• R/O
  • SSH
  • HTTPS

peframework: Commit


Commit MetaInfo

Revision2 (tree)
Time2017-04-10 22:47:23
Authorquiret

Log Message

- exported internal PEStructures into a global header for people who require it
- fixed a bug in section empty-check where I forgot to take into account stream size

Change Summary

Incremental Difference

--- include/peloader.serialize.h (revision 0)
+++ include/peloader.serialize.h (revision 2)
@@ -0,0 +1,537 @@
1+// Header that contains all the structures used by PEFramework to serialize
2+// a PE file. Optional include file for the general runtime.
3+
4+#ifndef _PELOADER_SERIALIZE_
5+#define _PELOADER_SERIALIZE_
6+
7+// We get our own copies of Windows things, to keep a well-reasoned versioning.
8+
9+// Meant-to-be-serialized file structures.
10+// Not recommended to deal with directly.
11+namespace PEStructures
12+{
13+
14+// Main PE headers.
15+
16+struct IMAGE_DOS_HEADER // DOS .EXE header
17+{
18+ std::uint16_t e_magic; // Magic number
19+ std::uint16_t e_cblp; // Bytes on last page of file
20+ std::uint16_t e_cp; // Pages in file
21+ std::uint16_t e_crlc; // Relocations
22+ std::uint16_t e_cparhdr; // Size of header in paragraphs
23+ std::uint16_t e_minalloc; // Minimum extra paragraphs needed
24+ std::uint16_t e_maxalloc; // Maximum extra paragraphs needed
25+ std::uint16_t e_ss; // Initial (relative) SS value
26+ std::uint16_t e_sp; // Initial SP value
27+ std::uint16_t e_csum; // Checksum
28+ std::uint16_t e_ip; // Initial IP value
29+ std::uint16_t e_cs; // Initial (relative) CS value
30+ std::uint16_t e_lfarlc; // File address of relocation table
31+ std::uint16_t e_ovno; // Overlay number
32+ std::uint16_t e_res[4]; // Reserved words
33+ std::uint16_t e_oemid; // OEM identifier (for e_oeminfo)
34+ std::uint16_t e_oeminfo; // OEM information; e_oemid specific
35+ std::uint16_t e_res2[10]; // Reserved words
36+ std::int32_t e_lfanew; // File address of new exe header
37+};
38+
39+#define PEL_IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
40+#define PEL_IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved external references).
41+#define PEL_IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
42+#define PEL_IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
43+#define PEL_IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Aggressively trim working set
44+#define PEL_IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses
45+#define PEL_IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
46+#define PEL_IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
47+#define PEL_IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
48+#define PEL_IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
49+#define PEL_IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
50+#define PEL_IMAGE_FILE_SYSTEM 0x1000 // System File.
51+#define PEL_IMAGE_FILE_DLL 0x2000 // File is a DLL.
52+#define PEL_IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
53+#define PEL_IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
54+
55+struct IMAGE_FILE_HEADER
56+{
57+ std::uint16_t Machine;
58+ std::uint16_t NumberOfSections;
59+ std::uint32_t TimeDateStamp;
60+ std::uint32_t PointerToSymbolTable;
61+ std::uint32_t NumberOfSymbols;
62+ std::uint16_t SizeOfOptionalHeader;
63+ std::uint16_t Characteristics;
64+};
65+
66+// DllCharacteristics Entries
67+
68+// PEL_IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved.
69+// PEL_IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved.
70+// PEL_IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved.
71+// PEL_IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved.
72+#define PEL_IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA 0x0020 // Image can handle a high entropy 64-bit virtual address space.
73+#define PEL_IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 // DLL can move.
74+#define PEL_IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY 0x0080 // Code Integrity Image
75+#define PEL_IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 // Image is NX compatible
76+#define PEL_IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 // Image understands isolation and doesn't want it
77+#define PEL_IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 // Image does not use SEH. No SE handler may reside in this image
78+#define PEL_IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 // Do not bind this image.
79+#define PEL_IMAGE_DLLCHARACTERISTICS_APPCONTAINER 0x1000 // Image should execute in an AppContainer
80+#define PEL_IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 // Driver uses WDM model
81+#define PEL_IMAGE_DLLCHARACTERISTICS_GUARD_CF 0x4000 // Image supports Control Flow Guard.
82+#define PEL_IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
83+
84+// Section characteristics.
85+//
86+// PEL_IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
87+// PEL_IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
88+// PEL_IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
89+// PEL_IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
90+#define PEL_IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
91+// PEL_IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
92+
93+#define PEL_IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
94+#define PEL_IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
95+#define PEL_IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
96+
97+#define PEL_IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
98+#define PEL_IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
99+// PEL_IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
100+#define PEL_IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
101+#define PEL_IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
102+// 0x00002000 // Reserved.
103+// PEL_IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
104+#define PEL_IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 // Reset speculative exceptions handling bits in the TLB entries for this section.
105+#define PEL_IMAGE_SCN_GPREL 0x00008000 // Section content can be accessed relative to GP
106+#define PEL_IMAGE_SCN_MEM_FARDATA 0x00008000
107+// PEL_IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
108+#define PEL_IMAGE_SCN_MEM_PURGEABLE 0x00020000
109+#define PEL_IMAGE_SCN_MEM_16BIT 0x00020000
110+#define PEL_IMAGE_SCN_MEM_LOCKED 0x00040000
111+#define PEL_IMAGE_SCN_MEM_PRELOAD 0x00080000
112+
113+#define PEL_IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
114+#define PEL_IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
115+#define PEL_IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
116+#define PEL_IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
117+#define PEL_IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
118+#define PEL_IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
119+#define PEL_IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
120+#define PEL_IMAGE_SCN_ALIGN_128BYTES 0x00800000 //
121+#define PEL_IMAGE_SCN_ALIGN_256BYTES 0x00900000 //
122+#define PEL_IMAGE_SCN_ALIGN_512BYTES 0x00A00000 //
123+#define PEL_IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 //
124+#define PEL_IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 //
125+#define PEL_IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 //
126+#define PEL_IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 //
127+// Unused 0x00F00000
128+#define PEL_IMAGE_SCN_ALIGN_MASK 0x00F00000
129+
130+#define PEL_IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
131+#define PEL_IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
132+#define PEL_IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
133+#define PEL_IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
134+#define PEL_IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
135+#define PEL_IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
136+#define PEL_IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
137+#define PEL_IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
138+
139+struct IMAGE_PE_HEADER
140+{
141+ std::uint32_t Signature;
142+ IMAGE_FILE_HEADER FileHeader;
143+ // Rest is machine dependent.
144+};
145+
146+struct IMAGE_DATA_DIRECTORY
147+{
148+ std::uint32_t VirtualAddress;
149+ std::uint32_t Size;
150+};
151+
152+#define PEL_IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
153+
154+#pragma pack(1)
155+struct IMAGE_OPTIONAL_HEADER32
156+{
157+ //
158+ // Standard fields.
159+ //
160+
161+ std::uint8_t MajorLinkerVersion;
162+ std::uint8_t MinorLinkerVersion;
163+ std::uint32_t SizeOfCode;
164+ std::uint32_t SizeOfInitializedData;
165+ std::uint32_t SizeOfUninitializedData;
166+ std::uint32_t AddressOfEntryPoint;
167+ std::uint32_t BaseOfCode;
168+ std::uint32_t BaseOfData;
169+
170+ //
171+ // NT additional fields.
172+ //
173+
174+ std::uint32_t ImageBase;
175+ std::uint32_t SectionAlignment;
176+ std::uint32_t FileAlignment;
177+ std::uint16_t MajorOperatingSystemVersion;
178+ std::uint16_t MinorOperatingSystemVersion;
179+ std::uint16_t MajorImageVersion;
180+ std::uint16_t MinorImageVersion;
181+ std::uint16_t MajorSubsystemVersion;
182+ std::uint16_t MinorSubsystemVersion;
183+ std::uint32_t Win32VersionValue;
184+ std::uint32_t SizeOfImage;
185+ std::uint32_t SizeOfHeaders;
186+ std::uint32_t CheckSum;
187+ std::uint16_t Subsystem;
188+ std::uint16_t DllCharacteristics;
189+ std::uint32_t SizeOfStackReserve;
190+ std::uint32_t SizeOfStackCommit;
191+ std::uint32_t SizeOfHeapReserve;
192+ std::uint32_t SizeOfHeapCommit;
193+ std::uint32_t LoaderFlags;
194+ std::uint32_t NumberOfRvaAndSizes;
195+};
196+
197+struct IMAGE_OPTIONAL_HEADER64
198+{
199+ std::uint8_t MajorLinkerVersion;
200+ std::uint8_t MinorLinkerVersion;
201+ std::uint32_t SizeOfCode;
202+ std::uint32_t SizeOfInitializedData;
203+ std::uint32_t SizeOfUninitializedData;
204+ std::uint32_t AddressOfEntryPoint;
205+ std::uint32_t BaseOfCode;
206+ std::uint64_t ImageBase;
207+ std::uint32_t SectionAlignment;
208+ std::uint32_t FileAlignment;
209+ std::uint16_t MajorOperatingSystemVersion;
210+ std::uint16_t MinorOperatingSystemVersion;
211+ std::uint16_t MajorImageVersion;
212+ std::uint16_t MinorImageVersion;
213+ std::uint16_t MajorSubsystemVersion;
214+ std::uint16_t MinorSubsystemVersion;
215+ std::uint32_t Win32VersionValue;
216+ std::uint32_t SizeOfImage;
217+ std::uint32_t SizeOfHeaders;
218+ std::uint32_t CheckSum;
219+ std::uint16_t Subsystem;
220+ std::uint16_t DllCharacteristics;
221+ std::uint64_t SizeOfStackReserve;
222+ std::uint64_t SizeOfStackCommit;
223+ std::uint64_t SizeOfHeapReserve;
224+ std::uint64_t SizeOfHeapCommit;
225+ std::uint32_t LoaderFlags;
226+ std::uint32_t NumberOfRvaAndSizes;
227+};
228+#pragma pack()
229+
230+struct IMAGE_SECTION_HEADER
231+{
232+ std::int8_t Name[8];
233+ union
234+ {
235+ std::uint32_t PhysicalAddress;
236+ std::uint32_t VirtualSize;
237+ } Misc;
238+ std::uint32_t VirtualAddress;
239+ std::uint32_t SizeOfRawData;
240+ std::uint32_t PointerToRawData;
241+ std::uint32_t PointerToRelocations;
242+ std::uint32_t PointerToLinenumbers;
243+ std::uint16_t NumberOfRelocations;
244+ std::uint16_t NumberOfLinenumbers;
245+ std::uint32_t Characteristics;
246+};
247+
248+struct IMAGE_RELOCATION
249+{
250+ union
251+ {
252+ std::uint32_t VirtualAddress;
253+ std::uint32_t RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set
254+ };
255+ std::uint32_t SymbolTableIndex;
256+ std::uint16_t Type;
257+};
258+
259+struct IMAGE_LINENUMBER
260+{
261+ union
262+ {
263+ std::uint32_t SymbolTableIndex; // Symbol table index of function name if Linenumber is 0.
264+ std::uint32_t VirtualAddress; // Virtual address of line number.
265+ } Type;
266+ std::uint16_t Linenumber; // Line number.
267+};
268+
269+// **********************************************
270+// PE Data Directories
271+// **********************************************
272+
273+#define PEL_IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
274+#define PEL_IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
275+#define PEL_IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
276+#define PEL_IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
277+#define PEL_IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
278+#define PEL_IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
279+#define PEL_IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
280+// PEL_IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
281+#define PEL_IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
282+#define PEL_IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
283+#define PEL_IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
284+#define PEL_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
285+#define PEL_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
286+#define PEL_IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
287+#define PEL_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
288+#define PEL_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
289+
290+struct IMAGE_EXPORT_DIRECTORY
291+{
292+ std::uint32_t Characteristics;
293+ std::uint32_t TimeDateStamp;
294+ std::uint16_t MajorVersion;
295+ std::uint16_t MinorVersion;
296+ std::uint32_t Name;
297+ std::uint32_t Base;
298+ std::uint32_t NumberOfFunctions;
299+ std::uint32_t NumberOfNames;
300+ std::uint32_t AddressOfFunctions; // RVA from base of image
301+ std::uint32_t AddressOfNames; // RVA from base of image
302+ std::uint32_t AddressOfNameOrdinals; // RVA from base of image
303+};
304+
305+struct IMAGE_IMPORT_DESCRIPTOR
306+{
307+ union
308+ {
309+ std::uint32_t Characteristics; // 0 for terminating null import descriptor
310+ std::uint32_t OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
311+ };
312+ std::uint32_t TimeDateStamp; // 0 if not bound,
313+ // -1 if bound, and real date\time stamp
314+ // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
315+ // O.W. date/time stamp of DLL bound to (Old BIND)
316+
317+ std::uint32_t ForwarderChain; // -1 if no forwarders
318+ std::uint32_t Name;
319+ std::uint32_t FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
320+};
321+
322+#define PEL_IMAGE_ORDINAL_FLAG64 0x8000000000000000
323+#define PEL_IMAGE_ORDINAL_FLAG32 0x80000000
324+
325+struct IMAGE_RUNTIME_FUNCTION_ENTRY_X64
326+{
327+ std::uint32_t BeginAddress;
328+ std::uint32_t EndAddress;
329+ union
330+ {
331+ std::uint32_t UnwindInfoAddress;
332+ std::uint32_t UnwindData;
333+ };
334+};
335+
336+struct IMAGE_DEBUG_DIRECTORY
337+{
338+ std::uint32_t Characteristics;
339+ std::uint32_t TimeDateStamp;
340+ std::uint16_t MajorVersion;
341+ std::uint16_t MinorVersion;
342+ std::uint32_t Type;
343+ std::uint32_t SizeOfData;
344+ std::uint32_t AddressOfRawData;
345+ std::uint32_t PointerToRawData;
346+};
347+
348+template <typename vaNumberType>
349+struct IMAGE_TLS_DIRECTORY_TEMPLATE
350+{
351+ vaNumberType StartAddressOfRawData;
352+ vaNumberType EndAddressOfRawData;
353+ vaNumberType AddressOfIndex; // PDWORD
354+ vaNumberType AddressOfCallBacks; // PIMAGE_TLS_CALLBACK *;
355+ std::uint32_t SizeOfZeroFill;
356+ union {
357+ std::uint32_t Characteristics;
358+ struct {
359+ std::uint32_t Reserved0 : 20;
360+ std::uint32_t Alignment : 4;
361+ std::uint32_t Reserved1 : 8;
362+ };
363+ };
364+};
365+
366+typedef IMAGE_TLS_DIRECTORY_TEMPLATE <std::uint32_t> IMAGE_TLS_DIRECTORY32;
367+typedef IMAGE_TLS_DIRECTORY_TEMPLATE <std::uint64_t> IMAGE_TLS_DIRECTORY64;
368+
369+struct IMAGE_LOAD_CONFIG_DIRECTORY32
370+{
371+ std::uint32_t Size;
372+ std::uint32_t TimeDateStamp;
373+ std::uint16_t MajorVersion;
374+ std::uint16_t MinorVersion;
375+ std::uint32_t GlobalFlagsClear;
376+ std::uint32_t GlobalFlagsSet;
377+ std::uint32_t CriticalSectionDefaultTimeout;
378+ std::uint32_t DeCommitFreeBlockThreshold;
379+ std::uint32_t DeCommitTotalFreeThreshold;
380+ std::uint32_t LockPrefixTable; // VA
381+ std::uint32_t MaximumAllocationSize;
382+ std::uint32_t VirtualMemoryThreshold;
383+ std::uint32_t ProcessHeapFlags;
384+ std::uint32_t ProcessAffinityMask;
385+ std::uint16_t CSDVersion;
386+ std::uint16_t Reserved1;
387+ std::uint32_t EditList; // VA
388+ std::uint32_t SecurityCookie; // VA
389+ std::uint32_t SEHandlerTable; // VA
390+ std::uint32_t SEHandlerCount;
391+ std::uint32_t GuardCFCheckFunctionPointer; // VA
392+ std::uint32_t Reserved2;
393+ std::uint32_t GuardCFFunctionTable; // VA
394+ std::uint32_t GuardCFFunctionCount;
395+ std::uint32_t GuardFlags;
396+};
397+
398+struct IMAGE_LOAD_CONFIG_DIRECTORY64
399+{
400+ std::uint32_t Size;
401+ std::uint32_t TimeDateStamp;
402+ std::uint16_t MajorVersion;
403+ std::uint16_t MinorVersion;
404+ std::uint32_t GlobalFlagsClear;
405+ std::uint32_t GlobalFlagsSet;
406+ std::uint32_t CriticalSectionDefaultTimeout;
407+ std::uint64_t DeCommitFreeBlockThreshold;
408+ std::uint64_t DeCommitTotalFreeThreshold;
409+ std::uint64_t LockPrefixTable; // VA
410+ std::uint64_t MaximumAllocationSize;
411+ std::uint64_t VirtualMemoryThreshold;
412+ std::uint64_t ProcessAffinityMask;
413+ std::uint32_t ProcessHeapFlags;
414+ std::uint16_t CSDVersion;
415+ std::uint16_t Reserved1;
416+ std::uint64_t EditList; // VA
417+ std::uint64_t SecurityCookie; // VA
418+ std::uint64_t SEHandlerTable; // VA
419+ std::uint64_t SEHandlerCount;
420+ std::uint64_t GuardCFCheckFunctionPointer; // VA
421+ std::uint64_t Reserved2;
422+ std::uint64_t GuardCFFunctionTable; // VA
423+ std::uint64_t GuardCFFunctionCount;
424+ std::uint32_t GuardFlags;
425+};
426+
427+struct IMAGE_BASE_RELOCATION
428+{
429+ std::uint32_t VirtualAddress;
430+ std::uint32_t SizeOfBlock;
431+// std::uint16_t TypeOffset[1];
432+};
433+
434+struct IMAGE_DELAYLOAD_DESCRIPTOR
435+{
436+ union
437+ {
438+ std::uint32_t AllAttributes;
439+ struct
440+ {
441+ std::uint32_t RvaBased : 1; // Delay load version 2
442+ std::uint32_t ReservedAttributes : 31;
443+ };
444+ } Attributes;
445+
446+ std::uint32_t DllNameRVA; // RVA to the name of the target library (NULL-terminate ASCII string)
447+ std::uint32_t ModuleHandleRVA; // RVA to the HMODULE caching location (PHMODULE)
448+ std::uint32_t ImportAddressTableRVA; // RVA to the start of the IAT (PIMAGE_THUNK_DATA)
449+ std::uint32_t ImportNameTableRVA; // RVA to the start of the name table (PIMAGE_THUNK_DATA::AddressOfData)
450+ std::uint32_t BoundImportAddressTableRVA; // RVA to an optional bound IAT
451+ std::uint32_t UnloadInformationTableRVA; // RVA to an optional unload info table
452+ std::uint32_t TimeDateStamp; // 0 if not bound,
453+ // Otherwise, date/time of the target DLL
454+};
455+
456+// Legacy bound imports directory; probably not used by OS loader anymore.
457+struct IMAGE_BOUND_IMPORT_DESCRIPTOR
458+{
459+ std::uint32_t TimeDateStamp;
460+ std::uint16_t OffsetModuleName;
461+ std::uint16_t NumberOfModuleForwarderRefs;
462+// Array of zero or more IMAGE_BOUND_FORWARDER_REF follows
463+};
464+
465+struct IMAGE_BOUND_FORWARDER_REF
466+{
467+ std::uint32_t TimeDateStamp;
468+ std::uint16_t OffsetModuleName;
469+ std::uint16_t Reserved;
470+};
471+
472+struct IMAGE_BASE_RELOC_TYPE_ITEM
473+{
474+ std::uint16_t offset : 12;
475+ std::uint16_t type : 4;
476+};
477+
478+struct IMAGE_RESOURCE_DIRECTORY {
479+ std::uint32_t Characteristics;
480+ std::uint32_t TimeDateStamp;
481+ std::uint16_t MajorVersion;
482+ std::uint16_t MinorVersion;
483+ std::uint16_t NumberOfNamedEntries;
484+ std::uint16_t NumberOfIdEntries;
485+// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[];
486+};
487+
488+struct IMAGE_RESOURCE_DIRECTORY_ENTRY
489+{
490+ union {
491+ struct {
492+ std::uint32_t NameOffset:31;
493+ std::uint32_t NameIsString:1;
494+ };
495+ std::uint32_t Name;
496+ std::uint16_t Id;
497+ };
498+ union {
499+ std::uint32_t OffsetToData:31;
500+ struct {
501+ std::uint32_t OffsetToDirectory:31;
502+ std::uint32_t DataIsDirectory:1;
503+ };
504+ };
505+};
506+
507+struct IMAGE_RESOURCE_DIRECTORY_STRING
508+{
509+ std::uint16_t Length;
510+ char NameString[ 1 ];
511+};
512+
513+struct IMAGE_RESOURCE_DIR_STRING_U
514+{
515+ std::uint16_t Length;
516+ wchar_t NameString[ 1 ];
517+};
518+
519+struct IMAGE_RESOURCE_DATA_ENTRY
520+{
521+ std::uint32_t OffsetToData;
522+ std::uint32_t Size;
523+ std::uint32_t CodePage;
524+ std::uint32_t Reserved;
525+};
526+
527+struct IMAGE_ATTRIB_CERT_DESC
528+{
529+ std::uint32_t Size;
530+ std::uint16_t Revision;
531+ std::uint16_t CertificateType;
532+ // Followed by the actual certificate.
533+};
534+
535+};
536+
537+#endif //_PELOADER_SERIALIZE_
\ No newline at end of file
--- include/peloader.h (revision 1)
+++ include/peloader.h (revision 2)
@@ -753,7 +753,7 @@
753753 }
754754 else
755755 {
756- return ( LIST_EMPTY( this->dataAlloc.blockList.root ) == true );
756+ return ( LIST_EMPTY( this->dataAlloc.blockList.root ) == true ) && ( this->stream.Size() == 0 );
757757 }
758758 }
759759
@@ -974,8 +974,8 @@
974974
975975 bool FindSectionSpace( std::uint32_t spanSize, std::uint32_t& addrOut );
976976
977- std::uint32_t GetSectionAlignment( void ) { return this->sectionAlignment; }
978- std::uint32_t GetImageBase( void ) { return this->imageBase; }
977+ std::uint32_t GetSectionAlignment( void ) const { return this->sectionAlignment; }
978+ std::uint32_t GetImageBase( void ) const { return this->imageBase; }
979979
980980 std::uint32_t GetSectionCount( void ) const { return this->numSections; }
981981
@@ -1348,6 +1348,7 @@
13481348 bool RemoveSection( PESection *section );
13491349
13501350 std::uint32_t GetSectionCount( void ) const { return this->sections.GetSectionCount(); }
1351+ std::uint32_t GetSectionAlignment( void ) const { return this->sections.GetSectionAlignment(); }
13511352
13521353 bool FindSectionSpace( std::uint32_t spanSize, std::uint32_t& addrOut );
13531354
@@ -1810,9 +1811,9 @@
18101811 // Information API.
18111812 inline std::uint64_t GetImageBase( void ) const { return this->peOptHeader.imageBase; }
18121813
1813-private:
18141814 // Helper functions to off-load the duty work from the main
18151815 // serialization function.
1816+ // Could actually be required by outside code because of PEStructures.
18161817 std::uint16_t GetPENativeFileFlags( void );
18171818 std::uint16_t GetPENativeDLLOptFlags( void );
18181819
--- src/peloader.internal.hxx (revision 1)
+++ src/peloader.internal.hxx (revision 2)
@@ -1,534 +1,7 @@
11 #ifndef _PELOADER_INTERNAL_
22 #define _PELOADER_INTERNAL_
33
4-// We get our own copies of Windows things, to keep a well-reasoned versioning.
4+// Forward to the global header, because it is sometimes necessary.
5+#include "peloader.serialize.h"
56
6-// Meant-to-be-serialized file structures.
7-// Not recommended to deal with directly.
8-namespace PEStructures
9-{
10-
11-// Main PE headers.
12-
13-struct IMAGE_DOS_HEADER // DOS .EXE header
14-{
15- std::uint16_t e_magic; // Magic number
16- std::uint16_t e_cblp; // Bytes on last page of file
17- std::uint16_t e_cp; // Pages in file
18- std::uint16_t e_crlc; // Relocations
19- std::uint16_t e_cparhdr; // Size of header in paragraphs
20- std::uint16_t e_minalloc; // Minimum extra paragraphs needed
21- std::uint16_t e_maxalloc; // Maximum extra paragraphs needed
22- std::uint16_t e_ss; // Initial (relative) SS value
23- std::uint16_t e_sp; // Initial SP value
24- std::uint16_t e_csum; // Checksum
25- std::uint16_t e_ip; // Initial IP value
26- std::uint16_t e_cs; // Initial (relative) CS value
27- std::uint16_t e_lfarlc; // File address of relocation table
28- std::uint16_t e_ovno; // Overlay number
29- std::uint16_t e_res[4]; // Reserved words
30- std::uint16_t e_oemid; // OEM identifier (for e_oeminfo)
31- std::uint16_t e_oeminfo; // OEM information; e_oemid specific
32- std::uint16_t e_res2[10]; // Reserved words
33- std::int32_t e_lfanew; // File address of new exe header
34-};
35-
36-#define PEL_IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
37-#define PEL_IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved external references).
38-#define PEL_IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
39-#define PEL_IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
40-#define PEL_IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Aggressively trim working set
41-#define PEL_IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses
42-#define PEL_IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
43-#define PEL_IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
44-#define PEL_IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
45-#define PEL_IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
46-#define PEL_IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
47-#define PEL_IMAGE_FILE_SYSTEM 0x1000 // System File.
48-#define PEL_IMAGE_FILE_DLL 0x2000 // File is a DLL.
49-#define PEL_IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
50-#define PEL_IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
51-
52-struct IMAGE_FILE_HEADER
53-{
54- std::uint16_t Machine;
55- std::uint16_t NumberOfSections;
56- std::uint32_t TimeDateStamp;
57- std::uint32_t PointerToSymbolTable;
58- std::uint32_t NumberOfSymbols;
59- std::uint16_t SizeOfOptionalHeader;
60- std::uint16_t Characteristics;
61-};
62-
63-// DllCharacteristics Entries
64-
65-// PEL_IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved.
66-// PEL_IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved.
67-// PEL_IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved.
68-// PEL_IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved.
69-#define PEL_IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA 0x0020 // Image can handle a high entropy 64-bit virtual address space.
70-#define PEL_IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 // DLL can move.
71-#define PEL_IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY 0x0080 // Code Integrity Image
72-#define PEL_IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 // Image is NX compatible
73-#define PEL_IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 // Image understands isolation and doesn't want it
74-#define PEL_IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 // Image does not use SEH. No SE handler may reside in this image
75-#define PEL_IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 // Do not bind this image.
76-#define PEL_IMAGE_DLLCHARACTERISTICS_APPCONTAINER 0x1000 // Image should execute in an AppContainer
77-#define PEL_IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 // Driver uses WDM model
78-#define PEL_IMAGE_DLLCHARACTERISTICS_GUARD_CF 0x4000 // Image supports Control Flow Guard.
79-#define PEL_IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
80-
81-// Section characteristics.
82-//
83-// PEL_IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
84-// PEL_IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
85-// PEL_IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
86-// PEL_IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
87-#define PEL_IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
88-// PEL_IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
89-
90-#define PEL_IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
91-#define PEL_IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
92-#define PEL_IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
93-
94-#define PEL_IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
95-#define PEL_IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
96-// PEL_IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
97-#define PEL_IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
98-#define PEL_IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
99-// 0x00002000 // Reserved.
100-// PEL_IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
101-#define PEL_IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 // Reset speculative exceptions handling bits in the TLB entries for this section.
102-#define PEL_IMAGE_SCN_GPREL 0x00008000 // Section content can be accessed relative to GP
103-#define PEL_IMAGE_SCN_MEM_FARDATA 0x00008000
104-// PEL_IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
105-#define PEL_IMAGE_SCN_MEM_PURGEABLE 0x00020000
106-#define PEL_IMAGE_SCN_MEM_16BIT 0x00020000
107-#define PEL_IMAGE_SCN_MEM_LOCKED 0x00040000
108-#define PEL_IMAGE_SCN_MEM_PRELOAD 0x00080000
109-
110-#define PEL_IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
111-#define PEL_IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
112-#define PEL_IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
113-#define PEL_IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
114-#define PEL_IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
115-#define PEL_IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
116-#define PEL_IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
117-#define PEL_IMAGE_SCN_ALIGN_128BYTES 0x00800000 //
118-#define PEL_IMAGE_SCN_ALIGN_256BYTES 0x00900000 //
119-#define PEL_IMAGE_SCN_ALIGN_512BYTES 0x00A00000 //
120-#define PEL_IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 //
121-#define PEL_IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 //
122-#define PEL_IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 //
123-#define PEL_IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 //
124-// Unused 0x00F00000
125-#define PEL_IMAGE_SCN_ALIGN_MASK 0x00F00000
126-
127-#define PEL_IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
128-#define PEL_IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
129-#define PEL_IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
130-#define PEL_IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
131-#define PEL_IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
132-#define PEL_IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
133-#define PEL_IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
134-#define PEL_IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
135-
136-struct IMAGE_PE_HEADER
137-{
138- std::uint32_t Signature;
139- IMAGE_FILE_HEADER FileHeader;
140- // Rest is machine dependent.
141-};
142-
143-struct IMAGE_DATA_DIRECTORY
144-{
145- std::uint32_t VirtualAddress;
146- std::uint32_t Size;
147-};
148-
149-#define PEL_IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
150-
151-#pragma pack(1)
152-struct IMAGE_OPTIONAL_HEADER32
153-{
154- //
155- // Standard fields.
156- //
157-
158- std::uint8_t MajorLinkerVersion;
159- std::uint8_t MinorLinkerVersion;
160- std::uint32_t SizeOfCode;
161- std::uint32_t SizeOfInitializedData;
162- std::uint32_t SizeOfUninitializedData;
163- std::uint32_t AddressOfEntryPoint;
164- std::uint32_t BaseOfCode;
165- std::uint32_t BaseOfData;
166-
167- //
168- // NT additional fields.
169- //
170-
171- std::uint32_t ImageBase;
172- std::uint32_t SectionAlignment;
173- std::uint32_t FileAlignment;
174- std::uint16_t MajorOperatingSystemVersion;
175- std::uint16_t MinorOperatingSystemVersion;
176- std::uint16_t MajorImageVersion;
177- std::uint16_t MinorImageVersion;
178- std::uint16_t MajorSubsystemVersion;
179- std::uint16_t MinorSubsystemVersion;
180- std::uint32_t Win32VersionValue;
181- std::uint32_t SizeOfImage;
182- std::uint32_t SizeOfHeaders;
183- std::uint32_t CheckSum;
184- std::uint16_t Subsystem;
185- std::uint16_t DllCharacteristics;
186- std::uint32_t SizeOfStackReserve;
187- std::uint32_t SizeOfStackCommit;
188- std::uint32_t SizeOfHeapReserve;
189- std::uint32_t SizeOfHeapCommit;
190- std::uint32_t LoaderFlags;
191- std::uint32_t NumberOfRvaAndSizes;
192-};
193-
194-struct IMAGE_OPTIONAL_HEADER64
195-{
196- std::uint8_t MajorLinkerVersion;
197- std::uint8_t MinorLinkerVersion;
198- std::uint32_t SizeOfCode;
199- std::uint32_t SizeOfInitializedData;
200- std::uint32_t SizeOfUninitializedData;
201- std::uint32_t AddressOfEntryPoint;
202- std::uint32_t BaseOfCode;
203- std::uint64_t ImageBase;
204- std::uint32_t SectionAlignment;
205- std::uint32_t FileAlignment;
206- std::uint16_t MajorOperatingSystemVersion;
207- std::uint16_t MinorOperatingSystemVersion;
208- std::uint16_t MajorImageVersion;
209- std::uint16_t MinorImageVersion;
210- std::uint16_t MajorSubsystemVersion;
211- std::uint16_t MinorSubsystemVersion;
212- std::uint32_t Win32VersionValue;
213- std::uint32_t SizeOfImage;
214- std::uint32_t SizeOfHeaders;
215- std::uint32_t CheckSum;
216- std::uint16_t Subsystem;
217- std::uint16_t DllCharacteristics;
218- std::uint64_t SizeOfStackReserve;
219- std::uint64_t SizeOfStackCommit;
220- std::uint64_t SizeOfHeapReserve;
221- std::uint64_t SizeOfHeapCommit;
222- std::uint32_t LoaderFlags;
223- std::uint32_t NumberOfRvaAndSizes;
224-};
225-#pragma pack()
226-
227-struct IMAGE_SECTION_HEADER
228-{
229- std::uint8_t Name[8];
230- union
231- {
232- std::uint32_t PhysicalAddress;
233- std::uint32_t VirtualSize;
234- } Misc;
235- std::uint32_t VirtualAddress;
236- std::uint32_t SizeOfRawData;
237- std::uint32_t PointerToRawData;
238- std::uint32_t PointerToRelocations;
239- std::uint32_t PointerToLinenumbers;
240- std::uint16_t NumberOfRelocations;
241- std::uint16_t NumberOfLinenumbers;
242- std::uint32_t Characteristics;
243-};
244-
245-struct IMAGE_RELOCATION
246-{
247- union
248- {
249- std::uint32_t VirtualAddress;
250- std::uint32_t RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set
251- };
252- std::uint32_t SymbolTableIndex;
253- std::uint16_t Type;
254-};
255-
256-struct IMAGE_LINENUMBER
257-{
258- union
259- {
260- std::uint32_t SymbolTableIndex; // Symbol table index of function name if Linenumber is 0.
261- std::uint32_t VirtualAddress; // Virtual address of line number.
262- } Type;
263- std::uint16_t Linenumber; // Line number.
264-};
265-
266-// **********************************************
267-// PE Data Directories
268-// **********************************************
269-
270-#define PEL_IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
271-#define PEL_IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
272-#define PEL_IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
273-#define PEL_IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
274-#define PEL_IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
275-#define PEL_IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
276-#define PEL_IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
277-// PEL_IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
278-#define PEL_IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
279-#define PEL_IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
280-#define PEL_IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
281-#define PEL_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
282-#define PEL_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
283-#define PEL_IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
284-#define PEL_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
285-#define PEL_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
286-
287-struct IMAGE_EXPORT_DIRECTORY
288-{
289- std::uint32_t Characteristics;
290- std::uint32_t TimeDateStamp;
291- std::uint16_t MajorVersion;
292- std::uint16_t MinorVersion;
293- std::uint32_t Name;
294- std::uint32_t Base;
295- std::uint32_t NumberOfFunctions;
296- std::uint32_t NumberOfNames;
297- std::uint32_t AddressOfFunctions; // RVA from base of image
298- std::uint32_t AddressOfNames; // RVA from base of image
299- std::uint32_t AddressOfNameOrdinals; // RVA from base of image
300-};
301-
302-struct IMAGE_IMPORT_DESCRIPTOR
303-{
304- union
305- {
306- std::uint32_t Characteristics; // 0 for terminating null import descriptor
307- std::uint32_t OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
308- };
309- std::uint32_t TimeDateStamp; // 0 if not bound,
310- // -1 if bound, and real date\time stamp
311- // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
312- // O.W. date/time stamp of DLL bound to (Old BIND)
313-
314- std::uint32_t ForwarderChain; // -1 if no forwarders
315- std::uint32_t Name;
316- std::uint32_t FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
317-};
318-
319-#define PEL_IMAGE_ORDINAL_FLAG64 0x8000000000000000
320-#define PEL_IMAGE_ORDINAL_FLAG32 0x80000000
321-
322-struct IMAGE_RUNTIME_FUNCTION_ENTRY_X64
323-{
324- std::uint32_t BeginAddress;
325- std::uint32_t EndAddress;
326- union
327- {
328- std::uint32_t UnwindInfoAddress;
329- std::uint32_t UnwindData;
330- };
331-};
332-
333-struct IMAGE_DEBUG_DIRECTORY
334-{
335- std::uint32_t Characteristics;
336- std::uint32_t TimeDateStamp;
337- std::uint16_t MajorVersion;
338- std::uint16_t MinorVersion;
339- std::uint32_t Type;
340- std::uint32_t SizeOfData;
341- std::uint32_t AddressOfRawData;
342- std::uint32_t PointerToRawData;
343-};
344-
345-template <typename vaNumberType>
346-struct IMAGE_TLS_DIRECTORY_TEMPLATE
347-{
348- vaNumberType StartAddressOfRawData;
349- vaNumberType EndAddressOfRawData;
350- vaNumberType AddressOfIndex; // PDWORD
351- vaNumberType AddressOfCallBacks; // PIMAGE_TLS_CALLBACK *;
352- std::uint32_t SizeOfZeroFill;
353- union {
354- std::uint32_t Characteristics;
355- struct {
356- std::uint32_t Reserved0 : 20;
357- std::uint32_t Alignment : 4;
358- std::uint32_t Reserved1 : 8;
359- };
360- };
361-};
362-
363-typedef IMAGE_TLS_DIRECTORY_TEMPLATE <std::uint32_t> IMAGE_TLS_DIRECTORY32;
364-typedef IMAGE_TLS_DIRECTORY_TEMPLATE <std::uint64_t> IMAGE_TLS_DIRECTORY64;
365-
366-struct IMAGE_LOAD_CONFIG_DIRECTORY32
367-{
368- std::uint32_t Size;
369- std::uint32_t TimeDateStamp;
370- std::uint16_t MajorVersion;
371- std::uint16_t MinorVersion;
372- std::uint32_t GlobalFlagsClear;
373- std::uint32_t GlobalFlagsSet;
374- std::uint32_t CriticalSectionDefaultTimeout;
375- std::uint32_t DeCommitFreeBlockThreshold;
376- std::uint32_t DeCommitTotalFreeThreshold;
377- std::uint32_t LockPrefixTable; // VA
378- std::uint32_t MaximumAllocationSize;
379- std::uint32_t VirtualMemoryThreshold;
380- std::uint32_t ProcessHeapFlags;
381- std::uint32_t ProcessAffinityMask;
382- std::uint16_t CSDVersion;
383- std::uint16_t Reserved1;
384- std::uint32_t EditList; // VA
385- std::uint32_t SecurityCookie; // VA
386- std::uint32_t SEHandlerTable; // VA
387- std::uint32_t SEHandlerCount;
388- std::uint32_t GuardCFCheckFunctionPointer; // VA
389- std::uint32_t Reserved2;
390- std::uint32_t GuardCFFunctionTable; // VA
391- std::uint32_t GuardCFFunctionCount;
392- std::uint32_t GuardFlags;
393-};
394-
395-struct IMAGE_LOAD_CONFIG_DIRECTORY64
396-{
397- std::uint32_t Size;
398- std::uint32_t TimeDateStamp;
399- std::uint16_t MajorVersion;
400- std::uint16_t MinorVersion;
401- std::uint32_t GlobalFlagsClear;
402- std::uint32_t GlobalFlagsSet;
403- std::uint32_t CriticalSectionDefaultTimeout;
404- std::uint64_t DeCommitFreeBlockThreshold;
405- std::uint64_t DeCommitTotalFreeThreshold;
406- std::uint64_t LockPrefixTable; // VA
407- std::uint64_t MaximumAllocationSize;
408- std::uint64_t VirtualMemoryThreshold;
409- std::uint64_t ProcessAffinityMask;
410- std::uint32_t ProcessHeapFlags;
411- std::uint16_t CSDVersion;
412- std::uint16_t Reserved1;
413- std::uint64_t EditList; // VA
414- std::uint64_t SecurityCookie; // VA
415- std::uint64_t SEHandlerTable; // VA
416- std::uint64_t SEHandlerCount;
417- std::uint64_t GuardCFCheckFunctionPointer; // VA
418- std::uint64_t Reserved2;
419- std::uint64_t GuardCFFunctionTable; // VA
420- std::uint64_t GuardCFFunctionCount;
421- std::uint32_t GuardFlags;
422-};
423-
424-struct IMAGE_BASE_RELOCATION
425-{
426- std::uint32_t VirtualAddress;
427- std::uint32_t SizeOfBlock;
428-// std::uint16_t TypeOffset[1];
429-};
430-
431-struct IMAGE_DELAYLOAD_DESCRIPTOR
432-{
433- union
434- {
435- std::uint32_t AllAttributes;
436- struct
437- {
438- std::uint32_t RvaBased : 1; // Delay load version 2
439- std::uint32_t ReservedAttributes : 31;
440- };
441- } Attributes;
442-
443- std::uint32_t DllNameRVA; // RVA to the name of the target library (NULL-terminate ASCII string)
444- std::uint32_t ModuleHandleRVA; // RVA to the HMODULE caching location (PHMODULE)
445- std::uint32_t ImportAddressTableRVA; // RVA to the start of the IAT (PIMAGE_THUNK_DATA)
446- std::uint32_t ImportNameTableRVA; // RVA to the start of the name table (PIMAGE_THUNK_DATA::AddressOfData)
447- std::uint32_t BoundImportAddressTableRVA; // RVA to an optional bound IAT
448- std::uint32_t UnloadInformationTableRVA; // RVA to an optional unload info table
449- std::uint32_t TimeDateStamp; // 0 if not bound,
450- // Otherwise, date/time of the target DLL
451-};
452-
453-// Legacy bound imports directory; probably not used by OS loader anymore.
454-struct IMAGE_BOUND_IMPORT_DESCRIPTOR
455-{
456- std::uint32_t TimeDateStamp;
457- std::uint16_t OffsetModuleName;
458- std::uint16_t NumberOfModuleForwarderRefs;
459-// Array of zero or more IMAGE_BOUND_FORWARDER_REF follows
460-};
461-
462-struct IMAGE_BOUND_FORWARDER_REF
463-{
464- std::uint32_t TimeDateStamp;
465- std::uint16_t OffsetModuleName;
466- std::uint16_t Reserved;
467-};
468-
469-struct IMAGE_BASE_RELOC_TYPE_ITEM
470-{
471- std::uint16_t offset : 12;
472- std::uint16_t type : 4;
473-};
474-
475-struct IMAGE_RESOURCE_DIRECTORY {
476- std::uint32_t Characteristics;
477- std::uint32_t TimeDateStamp;
478- std::uint16_t MajorVersion;
479- std::uint16_t MinorVersion;
480- std::uint16_t NumberOfNamedEntries;
481- std::uint16_t NumberOfIdEntries;
482-// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[];
483-};
484-
485-struct IMAGE_RESOURCE_DIRECTORY_ENTRY
486-{
487- union {
488- struct {
489- std::uint32_t NameOffset:31;
490- std::uint32_t NameIsString:1;
491- };
492- std::uint32_t Name;
493- std::uint16_t Id;
494- };
495- union {
496- std::uint32_t OffsetToData:31;
497- struct {
498- std::uint32_t OffsetToDirectory:31;
499- std::uint32_t DataIsDirectory:1;
500- };
501- };
502-};
503-
504-struct IMAGE_RESOURCE_DIRECTORY_STRING
505-{
506- std::uint16_t Length;
507- char NameString[ 1 ];
508-};
509-
510-struct IMAGE_RESOURCE_DIR_STRING_U
511-{
512- std::uint16_t Length;
513- wchar_t NameString[ 1 ];
514-};
515-
516-struct IMAGE_RESOURCE_DATA_ENTRY
517-{
518- std::uint32_t OffsetToData;
519- std::uint32_t Size;
520- std::uint32_t CodePage;
521- std::uint32_t Reserved;
522-};
523-
524-struct IMAGE_ATTRIB_CERT_DESC
525-{
526- std::uint32_t Size;
527- std::uint16_t Revision;
528- std::uint16_t CertificateType;
529- // Followed by the actual certificate.
530-};
531-
532-};
533-
5347 #endif //_PELOADER_INTERNAL_
\ No newline at end of file
Show on old repository browser