1*530d68baSNigel Croxon /* 2*530d68baSNigel Croxon PE32+ header file 3*530d68baSNigel Croxon */ 4*530d68baSNigel Croxon #ifndef _PE_H 5*530d68baSNigel Croxon #define _PE_H 6*530d68baSNigel Croxon 7*530d68baSNigel Croxon #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ 8*530d68baSNigel Croxon #define IMAGE_OS2_SIGNATURE 0x454E // NE 9*530d68baSNigel Croxon #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE 10*530d68baSNigel Croxon #define IMAGE_NT_SIGNATURE 0x00004550 // PE00 11*530d68baSNigel Croxon #define IMAGE_EDOS_SIGNATURE 0x44454550 // PEED 12*530d68baSNigel Croxon 13*530d68baSNigel Croxon 14*530d68baSNigel Croxon typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header 15*530d68baSNigel Croxon UINT16 e_magic; // Magic number 16*530d68baSNigel Croxon UINT16 e_cblp; // Bytes on last page of file 17*530d68baSNigel Croxon UINT16 e_cp; // Pages in file 18*530d68baSNigel Croxon UINT16 e_crlc; // Relocations 19*530d68baSNigel Croxon UINT16 e_cparhdr; // Size of header in paragraphs 20*530d68baSNigel Croxon UINT16 e_minalloc; // Minimum extra paragraphs needed 21*530d68baSNigel Croxon UINT16 e_maxalloc; // Maximum extra paragraphs needed 22*530d68baSNigel Croxon UINT16 e_ss; // Initial (relative) SS value 23*530d68baSNigel Croxon UINT16 e_sp; // Initial SP value 24*530d68baSNigel Croxon UINT16 e_csum; // Checksum 25*530d68baSNigel Croxon UINT16 e_ip; // Initial IP value 26*530d68baSNigel Croxon UINT16 e_cs; // Initial (relative) CS value 27*530d68baSNigel Croxon UINT16 e_lfarlc; // File address of relocation table 28*530d68baSNigel Croxon UINT16 e_ovno; // Overlay number 29*530d68baSNigel Croxon UINT16 e_res[4]; // Reserved words 30*530d68baSNigel Croxon UINT16 e_oemid; // OEM identifier (for e_oeminfo) 31*530d68baSNigel Croxon UINT16 e_oeminfo; // OEM information; e_oemid specific 32*530d68baSNigel Croxon UINT16 e_res2[10]; // Reserved words 33*530d68baSNigel Croxon UINT32 e_lfanew; // File address of new exe header 34*530d68baSNigel Croxon } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; 35*530d68baSNigel Croxon 36*530d68baSNigel Croxon typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header 37*530d68baSNigel Croxon UINT16 ne_magic; // Magic number 38*530d68baSNigel Croxon UINT8 ne_ver; // Version number 39*530d68baSNigel Croxon UINT8 ne_rev; // Revision number 40*530d68baSNigel Croxon UINT16 ne_enttab; // Offset of Entry Table 41*530d68baSNigel Croxon UINT16 ne_cbenttab; // Number of bytes in Entry Table 42*530d68baSNigel Croxon UINT32 ne_crc; // Checksum of whole file 43*530d68baSNigel Croxon UINT16 ne_flags; // Flag UINT16 44*530d68baSNigel Croxon UINT16 ne_autodata; // Automatic data segment number 45*530d68baSNigel Croxon UINT16 ne_heap; // Initial heap allocation 46*530d68baSNigel Croxon UINT16 ne_stack; // Initial stack allocation 47*530d68baSNigel Croxon UINT32 ne_csip; // Initial CS:IP setting 48*530d68baSNigel Croxon UINT32 ne_sssp; // Initial SS:SP setting 49*530d68baSNigel Croxon UINT16 ne_cseg; // Count of file segments 50*530d68baSNigel Croxon UINT16 ne_cmod; // Entries in Module Reference Table 51*530d68baSNigel Croxon UINT16 ne_cbnrestab; // Size of non-resident name table 52*530d68baSNigel Croxon UINT16 ne_segtab; // Offset of Segment Table 53*530d68baSNigel Croxon UINT16 ne_rsrctab; // Offset of Resource Table 54*530d68baSNigel Croxon UINT16 ne_restab; // Offset of resident name table 55*530d68baSNigel Croxon UINT16 ne_modtab; // Offset of Module Reference Table 56*530d68baSNigel Croxon UINT16 ne_imptab; // Offset of Imported Names Table 57*530d68baSNigel Croxon UINT32 ne_nrestab; // Offset of Non-resident Names Table 58*530d68baSNigel Croxon UINT16 ne_cmovent; // Count of movable entries 59*530d68baSNigel Croxon UINT16 ne_align; // Segment alignment shift count 60*530d68baSNigel Croxon UINT16 ne_cres; // Count of resource segments 61*530d68baSNigel Croxon UINT8 ne_exetyp; // Target Operating system 62*530d68baSNigel Croxon UINT8 ne_flagsothers; // Other .EXE flags 63*530d68baSNigel Croxon UINT16 ne_pretthunks; // offset to return thunks 64*530d68baSNigel Croxon UINT16 ne_psegrefbytes; // offset to segment ref. bytes 65*530d68baSNigel Croxon UINT16 ne_swaparea; // Minimum code swap area size 66*530d68baSNigel Croxon UINT16 ne_expver; // Expected Windows version number 67*530d68baSNigel Croxon } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER; 68*530d68baSNigel Croxon 69*530d68baSNigel Croxon // 70*530d68baSNigel Croxon // File header format. 71*530d68baSNigel Croxon // 72*530d68baSNigel Croxon 73*530d68baSNigel Croxon typedef struct _IMAGE_FILE_HEADER { 74*530d68baSNigel Croxon UINT16 Machine; 75*530d68baSNigel Croxon UINT16 NumberOfSections; 76*530d68baSNigel Croxon UINT32 TimeDateStamp; 77*530d68baSNigel Croxon UINT32 PointerToSymbolTable; 78*530d68baSNigel Croxon UINT32 NumberOfSymbols; 79*530d68baSNigel Croxon UINT16 SizeOfOptionalHeader; 80*530d68baSNigel Croxon UINT16 Characteristics; 81*530d68baSNigel Croxon } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 82*530d68baSNigel Croxon 83*530d68baSNigel Croxon #define IMAGE_SIZEOF_FILE_HEADER 20 84*530d68baSNigel Croxon 85*530d68baSNigel Croxon #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. 86*530d68baSNigel Croxon #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). 87*530d68baSNigel Croxon #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. 88*530d68baSNigel Croxon #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. 89*530d68baSNigel Croxon #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. 90*530d68baSNigel Croxon #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. 91*530d68baSNigel Croxon #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file 92*530d68baSNigel Croxon #define IMAGE_FILE_SYSTEM 0x1000 // System File. 93*530d68baSNigel Croxon #define IMAGE_FILE_DLL 0x2000 // File is a DLL. 94*530d68baSNigel Croxon #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. 95*530d68baSNigel Croxon 96*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_UNKNOWN 0 97*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. 98*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0540 big-endian 99*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian 100*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP 101*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x1c2 // Arm/Thumb 102*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian 103*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_IA64 0x200 // IA-64 104*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_TAHOE 0x7cc // Intel EM machine 105*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_EBC 0xebc // EFI Byte Code 106*530d68baSNigel Croxon #define IMAGE_FILE_MACHINE_X64 0x8664 // x86_64 107*530d68baSNigel Croxon // 108*530d68baSNigel Croxon // Directory format. 109*530d68baSNigel Croxon // 110*530d68baSNigel Croxon 111*530d68baSNigel Croxon typedef struct _IMAGE_DATA_DIRECTORY { 112*530d68baSNigel Croxon UINT32 VirtualAddress; 113*530d68baSNigel Croxon UINT32 Size; 114*530d68baSNigel Croxon } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; 115*530d68baSNigel Croxon 116*530d68baSNigel Croxon #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 117*530d68baSNigel Croxon 118*530d68baSNigel Croxon // 119*530d68baSNigel Croxon // Optional header format. 120*530d68baSNigel Croxon // 121*530d68baSNigel Croxon 122*530d68baSNigel Croxon typedef struct _IMAGE_OPTIONAL_HEADER { 123*530d68baSNigel Croxon // 124*530d68baSNigel Croxon // Standard fields. 125*530d68baSNigel Croxon // 126*530d68baSNigel Croxon 127*530d68baSNigel Croxon UINT16 Magic; 128*530d68baSNigel Croxon UINT8 MajorLinkerVersion; 129*530d68baSNigel Croxon UINT8 MinorLinkerVersion; 130*530d68baSNigel Croxon UINT32 SizeOfCode; 131*530d68baSNigel Croxon UINT32 SizeOfInitializedData; 132*530d68baSNigel Croxon UINT32 SizeOfUninitializedData; 133*530d68baSNigel Croxon UINT32 AddressOfEntryPoint; 134*530d68baSNigel Croxon UINT32 BaseOfCode; 135*530d68baSNigel Croxon UINT32 BaseOfData; 136*530d68baSNigel Croxon 137*530d68baSNigel Croxon // 138*530d68baSNigel Croxon // NT additional fields. 139*530d68baSNigel Croxon // 140*530d68baSNigel Croxon 141*530d68baSNigel Croxon UINT32 ImageBase; 142*530d68baSNigel Croxon UINT32 SectionAlignment; 143*530d68baSNigel Croxon UINT32 FileAlignment; 144*530d68baSNigel Croxon UINT16 MajorOperatingSystemVersion; 145*530d68baSNigel Croxon UINT16 MinorOperatingSystemVersion; 146*530d68baSNigel Croxon UINT16 MajorImageVersion; 147*530d68baSNigel Croxon UINT16 MinorImageVersion; 148*530d68baSNigel Croxon UINT16 MajorSubsystemVersion; 149*530d68baSNigel Croxon UINT16 MinorSubsystemVersion; 150*530d68baSNigel Croxon UINT32 Reserved1; 151*530d68baSNigel Croxon UINT32 SizeOfImage; 152*530d68baSNigel Croxon UINT32 SizeOfHeaders; 153*530d68baSNigel Croxon UINT32 CheckSum; 154*530d68baSNigel Croxon UINT16 Subsystem; 155*530d68baSNigel Croxon UINT16 DllCharacteristics; 156*530d68baSNigel Croxon UINT32 SizeOfStackReserve; 157*530d68baSNigel Croxon UINT32 SizeOfStackCommit; 158*530d68baSNigel Croxon UINT32 SizeOfHeapReserve; 159*530d68baSNigel Croxon UINT32 SizeOfHeapCommit; 160*530d68baSNigel Croxon UINT32 LoaderFlags; 161*530d68baSNigel Croxon UINT32 NumberOfRvaAndSizes; 162*530d68baSNigel Croxon IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 163*530d68baSNigel Croxon } IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; 164*530d68baSNigel Croxon 165*530d68baSNigel Croxon typedef struct _IMAGE_ROM_OPTIONAL_HEADER { 166*530d68baSNigel Croxon UINT16 Magic; 167*530d68baSNigel Croxon UINT8 MajorLinkerVersion; 168*530d68baSNigel Croxon UINT8 MinorLinkerVersion; 169*530d68baSNigel Croxon UINT32 SizeOfCode; 170*530d68baSNigel Croxon UINT32 SizeOfInitializedData; 171*530d68baSNigel Croxon UINT32 SizeOfUninitializedData; 172*530d68baSNigel Croxon UINT32 AddressOfEntryPoint; 173*530d68baSNigel Croxon UINT32 BaseOfCode; 174*530d68baSNigel Croxon UINT32 BaseOfData; 175*530d68baSNigel Croxon UINT32 BaseOfBss; 176*530d68baSNigel Croxon UINT32 GprMask; 177*530d68baSNigel Croxon UINT32 CprMask[4]; 178*530d68baSNigel Croxon UINT32 GpValue; 179*530d68baSNigel Croxon } IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER; 180*530d68baSNigel Croxon 181*530d68baSNigel Croxon #define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56 182*530d68baSNigel Croxon #define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28 183*530d68baSNigel Croxon #define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224 184*530d68baSNigel Croxon 185*530d68baSNigel Croxon #define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b 186*530d68baSNigel Croxon #define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 187*530d68baSNigel Croxon 188*530d68baSNigel Croxon typedef struct _IMAGE_NT_HEADERS { 189*530d68baSNigel Croxon UINT32 Signature; 190*530d68baSNigel Croxon IMAGE_FILE_HEADER FileHeader; 191*530d68baSNigel Croxon IMAGE_OPTIONAL_HEADER OptionalHeader; 192*530d68baSNigel Croxon } IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS; 193*530d68baSNigel Croxon 194*530d68baSNigel Croxon typedef struct _IMAGE_ROM_HEADERS { 195*530d68baSNigel Croxon IMAGE_FILE_HEADER FileHeader; 196*530d68baSNigel Croxon IMAGE_ROM_OPTIONAL_HEADER OptionalHeader; 197*530d68baSNigel Croxon } IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS; 198*530d68baSNigel Croxon 199*530d68baSNigel Croxon #define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ 200*530d68baSNigel Croxon ((UINT32)ntheader + \ 201*530d68baSNigel Croxon FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \ 202*530d68baSNigel Croxon ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \ 203*530d68baSNigel Croxon )) 204*530d68baSNigel Croxon 205*530d68baSNigel Croxon 206*530d68baSNigel Croxon // Subsystem Values 207*530d68baSNigel Croxon 208*530d68baSNigel Croxon #define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. 209*530d68baSNigel Croxon #define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. 210*530d68baSNigel Croxon #define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. 211*530d68baSNigel Croxon #define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. 212*530d68baSNigel Croxon #define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. 213*530d68baSNigel Croxon #define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem. 214*530d68baSNigel Croxon 215*530d68baSNigel Croxon 216*530d68baSNigel Croxon // Directory Entries 217*530d68baSNigel Croxon 218*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory 219*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory 220*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory 221*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory 222*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory 223*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table 224*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory 225*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String 226*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) 227*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory 228*530d68baSNigel Croxon #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory 229*530d68baSNigel Croxon 230*530d68baSNigel Croxon // 231*530d68baSNigel Croxon // Section header format. 232*530d68baSNigel Croxon // 233*530d68baSNigel Croxon 234*530d68baSNigel Croxon #define IMAGE_SIZEOF_SHORT_NAME 8 235*530d68baSNigel Croxon 236*530d68baSNigel Croxon typedef struct _IMAGE_SECTION_HEADER { 237*530d68baSNigel Croxon UINT8 Name[IMAGE_SIZEOF_SHORT_NAME]; 238*530d68baSNigel Croxon union { 239*530d68baSNigel Croxon UINT32 PhysicalAddress; 240*530d68baSNigel Croxon UINT32 VirtualSize; 241*530d68baSNigel Croxon } Misc; 242*530d68baSNigel Croxon UINT32 VirtualAddress; 243*530d68baSNigel Croxon UINT32 SizeOfRawData; 244*530d68baSNigel Croxon UINT32 PointerToRawData; 245*530d68baSNigel Croxon UINT32 PointerToRelocations; 246*530d68baSNigel Croxon UINT32 PointerToLinenumbers; 247*530d68baSNigel Croxon UINT16 NumberOfRelocations; 248*530d68baSNigel Croxon UINT16 NumberOfLinenumbers; 249*530d68baSNigel Croxon UINT32 Characteristics; 250*530d68baSNigel Croxon } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; 251*530d68baSNigel Croxon 252*530d68baSNigel Croxon #define IMAGE_SIZEOF_SECTION_HEADER 40 253*530d68baSNigel Croxon 254*530d68baSNigel Croxon #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. 255*530d68baSNigel Croxon 256*530d68baSNigel Croxon #define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. 257*530d68baSNigel Croxon #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. 258*530d68baSNigel Croxon #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. 259*530d68baSNigel Croxon 260*530d68baSNigel Croxon #define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. 261*530d68baSNigel Croxon #define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. 262*530d68baSNigel Croxon #define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. 263*530d68baSNigel Croxon #define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. 264*530d68baSNigel Croxon 265*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // 266*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // 267*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // 268*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // 269*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified. 270*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // 271*530d68baSNigel Croxon #define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // 272*530d68baSNigel Croxon 273*530d68baSNigel Croxon #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. 274*530d68baSNigel Croxon #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. 275*530d68baSNigel Croxon #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. 276*530d68baSNigel Croxon #define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. 277*530d68baSNigel Croxon #define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. 278*530d68baSNigel Croxon #define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. 279*530d68baSNigel Croxon #define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. 280*530d68baSNigel Croxon 281*530d68baSNigel Croxon // 282*530d68baSNigel Croxon // Symbol format. 283*530d68baSNigel Croxon // 284*530d68baSNigel Croxon 285*530d68baSNigel Croxon 286*530d68baSNigel Croxon #define IMAGE_SIZEOF_SYMBOL 18 287*530d68baSNigel Croxon 288*530d68baSNigel Croxon // 289*530d68baSNigel Croxon // Section values. 290*530d68baSNigel Croxon // 291*530d68baSNigel Croxon // Symbols have a section number of the section in which they are 292*530d68baSNigel Croxon // defined. Otherwise, section numbers have the following meanings: 293*530d68baSNigel Croxon // 294*530d68baSNigel Croxon 295*530d68baSNigel Croxon #define IMAGE_SYM_UNDEFINED (UINT16)0 // Symbol is undefined or is common. 296*530d68baSNigel Croxon #define IMAGE_SYM_ABSOLUTE (UINT16)-1 // Symbol is an absolute value. 297*530d68baSNigel Croxon #define IMAGE_SYM_DEBUG (UINT16)-2 // Symbol is a special debug item. 298*530d68baSNigel Croxon 299*530d68baSNigel Croxon // 300*530d68baSNigel Croxon // Type (fundamental) values. 301*530d68baSNigel Croxon // 302*530d68baSNigel Croxon 303*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_NULL 0 // no type. 304*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_VOID 1 // 305*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_CHAR 2 // type character. 306*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_SHORT 3 // type short integer. 307*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_INT 4 // 308*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_LONG 5 // 309*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_FLOAT 6 // 310*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_DOUBLE 7 // 311*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_STRUCT 8 // 312*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_UNION 9 // 313*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_ENUM 10 // enumeration. 314*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_MOE 11 // member of enumeration. 315*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_BYTE 12 // 316*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_WORD 13 // 317*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_UINT 14 // 318*530d68baSNigel Croxon #define IMAGE_SYM_TYPE_DWORD 15 // 319*530d68baSNigel Croxon 320*530d68baSNigel Croxon // 321*530d68baSNigel Croxon // Type (derived) values. 322*530d68baSNigel Croxon // 323*530d68baSNigel Croxon 324*530d68baSNigel Croxon #define IMAGE_SYM_DTYPE_NULL 0 // no derived type. 325*530d68baSNigel Croxon #define IMAGE_SYM_DTYPE_POINTER 1 // pointer. 326*530d68baSNigel Croxon #define IMAGE_SYM_DTYPE_FUNCTION 2 // function. 327*530d68baSNigel Croxon #define IMAGE_SYM_DTYPE_ARRAY 3 // array. 328*530d68baSNigel Croxon 329*530d68baSNigel Croxon // 330*530d68baSNigel Croxon // Storage classes. 331*530d68baSNigel Croxon // 332*530d68baSNigel Croxon 333*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1 334*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_NULL 0 335*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_AUTOMATIC 1 336*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_EXTERNAL 2 337*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_STATIC 3 338*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_REGISTER 4 339*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_EXTERNAL_DEF 5 340*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_LABEL 6 341*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_UNDEFINED_LABEL 7 342*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 8 343*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_ARGUMENT 9 344*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_STRUCT_TAG 10 345*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_MEMBER_OF_UNION 11 346*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_UNION_TAG 12 347*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_TYPE_DEFINITION 13 348*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_UNDEFINED_STATIC 14 349*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_ENUM_TAG 15 350*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 16 351*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_REGISTER_PARAM 17 352*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_BIT_FIELD 18 353*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_BLOCK 100 354*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_FUNCTION 101 355*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_END_OF_STRUCT 102 356*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_FILE 103 357*530d68baSNigel Croxon // new 358*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_SECTION 104 359*530d68baSNigel Croxon #define IMAGE_SYM_CLASS_WEAK_EXTERNAL 105 360*530d68baSNigel Croxon 361*530d68baSNigel Croxon // type packing constants 362*530d68baSNigel Croxon 363*530d68baSNigel Croxon #define N_BTMASK 017 364*530d68baSNigel Croxon #define N_TMASK 060 365*530d68baSNigel Croxon #define N_TMASK1 0300 366*530d68baSNigel Croxon #define N_TMASK2 0360 367*530d68baSNigel Croxon #define N_BTSHFT 4 368*530d68baSNigel Croxon #define N_TSHIFT 2 369*530d68baSNigel Croxon 370*530d68baSNigel Croxon // MACROS 371*530d68baSNigel Croxon 372*530d68baSNigel Croxon // 373*530d68baSNigel Croxon // Communal selection types. 374*530d68baSNigel Croxon // 375*530d68baSNigel Croxon 376*530d68baSNigel Croxon #define IMAGE_COMDAT_SELECT_NODUPLICATES 1 377*530d68baSNigel Croxon #define IMAGE_COMDAT_SELECT_ANY 2 378*530d68baSNigel Croxon #define IMAGE_COMDAT_SELECT_SAME_SIZE 3 379*530d68baSNigel Croxon #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 380*530d68baSNigel Croxon #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 381*530d68baSNigel Croxon 382*530d68baSNigel Croxon #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 383*530d68baSNigel Croxon #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 384*530d68baSNigel Croxon #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 385*530d68baSNigel Croxon 386*530d68baSNigel Croxon 387*530d68baSNigel Croxon // 388*530d68baSNigel Croxon // Relocation format. 389*530d68baSNigel Croxon // 390*530d68baSNigel Croxon 391*530d68baSNigel Croxon typedef struct _IMAGE_RELOCATION { 392*530d68baSNigel Croxon UINT32 VirtualAddress; 393*530d68baSNigel Croxon UINT32 SymbolTableIndex; 394*530d68baSNigel Croxon UINT16 Type; 395*530d68baSNigel Croxon } IMAGE_RELOCATION; 396*530d68baSNigel Croxon 397*530d68baSNigel Croxon #define IMAGE_SIZEOF_RELOCATION 10 398*530d68baSNigel Croxon 399*530d68baSNigel Croxon // 400*530d68baSNigel Croxon // I386 relocation types. 401*530d68baSNigel Croxon // 402*530d68baSNigel Croxon 403*530d68baSNigel Croxon #define IMAGE_REL_I386_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 404*530d68baSNigel Croxon #define IMAGE_REL_I386_DIR16 01 // Direct 16-bit reference to the symbols virtual address 405*530d68baSNigel Croxon #define IMAGE_REL_I386_REL16 02 // PC-relative 16-bit reference to the symbols virtual address 406*530d68baSNigel Croxon #define IMAGE_REL_I386_DIR32 06 // Direct 32-bit reference to the symbols virtual address 407*530d68baSNigel Croxon #define IMAGE_REL_I386_DIR32NB 07 // Direct 32-bit reference to the symbols virtual address, base not included 408*530d68baSNigel Croxon #define IMAGE_REL_I386_SEG12 011 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 409*530d68baSNigel Croxon #define IMAGE_REL_I386_SECTION 012 410*530d68baSNigel Croxon #define IMAGE_REL_I386_SECREL 013 411*530d68baSNigel Croxon #define IMAGE_REL_I386_REL32 024 // PC-relative 32-bit reference to the symbols virtual address 412*530d68baSNigel Croxon 413*530d68baSNigel Croxon // 414*530d68baSNigel Croxon // MIPS relocation types. 415*530d68baSNigel Croxon // 416*530d68baSNigel Croxon 417*530d68baSNigel Croxon #define IMAGE_REL_MIPS_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 418*530d68baSNigel Croxon #define IMAGE_REL_MIPS_REFHALF 01 419*530d68baSNigel Croxon #define IMAGE_REL_MIPS_REFWORD 02 420*530d68baSNigel Croxon #define IMAGE_REL_MIPS_JMPADDR 03 421*530d68baSNigel Croxon #define IMAGE_REL_MIPS_REFHI 04 422*530d68baSNigel Croxon #define IMAGE_REL_MIPS_REFLO 05 423*530d68baSNigel Croxon #define IMAGE_REL_MIPS_GPREL 06 424*530d68baSNigel Croxon #define IMAGE_REL_MIPS_LITERAL 07 425*530d68baSNigel Croxon #define IMAGE_REL_MIPS_SECTION 012 426*530d68baSNigel Croxon #define IMAGE_REL_MIPS_SECREL 013 427*530d68baSNigel Croxon #define IMAGE_REL_MIPS_REFWORDNB 042 428*530d68baSNigel Croxon #define IMAGE_REL_MIPS_PAIR 045 429*530d68baSNigel Croxon 430*530d68baSNigel Croxon // 431*530d68baSNigel Croxon // Alpha Relocation types. 432*530d68baSNigel Croxon // 433*530d68baSNigel Croxon 434*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_ABSOLUTE 0x0 435*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_REFLONG 0x1 436*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_REFQUAD 0x2 437*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_GPREL32 0x3 438*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_LITERAL 0x4 439*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_LITUSE 0x5 440*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_GPDISP 0x6 441*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_BRADDR 0x7 442*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_HINT 0x8 443*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_INLINE_REFLONG 0x9 444*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_REFHI 0xA 445*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_REFLO 0xB 446*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_PAIR 0xC 447*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_MATCH 0xD 448*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_SECTION 0xE 449*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_SECREL 0xF 450*530d68baSNigel Croxon #define IMAGE_REL_ALPHA_REFLONGNB 0x10 451*530d68baSNigel Croxon 452*530d68baSNigel Croxon // 453*530d68baSNigel Croxon // IBM PowerPC relocation types. 454*530d68baSNigel Croxon // 455*530d68baSNigel Croxon 456*530d68baSNigel Croxon #define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP 457*530d68baSNigel Croxon #define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address 458*530d68baSNigel Croxon #define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address 459*530d68baSNigel Croxon #define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) 460*530d68baSNigel Croxon #define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address 461*530d68baSNigel Croxon #define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) 462*530d68baSNigel Croxon #define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) 463*530d68baSNigel Croxon #define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) 464*530d68baSNigel Croxon #define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base 465*530d68baSNigel Croxon #define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) 466*530d68baSNigel Croxon 467*530d68baSNigel Croxon #define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base 468*530d68baSNigel Croxon #define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) 469*530d68baSNigel Croxon #define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number 470*530d68baSNigel Croxon #define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code 471*530d68baSNigel Croxon #define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction 472*530d68baSNigel Croxon 473*530d68baSNigel Croxon #define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type 474*530d68baSNigel Croxon 475*530d68baSNigel Croxon // Flag bits in IMAGE_RELOCATION.TYPE 476*530d68baSNigel Croxon 477*530d68baSNigel Croxon #define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it 478*530d68baSNigel Croxon #define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken 479*530d68baSNigel Croxon #define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken 480*530d68baSNigel Croxon #define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) 481*530d68baSNigel Croxon 482*530d68baSNigel Croxon // 483*530d68baSNigel Croxon // Based relocation format. 484*530d68baSNigel Croxon // 485*530d68baSNigel Croxon 486*530d68baSNigel Croxon typedef struct _IMAGE_BASE_RELOCATION { 487*530d68baSNigel Croxon UINT32 VirtualAddress; 488*530d68baSNigel Croxon UINT32 SizeOfBlock; 489*530d68baSNigel Croxon // UINT16 TypeOffset[1]; 490*530d68baSNigel Croxon } IMAGE_BASE_RELOCATION, *PIMAGE_BASE_RELOCATION; 491*530d68baSNigel Croxon 492*530d68baSNigel Croxon #define IMAGE_SIZEOF_BASE_RELOCATION 8 493*530d68baSNigel Croxon 494*530d68baSNigel Croxon // 495*530d68baSNigel Croxon // Based relocation types. 496*530d68baSNigel Croxon // 497*530d68baSNigel Croxon 498*530d68baSNigel Croxon #define IMAGE_REL_BASED_ABSOLUTE 0 499*530d68baSNigel Croxon #define IMAGE_REL_BASED_HIGH 1 500*530d68baSNigel Croxon #define IMAGE_REL_BASED_LOW 2 501*530d68baSNigel Croxon #define IMAGE_REL_BASED_HIGHLOW 3 502*530d68baSNigel Croxon #define IMAGE_REL_BASED_HIGHADJ 4 503*530d68baSNigel Croxon #define IMAGE_REL_BASED_MIPS_JMPADDR 5 504*530d68baSNigel Croxon #define IMAGE_REL_BASED_IA64_IMM64 9 505*530d68baSNigel Croxon #define IMAGE_REL_BASED_DIR64 10 506*530d68baSNigel Croxon 507*530d68baSNigel Croxon // 508*530d68baSNigel Croxon // Line number format. 509*530d68baSNigel Croxon // 510*530d68baSNigel Croxon 511*530d68baSNigel Croxon typedef struct _IMAGE_LINENUMBER { 512*530d68baSNigel Croxon union { 513*530d68baSNigel Croxon UINT32 SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. 514*530d68baSNigel Croxon UINT32 VirtualAddress; // Virtual address of line number. 515*530d68baSNigel Croxon } Type; 516*530d68baSNigel Croxon UINT16 Linenumber; // Line number. 517*530d68baSNigel Croxon } IMAGE_LINENUMBER; 518*530d68baSNigel Croxon 519*530d68baSNigel Croxon #define IMAGE_SIZEOF_LINENUMBER 6 520*530d68baSNigel Croxon 521*530d68baSNigel Croxon // 522*530d68baSNigel Croxon // Archive format. 523*530d68baSNigel Croxon // 524*530d68baSNigel Croxon 525*530d68baSNigel Croxon #define IMAGE_ARCHIVE_START_SIZE 8 526*530d68baSNigel Croxon #define IMAGE_ARCHIVE_START "!<arch>\n" 527*530d68baSNigel Croxon #define IMAGE_ARCHIVE_END "`\n" 528*530d68baSNigel Croxon #define IMAGE_ARCHIVE_PAD "\n" 529*530d68baSNigel Croxon #define IMAGE_ARCHIVE_LINKER_MEMBER "/ " 530*530d68baSNigel Croxon #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " 531*530d68baSNigel Croxon 532*530d68baSNigel Croxon typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { 533*530d68baSNigel Croxon UINT8 Name[16]; // File member name - `/' terminated. 534*530d68baSNigel Croxon UINT8 Date[12]; // File member date - decimal. 535*530d68baSNigel Croxon UINT8 UserID[6]; // File member user id - decimal. 536*530d68baSNigel Croxon UINT8 GroupID[6]; // File member group id - decimal. 537*530d68baSNigel Croxon UINT8 Mode[8]; // File member mode - octal. 538*530d68baSNigel Croxon UINT8 Size[10]; // File member size - decimal. 539*530d68baSNigel Croxon UINT8 EndHeader[2]; // String to end header. 540*530d68baSNigel Croxon } IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; 541*530d68baSNigel Croxon 542*530d68baSNigel Croxon #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 543*530d68baSNigel Croxon 544*530d68baSNigel Croxon // 545*530d68baSNigel Croxon // DLL support. 546*530d68baSNigel Croxon // 547*530d68baSNigel Croxon 548*530d68baSNigel Croxon // 549*530d68baSNigel Croxon // Export Format 550*530d68baSNigel Croxon // 551*530d68baSNigel Croxon 552*530d68baSNigel Croxon typedef struct _IMAGE_EXPORT_DIRECTORY { 553*530d68baSNigel Croxon UINT32 Characteristics; 554*530d68baSNigel Croxon UINT32 TimeDateStamp; 555*530d68baSNigel Croxon UINT16 MajorVersion; 556*530d68baSNigel Croxon UINT16 MinorVersion; 557*530d68baSNigel Croxon UINT32 Name; 558*530d68baSNigel Croxon UINT32 Base; 559*530d68baSNigel Croxon UINT32 NumberOfFunctions; 560*530d68baSNigel Croxon UINT32 NumberOfNames; 561*530d68baSNigel Croxon UINT32 *AddressOfFunctions; 562*530d68baSNigel Croxon UINT32 *AddressOfNames; 563*530d68baSNigel Croxon UINT32 *AddressOfNameOrdinals; 564*530d68baSNigel Croxon } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; 565*530d68baSNigel Croxon 566*530d68baSNigel Croxon // 567*530d68baSNigel Croxon // Import Format 568*530d68baSNigel Croxon // 569*530d68baSNigel Croxon 570*530d68baSNigel Croxon typedef struct _IMAGE_IMPORT_BY_NAME { 571*530d68baSNigel Croxon UINT16 Hint; 572*530d68baSNigel Croxon UINT8 Name[1]; 573*530d68baSNigel Croxon } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; 574*530d68baSNigel Croxon 575*530d68baSNigel Croxon typedef struct _IMAGE_THUNK_DATA { 576*530d68baSNigel Croxon union { 577*530d68baSNigel Croxon UINT32 Function; 578*530d68baSNigel Croxon UINT32 Ordinal; 579*530d68baSNigel Croxon PIMAGE_IMPORT_BY_NAME AddressOfData; 580*530d68baSNigel Croxon } u1; 581*530d68baSNigel Croxon } IMAGE_THUNK_DATA, *PIMAGE_THUNK_DATA; 582*530d68baSNigel Croxon 583*530d68baSNigel Croxon #define IMAGE_ORDINAL_FLAG 0x80000000 584*530d68baSNigel Croxon #define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0) 585*530d68baSNigel Croxon #define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff) 586*530d68baSNigel Croxon 587*530d68baSNigel Croxon typedef struct _IMAGE_IMPORT_DESCRIPTOR { 588*530d68baSNigel Croxon UINT32 Characteristics; 589*530d68baSNigel Croxon UINT32 TimeDateStamp; 590*530d68baSNigel Croxon UINT32 ForwarderChain; 591*530d68baSNigel Croxon UINT32 Name; 592*530d68baSNigel Croxon PIMAGE_THUNK_DATA FirstThunk; 593*530d68baSNigel Croxon } IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; 594*530d68baSNigel Croxon 595*530d68baSNigel Croxon #endif 596