0x04
#define PE_ORDINAL_TABLE_RVA_BS 0x04
struct pe_export_hdr {
unsigned char export_flags [PE_EXPORT_FLAGS_BS]; /* 0x00 */
unsigned char time_date_stamp [PE_TIME_DATE_STAMP_BS]; /* 0x04 */
unsigned char major_ver [PE_MAJOR_VERSION_BS]; /* 0x08 */
unsigned char minor_ver [PE_MINOR_VERSION_BS]; /* 0x0a */
unsigned char name_rva [PE_NAME_RVA_BS]; /* 0x0c */
unsigned char ordinal_base [PE_ORDINAL_BASE_BS]; /* 0x10 */
unsigned char addr_tbl_entries [PE_ADDRESS_TABLE_ENTRIES_BS]; /* 0x14 */
unsigned char num_of_name_ptrs [PE_NUMBER_OF_NAME_POINTERS_BS]; /* 0x18 */
unsigned char export_addr_tbl_rva [PE_EXPORT_ADDRESS_TABLE_RVA_BS]; /* 0x1c */
unsigned char name_ptr_rva [PE_NAME_POINTER_RVA_BS]; /* 0x20 */
unsigned char ordinal_tbl_rva [PE_ORDINAL_TABLE_RVA_BS]; /* 0x24 */
};
#undef PE_EXPORT_FLAGS_BS
#undef PE_TIME_DATE_STAMP_BS
#undef PE_MAJOR_VERSION_BS
#undef PE_MINOR_VERSION_BS
#undef PE_NAME_RVA_BS
#undef PE_ORDINAL_BASE_BS
#undef PE_ADDRESS_TABLE_ENTRIES_BS
#undef PE_NUMBER_OF_NAME_POINTERS_BS
#undef PE_EXPORT_ADDRESS_TABLE_RVA_BS
#undef PE_NAME_POINTER_RVA_BS
#undef PE_ORDINAL_TABLE_RVA_BS
/* pe_export_address_table... */
#define PE_EXPORT_RVA_BS 0x04
#define PE_FORWARDER_RVA_BS 0x04
union pe_export_addr_tbl {
unsigned char export_rva [PE_EXPORT_RVA_BS]; /* 0x00 */
unsigned char forwarder_rva [PE_FORWARDER_RVA_BS]; /* 0x00 */
};
#undef PE_EXPORT_RVA_BS
#undef PE_FORWARDER_RVA_BS
/* image: pe_import_table_entry_lookup_item... */
#define PE_IMPORT_LOOKUP_ENTRY_PE64_BS 0x08
#define PE_IMPORT_LOOKUP_ENTRY_PE32_BS 0x04
#define PE_HINT_NAME_TABLE_RVA_BS 0x04
#define PE_ORDINAL_NUMBER_BS 0x02
struct pe_import_lookup_item {
union {
unsigned char import_lookup_entry_64 [PE_IMPORT_LOOKUP_ENTRY_PE64_BS]; /* 0x00 */
unsigned char import_lookup_entry_32 [PE_IMPORT_LOOKUP_ENTRY_PE32_BS]; /* 0x00 */
unsigned char hint_name_tbl_rva [PE_HINT_NAME_TABLE_RVA_BS]; /* 0x00 */
unsigned char ordinal_number [PE_ORDINAL_NUMBER_BS]; /* 0x00 */
} u;
};
#undef PE_IMPORT_LOOKUP_ENTRY_PE64_BS
#undef PE_IMPORT_LOOKUP_ENTRY_PE32_BS
#undef PE_HINT_NAME_TABLE_RVA_BS
#undef PE_ORDINAL_NUMBER_BS
/* image: pe_import_directory_table_entry... */
#define PE_IMPORT_LOOKUP_TABLE_RVA_BS 0x04
#define PE_TIME_DATE_STAMP_BS 0x04
#define PE_FORWARDER_CHAIN_BS 0x04
#define PE_NAME_RVA_BS 0x04
#define PE_IMPORT_ADDRESS_TABLE_RVA_BS 0x04
struct pe_import_hdr {
unsigned char import_lookup_tbl_rva [PE_IMPORT_LOOKUP_TABLE_RVA_BS]; /* 0x00 */
unsigned char time_date_stamp [PE_TIME_DATE_STAMP_BS]; /* 0x04 */
unsigned char forwarder_chain [PE_FORWARDER_CHAIN_BS]; /* 0x08 */
unsigned char name_rva [PE_NAME_RVA_BS]; /* 0x0c */
unsigned char import_addr_tbl_rva [PE_IMPORT_ADDRESS_TABLE_RVA_BS]; /* 0x10 */
};
#undef PE_IMPORT_LOOKUP_TABLE_RVA_BS
#undef PE_TIME_DATE_STAMP_BS
#undef PE_FORWARDER_CHAIN_BS
#undef PE_NAME_RVA_BS
#undef PE_IMPORT_ADDRESS_TABLE_RVA_BS
/* pe_hint_name_table_padded... */
#define PE_HINT_BS 0x02
#define PE_NAME_BS 0x02
struct pe_hint_name_entry {
unsigned char hint [PE_HINT_BS]; /* 0x00 */
unsigned char name [PE_NAME_BS]; /* 0x02 */
};
#undef PE_HINT_BS
#undef PE_NAME_BS
#ifdef __cplusplus
}
#endif
#endif
|