-
Notifications
You must be signed in to change notification settings - Fork 10
/
PEHeader.h
320 lines (295 loc) · 8.23 KB
/
PEHeader.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
/* Software License Agreement
*
* Copyright(C) 1994-2023 David Lindauer, (LADSoft)
*
* This file is part of the Orange C Compiler package.
*
* The Orange C Compiler package is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* The Orange C Compiler package is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Orange C. If not, see <http://www.gnu.org/licenses/>.
*
* contact information:
* email: [email protected] <David Lindauer>
*
*/
#ifndef PEHeader_H
#define PEHeader_H
#define PESIG 0x4550 // PE
#define PE_BASE_HEADER_SIZE 0x18
#define PE_OPTIONAL_HEADER_SIZE 0xe0
#define PE_OBJECTENTRY_SIZE 0x28
#define PE_HEADBUF_SIZE (PE_BASE_HEADER_SIZE+PE_OPTIONAL_HEADER_SIZE)
#define PE_IMPORTDIRENTRY_SIZE 0x14
#define PE_NUM_VAS 0x10
#define PE_EXPORTHEADER_SIZE 0x28
#define PE_RESENTRY_SIZE 0x08
#define PE_RESDIR_SIZE 0x10
#define PE_RESDATAENTRY_SIZE 0x10
#define PE_SYMBOL_SIZE 0x12
#define PE_RELOC_SIZE 0x0a
#define PE_ORDINAL_FLAG 0x80000000
#define PE_INTEL386 0x014c
#define PE_MAGICNUM 0x010b
#define PE_FILE_EXECUTABLE 0x0002
#define PE_FILE_32BIT 0x0100
#define PE_FILE_LIBRARY 0x2000
#define PE_FILE_REVERSE_BITS_HIGH 0x8000
#define PE_FILE_REVERSE_BITS_LOW 0x80
#define PE_FILE_LOCAL_SYMBOLS_STRIPPED 8
#define PE_FILE_LINE_NUMBERS_STRIPPED 4
#define PEPLUS_MAGICNUM 0x020b
#define PE_REL_LOW16 0x2000
#define PE_REL_OFS32 0x3000
#define PE_SUBSYS_NATIVE 1
#define PE_SUBSYS_WINDOWS 2
#define PE_SUBSYS_CONSOLE 3
#define PE_SUBSYS_POSIX 7
#define WINF_UNDEFINED 0x00000000
#define WINF_CODE 0x00000020
#define WINF_INITDATA 0x00000040
#define WINF_UNINITDATA 0x00000080
#define WINF_DISCARDABLE 0x02000000
#define WINF_NOPAGE 0x08000000
#define WINF_SHARED 0x10000000
#define WINF_EXECUTE 0x20000000
#define WINF_READABLE 0x40000000
#define WINF_WRITEABLE 0x80000000
#define WINF_ALIGN_NOPAD 0x00000008
#define WINF_ALIGN_BYTE 0x00100000
#define WINF_ALIGN_WORD 0x00200000
#define WINF_ALIGN_DWORD 0x00300000
#define WINF_ALIGN_8 0x00400000
#define WINF_ALIGN_PARA 0x00500000
#define WINF_ALIGN_32 0x00600000
#define WINF_ALIGN_64 0x00700000
#define WINF_ALIGN (WINF_ALIGN_64)
#define WINF_COMMENT 0x00000200
#define WINF_REMOVE 0x00000800
#define WINF_COMDAT 0x00001000
#define WINF_NEG_FLAGS (WINF_DISCARDABLE | WINF_NOPAGE)
#define WINF_IMAGE_FLAGS 0xfa0008e0
#define WIN32_DEFAULT_BASE 0x00400000
#define WIN32_DEFAULT_FILEALIGN 0x00000200
#define WIN32_DEFAULT_OBJECTALIGN 0x00001000
#define WIN32_DEFAULT_STACKSIZE 0x00100000
#define WIN32_DEFAULT_STACKCOMMITSIZE 0x00001000
#define WIN32_DEFAULT_HEAPSIZE 0x00100000
#define WIN32_DEFAULT_HEAPCOMMITSIZE 0x00001000
#define WIN32_DEFAULT_SUBSYS PE_SUBSYS_WINDOWS
#define WIN32_DEFAULT_SUBSYSMAJOR 4
#define WIN32_DEFAULT_SUBSYSMINOR 0
#define WIN32_DEFAULT_OSMAJOR 1
#define WIN32_DEFAULT_OSMINOR 0
#define PE_FIXUP_ABSOLUTE 0
#define PE_FIXUP_HIGH 1
#define PE_FIXUP_LOW 2
#define PE_FIXUP_HIGHLOW 3
#define PE_FIXUP HIGHADJUST 4
#define PE_NT_HEADER_SIZE 0xe0
#define PEPLUS_NT_HEADER_SIZE 0xf0
namespace DotNetPELib {
struct PEHeader
{
int signature;
short cpu_type;
short num_objects;
int time;
int symbol_ptr;
int num_symbols;
short nt_hdr_size;
short flags;
short magic;
unsigned char linker_major_version;
unsigned char linker_minor_version;
int code_size;
int data_size;
int bss_size;
int entry_point;
int code_base;
int data_base;
int image_base;
int object_align;
int file_align;
short os_major_version;
short os_minor_version;
short user_major_version;
short user_minor_version;
short subsys_major_version;
short subsys_minor_version;
int uu_1;
int image_size;
int header_size;
int chekcsum;
short subsystem;
short dll_flags;
int stack_size;
int stack_commit;
int heap_size;
int heap_commit;
int loader_flags;
int num_rvas;
int export_rva;
int export_size;
int import_rva;
int import_size;
int resource_rva;
int resource_size;
int exception_rva;
int exception_size;
int security_rva;
int security_size;
int fixup_rva;
int fixup_size;
int debug_rva;
int debug_size;
int desc_rva;
int desc_size;
int mspec_rva;
int mspec_size;
int tls_rva;
int tls_size;
int loadconfig_rva;
int loadconfig_size;
int boundimp_rva;
int boundimp_size;
int iat_rva;
int iat_size;
int delay_imports_rva, delay_imports_size;
int com_rva, com_size;
int res3_rva, res3_size;
};
#ifndef PEHEADER_ONLY
struct PEObject
{
char name[8];
int virtual_size;
int virtual_addr;
int raw_size;
int raw_ptr;
int reserved[3];
int flags;
};
struct PEResourceHeader
{
int datasize;
int hdrsize;
};
struct PEResourceDirTable
{
int resource_flags;
int time;
int version;
short name_entry;
short ident_entry;
};
struct PEResourceDirEntry
{
int rva_or_id;
int subdir_or_data : 31;
int escape : 1;
};
struct PEResourceDataEntry
{
int rva;
int size;
int codepage;
int reserved;
};
struct PEExportHeader
{
int flags;
int time;
int version;
int exe_name_rva;
int ord_base;
int n_eat_entries;
int n_name_ptrs;
int address_rva;
int name_rva;
int ordinal_rva;
};
struct PEFixupHold
{
int offset;
unsigned char type;
};
struct PEFixupBlock
{
int rva;
int size;
short data[2048];
};
struct PEImportDir
{
int thunkPos2; // address thunk
int time;
int version;
int dllName;
int thunkPos; // name thunk
};
struct PEImportLookup
{
int ord_or_rva : 31;
int import_by_ordinal : 1;
};
struct DotNetCOR20Header
{
unsigned cb;
unsigned short MajorRuntimeVersion;
unsigned short MinorRuntimeVersion;
unsigned MetaData[2];
unsigned Flags;
unsigned EntryPointToken;
unsigned Resources[2];
unsigned StrongNameSignature[2];
unsigned CodeManagerTable[2];
unsigned VTableFixup[2];
unsigned ExportAddressTableJumps[2];
unsigned ManagedNativeHeader[2];
};
struct DotNetMetaHeader
{
#define META_SIG 0x424A5342
unsigned Signature;
unsigned short Major;
unsigned short Minor;
unsigned Reserved;
};
struct DotNetMetaTablesHeader
{
unsigned Reserved1;
unsigned char MajorVersion;
unsigned char MinorVersion;
unsigned char HeapOffsetSizes;
unsigned char Reserved2;
longlong MaskValid;
longlong MaskSorted;
};
struct FixedVersionInfo
{
unsigned Signature;
unsigned StrucVersion;
unsigned FileVersionMS;
unsigned FileVersionLS;
unsigned ProductVersionMS;
unsigned ProductVersionLS;
unsigned FileFlagsMask;
unsigned FileFlags;
unsigned FileOS;
unsigned FileType;
unsigned FileSubtype;
unsigned FileDateMS;
unsigned FileDateLS;
};
#endif
} // namespace
#endif