4 #define _ANONYMOUS_UNION __extension__
5 #define _ANONYMOUS_STRUCT __extension__
6 /* FIXME: at least NTAPI should be STDCALL ? */
9 #define ROUND_UP(N, S) ((((N) + (S) - 1) / (S)) * (S))
11 #define IMAGE_SECTION_CHAR_CODE 0x00000020
12 #define IMAGE_SECTION_CHAR_DATA 0x00000040
13 #define IMAGE_SECTION_CHAR_BSS 0x00000080
14 #define IMAGE_SECTION_CHAR_NON_CACHABLE 0x04000000
15 #define IMAGE_SECTION_CHAR_NON_PAGEABLE 0x08000000
16 #define IMAGE_SECTION_CHAR_SHARED 0x10000000
17 #define IMAGE_SECTION_CHAR_EXECUTABLE 0x20000000
18 #define IMAGE_SECTION_CHAR_READABLE 0x40000000
19 #define IMAGE_SECTION_CHAR_WRITABLE 0x80000000
20 #define IMAGE_SECTION_NOLOAD 0x00000002
22 #define IMAGE_DOS_MAGIC 0x5a4d
23 #define IMAGE_PE_MAGIC 0x00004550
25 #define IMAGE_DOS_SIGNATURE 0x5a4d
26 #define IMAGE_OS2_SIGNATURE 0x454e
28 #define IMAGE_OS2_SIGNATURE_LE 0x454c
29 #define IMAGE_VXD_SIGNATURE 0x454c
30 #define IMAGE_NT_SIGNATURE 0x00004550
33 #define IMAGE_SIZEOF_FILE_HEADER 20
35 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
36 #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
37 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
38 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
39 #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
40 #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
41 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
42 #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
43 #define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
44 #define IMAGE_FILE_SYSTEM 0x1000 // System File.
45 #define IMAGE_FILE_DLL 0x2000 // File is a DLL.
46 #define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
47 #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
49 #define IMAGE_FILE_MACHINE_UNKNOWN 0
50 #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386.
51 #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian
52 #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian
53 #define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian
54 #define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP
55 #define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian
58 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
61 #define IMAGE_SUBSYSTEM_UNKNOWN 0
62 #define IMAGE_SUBSYSTEM_NATIVE 1
63 #define IMAGE_SUBSYSTEM_WINDOWS_GUI 2
64 #define IMAGE_SUBSYSTEM_WINDOWS_CUI 3
65 #define IMAGE_SUBSYSTEM_OS2_GUI 4
66 #define IMAGE_SUBSYSTEM_OS2_CUI 5
67 #define IMAGE_SUBSYSTEM_POSIX_GUI 6
68 #define IMAGE_SUBSYSTEM_POSIX_CUI 7
69 #define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9
75 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
76 #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
77 #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
78 #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
79 #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
80 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
81 #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
82 #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String
83 #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP)
84 #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
85 #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
86 #define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
87 #define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address
89 // Section header format.
91 #define IMAGE_SIZEOF_FILE_HEADER 20
92 #define IMAGE_FILE_MACHINE_UNKNOWN 0
93 #define IMAGE_NT_SIGNATURE 0x00004550
94 #define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b
95 #define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107
96 #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
97 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
98 #define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56
99 #define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28
100 #define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224
101 #define IMAGE_SIZEOF_SHORT_NAME 8
102 #define IMAGE_SIZEOF_SECTION_HEADER 40
103 #define IMAGE_SIZEOF_SYMBOL 18
104 #define IMAGE_SIZEOF_AUX_SYMBOL 18
105 #define IMAGE_SIZEOF_RELOCATION 10
106 #define IMAGE_SIZEOF_BASE_RELOCATION 8
107 #define IMAGE_SIZEOF_LINENUMBER 6
108 #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60
109 #define SIZEOF_RFPO_DATA 16
110 #define IMAGE_FIRST_SECTION(h) ((PIMAGE_SECTION_HEADER) ((DWORD)h+FIELD_OFFSET(IMAGE_NT_HEADERS,OptionalHeader)+((PIMAGE_NT_HEADERS)(h))->FileHeader.SizeOfOptionalHeader))
111 #define IMAGE_SCN_TYPE_NO_PAD 8
112 #define IMAGE_SCN_CNT_CODE 32
113 #define IMAGE_SCN_CNT_INITIALIZED_DATA 64
114 #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 128
115 #define IMAGE_SCN_LNK_OTHER 256
116 #define IMAGE_SCN_LNK_INFO 512
117 #define IMAGE_SCN_LNK_REMOVE 2048
118 #define IMAGE_SCN_LNK_COMDAT 4096
119 #define IMAGE_SCN_MEM_FARDATA 0x8000
120 #define IMAGE_SCN_MEM_PURGEABLE 0x20000
121 #define IMAGE_SCN_MEM_16BIT 0x20000
122 #define IMAGE_SCN_MEM_LOCKED 0x40000
123 #define IMAGE_SCN_MEM_PRELOAD 0x80000
124 #define IMAGE_SCN_ALIGN_1BYTES 0x100000
125 #define IMAGE_SCN_ALIGN_2BYTES 0x200000
126 #define IMAGE_SCN_ALIGN_4BYTES 0x300000
127 #define IMAGE_SCN_ALIGN_8BYTES 0x400000
128 #define IMAGE_SCN_ALIGN_16BYTES 0x500000
129 #define IMAGE_SCN_ALIGN_32BYTES 0x600000
130 #define IMAGE_SCN_ALIGN_64BYTES 0x700000
131 #define IMAGE_SCN_LNK_NRELOC_OVFL 0x1000000
132 #define IMAGE_SCN_MEM_DISCARDABLE 0x2000000
133 #define IMAGE_SCN_MEM_NOT_CACHED 0x4000000
134 #define IMAGE_SCN_MEM_NOT_PAGED 0x8000000
135 #define IMAGE_SCN_MEM_SHARED 0x10000000
136 #define IMAGE_SCN_MEM_EXECUTE 0x20000000
137 #define IMAGE_SCN_MEM_READ 0x40000000
138 #define IMAGE_SCN_MEM_WRITE 0x80000000
139 #define IMAGE_SYM_UNDEFINED 0
140 #define IMAGE_SYM_ABSOLUTE (-1)
141 #define IMAGE_SYM_DEBUG (-2)
142 #define IMAGE_SYM_TYPE_NULL 0
143 #define IMAGE_SYM_TYPE_VOID 1
144 #define IMAGE_SYM_TYPE_CHAR 2
145 #define IMAGE_SYM_TYPE_SHORT 3
146 #define IMAGE_SYM_TYPE_INT 4
147 #define IMAGE_SYM_TYPE_LONG 5
148 #define IMAGE_SYM_TYPE_FLOAT 6
149 #define IMAGE_SYM_TYPE_DOUBLE 7
150 #define IMAGE_SYM_TYPE_STRUCT 8
151 #define IMAGE_SYM_TYPE_UNION 9
152 #define IMAGE_SYM_TYPE_ENUM 10
153 #define IMAGE_SYM_TYPE_MOE 11
154 #define IMAGE_SYM_TYPE_BYTE 12
155 #define IMAGE_SYM_TYPE_WORD 13
156 #define IMAGE_SYM_TYPE_UINT 14
157 #define IMAGE_SYM_TYPE_DWORD 15
158 #define IMAGE_SYM_TYPE_PCODE 32768
159 #define IMAGE_SYM_DTYPE_NULL 0
160 #define IMAGE_SYM_DTYPE_POINTER 1
161 #define IMAGE_SYM_DTYPE_FUNCTION 2
162 #define IMAGE_SYM_DTYPE_ARRAY 3
163 #define IMAGE_SYM_CLASS_END_OF_FUNCTION (-1)
164 #define IMAGE_SYM_CLASS_NULL 0
165 #define IMAGE_SYM_CLASS_AUTOMATIC 1
166 #define IMAGE_SYM_CLASS_EXTERNAL 2
167 #define IMAGE_SYM_CLASS_STATIC 3
168 #define IMAGE_SYM_CLASS_REGISTER 4
169 #define IMAGE_SYM_CLASS_EXTERNAL_DEF 5
170 #define IMAGE_SYM_CLASS_LABEL 6
171 #define IMAGE_SYM_CLASS_UNDEFINED_LABEL 7
172 #define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 8
173 #define IMAGE_SYM_CLASS_ARGUMENT 9
174 #define IMAGE_SYM_CLASS_STRUCT_TAG 10
175 #define IMAGE_SYM_CLASS_MEMBER_OF_UNION 11
176 #define IMAGE_SYM_CLASS_UNION_TAG 12
177 #define IMAGE_SYM_CLASS_TYPE_DEFINITION 13
178 #define IMAGE_SYM_CLASS_UNDEFINED_STATIC 14
179 #define IMAGE_SYM_CLASS_ENUM_TAG 15
180 #define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 16
181 #define IMAGE_SYM_CLASS_REGISTER_PARAM 17
182 #define IMAGE_SYM_CLASS_BIT_FIELD 18
183 #define IMAGE_SYM_CLASS_FAR_EXTERNAL 68
184 #define IMAGE_SYM_CLASS_BLOCK 100
185 #define IMAGE_SYM_CLASS_FUNCTION 101
186 #define IMAGE_SYM_CLASS_END_OF_STRUCT 102
187 #define IMAGE_SYM_CLASS_FILE 103
188 #define IMAGE_SYM_CLASS_SECTION 104
189 #define IMAGE_SYM_CLASS_WEAK_EXTERNAL 105
190 #define IMAGE_COMDAT_SELECT_NODUPLICATES 1
191 #define IMAGE_COMDAT_SELECT_ANY 2
192 #define IMAGE_COMDAT_SELECT_SAME_SIZE 3
193 #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4
194 #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5
195 #define IMAGE_COMDAT_SELECT_LARGEST 6
196 #define IMAGE_COMDAT_SELECT_NEWEST 7
197 #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1
198 #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2
199 #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3
200 #define IMAGE_REL_I386_ABSOLUTE 0
201 #define IMAGE_REL_I386_DIR16 1
202 #define IMAGE_REL_I386_REL16 2
203 #define IMAGE_REL_I386_DIR32 6
204 #define IMAGE_REL_I386_DIR32NB 7
205 #define IMAGE_REL_I386_SEG12 9
206 #define IMAGE_REL_I386_SECTION 10
207 #define IMAGE_REL_I386_SECREL 11
208 #define IMAGE_REL_I386_REL32 20
209 #define IMAGE_REL_MIPS_ABSOLUTE 0
210 #define IMAGE_REL_MIPS_REFHALF 1
211 #define IMAGE_REL_MIPS_REFWORD 2
212 #define IMAGE_REL_MIPS_JMPADDR 3
213 #define IMAGE_REL_MIPS_REFHI 4
214 #define IMAGE_REL_MIPS_REFLO 5
215 #define IMAGE_REL_MIPS_GPREL 6
216 #define IMAGE_REL_MIPS_LITERAL 7
217 #define IMAGE_REL_MIPS_SECTION 10
218 #define IMAGE_REL_MIPS_SECREL 11
219 #define IMAGE_REL_MIPS_SECRELLO 12
220 #define IMAGE_REL_MIPS_SECRELHI 13
221 #define IMAGE_REL_MIPS_REFWORDNB 34
222 #define IMAGE_REL_MIPS_PAIR 35
223 #define IMAGE_REL_ALPHA_ABSOLUTE 0
224 #define IMAGE_REL_ALPHA_REFLONG 1
225 #define IMAGE_REL_ALPHA_REFQUAD 2
226 #define IMAGE_REL_ALPHA_GPREL32 3
227 #define IMAGE_REL_ALPHA_LITERAL 4
228 #define IMAGE_REL_ALPHA_LITUSE 5
229 #define IMAGE_REL_ALPHA_GPDISP 6
230 #define IMAGE_REL_ALPHA_BRADDR 7
231 #define IMAGE_REL_ALPHA_HINT 8
232 #define IMAGE_REL_ALPHA_INLINE_REFLONG 9
233 #define IMAGE_REL_ALPHA_REFHI 10
234 #define IMAGE_REL_ALPHA_REFLO 11
235 #define IMAGE_REL_ALPHA_PAIR 12
236 #define IMAGE_REL_ALPHA_MATCH 13
237 #define IMAGE_REL_ALPHA_SECTION 14
238 #define IMAGE_REL_ALPHA_SECREL 15
239 #define IMAGE_REL_ALPHA_REFLONGNB 16
240 #define IMAGE_REL_ALPHA_SECRELLO 17
241 #define IMAGE_REL_ALPHA_SECRELHI 18
242 #define IMAGE_REL_PPC_ABSOLUTE 0
243 #define IMAGE_REL_PPC_ADDR64 1
244 #define IMAGE_REL_PPC_ADDR32 2
245 #define IMAGE_REL_PPC_ADDR24 3
246 #define IMAGE_REL_PPC_ADDR16 4
247 #define IMAGE_REL_PPC_ADDR14 5
248 #define IMAGE_REL_PPC_REL24 6
249 #define IMAGE_REL_PPC_REL14 7
250 #define IMAGE_REL_PPC_TOCREL16 8
251 #define IMAGE_REL_PPC_TOCREL14 9
252 #define IMAGE_REL_PPC_ADDR32NB 10
253 #define IMAGE_REL_PPC_SECREL 11
254 #define IMAGE_REL_PPC_SECTION 12
255 #define IMAGE_REL_PPC_IFGLUE 13
256 #define IMAGE_REL_PPC_IMGLUE 14
257 #define IMAGE_REL_PPC_SECREL16 15
258 #define IMAGE_REL_PPC_REFHI 16
259 #define IMAGE_REL_PPC_REFLO 17
260 #define IMAGE_REL_PPC_PAIR 18
261 #define IMAGE_REL_PPC_TYPEMASK 255
262 #define IMAGE_REL_PPC_NEG 256
263 #define IMAGE_REL_PPC_BRTAKEN 512
264 #define IMAGE_REL_PPC_BRNTAKEN 1024
265 #define IMAGE_REL_PPC_TOCDEFN 2048
266 #define IMAGE_REL_BASED_ABSOLUTE 0
267 #define IMAGE_REL_BASED_HIGH 1
268 #define IMAGE_REL_BASED_LOW 2
269 #define IMAGE_REL_BASED_HIGHLOW 3
270 #define IMAGE_REL_BASED_HIGHADJ 4
271 #define IMAGE_REL_BASED_MIPS_JMPADDR 5
272 #define IMAGE_ARCHIVE_START_SIZE 8
273 #define IMAGE_ARCHIVE_START "!<arch>\n"
274 #define IMAGE_ARCHIVE_END "`\n"
275 #define IMAGE_ARCHIVE_PAD "\n"
276 #define IMAGE_ARCHIVE_LINKER_MEMBER "/ "
277 #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// "
278 #define IMAGE_ORDINAL_FLAG 0x80000000
279 #define IMAGE_SNAP_BY_ORDINAL(o) ((o&IMAGE_ORDINAL_FLAG)!=0)
280 #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
281 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
282 #define IMAGE_DEBUG_TYPE_UNKNOWN 0
283 #define IMAGE_DEBUG_TYPE_COFF 1
284 #define IMAGE_DEBUG_TYPE_CODEVIEW 2
285 #define IMAGE_DEBUG_TYPE_FPO 3
286 #define IMAGE_DEBUG_TYPE_MISC 4
287 #define IMAGE_DEBUG_TYPE_EXCEPTION 5
288 #define IMAGE_DEBUG_TYPE_FIXUP 6
289 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
290 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
293 #define IMAGE_SIZEOF_SHORT_NAME 8
295 #define IMAGE_SIZEOF_SECTION_HEADER 40
297 #define IMAGE_SECTION_CODE (0x20)
298 #define IMAGE_SECTION_INITIALIZED_DATA (0x40)
299 #define IMAGE_SECTION_UNINITIALIZED_DATA (0x80)
302 typedef struct _IMAGE_FILE_HEADER {
304 WORD NumberOfSections;
306 DWORD PointerToSymbolTable;
307 DWORD NumberOfSymbols;
308 WORD SizeOfOptionalHeader;
309 WORD Characteristics;
310 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
311 typedef struct _IMAGE_DATA_DIRECTORY {
312 DWORD VirtualAddress;
314 } IMAGE_DATA_DIRECTORY,*PIMAGE_DATA_DIRECTORY;
315 typedef struct _IMAGE_OPTIONAL_HEADER {
317 BYTE MajorLinkerVersion;
318 BYTE MinorLinkerVersion;
320 DWORD SizeOfInitializedData;
321 DWORD SizeOfUninitializedData;
322 DWORD AddressOfEntryPoint;
326 DWORD SectionAlignment;
328 WORD MajorOperatingSystemVersion;
329 WORD MinorOperatingSystemVersion;
330 WORD MajorImageVersion;
331 WORD MinorImageVersion;
332 WORD MajorSubsystemVersion;
333 WORD MinorSubsystemVersion;
339 WORD DllCharacteristics;
340 DWORD SizeOfStackReserve;
341 DWORD SizeOfStackCommit;
342 DWORD SizeOfHeapReserve;
343 DWORD SizeOfHeapCommit;
345 DWORD NumberOfRvaAndSizes;
346 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
347 } IMAGE_OPTIONAL_HEADER,*PIMAGE_OPTIONAL_HEADER;
348 typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
350 BYTE MajorLinkerVersion;
351 BYTE MinorLinkerVersion;
353 DWORD SizeOfInitializedData;
354 DWORD SizeOfUninitializedData;
355 DWORD AddressOfEntryPoint;
362 } IMAGE_ROM_OPTIONAL_HEADER,*PIMAGE_ROM_OPTIONAL_HEADER;
365 typedef struct _IMAGE_DOS_HEADER {
385 } IMAGE_DOS_HEADER,*PIMAGE_DOS_HEADER;
386 typedef struct _IMAGE_OS2_HEADER {
414 WORD ne_psegrefbytes;
417 } IMAGE_OS2_HEADER,*PIMAGE_OS2_HEADER;
420 typedef struct _IMAGE_NT_HEADERS {
422 IMAGE_FILE_HEADER FileHeader;
423 IMAGE_OPTIONAL_HEADER OptionalHeader;
424 } IMAGE_NT_HEADERS,*PIMAGE_NT_HEADERS;
425 typedef struct _IMAGE_ROM_HEADERS {
426 IMAGE_FILE_HEADER FileHeader;
427 IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
428 } IMAGE_ROM_HEADERS,*PIMAGE_ROM_HEADERS;
429 typedef struct _IMAGE_SECTION_HEADER {
430 BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
432 DWORD PhysicalAddress;
435 DWORD VirtualAddress;
437 DWORD PointerToRawData;
438 DWORD PointerToRelocations;
439 DWORD PointerToLinenumbers;
440 WORD NumberOfRelocations;
441 WORD NumberOfLinenumbers;
442 DWORD Characteristics;
443 } IMAGE_SECTION_HEADER,*PIMAGE_SECTION_HEADER;
446 typedef struct _IMAGE_SYMBOL {
459 BYTE NumberOfAuxSymbols;
460 } IMAGE_SYMBOL,*PIMAGE_SYMBOL;
461 typedef union _IMAGE_AUX_SYMBOL {
473 DWORD PointerToLinenumber;
474 DWORD PointerToNextFunction;
483 BYTE Name[IMAGE_SIZEOF_SYMBOL];
487 WORD NumberOfRelocations;
488 WORD NumberOfLinenumbers;
493 } IMAGE_AUX_SYMBOL,*PIMAGE_AUX_SYMBOL;
494 typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
495 DWORD NumberOfSymbols;
496 DWORD LvaToFirstSymbol;
497 DWORD NumberOfLinenumbers;
498 DWORD LvaToFirstLinenumber;
499 DWORD RvaToFirstByteOfCode;
500 DWORD RvaToLastByteOfCode;
501 DWORD RvaToFirstByteOfData;
502 DWORD RvaToLastByteOfData;
503 } IMAGE_COFF_SYMBOLS_HEADER,*PIMAGE_COFF_SYMBOLS_HEADER;
504 typedef struct _IMAGE_RELOCATION {
505 _ANONYMOUS_UNION union {
506 DWORD VirtualAddress;
509 DWORD SymbolTableIndex;
511 } IMAGE_RELOCATION,*PIMAGE_RELOCATION;
514 typedef struct _IMAGE_BASE_RELOCATION {
515 DWORD VirtualAddress;
517 } IMAGE_BASE_RELOCATION,*PIMAGE_BASE_RELOCATION;
520 typedef struct _IMAGE_LINENUMBER {
522 DWORD SymbolTableIndex;
523 DWORD VirtualAddress;
526 } IMAGE_LINENUMBER,*PIMAGE_LINENUMBER;
529 typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER {
537 } IMAGE_ARCHIVE_MEMBER_HEADER,*PIMAGE_ARCHIVE_MEMBER_HEADER;
538 typedef struct _IMAGE_EXPORT_DIRECTORY {
539 DWORD Characteristics;
545 DWORD NumberOfFunctions;
547 PDWORD *AddressOfFunctions;
548 PDWORD *AddressOfNames;
549 PWORD *AddressOfNameOrdinals;
550 } IMAGE_EXPORT_DIRECTORY,*PIMAGE_EXPORT_DIRECTORY;
551 typedef struct _IMAGE_IMPORT_BY_NAME {
554 } IMAGE_IMPORT_BY_NAME,*PIMAGE_IMPORT_BY_NAME;
555 typedef struct _IMAGE_THUNK_DATA {
557 PBYTE ForwarderString;
560 PIMAGE_IMPORT_BY_NAME AddressOfData;
562 } IMAGE_THUNK_DATA,*PIMAGE_THUNK_DATA;
563 typedef struct _IMAGE_IMPORT_DESCRIPTOR {
564 _ANONYMOUS_UNION union {
565 DWORD Characteristics;
566 PIMAGE_THUNK_DATA OriginalFirstThunk;
569 DWORD ForwarderChain;
571 PIMAGE_THUNK_DATA FirstThunk;
572 } IMAGE_IMPORT_DESCRIPTOR,*PIMAGE_IMPORT_DESCRIPTOR;
573 typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR {
575 WORD OffsetModuleName;
576 WORD NumberOfModuleForwarderRefs;
577 } IMAGE_BOUND_IMPORT_DESCRIPTOR,*PIMAGE_BOUND_IMPORT_DESCRIPTOR;
578 typedef struct _IMAGE_BOUND_FORWARDER_REF {
580 WORD OffsetModuleName;
582 } IMAGE_BOUND_FORWARDER_REF,*PIMAGE_BOUND_FORWARDER_REF;
583 typedef void(NTAPI *PIMAGE_TLS_CALLBACK)(PVOID,DWORD,PVOID);
584 typedef struct _IMAGE_TLS_DIRECTORY {
585 DWORD StartAddressOfRawData;
586 DWORD EndAddressOfRawData;
587 PDWORD AddressOfIndex;
588 PIMAGE_TLS_CALLBACK *AddressOfCallBacks;
589 DWORD SizeOfZeroFill;
590 DWORD Characteristics;
591 } IMAGE_TLS_DIRECTORY,*PIMAGE_TLS_DIRECTORY;
592 typedef struct _IMAGE_RESOURCE_DIRECTORY {
593 DWORD Characteristics;
597 WORD NumberOfNamedEntries;
598 WORD NumberOfIdEntries;
599 } IMAGE_RESOURCE_DIRECTORY,*PIMAGE_RESOURCE_DIRECTORY;
600 /*_ANONYMOUS_STRUCT typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
601 _ANONYMOUS_UNION union {
602 _ANONYMOUS_STRUCT struct {
604 DWORD NameIsString:1;
609 _ANONYMOUS_UNION union {
611 _ANONYMOUS_STRUCT struct {
612 DWORD OffsetToDirectory:31;
613 DWORD DataIsDirectory:1;
616 } IMAGE_RESOURCE_DIRECTORY_ENTRY,*PIMAGE_RESOURCE_DIRECTORY_ENTRY;
618 typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
621 } IMAGE_RESOURCE_DIRECTORY_STRING,*PIMAGE_RESOURCE_DIRECTORY_STRING;
622 typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
625 } IMAGE_RESOURCE_DIR_STRING_U,*PIMAGE_RESOURCE_DIR_STRING_U;
626 typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
631 } IMAGE_RESOURCE_DATA_ENTRY,*PIMAGE_RESOURCE_DATA_ENTRY;
632 typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY {
633 DWORD Characteristics;
637 DWORD GlobalFlagsClear;
638 DWORD GlobalFlagsSet;
639 DWORD CriticalSectionDefaultTimeout;
640 DWORD DeCommitFreeBlockThreshold;
641 DWORD DeCommitTotalFreeThreshold;
642 PVOID LockPrefixTable;
643 DWORD MaximumAllocationSize;
644 DWORD VirtualMemoryThreshold;
645 DWORD ProcessHeapFlags;
647 } IMAGE_LOAD_CONFIG_DIRECTORY,*PIMAGE_LOAD_CONFIG_DIRECTORY;
648 typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY {
651 PVOID ExceptionHandler;
653 DWORD PrologEndAddress;
654 } IMAGE_RUNTIME_FUNCTION_ENTRY,*PIMAGE_RUNTIME_FUNCTION_ENTRY;
655 typedef struct _IMAGE_DEBUG_DIRECTORY {
656 DWORD Characteristics;
662 DWORD AddressOfRawData;
663 DWORD PointerToRawData;
664 } IMAGE_DEBUG_DIRECTORY,*PIMAGE_DEBUG_DIRECTORY;
665 typedef struct _FPO_DATA {
676 } FPO_DATA,*PFPO_DATA;
677 typedef struct _IMAGE_DEBUG_MISC {
683 } IMAGE_DEBUG_MISC,*PIMAGE_DEBUG_MISC;
684 typedef struct _IMAGE_FUNCTION_ENTRY {
685 DWORD StartingAddress;
688 } IMAGE_FUNCTION_ENTRY,*PIMAGE_FUNCTION_ENTRY;
689 typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
693 WORD Characteristics;
698 DWORD NumberOfSections;
699 DWORD ExportedNamesSize;
700 DWORD DebugDirectorySize;
702 } IMAGE_SEPARATE_DEBUG_HEADER,*PIMAGE_SEPARATE_DEBUG_HEADER;
709 #define IMAGE_ORDINAL_FLAG 0x80000000
710 #define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
713 // Predefined resource types ... there may be some more, but I don't have
714 // the information yet. .....sang cho.....
716 #define RT_NEWRESOURCE 0x2000
717 #define RT_ERROR 0x7fff
718 #define NEWBITMAP (RT_BITMAP|RT_NEWRESOURCE)
719 #define NEWMENU (RT_MENU|RT_NEWRESOURCE)
720 #define NEWDIALOG (RT_DIALOG|RT_NEWRESOURCE)
728 // Resource directory consists of two counts, following by a variable length
729 // array of directory entries. The first count is the number of entries at
730 // beginning of the array that have actual names associated with each entry.
731 // The entries are in ascending order, case insensitive strings. The second
732 // count is the number of entries that immediately follow the named entries.
733 // This second count identifies the number of entries that have 16-bit integer
734 // Ids as their name. These entries are also sorted in ascending order.
736 // This structure allows fast lookup by either name or number, but for any
737 // given resource entry only one form of lookup is supported, not both.
738 // This is consistant with the syntax of the .RC file and the .RES file.
743 // Each directory contains the 32-bit Name of the entry and an offset,
744 // relative to the beginning of the resource directory of the data associated
745 // with this directory entry. If the name of the entry is an actual text
746 // string instead of an integer Id, then the high order bit of the name field
747 // is set to one and the low order 31-bits are an offset, relative to the
748 // beginning of the resource directory of the string, which is of type
749 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
750 // low-order 16-bits are the integer Id that identify this resource directory
751 // entry. If the directory entry is yet another resource directory (i.e. a
752 // subdirectory), then the high order bit of the offset field will be
753 // set to indicate this. Otherwise the high bit is clear and the offset
754 // field points to a resource data entry.
756 typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
759 } IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
761 typedef struct _IMAGE_RESOURCE_DIRECTORY {
762 DWORD Characteristics;
766 WORD NumberOfNamedEntries;
767 WORD NumberOfIdEntries;
768 IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[0];
769 } IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
771 #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
772 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
777 // For resource directory entries that have actual string names, the Name
778 // field of the directory entry points to an object of the following type.
779 // All of these string objects are stored together after the last resource
780 // directory entry and before the first resource data object. This minimizes
781 // the impact of these variable length objects on the alignment of the fixed
782 // size directory entry objects.
784 /* defined above from mingw. ei
785 typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
787 CHAR NameString[ 1 ];
788 } IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
791 typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
793 WCHAR NameString[ 1 ];
794 } IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
798 // Each resource data entry describes a leaf node in the resource directory
799 // tree. It contains an offset, relative to the beginning of the resource
800 // directory of the data for the resource, a size field that gives the number
801 // of bytes of data at that offset, a CodePage that should be used when
802 // decoding code point values within the resource data. Typically for new
803 // applications the code page would be the unicode code page.
806 typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
811 } IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
814 // Menu Resources ... added by .....sang cho....
816 // Menu resources are composed of a menu header followed by a sequential list
817 // of menu items. There are two types of menu items: pop-ups and normal menu
818 // itmes. The MENUITEM SEPARATOR is a special case of a normal menu item with
819 // an empty name, zero ID, and zero flags.
821 typedef struct _IMAGE_MENU_HEADER{
822 WORD wVersion; // Currently zero
823 WORD cbHeaderSize; // Also zero
824 } IMAGE_MENU_HEADER, *PIMAGE_MENU_HEADER;
826 typedef struct _IMAGE_POPUP_MENU_ITEM{
829 } IMAGE_POPUP_MENU_ITEM, *PIMAGE_POPUP_MENU_ITEM;
831 typedef struct _IMAGE_NORMAL_MENU_ITEM{
835 } IMAGE_NORMAL_MENU_ITEM, *PIMAGE_NORMAL_MENU_ITEM;
837 #define MI_GRAYED 0x0001 // GRAYED keyword
838 #define MI_INACTIVE 0x0002 // INACTIVE keyword
839 #define MI_BITMAP 0x0004 // BITMAP keyword
840 #define MI_OWNERDRAW 0x0100 // OWNERDRAW keyword
841 #define MI_CHECKED 0x0008 // CHECKED keyword
842 #define MI_POPUP 0x0010 // used internally
843 #define MI_MENUBARBREAK 0x0020 // MENUBARBREAK keyword
844 #define MI_MENUBREAK 0x0040 // MENUBREAK keyword
845 #define MI_ENDMENU 0x0080 // used internally
847 // Dialog Box Resources .................. added by sang cho.
849 // A dialog box is contained in a single resource and has a header and
850 // a portion repeated for each control in the dialog box.
851 // The item DWORD IStyle is a standard window style composed of flags found
853 // The default style for a dialog box is:
854 // WS_POPUP | WS_BORDER | WS_SYSMENU
856 // The itme marked "Name or Ordinal" are :
857 // If the first word is an 0xffff, the next two bytes contain an ordinal ID.
858 // Otherwise, the first one or more WORDS contain a double-null-terminated string.
859 // An empty string is represented by a single WORD zero in the first location.
861 // The WORD wPointSize and WCHAR szFontName entries are present if the FONT
862 // statement was included for the dialog box. This can be detected by checking
863 // the entry IStyle. If IStyle & DS_SETFONT ( which is 0x40), then these
864 // entries will be present.
866 typedef struct _IMAGE_DIALOG_BOX_HEADER1{
868 DWORD IExtendedStyle; // New for Windows NT
869 WORD nControls; // Number of Controls
874 // N_OR_O MenuName; // Name or Ordinal ID
875 // N_OR_O ClassName; // Name or Ordinal ID
876 // WCHAR szCaption[];
877 // WORD wPointSize; // Only here if FONT set for dialog
878 // WCHAR szFontName[]; // This too
879 } IMAGE_DIALOG_HEADER, *PIMAGE_DIALOG_HEADER;
881 typedef union _NAME_OR_ORDINAL{ // Name or Ordinal ID
887 } NAME_OR_ORDINAL, *PNAME_OR_ORDINAL;
889 // The data for each control starts on a DWORD boundary (which may require
890 // some padding from the previous control), and its format is as follows:
892 typedef struct _IMAGE_CONTROL_DATA{
894 DWORD IExtendedStyle;
903 } IMAGE_CONTROL_DATA, *PIMAGE_CONTROL_DATA;
907 //#define STATIC 0x82
909 #define SCROLLBAR 0x84
910 #define COMBOBOX 0x85
912 // The various statements used in a dialog script are all mapped to these
913 // classes along with certain modifying styles. The values for these styles
914 // can be found in WINDOWS.H. All dialog controls have the default styles
915 // of WS_CHILD and WS_VISIBLE. A list of the default styles used follows:
917 // Statement Default Class Default Styles
918 // CONTROL None WS_CHILD|WS_VISIBLE
919 // LTEXT STATIC ES_LEFT
920 // RTEXT STATIC ES_RIGHT
921 // CTEXT STATIC ES_CENTER
922 // LISTBOX LISTBOX WS_BORDER|LBS_NOTIFY
923 // CHECKBOX BUTTON BS_CHECKBOX|WS_TABSTOP
924 // PUSHBUTTON BUTTON BS_PUSHBUTTON|WS_TABSTOP
925 // GROUPBOX BUTTON BS_GROUPBOX
926 // DEFPUSHBUTTON BUTTON BS_DFPUSHBUTTON|WS_TABSTOP
927 // RADIOBUTTON BUTTON BS_RADIOBUTTON
928 // AUTOCHECKBOX BUTTON BS_AUTOCHECKBOX
929 // AUTO3STATE BUTTON BS_AUTO3STATE
930 // AUTORADIOBUTTON BUTTON BS_AUTORADIOBUTTON
931 // PUSHBOX BUTTON BS_PUSHBOX
932 // STATE3 BUTTON BS_3STATE
933 // EDITTEXT EDIT ES_LEFT|WS_BORDER|WS_TABSTOP
934 // COMBOBOX COMBOBOX None
935 // ICON STATIC SS_ICON
936 // SCROLLBAR SCROLLBAR None
939 #define IMAGE_DEBUG_TYPE_UNKNOWN 0
940 #define IMAGE_DEBUG_TYPE_COFF 1
941 #define IMAGE_DEBUG_TYPE_CODEVIEW 2
942 #define IMAGE_DEBUG_TYPE_FPO 3
943 #define IMAGE_DEBUG_TYPE_MISC 4
944 #define IMAGE_DEBUG_TYPE_EXCEPTION 5
945 #define IMAGE_DEBUG_TYPE_FIXUP 6
946 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
947 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
952 // Debugging information can be stripped from an image file and placed
953 // in a separate .DBG file, whose file name part is the same as the
954 // image file name part (e.g. symbols for CMD.EXE could be stripped
955 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
956 // flag in the Characteristics field of the file header. The beginning of
957 // the .DBG file contains the following structure which captures certain
958 // information from the image file. This allows a debug to proceed even if
959 // the original image file is not accessable. This header is followed by
960 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
961 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
962 // the image file contain file offsets relative to the beginning of the
965 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
966 // is left in the image file, but not mapped. This allows a debugger to
967 // compute the name of the .DBG file, from the name of the image in the
968 // IMAGE_DEBUG_MISC structure.
971 typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
975 WORD Characteristics;
980 DWORD NumberOfSections;
981 DWORD ExportedNamesSize;
982 DWORD DebugDirectorySize;
983 DWORD SectionAlignment;
985 } IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
987 #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
989 #define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
990 #define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
991 // old checksum didn't match.
997 #define SIZE_OF_NT_SIGNATURE sizeof (DWORD)
998 #define MAXRESOURCENAME 13
1000 /* global macros to define header offsets into file */
1001 /* offset to PE file signature */
1002 #define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + \
1003 ((PIMAGE_DOS_HEADER)a)->e_lfanew))
1005 /* DOS header identifies the NT PEFile signature dword
1006 the PEFILE header exists just after that dword */
1007 #define PEFHDROFFSET(a) ((LPVOID)((BYTE *)a + \
1008 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
1009 SIZE_OF_NT_SIGNATURE))
1011 /* PE optional header is immediately after PEFile header */
1012 #define OPTHDROFFSET(a) ((LPVOID)((BYTE *)a + \
1013 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
1014 SIZE_OF_NT_SIGNATURE + \
1015 sizeof (IMAGE_FILE_HEADER)))
1017 /* section headers are immediately after PE optional header */
1018 #define SECHDROFFSET(a) ((LPVOID)((BYTE *)a + \
1019 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
1020 SIZE_OF_NT_SIGNATURE + \
1021 sizeof (IMAGE_FILE_HEADER) + \
1022 sizeof (IMAGE_OPTIONAL_HEADER)))
1024 //#define FIELD_OFFSET(type, field) ((LONG)(LONG_PTR)&(((type *)0)->field))
1026 #define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
1027 ((ULONG_PTR)ntheader + \
1028 FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \
1029 ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \
1033 #define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr) + (DWORD)(addValue))
1035 typedef struct _IMAGE_IMPORT_MODULE_DIRECTORY
1037 DWORD dwRVAFunctionNameList;
1040 DWORD dwRVAModuleName;
1041 DWORD dwRVAFunctionAddressList;
1042 } IMAGE_IMPORT_MODULE_DIRECTORY, *PIMAGE_IMPORT_MODULE_DIRECTORY;
1044 typedef struct _RELOCATION_DIRECTORY
1046 DWORD VirtualAddress; /* adresse virtuelle du bloc ou se font les relocations */
1047 DWORD SizeOfBlock; // taille de cette structure + des structures
1048 // relocation_entry qui suivent (ces dernieres sont
1049 // donc au nombre de (SizeOfBlock-8)/2
1050 } RELOCATION_DIRECTORY, *PRELOCATION_DIRECTORY;
1052 typedef struct _RELOCATION_ENTRY
1055 // (TypeOffset >> 12) est le type
1056 // (TypeOffset&0xfff) est l'offset dans le bloc
1057 } RELOCATION_ENTRY, *PRELOCATION_ENTRY;
1059 #define TYPE_RELOC_ABSOLUTE 0
1060 #define TYPE_RELOC_HIGH 1
1061 #define TYPE_RELOC_LOW 2
1062 #define TYPE_RELOC_HIGHLOW 3
1063 #define TYPE_RELOC_HIGHADJ 4
1064 #define TYPE_RELOC_MIPS_JMPADDR 5
1066 #endif /* __INCLUDE_PE_H */