1/* 2 PE32+ header file 3 */ 4#ifndef _PE_H 5#define _PE_H 6 7#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ 8#define IMAGE_OS2_SIGNATURE 0x454E // NE 9#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE 10#define IMAGE_NT_SIGNATURE 0x00004550 // PE00 11#define IMAGE_EDOS_SIGNATURE 0x44454550 // PEED 12 13 14typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header 15 UINT16 e_magic; // Magic number 16 UINT16 e_cblp; // Bytes on last page of file 17 UINT16 e_cp; // Pages in file 18 UINT16 e_crlc; // Relocations 19 UINT16 e_cparhdr; // Size of header in paragraphs 20 UINT16 e_minalloc; // Minimum extra paragraphs needed 21 UINT16 e_maxalloc; // Maximum extra paragraphs needed 22 UINT16 e_ss; // Initial (relative) SS value 23 UINT16 e_sp; // Initial SP value 24 UINT16 e_csum; // Checksum 25 UINT16 e_ip; // Initial IP value 26 UINT16 e_cs; // Initial (relative) CS value 27 UINT16 e_lfarlc; // File address of relocation table 28 UINT16 e_ovno; // Overlay number 29 UINT16 e_res[4]; // Reserved words 30 UINT16 e_oemid; // OEM identifier (for e_oeminfo) 31 UINT16 e_oeminfo; // OEM information; e_oemid specific 32 UINT16 e_res2[10]; // Reserved words 33 UINT32 e_lfanew; // File address of new exe header 34 } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; 35 36typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header 37 UINT16 ne_magic; // Magic number 38 UINT8 ne_ver; // Version number 39 UINT8 ne_rev; // Revision number 40 UINT16 ne_enttab; // Offset of Entry Table 41 UINT16 ne_cbenttab; // Number of bytes in Entry Table 42 UINT32 ne_crc; // Checksum of whole file 43 UINT16 ne_flags; // Flag UINT16 44 UINT16 ne_autodata; // Automatic data segment number 45 UINT16 ne_heap; // Initial heap allocation 46 UINT16 ne_stack; // Initial stack allocation 47 UINT32 ne_csip; // Initial CS:IP setting 48 UINT32 ne_sssp; // Initial SS:SP setting 49 UINT16 ne_cseg; // Count of file segments 50 UINT16 ne_cmod; // Entries in Module Reference Table 51 UINT16 ne_cbnrestab; // Size of non-resident name table 52 UINT16 ne_segtab; // Offset of Segment Table 53 UINT16 ne_rsrctab; // Offset of Resource Table 54 UINT16 ne_restab; // Offset of resident name table 55 UINT16 ne_modtab; // Offset of Module Reference Table 56 UINT16 ne_imptab; // Offset of Imported Names Table 57 UINT32 ne_nrestab; // Offset of Non-resident Names Table 58 UINT16 ne_cmovent; // Count of movable entries 59 UINT16 ne_align; // Segment alignment shift count 60 UINT16 ne_cres; // Count of resource segments 61 UINT8 ne_exetyp; // Target Operating system 62 UINT8 ne_flagsothers; // Other .EXE flags 63 UINT16 ne_pretthunks; // offset to return thunks 64 UINT16 ne_psegrefbytes; // offset to segment ref. bytes 65 UINT16 ne_swaparea; // Minimum code swap area size 66 UINT16 ne_expver; // Expected Windows version number 67 } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER; 68 69// 70// File header format. 71// 72 73typedef struct _IMAGE_FILE_HEADER { 74 UINT16 Machine; 75 UINT16 NumberOfSections; 76 UINT32 TimeDateStamp; 77 UINT32 PointerToSymbolTable; 78 UINT32 NumberOfSymbols; 79 UINT16 SizeOfOptionalHeader; 80 UINT16 Characteristics; 81} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 82 83#define IMAGE_SIZEOF_FILE_HEADER 20 84 85#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. 86#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). 87#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. 88#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. 89#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. 90#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. 91#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file 92#define IMAGE_FILE_SYSTEM 0x1000 // System File. 93#define IMAGE_FILE_DLL 0x2000 // File is a DLL. 94#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. 95 96#define IMAGE_FILE_MACHINE_UNKNOWN 0 97#define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. 98#define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0540 big-endian 99#define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian 100#define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP 101#define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x1c2 // Arm/Thumb 102#define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian 103#define IMAGE_FILE_MACHINE_IA64 0x200 // IA-64 104#define IMAGE_FILE_MACHINE_TAHOE 0x7cc // Intel EM machine 105#define IMAGE_FILE_MACHINE_EBC 0xebc // EFI Byte Code 106#define IMAGE_FILE_MACHINE_X64 0x8664 // x86_64 107// 108// Directory format. 109// 110 111typedef struct _IMAGE_DATA_DIRECTORY { 112 UINT32 VirtualAddress; 113 UINT32 Size; 114} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; 115 116#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 117 118// 119// Optional header format. 120// 121 122typedef struct _IMAGE_OPTIONAL_HEADER { 123 // 124 // Standard fields. 125 // 126 127 UINT16 Magic; 128 UINT8 MajorLinkerVersion; 129 UINT8 MinorLinkerVersion; 130 UINT32 SizeOfCode; 131 UINT32 SizeOfInitializedData; 132 UINT32 SizeOfUninitializedData; 133 UINT32 AddressOfEntryPoint; 134 UINT32 BaseOfCode; 135 UINT32 BaseOfData; 136 137 // 138 // NT additional fields. 139 // 140 141 UINT32 ImageBase; 142 UINT32 SectionAlignment; 143 UINT32 FileAlignment; 144 UINT16 MajorOperatingSystemVersion; 145 UINT16 MinorOperatingSystemVersion; 146 UINT16 MajorImageVersion; 147 UINT16 MinorImageVersion; 148 UINT16 MajorSubsystemVersion; 149 UINT16 MinorSubsystemVersion; 150 UINT32 Reserved1; 151 UINT32 SizeOfImage; 152 UINT32 SizeOfHeaders; 153 UINT32 CheckSum; 154 UINT16 Subsystem; 155 UINT16 DllCharacteristics; 156 UINT32 SizeOfStackReserve; 157 UINT32 SizeOfStackCommit; 158 UINT32 SizeOfHeapReserve; 159 UINT32 SizeOfHeapCommit; 160 UINT32 LoaderFlags; 161 UINT32 NumberOfRvaAndSizes; 162 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 163} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; 164 165typedef struct _IMAGE_ROM_OPTIONAL_HEADER { 166 UINT16 Magic; 167 UINT8 MajorLinkerVersion; 168 UINT8 MinorLinkerVersion; 169 UINT32 SizeOfCode; 170 UINT32 SizeOfInitializedData; 171 UINT32 SizeOfUninitializedData; 172 UINT32 AddressOfEntryPoint; 173 UINT32 BaseOfCode; 174 UINT32 BaseOfData; 175 UINT32 BaseOfBss; 176 UINT32 GprMask; 177 UINT32 CprMask[4]; 178 UINT32 GpValue; 179} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER; 180 181#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56 182#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28 183#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224 184 185#define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b 186#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 187 188typedef struct _IMAGE_NT_HEADERS { 189 UINT32 Signature; 190 IMAGE_FILE_HEADER FileHeader; 191 IMAGE_OPTIONAL_HEADER OptionalHeader; 192} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS; 193 194typedef struct _IMAGE_ROM_HEADERS { 195 IMAGE_FILE_HEADER FileHeader; 196 IMAGE_ROM_OPTIONAL_HEADER OptionalHeader; 197} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS; 198 199#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ 200 ((UINT32)ntheader + \ 201 FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \ 202 ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \ 203 )) 204 205 206// Subsystem Values 207 208#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. 209#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. 210#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. 211#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. 212#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. 213#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem. 214 215 216// Directory Entries 217 218#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory 219#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory 220#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory 221#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory 222#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory 223#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table 224#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory 225#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String 226#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) 227#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory 228#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory 229 230// 231// Section header format. 232// 233 234#define IMAGE_SIZEOF_SHORT_NAME 8 235 236typedef struct _IMAGE_SECTION_HEADER { 237 UINT8 Name[IMAGE_SIZEOF_SHORT_NAME]; 238 union { 239 UINT32 PhysicalAddress; 240 UINT32 VirtualSize; 241 } Misc; 242 UINT32 VirtualAddress; 243 UINT32 SizeOfRawData; 244 UINT32 PointerToRawData; 245 UINT32 PointerToRelocations; 246 UINT32 PointerToLinenumbers; 247 UINT16 NumberOfRelocations; 248 UINT16 NumberOfLinenumbers; 249 UINT32 Characteristics; 250} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; 251 252#define IMAGE_SIZEOF_SECTION_HEADER 40 253 254#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. 255 256#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. 257#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. 258#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. 259 260#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. 261#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. 262#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. 263#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. 264 265#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // 266#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // 267#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // 268#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // 269#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified. 270#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // 271#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // 272 273#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. 274#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. 275#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. 276#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. 277#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. 278#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. 279#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. 280 281// 282// Symbol format. 283// 284 285 286#define IMAGE_SIZEOF_SYMBOL 18 287 288// 289// Section values. 290// 291// Symbols have a section number of the section in which they are 292// defined. Otherwise, section numbers have the following meanings: 293// 294 295#define IMAGE_SYM_UNDEFINED (UINT16)0 // Symbol is undefined or is common. 296#define IMAGE_SYM_ABSOLUTE (UINT16)-1 // Symbol is an absolute value. 297#define IMAGE_SYM_DEBUG (UINT16)-2 // Symbol is a special debug item. 298 299// 300// Type (fundamental) values. 301// 302 303#define IMAGE_SYM_TYPE_NULL 0 // no type. 304#define IMAGE_SYM_TYPE_VOID 1 // 305#define IMAGE_SYM_TYPE_CHAR 2 // type character. 306#define IMAGE_SYM_TYPE_SHORT 3 // type short integer. 307#define IMAGE_SYM_TYPE_INT 4 // 308#define IMAGE_SYM_TYPE_LONG 5 // 309#define IMAGE_SYM_TYPE_FLOAT 6 // 310#define IMAGE_SYM_TYPE_DOUBLE 7 // 311#define IMAGE_SYM_TYPE_STRUCT 8 // 312#define IMAGE_SYM_TYPE_UNION 9 // 313#define IMAGE_SYM_TYPE_ENUM 10 // enumeration. 314#define IMAGE_SYM_TYPE_MOE 11 // member of enumeration. 315#define IMAGE_SYM_TYPE_BYTE 12 // 316#define IMAGE_SYM_TYPE_WORD 13 // 317#define IMAGE_SYM_TYPE_UINT 14 // 318#define IMAGE_SYM_TYPE_DWORD 15 // 319 320// 321// Type (derived) values. 322// 323 324#define IMAGE_SYM_DTYPE_NULL 0 // no derived type. 325#define IMAGE_SYM_DTYPE_POINTER 1 // pointer. 326#define IMAGE_SYM_DTYPE_FUNCTION 2 // function. 327#define IMAGE_SYM_DTYPE_ARRAY 3 // array. 328 329// 330// Storage classes. 331// 332 333#define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1 334#define IMAGE_SYM_CLASS_NULL 0 335#define IMAGE_SYM_CLASS_AUTOMATIC 1 336#define IMAGE_SYM_CLASS_EXTERNAL 2 337#define IMAGE_SYM_CLASS_STATIC 3 338#define IMAGE_SYM_CLASS_REGISTER 4 339#define IMAGE_SYM_CLASS_EXTERNAL_DEF 5 340#define IMAGE_SYM_CLASS_LABEL 6 341#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 7 342#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 8 343#define IMAGE_SYM_CLASS_ARGUMENT 9 344#define IMAGE_SYM_CLASS_STRUCT_TAG 10 345#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 11 346#define IMAGE_SYM_CLASS_UNION_TAG 12 347#define IMAGE_SYM_CLASS_TYPE_DEFINITION 13 348#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 14 349#define IMAGE_SYM_CLASS_ENUM_TAG 15 350#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 16 351#define IMAGE_SYM_CLASS_REGISTER_PARAM 17 352#define IMAGE_SYM_CLASS_BIT_FIELD 18 353#define IMAGE_SYM_CLASS_BLOCK 100 354#define IMAGE_SYM_CLASS_FUNCTION 101 355#define IMAGE_SYM_CLASS_END_OF_STRUCT 102 356#define IMAGE_SYM_CLASS_FILE 103 357// new 358#define IMAGE_SYM_CLASS_SECTION 104 359#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 105 360 361// type packing constants 362 363#define N_BTMASK 017 364#define N_TMASK 060 365#define N_TMASK1 0300 366#define N_TMASK2 0360 367#define N_BTSHFT 4 368#define N_TSHIFT 2 369 370// MACROS 371 372// 373// Communal selection types. 374// 375 376#define IMAGE_COMDAT_SELECT_NODUPLICATES 1 377#define IMAGE_COMDAT_SELECT_ANY 2 378#define IMAGE_COMDAT_SELECT_SAME_SIZE 3 379#define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 380#define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 381 382#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 383#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 384#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 385 386 387// 388// Relocation format. 389// 390 391typedef struct _IMAGE_RELOCATION { 392 UINT32 VirtualAddress; 393 UINT32 SymbolTableIndex; 394 UINT16 Type; 395} IMAGE_RELOCATION; 396 397#define IMAGE_SIZEOF_RELOCATION 10 398 399// 400// I386 relocation types. 401// 402 403#define IMAGE_REL_I386_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 404#define IMAGE_REL_I386_DIR16 01 // Direct 16-bit reference to the symbols virtual address 405#define IMAGE_REL_I386_REL16 02 // PC-relative 16-bit reference to the symbols virtual address 406#define IMAGE_REL_I386_DIR32 06 // Direct 32-bit reference to the symbols virtual address 407#define IMAGE_REL_I386_DIR32NB 07 // Direct 32-bit reference to the symbols virtual address, base not included 408#define IMAGE_REL_I386_SEG12 011 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 409#define IMAGE_REL_I386_SECTION 012 410#define IMAGE_REL_I386_SECREL 013 411#define IMAGE_REL_I386_REL32 024 // PC-relative 32-bit reference to the symbols virtual address 412 413// 414// MIPS relocation types. 415// 416 417#define IMAGE_REL_MIPS_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 418#define IMAGE_REL_MIPS_REFHALF 01 419#define IMAGE_REL_MIPS_REFWORD 02 420#define IMAGE_REL_MIPS_JMPADDR 03 421#define IMAGE_REL_MIPS_REFHI 04 422#define IMAGE_REL_MIPS_REFLO 05 423#define IMAGE_REL_MIPS_GPREL 06 424#define IMAGE_REL_MIPS_LITERAL 07 425#define IMAGE_REL_MIPS_SECTION 012 426#define IMAGE_REL_MIPS_SECREL 013 427#define IMAGE_REL_MIPS_REFWORDNB 042 428#define IMAGE_REL_MIPS_PAIR 045 429 430// 431// Alpha Relocation types. 432// 433 434#define IMAGE_REL_ALPHA_ABSOLUTE 0x0 435#define IMAGE_REL_ALPHA_REFLONG 0x1 436#define IMAGE_REL_ALPHA_REFQUAD 0x2 437#define IMAGE_REL_ALPHA_GPREL32 0x3 438#define IMAGE_REL_ALPHA_LITERAL 0x4 439#define IMAGE_REL_ALPHA_LITUSE 0x5 440#define IMAGE_REL_ALPHA_GPDISP 0x6 441#define IMAGE_REL_ALPHA_BRADDR 0x7 442#define IMAGE_REL_ALPHA_HINT 0x8 443#define IMAGE_REL_ALPHA_INLINE_REFLONG 0x9 444#define IMAGE_REL_ALPHA_REFHI 0xA 445#define IMAGE_REL_ALPHA_REFLO 0xB 446#define IMAGE_REL_ALPHA_PAIR 0xC 447#define IMAGE_REL_ALPHA_MATCH 0xD 448#define IMAGE_REL_ALPHA_SECTION 0xE 449#define IMAGE_REL_ALPHA_SECREL 0xF 450#define IMAGE_REL_ALPHA_REFLONGNB 0x10 451 452// 453// IBM PowerPC relocation types. 454// 455 456#define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP 457#define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address 458#define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address 459#define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) 460#define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address 461#define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) 462#define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) 463#define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) 464#define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base 465#define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) 466 467#define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base 468#define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) 469#define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number 470#define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code 471#define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction 472 473#define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type 474 475// Flag bits in IMAGE_RELOCATION.TYPE 476 477#define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it 478#define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken 479#define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken 480#define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) 481 482// 483// Based relocation format. 484// 485 486typedef struct _IMAGE_BASE_RELOCATION { 487 UINT32 VirtualAddress; 488 UINT32 SizeOfBlock; 489// UINT16 TypeOffset[1]; 490} IMAGE_BASE_RELOCATION, *PIMAGE_BASE_RELOCATION; 491 492#define IMAGE_SIZEOF_BASE_RELOCATION 8 493 494// 495// Based relocation types. 496// 497 498#define IMAGE_REL_BASED_ABSOLUTE 0 499#define IMAGE_REL_BASED_HIGH 1 500#define IMAGE_REL_BASED_LOW 2 501#define IMAGE_REL_BASED_HIGHLOW 3 502#define IMAGE_REL_BASED_HIGHADJ 4 503#define IMAGE_REL_BASED_MIPS_JMPADDR 5 504#define IMAGE_REL_BASED_IA64_IMM64 9 505#define IMAGE_REL_BASED_DIR64 10 506 507// 508// Line number format. 509// 510 511typedef struct _IMAGE_LINENUMBER { 512 union { 513 UINT32 SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. 514 UINT32 VirtualAddress; // Virtual address of line number. 515 } Type; 516 UINT16 Linenumber; // Line number. 517} IMAGE_LINENUMBER; 518 519#define IMAGE_SIZEOF_LINENUMBER 6 520 521// 522// Archive format. 523// 524 525#define IMAGE_ARCHIVE_START_SIZE 8 526#define IMAGE_ARCHIVE_START "!<arch>\n" 527#define IMAGE_ARCHIVE_END "`\n" 528#define IMAGE_ARCHIVE_PAD "\n" 529#define IMAGE_ARCHIVE_LINKER_MEMBER "/ " 530#define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " 531 532typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { 533 UINT8 Name[16]; // File member name - `/' terminated. 534 UINT8 Date[12]; // File member date - decimal. 535 UINT8 UserID[6]; // File member user id - decimal. 536 UINT8 GroupID[6]; // File member group id - decimal. 537 UINT8 Mode[8]; // File member mode - octal. 538 UINT8 Size[10]; // File member size - decimal. 539 UINT8 EndHeader[2]; // String to end header. 540} IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; 541 542#define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 543 544// 545// DLL support. 546// 547 548// 549// Export Format 550// 551 552typedef struct _IMAGE_EXPORT_DIRECTORY { 553 UINT32 Characteristics; 554 UINT32 TimeDateStamp; 555 UINT16 MajorVersion; 556 UINT16 MinorVersion; 557 UINT32 Name; 558 UINT32 Base; 559 UINT32 NumberOfFunctions; 560 UINT32 NumberOfNames; 561 UINT32 *AddressOfFunctions; 562 UINT32 *AddressOfNames; 563 UINT32 *AddressOfNameOrdinals; 564} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; 565 566// 567// Import Format 568// 569 570typedef struct _IMAGE_IMPORT_BY_NAME { 571 UINT16 Hint; 572 UINT8 Name[1]; 573} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; 574 575typedef struct _IMAGE_THUNK_DATA { 576 union { 577 UINT32 Function; 578 UINT32 Ordinal; 579 PIMAGE_IMPORT_BY_NAME AddressOfData; 580 } u1; 581} IMAGE_THUNK_DATA, *PIMAGE_THUNK_DATA; 582 583#define IMAGE_ORDINAL_FLAG 0x80000000 584#define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0) 585#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff) 586 587typedef struct _IMAGE_IMPORT_DESCRIPTOR { 588 UINT32 Characteristics; 589 UINT32 TimeDateStamp; 590 UINT32 ForwarderChain; 591 UINT32 Name; 592 PIMAGE_THUNK_DATA FirstThunk; 593} IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; 594 595#endif 596