1 /*- 2 * Copyright (c) 2015 Kai Wang 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $Id: pe.h 3312 2016-01-10 09:23:51Z kaiwang27 $ 27 */ 28 29 #ifndef _PE_H_ 30 #define _PE_H_ 31 32 #include <stdint.h> 33 34 /* 35 * MS-DOS header. 36 */ 37 38 typedef struct _PE_DosHdr { 39 char dh_magic[2]; 40 uint16_t dh_lastsize; 41 uint16_t dh_nblock; 42 uint16_t dh_nreloc; 43 uint16_t dh_hdrsize; 44 uint16_t dh_minalloc; 45 uint16_t dh_maxalloc; 46 uint16_t dh_ss; 47 uint16_t dh_sp; 48 uint16_t dh_checksum; 49 uint16_t dh_ip; 50 uint16_t dh_cs; 51 uint16_t dh_relocpos; 52 uint16_t dh_noverlay; 53 uint16_t dh_reserved1[4]; 54 uint16_t dh_oemid; 55 uint16_t dh_oeminfo; 56 uint16_t dh_reserved2[10]; 57 uint32_t dh_lfanew; 58 } PE_DosHdr; 59 60 /* 61 * Rich header. 62 */ 63 64 typedef struct _PE_RichHdr { 65 uint32_t rh_xor; 66 uint32_t rh_total; 67 uint32_t *rh_compid; 68 uint32_t *rh_cnt; 69 } PE_RichHdr; 70 71 /* 72 * COFF header: Machine Types. 73 */ 74 75 #define IMAGE_FILE_MACHINE_UNKNOWN 0x0 /* not specified */ 76 #define IMAGE_FILE_MACHINE_AM33 0x1d3 /* Matsushita AM33 */ 77 #define IMAGE_FILE_MACHINE_AMD64 0x8664 /* x86-64 */ 78 #define IMAGE_FILE_MACHINE_ARM 0x1c0 /* ARM LE */ 79 #define IMAGE_FILE_MACHINE_ARMNT 0x1c4 /* ARMv7(or higher) Thumb */ 80 #define IMAGE_FILE_MACHINE_ARM64 0xaa64 /* ARMv8 64-bit */ 81 #define IMAGE_FILE_MACHINE_EBC 0xebc /* EFI byte code */ 82 #define IMAGE_FILE_MACHINE_I386 0x14c /* x86 */ 83 #define IMAGE_FILE_MACHINE_IA64 0x200 /* IA64 */ 84 #define IMAGE_FILE_MACHINE_M32R 0x9041 /* Mitsubishi M32R LE */ 85 #define IMAGE_FILE_MACHINE_MIPS16 0x266 /* MIPS16 */ 86 #define IMAGE_FILE_MACHINE_MIPSFPU 0x366 /* MIPS with FPU */ 87 #define IMAGE_FILE_MACHINE_MIPSFPU16 0x466 /* MIPS16 with FPU */ 88 #define IMAGE_FILE_MACHINE_POWERPC 0x1f0 /* Power PC LE */ 89 #define IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 /* Power PC floating point */ 90 #define IMAGE_FILE_MACHINE_R4000 0x166 /* MIPS R4000 LE */ 91 #define IMAGE_FILE_MACHINE_SH3 0x1a2 /* Hitachi SH3 */ 92 #define IMAGE_FILE_MACHINE_SH3DSP 0x1a3 /* Hitachi SH3 DSP */ 93 #define IMAGE_FILE_MACHINE_SH4 0x1a6 /* Hitachi SH4 */ 94 #define IMAGE_FILE_MACHINE_SH5 0x1a8 /* Hitachi SH5 */ 95 #define IMAGE_FILE_MACHINE_THUMB 0x1c2 /* ARM or Thumb interworking */ 96 #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 /* MIPS LE WCE v2 */ 97 98 /* 99 * COFF header: Characteristics 100 */ 101 102 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 103 #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 104 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 105 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 106 #define IMAGE_FILE_AGGRESSIVE_WS_TRIM 0x0010 107 #define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 108 #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 109 #define IMAGE_FILE_32BIT_MACHINE 0x0100 110 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 111 #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 112 #define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 113 #define IMAGE_FILE_SYSTEM 0x1000 114 #define IMAGE_FILE_DLL 0x2000 115 #define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 116 #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 117 118 /* 119 * COFF Header. 120 */ 121 122 typedef struct _PE_CoffHdr { 123 uint16_t ch_machine; 124 uint16_t ch_nsec; 125 uint32_t ch_timestamp; 126 uint32_t ch_symptr; 127 uint32_t ch_nsym; 128 uint16_t ch_optsize; 129 uint16_t ch_char; 130 } PE_CoffHdr; 131 132 133 /* 134 * Optional Header: Subsystem. 135 */ 136 137 #define IMAGE_SUBSYSTEM_UNKNOWN 0 138 #define IMAGE_SUBSYSTEM_NATIVE 1 139 #define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 140 #define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 141 #define IMAGE_SUBSYSTEM_POSIX_CUI 7 142 #define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 143 #define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 144 #define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 145 #define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 146 #define IMAGE_SUBSYSTEM_EFI_ROM 13 147 #define IMAGE_SUBSYSTEM_XBOX 14 148 149 /* 150 * Optional Header: DLL Characteristics 151 */ 152 153 #define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE 0x0040 154 #define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY 0x0080 155 #define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT 0x0100 156 #define IMAGE_DLL_CHARACTERISTICS_NO_ISOLATION 0x0200 157 #define IMAGE_DLL_CHARACTERISTICS_NO_SEH 0x0400 158 #define IMAGE_DLL_CHARACTERISTICS_NO_BIND 0x0800 159 #define IMAGE_DLL_CHARACTERISTICS_WDM_DRIVER 0x2000 160 #define IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 161 162 /* 163 * Optional Header. 164 */ 165 166 #define PE_FORMAT_ROM 0x107 167 #define PE_FORMAT_32 0x10b 168 #define PE_FORMAT_32P 0x20b 169 170 typedef struct _PE_OptHdr { 171 uint16_t oh_magic; 172 uint8_t oh_ldvermajor; 173 uint8_t oh_ldverminor; 174 uint32_t oh_textsize; 175 uint32_t oh_datasize; 176 uint32_t oh_bsssize; 177 uint32_t oh_entry; 178 uint32_t oh_textbase; 179 uint32_t oh_database; 180 uint64_t oh_imgbase; 181 uint32_t oh_secalign; 182 uint32_t oh_filealign; 183 uint16_t oh_osvermajor; 184 uint16_t oh_osverminor; 185 uint16_t oh_imgvermajor; 186 uint16_t oh_imgverminor; 187 uint16_t oh_subvermajor; 188 uint16_t oh_subverminor; 189 uint32_t oh_win32ver; 190 uint32_t oh_imgsize; 191 uint32_t oh_hdrsize; 192 uint32_t oh_checksum; 193 uint16_t oh_subsystem; 194 uint16_t oh_dllchar; 195 uint64_t oh_stacksizer; 196 uint64_t oh_stacksizec; 197 uint64_t oh_heapsizer; 198 uint64_t oh_heapsizec; 199 uint32_t oh_ldrflags; 200 uint32_t oh_ndatadir; 201 } PE_OptHdr; 202 203 /* 204 * Optional Header: Data Directories. 205 */ 206 207 #define PE_DD_EXPORT 0 208 #define PE_DD_IMPORT 1 209 #define PE_DD_RESROUCE 2 210 #define PE_DD_EXCEPTION 3 211 #define PE_DD_CERTIFICATE 4 212 #define PE_DD_BASERELOC 5 213 #define PE_DD_DEBUG 6 214 #define PE_DD_ARCH 7 215 #define PE_DD_GLOBALPTR 8 216 #define PE_DD_TLS 9 217 #define PE_DD_LOADCONFIG 10 218 #define PE_DD_BOUNDIMPORT 11 219 #define PE_DD_IAT 12 220 #define PE_DD_DELAYIMPORT 13 221 #define PE_DD_CLRRUNTIME 14 222 #define PE_DD_RESERVED 15 223 #define PE_DD_MAX 16 224 225 typedef struct _PE_DataDirEntry { 226 uint32_t de_addr; 227 uint32_t de_size; 228 } PE_DataDirEntry; 229 230 typedef struct _PE_DataDir { 231 PE_DataDirEntry dd_e[PE_DD_MAX]; 232 uint32_t dd_total; 233 } PE_DataDir; 234 235 /* 236 * Section Headers: Section flags. 237 */ 238 239 #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 240 #define IMAGE_SCN_CNT_CODE 0x00000020 241 #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 242 #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 243 #define IMAGE_SCN_LNK_OTHER 0x00000100 244 #define IMAGE_SCN_LNK_INFO 0x00000200 245 #define IMAGE_SCN_LNK_REMOVE 0x00000800 246 #define IMAGE_SCN_LNK_COMDAT 0x00001000 247 #define IMAGE_SCN_GPREL 0x00008000 248 #define IMAGE_SCN_MEM_PURGEABLE 0x00020000 249 #define IMAGE_SCN_MEM_16BIT 0x00020000 250 #define IMAGE_SCN_MEM_LOCKED 0x00040000 251 #define IMAGE_SCN_MEM_PRELOAD 0x00080000 252 #define IMAGE_SCN_ALIGN_1BYTES 0x00100000 253 #define IMAGE_SCN_ALIGN_2BYTES 0x00200000 254 #define IMAGE_SCN_ALIGN_4BYTES 0x00300000 255 #define IMAGE_SCN_ALIGN_8BYTES 0x00400000 256 #define IMAGE_SCN_ALIGN_16BYTES 0x00500000 257 #define IMAGE_SCN_ALIGN_32BYTES 0x00600000 258 #define IMAGE_SCN_ALIGN_64BYTES 0x00700000 259 #define IMAGE_SCN_ALIGN_128BYTES 0x00800000 260 #define IMAGE_SCN_ALIGN_256BYTES 0x00900000 261 #define IMAGE_SCN_ALIGN_512BYTES 0x00A00000 262 #define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 263 #define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 264 #define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 265 #define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 266 #define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 267 #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 268 #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 269 #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 270 #define IMAGE_SCN_MEM_SHARED 0x10000000 271 #define IMAGE_SCN_MEM_EXECUTE 0x20000000 272 #define IMAGE_SCN_MEM_READ 0x40000000 273 #define IMAGE_SCN_MEM_WRITE 0x80000000 274 275 /* 276 * Section Headers. 277 */ 278 279 typedef struct _PE_SecHdr { 280 char sh_name[8]; 281 uint32_t sh_virtsize; 282 uint32_t sh_addr; 283 uint32_t sh_rawsize; 284 uint32_t sh_rawptr; 285 uint32_t sh_relocptr; 286 uint32_t sh_lineptr; 287 uint16_t sh_nreloc; 288 uint16_t sh_nline; 289 uint32_t sh_char; 290 } PE_SecHdr; 291 292 #endif /* !_PE_H_ */ 293