/** * @brief pe.h - PE/COFF 结构定义头文件 * 基于 winnt.h (10.0.17763.0) 和 object-0.38.0/src/pe.rs */ #ifndef __SCC_PE_DEF_H__ #define __SCC_PE_DEF_H__ // #include #include // FIXME /** * @brief DUMMYUNIONNAME会在被支持空联合体名称的编译器中定义为空, * 从而导致bug,所以自行定义 * * @bug 可以有更好的方式解决这个问题 */ #ifdef DUMMYUNIONNAME #undef DUMMYUNIONNAME #endif #define DUMMYUNIONNAME DUMMYUNIONNAME // 基本类型定义 typedef u8 BYTE; typedef u16 WORD; typedef u32 DWORD; typedef u64 QWORD; typedef i8 CHAR; typedef i16 SHORT; typedef i32 LONG; typedef i64 LONGLONG; typedef DWORD PBYTE; // TODO ? #ifndef UNALIGNED #define UNALIGNED #endif // 常量定义 #define IMAGE_DOS_SIGNATURE 0x5A4D // "MZ" #define IMAGE_OS2_SIGNATURE 0x454E // "NE" #define IMAGE_OS2_SIGNATURE_LE 0x454C // "LE" #define IMAGE_VXD_SIGNATURE 0x454C // "LE" #define IMAGE_NT_SIGNATURE 0x00004550 // "PE\0\0" // DOS 头部结构 typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header WORD e_magic; // Magic number WORD e_cblp; // Bytes on last page of file WORD e_cp; // Pages in file WORD e_crlc; // Relocations WORD e_cparhdr; // Size of header in paragraphs WORD e_minalloc; // Minimum extra paragraphs needed WORD e_maxalloc; // Maximum extra paragraphs needed WORD e_ss; // Initial (relative) SS value WORD e_sp; // Initial SP value WORD e_csum; // Checksum WORD e_ip; // Initial IP value WORD e_cs; // Initial (relative) CS value WORD e_lfarlc; // File address of relocation table WORD e_ovno; // Overlay number WORD e_res[4]; // Reserved words WORD e_oemid; // OEM identifier (for e_oeminfo) WORD e_oeminfo; // OEM information; e_oemid specific WORD e_res2[10]; // Reserved words DWORD e_lfanew; // File address of new exe header } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; // NT 头部标志 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. #define IMAGE_FILE_EXECUTABLE_IMAGE \ 0x0002 // File is executable (i.e. no unresolved external references). #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line numbers stripped from file. #define IMAGE_FILE_LOCAL_SYMS_STRIPPED \ 0x0008 // Local symbols stripped from file. #define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Aggressively trim working set #define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses #define IMAGE_FILE_BYTES_REVERSED_LO \ 0x0080 // Bytes of machine word are reversed. #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. #define IMAGE_FILE_DEBUG_STRIPPED \ 0x0200 // Debugging info stripped from file in .DBG file #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP \ 0x0400 // If Image is on removable media, copy and run from the swap file. #define IMAGE_FILE_NET_RUN_FROM_SWAP \ 0x0800 // If Image is on Net, copy and run from the swap file. #define IMAGE_FILE_SYSTEM 0x1000 // System File. #define IMAGE_FILE_DLL 0x2000 // File is a DLL. #define IMAGE_FILE_UP_SYSTEM_ONLY \ 0x4000 // File should only be run on a UP machine #define IMAGE_FILE_BYTES_REVERSED_HI \ 0x8000 // Bytes of machine word are reversed. // 机器类型定义 #define IMAGE_FILE_MACHINE_UNKNOWN 0x0000 // Unknown #define IMAGE_FILE_MACHINE_TARGET_HOST \ 0x0001 // Useful for indicating we want to interact with the host and not a // WoW guest. #define IMAGE_FILE_MACHINE_I386 0x014c // Intel 386. #define IMAGE_FILE_MACHINE_R3000 0x0162 // MIPS little-endian, 0x160 big-endian #define IMAGE_FILE_MACHINE_R4000 0x0166 // MIPS little-endian #define IMAGE_FILE_MACHINE_R10000 0x0168 // MIPS little-endian #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 // MIPS little-endian WCE v2 #define IMAGE_FILE_MACHINE_ALPHA 0x0184 // Alpha_AXP #define IMAGE_FILE_MACHINE_SH3 0x01a2 // SH3 little-endian #define IMAGE_FILE_MACHINE_SH3DSP 0x01a3 // SH3 DSP #define IMAGE_FILE_MACHINE_SH3E 0x01a4 // SH3E little-endian #define IMAGE_FILE_MACHINE_SH4 0x01a6 // SH4 little-endian #define IMAGE_FILE_MACHINE_SH5 0x01a8 // SH5 #define IMAGE_FILE_MACHINE_ARM 0x01c0 // ARM Little-Endian #define IMAGE_FILE_MACHINE_THUMB 0x01c2 // ARM Thumb/Thumb-2 Little-Endian #define IMAGE_FILE_MACHINE_ARMNT 0x01c4 // ARM Thumb-2 Little-Endian #define IMAGE_FILE_MACHINE_AM33 0x01d3 // Matsushita AM33 #define IMAGE_FILE_MACHINE_POWERPC 0x01F0 // IBM PowerPC Little-Endian #define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1 // IBM PowerPC FP #define IMAGE_FILE_MACHINE_IA64 0x0200 // Intel 64 #define IMAGE_FILE_MACHINE_MIPS16 0x0266 // MIPS #define IMAGE_FILE_MACHINE_ALPHA64 0x0284 // ALPHA64 #define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 // MIPS #define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 // MIPS #define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64 #define IMAGE_FILE_MACHINE_TRICORE 0x0520 // Infineon #define IMAGE_FILE_MACHINE_CEF 0x0CEF // EFI Byte Code #define IMAGE_FILE_MACHINE_EBC 0x0EBC // EFI Byte Code #define IMAGE_FILE_MACHINE_AMD64 0x8664 // AMD64 (K8) #define IMAGE_FILE_MACHINE_M32R 0x9041 // M32R little-endian #define IMAGE_FILE_MACHINE_ARM64 0xAA64 // ARM64 Little-Endian #define IMAGE_FILE_MACHINE_CEE 0xC0EE // 文件头结构 #define IMAGE_SIZEOF_FILE_HEADER 20 typedef struct _IMAGE_FILE_HEADER { WORD Machine; WORD NumberOfSections; DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; WORD Characteristics; } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; // 数据目录结构 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 typedef struct _IMAGE_DATA_DIRECTORY { DWORD VirtualAddress; DWORD Size; } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; // 可选头部魔数 #define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b #define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 // 可选头部结构 (32位) typedef struct _IMAGE_OPTIONAL_HEADER32 { // // 标准域 // WORD Magic; BYTE MajorLinkerVersion; BYTE MinorLinkerVersion; DWORD SizeOfCode; DWORD SizeOfInitializedData; DWORD SizeOfUninitializedData; DWORD AddressOfEntryPoint; DWORD BaseOfCode; DWORD BaseOfData; // // NT 附加域 // DWORD ImageBase; DWORD SectionAlignment; DWORD FileAlignment; WORD MajorOperatingSystemVersion; WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSubsystemVersion; DWORD Win32VersionValue; DWORD SizeOfImage; DWORD SizeOfHeaders; DWORD CheckSum; WORD Subsystem; WORD DllCharacteristics; DWORD SizeOfStackReserve; DWORD SizeOfStackCommit; DWORD SizeOfHeapReserve; DWORD SizeOfHeapCommit; DWORD LoaderFlags; DWORD NumberOfRvaAndSizes; // IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; } IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32; // 可选头部结构 (64位) typedef struct _IMAGE_OPTIONAL_HEADER64 { WORD Magic; BYTE MajorLinkerVersion; BYTE MinorLinkerVersion; DWORD SizeOfCode; DWORD SizeOfInitializedData; DWORD SizeOfUninitializedData; DWORD AddressOfEntryPoint; DWORD BaseOfCode; QWORD ImageBase; DWORD SectionAlignment; DWORD FileAlignment; WORD MajorOperatingSystemVersion; WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSubsystemVersion; DWORD Win32VersionValue; DWORD SizeOfImage; DWORD SizeOfHeaders; DWORD CheckSum; WORD Subsystem; WORD DllCharacteristics; QWORD SizeOfStackReserve; QWORD SizeOfStackCommit; QWORD SizeOfHeapReserve; QWORD SizeOfHeapCommit; DWORD LoaderFlags; DWORD NumberOfRvaAndSizes; // IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; } IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64; // NT 头部结构 (32位) typedef struct _IMAGE_NT_HEADERS32 { DWORD Signature; IMAGE_FILE_HEADER FileHeader; IMAGE_OPTIONAL_HEADER32 OptionalHeader; } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32; // NT 头部结构 (64位) typedef struct _IMAGE_NT_HEADERS64 { DWORD Signature; IMAGE_FILE_HEADER FileHeader; IMAGE_OPTIONAL_HEADER64 OptionalHeader; } IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64; #ifdef _WIN64 typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS; typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS; #else typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS; typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS; #endif // 子系统类型 #define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. #define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. #define IMAGE_SUBSYSTEM_WINDOWS_GUI \ 2 // Image runs in the Windows GUI subsystem. #define IMAGE_SUBSYSTEM_WINDOWS_CUI \ 3 // Image runs in the Windows character subsystem. #define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. #define IMAGE_SUBSYSTEM_POSIX_CUI \ 7 // image runs in the Posix character subsystem. #define IMAGE_SUBSYSTEM_NATIVE_WINDOWS 8 // image is a native Win9x driver. #define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI \ 9 // Image runs in the Windows CE subsystem. #define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 // Image runs as an EFI application. #define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER \ 11 // Image runs as an EFI boot service driver. #define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER \ 12 // Image runs as an EFI runtime driver. #define IMAGE_SUBSYSTEM_EFI_ROM 13 // Image is an EFI ROM image. #define IMAGE_SUBSYSTEM_XBOX 14 // Image runs in an Xbox environment. #define IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION 16 // Boot application. // DLL 特性 #define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA \ 0x0020 // Image can handle a high entropy 64-bit virtual address space. #define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 // DLL can move. #define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY 0x0080 // Code Integrity Image #define IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 // Image is NX compatible #define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION \ 0x0200 // Image understands isolation and doesn't want it #define IMAGE_DLLCHARACTERISTICS_NO_SEH \ 0x0400 // Image does not use SEH. No SE handler may reside in this image #define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 // Do not bind this image. #define IMAGE_DLLCHARACTERISTICS_APPCONTAINER \ 0x1000 // Image should execute in an AppContainer #define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 // Driver uses WDM model #define IMAGE_DLLCHARACTERISTICS_GUARD_CF \ 0x4000 // Image supports Control Flow Guard. #define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 // 数据目录索引 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory #define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory #define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT \ 11 // Bound Import Directory in headers #define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table #define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors #define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor // 节头大小 #define IMAGE_SIZEOF_SHORT_NAME 8 #define IMAGE_SIZEOF_SECTION_HEADER 40 // 节头部结构 typedef struct _IMAGE_SECTION_HEADER { BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; union { DWORD PhysicalAddress; DWORD VirtualSize; } Misc; DWORD VirtualAddress; DWORD SizeOfRawData; DWORD PointerToRawData; DWORD PointerToRelocations; DWORD PointerToLinenumbers; WORD NumberOfRelocations; WORD NumberOfLinenumbers; DWORD Characteristics; } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; // 节特性标志 #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. #define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. #define IMAGE_SCN_CNT_INITIALIZED_DATA \ 0x00000040 // Section contains initialized data. #define IMAGE_SCN_CNT_UNINITIALIZED_DATA \ 0x00000080 // Section contains uninitialized data. #define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. #define IMAGE_SCN_LNK_INFO \ 0x00000200 // Section contains comments or some other type of information. #define IMAGE_SCN_LNK_REMOVE \ 0x00000800 // Section contents will not become part of image. #define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. #define IMAGE_SCN_NO_DEFER_SPEC_EXC \ 0x00004000 // Reset speculative exceptions handling bits in the TLB entries // for this section. #define IMAGE_SCN_GPREL \ 0x00008000 // Section content can be accessed relative to GP #define IMAGE_SCN_MEM_FARDATA 0x00008000 #define IMAGE_SCN_MEM_PURGEABLE 0x00020000 #define IMAGE_SCN_MEM_16BIT 0x00020000 #define IMAGE_SCN_MEM_LOCKED 0x00040000 #define IMAGE_SCN_MEM_PRELOAD 0x00080000 #define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // #define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // #define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // #define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // #define IMAGE_SCN_ALIGN_16BYTES \ 0x00500000 // Default alignment if no others are specified. #define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // #define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // #define IMAGE_SCN_ALIGN_128BYTES 0x00800000 // #define IMAGE_SCN_ALIGN_256BYTES 0x00900000 // #define IMAGE_SCN_ALIGN_512BYTES 0x00A00000 // #define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 // #define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 // #define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 // #define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 // #define IMAGE_SCN_ALIGN_MASK 0x00F00000 #define IMAGE_SCN_LNK_NRELOC_OVFL \ 0x01000000 // Section contains extended relocations. #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cacheable. #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. #define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. #define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. #define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. #define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. // 导入表相关 typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; // 0 for terminating null import descriptor DWORD OriginalFirstThunk; // RVA to original unbound IAT // (PIMAGE_THUNK_DATA) } DUMMYUNIONNAME; DWORD TimeDateStamp; // 0 if not bound, // -1 if bound, and real date\time stamp // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) // O.W. date/time stamp of DLL bound to (Old BIND) DWORD ForwarderChain; // -1 if no forwarders DWORD Name; DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses) } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; // Thunk 数据结构 typedef struct _IMAGE_THUNK_DATA32 { union { DWORD ForwarderString; // PBYTE DWORD Function; // PDWORD DWORD Ordinal; DWORD AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA32; typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32; typedef struct _IMAGE_THUNK_DATA64 { union { QWORD ForwarderString; // PBYTE QWORD Function; // PDWORD QWORD Ordinal; QWORD AddressOfData; // PIMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA64; typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64; // 导入名称结构 typedef struct _IMAGE_IMPORT_BY_NAME { WORD Hint; BYTE Name[1]; } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; // 导出表结构 typedef struct _IMAGE_EXPORT_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD Name; DWORD Base; DWORD NumberOfFunctions; DWORD NumberOfNames; DWORD AddressOfFunctions; // RVA from base of image DWORD AddressOfNames; // RVA from base of image DWORD AddressOfNameOrdinals; // RVA from base of image } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; // 基址重定位结构 #define IMAGE_SIZEOF_BASE_RELOCATION 8 typedef struct _IMAGE_BASE_RELOCATION { DWORD VirtualAddress; DWORD SizeOfBlock; // WORD TypeOffset[1]; } IMAGE_BASE_RELOCATION; typedef IMAGE_BASE_RELOCATION UNALIGNED *PIMAGE_BASE_RELOCATION; // 基址重定位类型 #define IMAGE_REL_BASED_ABSOLUTE 0 #define IMAGE_REL_BASED_HIGH 1 #define IMAGE_REL_BASED_LOW 2 #define IMAGE_REL_BASED_HIGHLOW 3 #define IMAGE_REL_BASED_HIGHADJ 4 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_5 5 #define IMAGE_REL_BASED_RESERVED 6 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_7 7 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_8 8 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_9 9 #define IMAGE_REL_BASED_DIR64 10 // 调试目录结构 typedef struct _IMAGE_DEBUG_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD Type; DWORD SizeOfData; DWORD AddressOfRawData; DWORD PointerToRawData; } IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY; // 调试类型 #define IMAGE_DEBUG_TYPE_UNKNOWN 0 #define IMAGE_DEBUG_TYPE_COFF 1 #define IMAGE_DEBUG_TYPE_CODEVIEW 2 #define IMAGE_DEBUG_TYPE_FPO 3 #define IMAGE_DEBUG_TYPE_MISC 4 #define IMAGE_DEBUG_TYPE_EXCEPTION 5 #define IMAGE_DEBUG_TYPE_FIXUP 6 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8 #define IMAGE_DEBUG_TYPE_BORLAND 9 #define IMAGE_DEBUG_TYPE_RESERVED10 10 #define IMAGE_DEBUG_TYPE_CLSID 11 #define IMAGE_DEBUG_TYPE_VC_FEATURE 12 #define IMAGE_DEBUG_TYPE_POGO 13 #define IMAGE_DEBUG_TYPE_ILTCG 14 #define IMAGE_DEBUG_TYPE_MPX 15 #define IMAGE_DEBUG_TYPE_REPRO 16 // TLS 目录结构 typedef struct _IMAGE_TLS_DIRECTORY32 { DWORD StartAddressOfRawData; DWORD EndAddressOfRawData; DWORD AddressOfIndex; // PDWORD DWORD AddressOfCallBacks; // PIMAGE_TLS_CALLBACK * DWORD SizeOfZeroFill; DWORD Characteristics; } IMAGE_TLS_DIRECTORY32, *PIMAGE_TLS_DIRECTORY32; typedef struct _IMAGE_TLS_DIRECTORY64 { QWORD StartAddressOfRawData; QWORD EndAddressOfRawData; QWORD AddressOfIndex; // PDWORD QWORD AddressOfCallBacks; // PIMAGE_TLS_CALLBACK * DWORD SizeOfZeroFill; DWORD Characteristics; } IMAGE_TLS_DIRECTORY64, *PIMAGE_TLS_DIRECTORY64; #ifdef _WIN64 typedef IMAGE_TLS_DIRECTORY64 IMAGE_TLS_DIRECTORY; typedef PIMAGE_TLS_DIRECTORY64 PIMAGE_TLS_DIRECTORY; #else typedef IMAGE_TLS_DIRECTORY32 IMAGE_TLS_DIRECTORY; typedef PIMAGE_TLS_DIRECTORY32 PIMAGE_TLS_DIRECTORY; #endif // 资源目录结构 typedef struct _IMAGE_RESOURCE_DIRECTORY { DWORD Characteristics; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; WORD NumberOfNamedEntries; WORD NumberOfIdEntries; // IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; } IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY; #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000 typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY { union { struct { DWORD NameOffset : 31; DWORD NameIsString : 1; }; DWORD Name; WORD Id; }; union { DWORD OffsetToData; struct { DWORD OffsetToDirectory : 31; DWORD DataIsDirectory : 1; }; }; } IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY; typedef struct _IMAGE_RESOURCE_DATA_ENTRY { DWORD OffsetToData; DWORD Size; DWORD CodePage; DWORD Reserved; } IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY; // 资源类型 #define RT_CURSOR 1 #define RT_BITMAP 2 #define RT_ICON 3 #define RT_MENU 4 #define RT_DIALOG 5 #define RT_STRING 6 #define RT_FONTDIR 7 #define RT_FONT 8 #define RT_ACCELERATOR 9 #define RT_RCDATA 10 #define RT_MESSAGETABLE 11 #define RT_GROUP_CURSOR 12 #define RT_GROUP_ICON 14 #define RT_VERSION 16 #define RT_DLGINCLUDE 17 #define RT_PLUGPLAY 19 #define RT_VXD 20 #define RT_ANICURSOR 21 #define RT_ANIICON 22 #define RT_HTML 23 #define RT_MANIFEST 24 // 加载配置目录结构 typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32 { DWORD Size; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD GlobalFlagsClear; DWORD GlobalFlagsSet; DWORD CriticalSectionDefaultTimeout; DWORD DeCommitFreeBlockThreshold; DWORD DeCommitTotalFreeThreshold; DWORD LockPrefixTable; // VA DWORD MaximumAllocationSize; DWORD VirtualMemoryThreshold; DWORD ProcessAffinityMask; DWORD ProcessHeapFlags; WORD CsdVersion; WORD DependentLoadFlags; DWORD EditList; // VA DWORD SecurityCookie; // VA DWORD SEHandlerTable; // VA DWORD SEHandlerCount; DWORD GuardCFCheckFunctionPointer; // VA DWORD GuardCFDispatchFunctionPointer; // VA DWORD GuardCFFunctionTable; // VA DWORD GuardCFFunctionCount; DWORD GuardFlags; } IMAGE_LOAD_CONFIG_DIRECTORY32, *PIMAGE_LOAD_CONFIG_DIRECTORY32; typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64 { DWORD Size; DWORD TimeDateStamp; WORD MajorVersion; WORD MinorVersion; DWORD GlobalFlagsClear; DWORD GlobalFlagsSet; DWORD CriticalSectionDefaultTimeout; QWORD DeCommitFreeBlockThreshold; QWORD DeCommitTotalFreeThreshold; QWORD LockPrefixTable; // VA QWORD MaximumAllocationSize; QWORD VirtualMemoryThreshold; QWORD ProcessAffinityMask; DWORD ProcessHeapFlags; WORD CsdVersion; WORD DependentLoadFlags; QWORD EditList; // VA QWORD SecurityCookie; // VA QWORD SEHandlerTable; // VA QWORD SEHandlerCount; QWORD GuardCFCheckFunctionPointer; // VA QWORD GuardCFDispatchFunctionPointer; // VA QWORD GuardCFFunctionTable; // VA QWORD GuardCFFunctionCount; DWORD GuardFlags; } IMAGE_LOAD_CONFIG_DIRECTORY64, *PIMAGE_LOAD_CONFIG_DIRECTORY64; #ifdef _WIN64 typedef IMAGE_LOAD_CONFIG_DIRECTORY64 IMAGE_LOAD_CONFIG_DIRECTORY; typedef PIMAGE_LOAD_CONFIG_DIRECTORY64 PIMAGE_LOAD_CONFIG_DIRECTORY; #else typedef IMAGE_LOAD_CONFIG_DIRECTORY32 IMAGE_LOAD_CONFIG_DIRECTORY; typedef PIMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY; #endif // GUID 定义 typedef struct _GUID { DWORD Data1; WORD Data2; WORD Data3; BYTE Data4[8]; } GUID, *PGUID; // 符号相关定义 #define IMAGE_SIZEOF_SYMBOL 18 typedef struct _IMAGE_SYMBOL { union { BYTE ShortName[8]; struct { DWORD Short; // if 0, use LongName DWORD Long; // offset into string table } Name; PBYTE LongName[2]; } N; DWORD Value; SHORT SectionNumber; WORD Type; BYTE StorageClass; BYTE NumberOfAuxSymbols; } IMAGE_SYMBOL; typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL; // 符号存储类 #define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE) - 1 #define IMAGE_SYM_CLASS_NULL 0x0000 #define IMAGE_SYM_CLASS_AUTOMATIC 0x0001 #define IMAGE_SYM_CLASS_EXTERNAL 0x0002 #define IMAGE_SYM_CLASS_STATIC 0x0003 #define IMAGE_SYM_CLASS_REGISTER 0x0004 #define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005 #define IMAGE_SYM_CLASS_LABEL 0x0006 #define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007 #define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008 #define IMAGE_SYM_CLASS_ARGUMENT 0x0009 #define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A #define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B #define IMAGE_SYM_CLASS_UNION_TAG 0x000C #define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D #define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E #define IMAGE_SYM_CLASS_ENUM_TAG 0x000F #define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010 #define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011 #define IMAGE_SYM_CLASS_BIT_FIELD 0x0012 #define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 #define IMAGE_SYM_CLASS_BLOCK 0x0064 #define IMAGE_SYM_CLASS_FUNCTION 0x0065 #define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066 #define IMAGE_SYM_CLASS_FILE 0x0067 #define IMAGE_SYM_CLASS_SECTION 0x0068 #define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069 #define IMAGE_SYM_CLASS_CLR_TOKEN 0x006B // 档案格式 #define IMAGE_ARCHIVE_START_SIZE 8 #define IMAGE_ARCHIVE_START "!\n" #define IMAGE_ARCHIVE_END "`\n" #define IMAGE_ARCHIVE_PAD "\n" #define IMAGE_ARCHIVE_LINKER_MEMBER "/ " #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { BYTE Name[16]; // File member name - `/' terminated. BYTE Date[12]; // File member date - decimal. BYTE UserID[6]; // File member user id - decimal. BYTE GroupID[6]; // File member group id - decimal. BYTE Mode[8]; // File member mode - octal. BYTE Size[10]; // File member size - decimal. BYTE EndHeader[2]; // String to end header. } IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 // 重新定位类型 #define IMAGE_REL_I386_ABSOLUTE \ 0x0000 // Reference is absolute, no relocation is necessary #define IMAGE_REL_I386_DIR16 \ 0x0001 // Direct 16-bit reference to the symbols virtual address #define IMAGE_REL_I386_REL16 \ 0x0002 // PC-relative 16-bit reference to the symbols virtual address #define IMAGE_REL_I386_DIR32 \ 0x0006 // Direct 32-bit reference to the symbols virtual address #define IMAGE_REL_I386_DIR32NB \ 0x0007 // Direct 32-bit reference to the symbols virtual address, base not // included #define IMAGE_REL_I386_SEG12 \ 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit // virtual address #define IMAGE_REL_I386_SECTION 0x000A // Section table index #define IMAGE_REL_I386_SECREL 0x000B // Offset within section #define IMAGE_REL_I386_TOKEN 0x000C // clr token #define IMAGE_REL_I386_SECREL7 \ 0x000D // 7 bit offset from base of section containing target #define IMAGE_REL_I386_REL32 \ 0x0014 // PC-relative 32-bit reference to the symbols virtual address // ARM 重新定位类型 #define IMAGE_REL_ARM_ABSOLUTE 0x0000 // No relocation required #define IMAGE_REL_ARM_ADDR32 0x0001 // 32 bit address #define IMAGE_REL_ARM_ADDR32NB 0x0002 // 32 bit address w/o image base #define IMAGE_REL_ARM_BRANCH24 0x0003 // 24 bit offset << 2 & sign ext. #define IMAGE_REL_ARM_BRANCH11 0x0004 // Thumb: 2 11 bit offsets #define IMAGE_REL_ARM_TOKEN 0x0005 // clr token #define IMAGE_REL_ARM_GPREL12 0x0006 // GP-relative addressing (ARM) #define IMAGE_REL_ARM_GPREL7 0x0007 // GP-relative addressing (Thumb) #define IMAGE_REL_ARM_BLX24 0x0008 #define IMAGE_REL_ARM_BLX11 0x0009 #define IMAGE_REL_ARM_SECTION 0x000E // Section table index #define IMAGE_REL_ARM_SECREL 0x000F // Offset within section #define IMAGE_REL_ARM_MOV32A 0x0010 // ARM: MOVW/MOVT #define IMAGE_REL_ARM_MOV32T 0x0011 // Thumb: MOVW/MOVT #define IMAGE_REL_ARM_BRANCH20T 0x0012 // Thumb: 32-bit conditional B #define IMAGE_REL_ARM_BRANCH24T 0x0014 // Thumb: 32-bit B or BL #define IMAGE_REL_ARM_BLX23T 0x0015 // Thumb: BLX immediate // ARM64 重新定位类型 #define IMAGE_REL_ARM64_ABSOLUTE 0x0000 // No relocation required #define IMAGE_REL_ARM64_ADDR32 0x0001 // 32 bit address (do not use this type) #define IMAGE_REL_ARM64_ADDR32NB 0x0002 // 32 bit address w/o image base #define IMAGE_REL_ARM64_BRANCH26 \ 0x0003 // 26 bit offset << 2 & sign ext. for B & BL #define IMAGE_REL_ARM64_PAGEBASE_REL21 0x0004 // ADRP #define IMAGE_REL_ARM64_REL21 0x0005 // ADR #define IMAGE_REL_ARM64_PAGEOFFSET_12A \ 0x0006 // ADD/ADDS (immediate) with zero shift #define IMAGE_REL_ARM64_PAGEOFFSET_12L \ 0x0007 // LDR (indexed, unsigned immediate) #define IMAGE_REL_ARM64_SECREL \ 0x0008 // Offset within section -- legal only since 8.1 #define IMAGE_REL_ARM64_SECREL_LOW12A \ 0x0009 // ADD/ADDS (immediate) with zero shift, for bit 0:11 of section // offset #define IMAGE_REL_ARM64_SECREL_HIGH12A \ 0x000A // ADD/ADDS (immediate) with zero shift, for bit 12:23 of section // offset #define IMAGE_REL_ARM64_SECREL_LOW12L \ 0x000B // LDR (indexed, unsigned immediate), for bit 0:11 of section offset #define IMAGE_REL_ARM64_TOKEN 0x000C // clr token #define IMAGE_REL_ARM64_SECTION 0x000D // Section table index #define IMAGE_REL_ARM64_ADDR64 0x000E // 64 bit address #define IMAGE_REL_ARM64_BRANCH19 \ 0x000F // 19 bit offset << 2 & sign ext. for conditional B #define IMAGE_REL_ARM64_BRANCH14 \ 0x0010 // 14 bit offset << 2 & sign ext. for TBZ/TBNZ // x64 重新定位类型 #define IMAGE_REL_AMD64_ABSOLUTE \ 0x0000 // Reference is absolute, no relocation is necessary #define IMAGE_REL_AMD64_ADDR64 0x0001 // 64-bit address (VA). #define IMAGE_REL_AMD64_ADDR32 0x0002 // 32-bit address (VA). #define IMAGE_REL_AMD64_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA). #define IMAGE_REL_AMD64_REL32 \ 0x0004 // 32-bit relative address from byte following reloc #define IMAGE_REL_AMD64_REL32_1 \ 0x0005 // 32-bit relative address from byte distance 1 from reloc #define IMAGE_REL_AMD64_REL32_2 \ 0x0006 // 32-bit relative address from byte distance 2 from reloc #define IMAGE_REL_AMD64_REL32_3 \ 0x0007 // 32-bit relative address from byte distance 3 from reloc #define IMAGE_REL_AMD64_REL32_4 \ 0x0008 // 32-bit relative address from byte distance 4 from reloc #define IMAGE_REL_AMD64_REL32_5 \ 0x0009 // 32-bit relative address from byte distance 5 from reloc #define IMAGE_REL_AMD64_SECTION 0x000A // Section index #define IMAGE_REL_AMD64_SECREL \ 0x000B // 32 bit offset from base of section containing target #define IMAGE_REL_AMD64_SECREL7 \ 0x000C // 7 bit unsigned offset from base of section containing target #define IMAGE_REL_AMD64_TOKEN 0x000D // 32 bit metadata token #define IMAGE_REL_AMD64_SREL32 \ 0x000E // 32 bit signed span-dependent value emitted into object #define IMAGE_REL_AMD64_PAIR \ 0x000F // 32 bit signed span-dependent value applied at link time #define IMAGE_REL_AMD64_SSPAN32 \ 0x0010 // 32 bit signed span-dependent value applied at link time ///< #include #include typedef SCC_VEC(u8) scc_pe_buffer_t; typedef struct { u32 virual_address; u32 virual_size; u32 file_offset; u32 file_size; } scc_pe_section_range; // FIXME 小端序? 当前简化为直接返回 #define SCC_LE16(x) (x) #define SCC_LE32(x) (x) #define SCC_LE64(x) (x) #endif /* __SCC_PE_DEF_H__ */