pe.h revision 1.1
1 1.1 jakllsch /* $NetBSD: pe.h,v 1.1 2014/04/01 16:16:07 jakllsch Exp $ */ 2 1.1 jakllsch 3 1.1 jakllsch /* 4 1.1 jakllsch PE32+ header file 5 1.1 jakllsch */ 6 1.1 jakllsch #ifndef _PE_H 7 1.1 jakllsch #define _PE_H 8 1.1 jakllsch 9 1.1 jakllsch #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ 10 1.1 jakllsch #define IMAGE_OS2_SIGNATURE 0x454E // NE 11 1.1 jakllsch #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE 12 1.1 jakllsch #define IMAGE_NT_SIGNATURE 0x00004550 // PE00 13 1.1 jakllsch #define IMAGE_EDOS_SIGNATURE 0x44454550 // PEED 14 1.1 jakllsch 15 1.1 jakllsch /***************************************************************************** 16 1.1 jakllsch * The following stuff comes from winnt.h from the ia64sdk, plus the Plabel for 17 1.1 jakllsch * loading EM executables. 18 1.1 jakllsch *****************************************************************************/ 19 1.1 jakllsch // 20 1.1 jakllsch // Intel IA64 specific 21 1.1 jakllsch // 22 1.1 jakllsch 23 1.1 jakllsch #define IMAGE_REL_BASED_IA64_IMM64 9 24 1.1 jakllsch #define IMAGE_REL_BASED_IA64_DIR64 10 25 1.1 jakllsch 26 1.1 jakllsch struct Plabel { 27 1.1 jakllsch UINT64 EntryPoint; 28 1.1 jakllsch UINT64 NewGP; 29 1.1 jakllsch }; 30 1.1 jakllsch 31 1.1 jakllsch typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header 32 1.1 jakllsch UINT16 e_magic; // Magic number 33 1.1 jakllsch UINT16 e_cblp; // Bytes on last page of file 34 1.1 jakllsch UINT16 e_cp; // Pages in file 35 1.1 jakllsch UINT16 e_crlc; // Relocations 36 1.1 jakllsch UINT16 e_cparhdr; // Size of header in paragraphs 37 1.1 jakllsch UINT16 e_minalloc; // Minimum extra paragraphs needed 38 1.1 jakllsch UINT16 e_maxalloc; // Maximum extra paragraphs needed 39 1.1 jakllsch UINT16 e_ss; // Initial (relative) SS value 40 1.1 jakllsch UINT16 e_sp; // Initial SP value 41 1.1 jakllsch UINT16 e_csum; // Checksum 42 1.1 jakllsch UINT16 e_ip; // Initial IP value 43 1.1 jakllsch UINT16 e_cs; // Initial (relative) CS value 44 1.1 jakllsch UINT16 e_lfarlc; // File address of relocation table 45 1.1 jakllsch UINT16 e_ovno; // Overlay number 46 1.1 jakllsch UINT16 e_res[4]; // Reserved words 47 1.1 jakllsch UINT16 e_oemid; // OEM identifier (for e_oeminfo) 48 1.1 jakllsch UINT16 e_oeminfo; // OEM information; e_oemid specific 49 1.1 jakllsch UINT16 e_res2[10]; // Reserved words 50 1.1 jakllsch UINT32 e_lfanew; // File address of new exe header 51 1.1 jakllsch } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; 52 1.1 jakllsch 53 1.1 jakllsch typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header 54 1.1 jakllsch UINT16 ne_magic; // Magic number 55 1.1 jakllsch UINT8 ne_ver; // Version number 56 1.1 jakllsch UINT8 ne_rev; // Revision number 57 1.1 jakllsch UINT16 ne_enttab; // Offset of Entry Table 58 1.1 jakllsch UINT16 ne_cbenttab; // Number of bytes in Entry Table 59 1.1 jakllsch UINT32 ne_crc; // Checksum of whole file 60 1.1 jakllsch UINT16 ne_flags; // Flag UINT16 61 1.1 jakllsch UINT16 ne_autodata; // Automatic data segment number 62 1.1 jakllsch UINT16 ne_heap; // Initial heap allocation 63 1.1 jakllsch UINT16 ne_stack; // Initial stack allocation 64 1.1 jakllsch UINT32 ne_csip; // Initial CS:IP setting 65 1.1 jakllsch UINT32 ne_sssp; // Initial SS:SP setting 66 1.1 jakllsch UINT16 ne_cseg; // Count of file segments 67 1.1 jakllsch UINT16 ne_cmod; // Entries in Module Reference Table 68 1.1 jakllsch UINT16 ne_cbnrestab; // Size of non-resident name table 69 1.1 jakllsch UINT16 ne_segtab; // Offset of Segment Table 70 1.1 jakllsch UINT16 ne_rsrctab; // Offset of Resource Table 71 1.1 jakllsch UINT16 ne_restab; // Offset of resident name table 72 1.1 jakllsch UINT16 ne_modtab; // Offset of Module Reference Table 73 1.1 jakllsch UINT16 ne_imptab; // Offset of Imported Names Table 74 1.1 jakllsch UINT32 ne_nrestab; // Offset of Non-resident Names Table 75 1.1 jakllsch UINT16 ne_cmovent; // Count of movable entries 76 1.1 jakllsch UINT16 ne_align; // Segment alignment shift count 77 1.1 jakllsch UINT16 ne_cres; // Count of resource segments 78 1.1 jakllsch UINT8 ne_exetyp; // Target Operating system 79 1.1 jakllsch UINT8 ne_flagsothers; // Other .EXE flags 80 1.1 jakllsch UINT16 ne_pretthunks; // offset to return thunks 81 1.1 jakllsch UINT16 ne_psegrefbytes; // offset to segment ref. bytes 82 1.1 jakllsch UINT16 ne_swaparea; // Minimum code swap area size 83 1.1 jakllsch UINT16 ne_expver; // Expected Windows version number 84 1.1 jakllsch } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER; 85 1.1 jakllsch 86 1.1 jakllsch // 87 1.1 jakllsch // File header format. 88 1.1 jakllsch // 89 1.1 jakllsch 90 1.1 jakllsch typedef struct _IMAGE_FILE_HEADER { 91 1.1 jakllsch UINT16 Machine; 92 1.1 jakllsch UINT16 NumberOfSections; 93 1.1 jakllsch UINT32 TimeDateStamp; 94 1.1 jakllsch UINT32 PointerToSymbolTable; 95 1.1 jakllsch UINT32 NumberOfSymbols; 96 1.1 jakllsch UINT16 SizeOfOptionalHeader; 97 1.1 jakllsch UINT16 Characteristics; 98 1.1 jakllsch } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 99 1.1 jakllsch 100 1.1 jakllsch #define IMAGE_SIZEOF_FILE_HEADER 20 101 1.1 jakllsch 102 1.1 jakllsch #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. 103 1.1 jakllsch #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). 104 1.1 jakllsch #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. 105 1.1 jakllsch #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. 106 1.1 jakllsch #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. 107 1.1 jakllsch #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. 108 1.1 jakllsch #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file 109 1.1 jakllsch #define IMAGE_FILE_SYSTEM 0x1000 // System File. 110 1.1 jakllsch #define IMAGE_FILE_DLL 0x2000 // File is a DLL. 111 1.1 jakllsch #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. 112 1.1 jakllsch 113 1.1 jakllsch #define IMAGE_FILE_MACHINE_UNKNOWN 0 114 1.1 jakllsch #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. 115 1.1 jakllsch #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0540 big-endian 116 1.1 jakllsch #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian 117 1.1 jakllsch #define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP 118 1.1 jakllsch #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x1c2 // Arm/Thumb 119 1.1 jakllsch #define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian 120 1.1 jakllsch #define IMAGE_FILE_MACHINE_IA64 0x200 // IA-64 121 1.1 jakllsch #define IMAGE_FILE_MACHINE_TAHOE 0x7cc // Intel EM machine 122 1.1 jakllsch #define IMAGE_FILE_MACHINE_EBC 0xebc // EFI Byte Code 123 1.1 jakllsch #define IMAGE_FILE_MACHINE_X64 0x8664 // x86_64 124 1.1 jakllsch // 125 1.1 jakllsch // Directory format. 126 1.1 jakllsch // 127 1.1 jakllsch 128 1.1 jakllsch typedef struct _IMAGE_DATA_DIRECTORY { 129 1.1 jakllsch UINT32 VirtualAddress; 130 1.1 jakllsch UINT32 Size; 131 1.1 jakllsch } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; 132 1.1 jakllsch 133 1.1 jakllsch #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 134 1.1 jakllsch 135 1.1 jakllsch 136 1.1 jakllsch typedef struct _IMAGE_ROM_OPTIONAL_HEADER { 137 1.1 jakllsch UINT16 Magic; 138 1.1 jakllsch UINT8 MajorLinkerVersion; 139 1.1 jakllsch UINT8 MinorLinkerVersion; 140 1.1 jakllsch UINT32 SizeOfCode; 141 1.1 jakllsch UINT32 SizeOfInitializedData; 142 1.1 jakllsch UINT32 SizeOfUninitializedData; 143 1.1 jakllsch UINT32 AddressOfEntryPoint; 144 1.1 jakllsch UINT32 BaseOfCode; 145 1.1 jakllsch UINT32 BaseOfData; 146 1.1 jakllsch UINT32 BaseOfBss; 147 1.1 jakllsch UINT32 GprMask; 148 1.1 jakllsch UINT32 CprMask[4]; 149 1.1 jakllsch UINT32 GpValue; 150 1.1 jakllsch } IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER; 151 1.1 jakllsch 152 1.1 jakllsch typedef struct _IMAGE_OPTIONAL_HEADER { 153 1.1 jakllsch UINT16 Magic; 154 1.1 jakllsch UINT8 MajorLinkerVersion; 155 1.1 jakllsch UINT8 MinorLinkerVersion; 156 1.1 jakllsch UINT32 SizeOfCode; 157 1.1 jakllsch UINT32 SizeOfInitializedData; 158 1.1 jakllsch UINT32 SizeOfUninitializedData; 159 1.1 jakllsch UINT32 AddressOfEntryPoint; 160 1.1 jakllsch UINT32 BaseOfCode; 161 1.1 jakllsch // UINT32 BaseOfData; 162 1.1 jakllsch UINT64 ImageBase; 163 1.1 jakllsch UINT32 SectionAlignment; 164 1.1 jakllsch UINT32 FileAlignment; 165 1.1 jakllsch UINT16 MajorOperatingSystemVersion; 166 1.1 jakllsch UINT16 MinorOperatingSystemVersion; 167 1.1 jakllsch UINT16 MajorImageVersion; 168 1.1 jakllsch UINT16 MinorImageVersion; 169 1.1 jakllsch UINT16 MajorSubsystemVersion; 170 1.1 jakllsch UINT16 MinorSubsystemVersion; 171 1.1 jakllsch UINT32 Win32VersionValue; 172 1.1 jakllsch UINT32 SizeOfImage; 173 1.1 jakllsch UINT32 SizeOfHeaders; 174 1.1 jakllsch UINT32 CheckSum; 175 1.1 jakllsch UINT16 Subsystem; 176 1.1 jakllsch UINT16 DllCharacteristics; 177 1.1 jakllsch UINT64 SizeOfStackReserve; 178 1.1 jakllsch UINT64 SizeOfStackCommit; 179 1.1 jakllsch UINT64 SizeOfHeapReserve; 180 1.1 jakllsch UINT64 SizeOfHeapCommit; 181 1.1 jakllsch UINT32 LoaderFlags; 182 1.1 jakllsch UINT32 NumberOfRvaAndSizes; 183 1.1 jakllsch IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 184 1.1 jakllsch } IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; 185 1.1 jakllsch 186 1.1 jakllsch 187 1.1 jakllsch #define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56 188 1.1 jakllsch #define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28 189 1.1 jakllsch #define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224 190 1.1 jakllsch #define IMAGE_SIZEOF_NT_OPTIONAL64_HEADER 244 191 1.1 jakllsch 192 1.1 jakllsch #define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b 193 1.1 jakllsch #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b 194 1.1 jakllsch #define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 195 1.1 jakllsch 196 1.1 jakllsch typedef struct _IMAGE_NT_HEADERS { 197 1.1 jakllsch UINT32 Signature; 198 1.1 jakllsch IMAGE_FILE_HEADER FileHeader; 199 1.1 jakllsch IMAGE_OPTIONAL_HEADER OptionalHeader; 200 1.1 jakllsch } IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS; 201 1.1 jakllsch 202 1.1 jakllsch typedef struct _IMAGE_ROM_HEADERS { 203 1.1 jakllsch IMAGE_FILE_HEADER FileHeader; 204 1.1 jakllsch IMAGE_ROM_OPTIONAL_HEADER OptionalHeader; 205 1.1 jakllsch } IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS; 206 1.1 jakllsch 207 1.1 jakllsch #define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ 208 1.1 jakllsch ((UINT32)ntheader + \ 209 1.1 jakllsch FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \ 210 1.1 jakllsch ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \ 211 1.1 jakllsch )) 212 1.1 jakllsch 213 1.1 jakllsch 214 1.1 jakllsch // Subsystem Values 215 1.1 jakllsch 216 1.1 jakllsch #define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. 217 1.1 jakllsch #define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. 218 1.1 jakllsch #define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. 219 1.1 jakllsch #define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. 220 1.1 jakllsch #define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. 221 1.1 jakllsch #define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem. 222 1.1 jakllsch 223 1.1 jakllsch 224 1.1 jakllsch // Directory Entries 225 1.1 jakllsch 226 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory 227 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory 228 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory 229 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory 230 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory 231 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table 232 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory 233 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String 234 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) 235 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory 236 1.1 jakllsch #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory 237 1.1 jakllsch 238 1.1 jakllsch // 239 1.1 jakllsch // Section header format. 240 1.1 jakllsch // 241 1.1 jakllsch 242 1.1 jakllsch #define IMAGE_SIZEOF_SHORT_NAME 8 243 1.1 jakllsch 244 1.1 jakllsch typedef struct _IMAGE_SECTION_HEADER { 245 1.1 jakllsch UINT8 Name[IMAGE_SIZEOF_SHORT_NAME]; 246 1.1 jakllsch union { 247 1.1 jakllsch UINT32 PhysicalAddress; 248 1.1 jakllsch UINT32 VirtualSize; 249 1.1 jakllsch } Misc; 250 1.1 jakllsch UINT32 VirtualAddress; 251 1.1 jakllsch UINT32 SizeOfRawData; 252 1.1 jakllsch UINT32 PointerToRawData; 253 1.1 jakllsch UINT32 PointerToRelocations; 254 1.1 jakllsch UINT32 PointerToLinenumbers; 255 1.1 jakllsch UINT16 NumberOfRelocations; 256 1.1 jakllsch UINT16 NumberOfLinenumbers; 257 1.1 jakllsch UINT32 Characteristics; 258 1.1 jakllsch } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; 259 1.1 jakllsch 260 1.1 jakllsch #define IMAGE_SIZEOF_SECTION_HEADER 40 261 1.1 jakllsch 262 1.1 jakllsch #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. 263 1.1 jakllsch 264 1.1 jakllsch #define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. 265 1.1 jakllsch #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. 266 1.1 jakllsch #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. 267 1.1 jakllsch 268 1.1 jakllsch #define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. 269 1.1 jakllsch #define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. 270 1.1 jakllsch #define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. 271 1.1 jakllsch #define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. 272 1.1 jakllsch 273 1.1 jakllsch #define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // 274 1.1 jakllsch #define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // 275 1.1 jakllsch #define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // 276 1.1 jakllsch #define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // 277 1.1 jakllsch #define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified. 278 1.1 jakllsch #define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // 279 1.1 jakllsch #define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // 280 1.1 jakllsch 281 1.1 jakllsch #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. 282 1.1 jakllsch #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. 283 1.1 jakllsch #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. 284 1.1 jakllsch #define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. 285 1.1 jakllsch #define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. 286 1.1 jakllsch #define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. 287 1.1 jakllsch #define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. 288 1.1 jakllsch 289 1.1 jakllsch // 290 1.1 jakllsch // Symbol format. 291 1.1 jakllsch // 292 1.1 jakllsch 293 1.1 jakllsch 294 1.1 jakllsch #define IMAGE_SIZEOF_SYMBOL 18 295 1.1 jakllsch 296 1.1 jakllsch // 297 1.1 jakllsch // Section values. 298 1.1 jakllsch // 299 1.1 jakllsch // Symbols have a section number of the section in which they are 300 1.1 jakllsch // defined. Otherwise, section numbers have the following meanings: 301 1.1 jakllsch // 302 1.1 jakllsch 303 1.1 jakllsch #define IMAGE_SYM_UNDEFINED (UINT16)0 // Symbol is undefined or is common. 304 1.1 jakllsch #define IMAGE_SYM_ABSOLUTE (UINT16)-1 // Symbol is an absolute value. 305 1.1 jakllsch #define IMAGE_SYM_DEBUG (UINT16)-2 // Symbol is a special debug item. 306 1.1 jakllsch 307 1.1 jakllsch // 308 1.1 jakllsch // Type (fundamental) values. 309 1.1 jakllsch // 310 1.1 jakllsch 311 1.1 jakllsch #define IMAGE_SYM_TYPE_NULL 0 // no type. 312 1.1 jakllsch #define IMAGE_SYM_TYPE_VOID 1 // 313 1.1 jakllsch #define IMAGE_SYM_TYPE_CHAR 2 // type character. 314 1.1 jakllsch #define IMAGE_SYM_TYPE_SHORT 3 // type short integer. 315 1.1 jakllsch #define IMAGE_SYM_TYPE_INT 4 // 316 1.1 jakllsch #define IMAGE_SYM_TYPE_LONG 5 // 317 1.1 jakllsch #define IMAGE_SYM_TYPE_FLOAT 6 // 318 1.1 jakllsch #define IMAGE_SYM_TYPE_DOUBLE 7 // 319 1.1 jakllsch #define IMAGE_SYM_TYPE_STRUCT 8 // 320 1.1 jakllsch #define IMAGE_SYM_TYPE_UNION 9 // 321 1.1 jakllsch #define IMAGE_SYM_TYPE_ENUM 10 // enumeration. 322 1.1 jakllsch #define IMAGE_SYM_TYPE_MOE 11 // member of enumeration. 323 1.1 jakllsch #define IMAGE_SYM_TYPE_BYTE 12 // 324 1.1 jakllsch #define IMAGE_SYM_TYPE_WORD 13 // 325 1.1 jakllsch #define IMAGE_SYM_TYPE_UINT 14 // 326 1.1 jakllsch #define IMAGE_SYM_TYPE_DWORD 15 // 327 1.1 jakllsch 328 1.1 jakllsch // 329 1.1 jakllsch // Type (derived) values. 330 1.1 jakllsch // 331 1.1 jakllsch 332 1.1 jakllsch #define IMAGE_SYM_DTYPE_NULL 0 // no derived type. 333 1.1 jakllsch #define IMAGE_SYM_DTYPE_POINTER 1 // pointer. 334 1.1 jakllsch #define IMAGE_SYM_DTYPE_FUNCTION 2 // function. 335 1.1 jakllsch #define IMAGE_SYM_DTYPE_ARRAY 3 // array. 336 1.1 jakllsch 337 1.1 jakllsch // 338 1.1 jakllsch // Storage classes. 339 1.1 jakllsch // 340 1.1 jakllsch 341 1.1 jakllsch #define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1 342 1.1 jakllsch #define IMAGE_SYM_CLASS_NULL 0 343 1.1 jakllsch #define IMAGE_SYM_CLASS_AUTOMATIC 1 344 1.1 jakllsch #define IMAGE_SYM_CLASS_EXTERNAL 2 345 1.1 jakllsch #define IMAGE_SYM_CLASS_STATIC 3 346 1.1 jakllsch #define IMAGE_SYM_CLASS_REGISTER 4 347 1.1 jakllsch #define IMAGE_SYM_CLASS_EXTERNAL_DEF 5 348 1.1 jakllsch #define IMAGE_SYM_CLASS_LABEL 6 349 1.1 jakllsch #define IMAGE_SYM_CLASS_UNDEFINED_LABEL 7 350 1.1 jakllsch #define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 8 351 1.1 jakllsch #define IMAGE_SYM_CLASS_ARGUMENT 9 352 1.1 jakllsch #define IMAGE_SYM_CLASS_STRUCT_TAG 10 353 1.1 jakllsch #define IMAGE_SYM_CLASS_MEMBER_OF_UNION 11 354 1.1 jakllsch #define IMAGE_SYM_CLASS_UNION_TAG 12 355 1.1 jakllsch #define IMAGE_SYM_CLASS_TYPE_DEFINITION 13 356 1.1 jakllsch #define IMAGE_SYM_CLASS_UNDEFINED_STATIC 14 357 1.1 jakllsch #define IMAGE_SYM_CLASS_ENUM_TAG 15 358 1.1 jakllsch #define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 16 359 1.1 jakllsch #define IMAGE_SYM_CLASS_REGISTER_PARAM 17 360 1.1 jakllsch #define IMAGE_SYM_CLASS_BIT_FIELD 18 361 1.1 jakllsch #define IMAGE_SYM_CLASS_BLOCK 100 362 1.1 jakllsch #define IMAGE_SYM_CLASS_FUNCTION 101 363 1.1 jakllsch #define IMAGE_SYM_CLASS_END_OF_STRUCT 102 364 1.1 jakllsch #define IMAGE_SYM_CLASS_FILE 103 365 1.1 jakllsch // new 366 1.1 jakllsch #define IMAGE_SYM_CLASS_SECTION 104 367 1.1 jakllsch #define IMAGE_SYM_CLASS_WEAK_EXTERNAL 105 368 1.1 jakllsch 369 1.1 jakllsch // type packing constants 370 1.1 jakllsch 371 1.1 jakllsch #define N_BTMASK 017 372 1.1 jakllsch #define N_TMASK 060 373 1.1 jakllsch #define N_TMASK1 0300 374 1.1 jakllsch #define N_TMASK2 0360 375 1.1 jakllsch #define N_BTSHFT 4 376 1.1 jakllsch #define N_TSHIFT 2 377 1.1 jakllsch 378 1.1 jakllsch // MACROS 379 1.1 jakllsch 380 1.1 jakllsch // 381 1.1 jakllsch // Communal selection types. 382 1.1 jakllsch // 383 1.1 jakllsch 384 1.1 jakllsch #define IMAGE_COMDAT_SELECT_NODUPLICATES 1 385 1.1 jakllsch #define IMAGE_COMDAT_SELECT_ANY 2 386 1.1 jakllsch #define IMAGE_COMDAT_SELECT_SAME_SIZE 3 387 1.1 jakllsch #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 388 1.1 jakllsch #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 389 1.1 jakllsch 390 1.1 jakllsch #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 391 1.1 jakllsch #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 392 1.1 jakllsch #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 393 1.1 jakllsch 394 1.1 jakllsch 395 1.1 jakllsch // 396 1.1 jakllsch // Relocation format. 397 1.1 jakllsch // 398 1.1 jakllsch 399 1.1 jakllsch typedef struct _IMAGE_RELOCATION { 400 1.1 jakllsch UINT32 VirtualAddress; 401 1.1 jakllsch UINT32 SymbolTableIndex; 402 1.1 jakllsch UINT16 Type; 403 1.1 jakllsch } IMAGE_RELOCATION; 404 1.1 jakllsch 405 1.1 jakllsch #define IMAGE_SIZEOF_RELOCATION 10 406 1.1 jakllsch 407 1.1 jakllsch // 408 1.1 jakllsch // I386 relocation types. 409 1.1 jakllsch // 410 1.1 jakllsch 411 1.1 jakllsch #define IMAGE_REL_I386_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 412 1.1 jakllsch #define IMAGE_REL_I386_DIR16 01 // Direct 16-bit reference to the symbols virtual address 413 1.1 jakllsch #define IMAGE_REL_I386_REL16 02 // PC-relative 16-bit reference to the symbols virtual address 414 1.1 jakllsch #define IMAGE_REL_I386_DIR32 06 // Direct 32-bit reference to the symbols virtual address 415 1.1 jakllsch #define IMAGE_REL_I386_DIR32NB 07 // Direct 32-bit reference to the symbols virtual address, base not included 416 1.1 jakllsch #define IMAGE_REL_I386_SEG12 011 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 417 1.1 jakllsch #define IMAGE_REL_I386_SECTION 012 418 1.1 jakllsch #define IMAGE_REL_I386_SECREL 013 419 1.1 jakllsch #define IMAGE_REL_I386_REL32 024 // PC-relative 32-bit reference to the symbols virtual address 420 1.1 jakllsch 421 1.1 jakllsch // 422 1.1 jakllsch // MIPS relocation types. 423 1.1 jakllsch // 424 1.1 jakllsch 425 1.1 jakllsch #define IMAGE_REL_MIPS_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 426 1.1 jakllsch #define IMAGE_REL_MIPS_REFHALF 01 427 1.1 jakllsch #define IMAGE_REL_MIPS_REFWORD 02 428 1.1 jakllsch #define IMAGE_REL_MIPS_JMPADDR 03 429 1.1 jakllsch #define IMAGE_REL_MIPS_REFHI 04 430 1.1 jakllsch #define IMAGE_REL_MIPS_REFLO 05 431 1.1 jakllsch #define IMAGE_REL_MIPS_GPREL 06 432 1.1 jakllsch #define IMAGE_REL_MIPS_LITERAL 07 433 1.1 jakllsch #define IMAGE_REL_MIPS_SECTION 012 434 1.1 jakllsch #define IMAGE_REL_MIPS_SECREL 013 435 1.1 jakllsch #define IMAGE_REL_MIPS_REFWORDNB 042 436 1.1 jakllsch #define IMAGE_REL_MIPS_PAIR 045 437 1.1 jakllsch 438 1.1 jakllsch // 439 1.1 jakllsch // Alpha Relocation types. 440 1.1 jakllsch // 441 1.1 jakllsch 442 1.1 jakllsch #define IMAGE_REL_ALPHA_ABSOLUTE 0x0 443 1.1 jakllsch #define IMAGE_REL_ALPHA_REFLONG 0x1 444 1.1 jakllsch #define IMAGE_REL_ALPHA_REFQUAD 0x2 445 1.1 jakllsch #define IMAGE_REL_ALPHA_GPREL32 0x3 446 1.1 jakllsch #define IMAGE_REL_ALPHA_LITERAL 0x4 447 1.1 jakllsch #define IMAGE_REL_ALPHA_LITUSE 0x5 448 1.1 jakllsch #define IMAGE_REL_ALPHA_GPDISP 0x6 449 1.1 jakllsch #define IMAGE_REL_ALPHA_BRADDR 0x7 450 1.1 jakllsch #define IMAGE_REL_ALPHA_HINT 0x8 451 1.1 jakllsch #define IMAGE_REL_ALPHA_INLINE_REFLONG 0x9 452 1.1 jakllsch #define IMAGE_REL_ALPHA_REFHI 0xA 453 1.1 jakllsch #define IMAGE_REL_ALPHA_REFLO 0xB 454 1.1 jakllsch #define IMAGE_REL_ALPHA_PAIR 0xC 455 1.1 jakllsch #define IMAGE_REL_ALPHA_MATCH 0xD 456 1.1 jakllsch #define IMAGE_REL_ALPHA_SECTION 0xE 457 1.1 jakllsch #define IMAGE_REL_ALPHA_SECREL 0xF 458 1.1 jakllsch #define IMAGE_REL_ALPHA_REFLONGNB 0x10 459 1.1 jakllsch 460 1.1 jakllsch // 461 1.1 jakllsch // IBM PowerPC relocation types. 462 1.1 jakllsch // 463 1.1 jakllsch 464 1.1 jakllsch #define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP 465 1.1 jakllsch #define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address 466 1.1 jakllsch #define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address 467 1.1 jakllsch #define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) 468 1.1 jakllsch #define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address 469 1.1 jakllsch #define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) 470 1.1 jakllsch #define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) 471 1.1 jakllsch #define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) 472 1.1 jakllsch #define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base 473 1.1 jakllsch #define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) 474 1.1 jakllsch 475 1.1 jakllsch #define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base 476 1.1 jakllsch #define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) 477 1.1 jakllsch #define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number 478 1.1 jakllsch #define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code 479 1.1 jakllsch #define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction 480 1.1 jakllsch 481 1.1 jakllsch #define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type 482 1.1 jakllsch 483 1.1 jakllsch // Flag bits in IMAGE_RELOCATION.TYPE 484 1.1 jakllsch 485 1.1 jakllsch #define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it 486 1.1 jakllsch #define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken 487 1.1 jakllsch #define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken 488 1.1 jakllsch #define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) 489 1.1 jakllsch 490 1.1 jakllsch // 491 1.1 jakllsch // Based relocation format. 492 1.1 jakllsch // 493 1.1 jakllsch 494 1.1 jakllsch typedef struct _IMAGE_BASE_RELOCATION { 495 1.1 jakllsch UINT32 VirtualAddress; 496 1.1 jakllsch UINT32 SizeOfBlock; 497 1.1 jakllsch // UINT16 TypeOffset[1]; 498 1.1 jakllsch } IMAGE_BASE_RELOCATION, *PIMAGE_BASE_RELOCATION; 499 1.1 jakllsch 500 1.1 jakllsch #define IMAGE_SIZEOF_BASE_RELOCATION 8 501 1.1 jakllsch 502 1.1 jakllsch // 503 1.1 jakllsch // Based relocation types. 504 1.1 jakllsch // 505 1.1 jakllsch 506 1.1 jakllsch #define IMAGE_REL_BASED_ABSOLUTE 0 507 1.1 jakllsch #define IMAGE_REL_BASED_HIGH 1 508 1.1 jakllsch #define IMAGE_REL_BASED_LOW 2 509 1.1 jakllsch #define IMAGE_REL_BASED_HIGHLOW 3 510 1.1 jakllsch #define IMAGE_REL_BASED_HIGHADJ 4 511 1.1 jakllsch #define IMAGE_REL_BASED_MIPS_JMPADDR 5 512 1.1 jakllsch #define IMAGE_REL_BASED_IA64_IMM64 9 513 1.1 jakllsch #define IMAGE_REL_BASED_DIR64 10 514 1.1 jakllsch 515 1.1 jakllsch // 516 1.1 jakllsch // Line number format. 517 1.1 jakllsch // 518 1.1 jakllsch 519 1.1 jakllsch typedef struct _IMAGE_LINENUMBER { 520 1.1 jakllsch union { 521 1.1 jakllsch UINT32 SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. 522 1.1 jakllsch UINT32 VirtualAddress; // Virtual address of line number. 523 1.1 jakllsch } Type; 524 1.1 jakllsch UINT16 Linenumber; // Line number. 525 1.1 jakllsch } IMAGE_LINENUMBER; 526 1.1 jakllsch 527 1.1 jakllsch #define IMAGE_SIZEOF_LINENUMBER 6 528 1.1 jakllsch 529 1.1 jakllsch // 530 1.1 jakllsch // Archive format. 531 1.1 jakllsch // 532 1.1 jakllsch 533 1.1 jakllsch #define IMAGE_ARCHIVE_START_SIZE 8 534 1.1 jakllsch #define IMAGE_ARCHIVE_START "!<arch>\n" 535 1.1 jakllsch #define IMAGE_ARCHIVE_END "`\n" 536 1.1 jakllsch #define IMAGE_ARCHIVE_PAD "\n" 537 1.1 jakllsch #define IMAGE_ARCHIVE_LINKER_MEMBER "/ " 538 1.1 jakllsch #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " 539 1.1 jakllsch 540 1.1 jakllsch typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { 541 1.1 jakllsch UINT8 Name[16]; // File member name - `/' terminated. 542 1.1 jakllsch UINT8 Date[12]; // File member date - decimal. 543 1.1 jakllsch UINT8 UserID[6]; // File member user id - decimal. 544 1.1 jakllsch UINT8 GroupID[6]; // File member group id - decimal. 545 1.1 jakllsch UINT8 Mode[8]; // File member mode - octal. 546 1.1 jakllsch UINT8 Size[10]; // File member size - decimal. 547 1.1 jakllsch UINT8 EndHeader[2]; // String to end header. 548 1.1 jakllsch } IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; 549 1.1 jakllsch 550 1.1 jakllsch #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 551 1.1 jakllsch 552 1.1 jakllsch // 553 1.1 jakllsch // DLL support. 554 1.1 jakllsch // 555 1.1 jakllsch 556 1.1 jakllsch // 557 1.1 jakllsch // Export Format 558 1.1 jakllsch // 559 1.1 jakllsch 560 1.1 jakllsch typedef struct _IMAGE_EXPORT_DIRECTORY { 561 1.1 jakllsch UINT32 Characteristics; 562 1.1 jakllsch UINT32 TimeDateStamp; 563 1.1 jakllsch UINT16 MajorVersion; 564 1.1 jakllsch UINT16 MinorVersion; 565 1.1 jakllsch UINT32 Name; 566 1.1 jakllsch UINT32 Base; 567 1.1 jakllsch UINT32 NumberOfFunctions; 568 1.1 jakllsch UINT32 NumberOfNames; 569 1.1 jakllsch UINT32 AddressOfFunctions; 570 1.1 jakllsch UINT32 AddressOfNames; 571 1.1 jakllsch UINT32 AddressOfNameOrdinals; 572 1.1 jakllsch } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; 573 1.1 jakllsch 574 1.1 jakllsch // 575 1.1 jakllsch // Import Format 576 1.1 jakllsch // 577 1.1 jakllsch 578 1.1 jakllsch typedef struct _IMAGE_IMPORT_BY_NAME { 579 1.1 jakllsch UINT16 Hint; 580 1.1 jakllsch UINT8 Name[1]; 581 1.1 jakllsch } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; 582 1.1 jakllsch 583 1.1 jakllsch typedef struct _IMAGE_THUNK_DATA { 584 1.1 jakllsch union { 585 1.1 jakllsch UINT32 Function; 586 1.1 jakllsch UINT32 Ordinal; 587 1.1 jakllsch PIMAGE_IMPORT_BY_NAME AddressOfData; 588 1.1 jakllsch } u1; 589 1.1 jakllsch } IMAGE_THUNK_DATA, *PIMAGE_THUNK_DATA; 590 1.1 jakllsch 591 1.1 jakllsch #define IMAGE_ORDINAL_FLAG 0x80000000 592 1.1 jakllsch #define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0) 593 1.1 jakllsch #define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff) 594 1.1 jakllsch 595 1.1 jakllsch typedef struct _IMAGE_IMPORT_DESCRIPTOR { 596 1.1 jakllsch UINT32 Characteristics; 597 1.1 jakllsch UINT32 TimeDateStamp; 598 1.1 jakllsch UINT32 ForwarderChain; 599 1.1 jakllsch UINT32 Name; 600 1.1 jakllsch PIMAGE_THUNK_DATA FirstThunk; 601 1.1 jakllsch } IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; 602 1.1 jakllsch 603 1.1 jakllsch #endif 604
Indexes created Tue Sep 30 11:09:46 GMT 2025