1 /* 2 PE32+ header file 3 */ 4 #ifndef _PE_H 5 #define _PE_H 6 7 #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ 8 #define IMAGE_OS2_SIGNATURE 0x454E // NE 9 #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE 10 #define IMAGE_NT_SIGNATURE 0x00004550 // PE00 11 #define IMAGE_EDOS_SIGNATURE 0x44454550 // PEED 12 13 /***************************************************************************** 14 * The following stuff comes from winnt.h from the ia64sdk, plus the Plabel for 15 * loading EM executables. 16 *****************************************************************************/ 17 // 18 // Intel IA64 specific 19 // 20 21 #define IMAGE_REL_BASED_IA64_IMM64 9 22 #define IMAGE_REL_BASED_IA64_DIR64 10 23 24 struct Plabel { 25 UINT64 EntryPoint; 26 UINT64 NewGP; 27 }; 28 29 typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header 30 UINT16 e_magic; // Magic number 31 UINT16 e_cblp; // Bytes on last page of file 32 UINT16 e_cp; // Pages in file 33 UINT16 e_crlc; // Relocations 34 UINT16 e_cparhdr; // Size of header in paragraphs 35 UINT16 e_minalloc; // Minimum extra paragraphs needed 36 UINT16 e_maxalloc; // Maximum extra paragraphs needed 37 UINT16 e_ss; // Initial (relative) SS value 38 UINT16 e_sp; // Initial SP value 39 UINT16 e_csum; // Checksum 40 UINT16 e_ip; // Initial IP value 41 UINT16 e_cs; // Initial (relative) CS value 42 UINT16 e_lfarlc; // File address of relocation table 43 UINT16 e_ovno; // Overlay number 44 UINT16 e_res[4]; // Reserved words 45 UINT16 e_oemid; // OEM identifier (for e_oeminfo) 46 UINT16 e_oeminfo; // OEM information; e_oemid specific 47 UINT16 e_res2[10]; // Reserved words 48 UINT32 e_lfanew; // File address of new exe header 49 } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER; 50 51 typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header 52 UINT16 ne_magic; // Magic number 53 UINT8 ne_ver; // Version number 54 UINT8 ne_rev; // Revision number 55 UINT16 ne_enttab; // Offset of Entry Table 56 UINT16 ne_cbenttab; // Number of bytes in Entry Table 57 UINT32 ne_crc; // Checksum of whole file 58 UINT16 ne_flags; // Flag UINT16 59 UINT16 ne_autodata; // Automatic data segment number 60 UINT16 ne_heap; // Initial heap allocation 61 UINT16 ne_stack; // Initial stack allocation 62 UINT32 ne_csip; // Initial CS:IP setting 63 UINT32 ne_sssp; // Initial SS:SP setting 64 UINT16 ne_cseg; // Count of file segments 65 UINT16 ne_cmod; // Entries in Module Reference Table 66 UINT16 ne_cbnrestab; // Size of non-resident name table 67 UINT16 ne_segtab; // Offset of Segment Table 68 UINT16 ne_rsrctab; // Offset of Resource Table 69 UINT16 ne_restab; // Offset of resident name table 70 UINT16 ne_modtab; // Offset of Module Reference Table 71 UINT16 ne_imptab; // Offset of Imported Names Table 72 UINT32 ne_nrestab; // Offset of Non-resident Names Table 73 UINT16 ne_cmovent; // Count of movable entries 74 UINT16 ne_align; // Segment alignment shift count 75 UINT16 ne_cres; // Count of resource segments 76 UINT8 ne_exetyp; // Target Operating system 77 UINT8 ne_flagsothers; // Other .EXE flags 78 UINT16 ne_pretthunks; // offset to return thunks 79 UINT16 ne_psegrefbytes; // offset to segment ref. bytes 80 UINT16 ne_swaparea; // Minimum code swap area size 81 UINT16 ne_expver; // Expected Windows version number 82 } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER; 83 84 // 85 // File header format. 86 // 87 88 typedef struct _IMAGE_FILE_HEADER { 89 UINT16 Machine; 90 UINT16 NumberOfSections; 91 UINT32 TimeDateStamp; 92 UINT32 PointerToSymbolTable; 93 UINT32 NumberOfSymbols; 94 UINT16 SizeOfOptionalHeader; 95 UINT16 Characteristics; 96 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 97 98 #define IMAGE_SIZEOF_FILE_HEADER 20 99 100 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file. 101 #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references). 102 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file. 103 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file. 104 #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. 105 #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. 106 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file 107 #define IMAGE_FILE_SYSTEM 0x1000 // System File. 108 #define IMAGE_FILE_DLL 0x2000 // File is a DLL. 109 #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed. 110 111 #define IMAGE_FILE_MACHINE_UNKNOWN 0 112 #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. 113 #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0540 big-endian 114 #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian 115 #define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP 116 #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x1c2 // Arm/Thumb 117 #define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian 118 #define IMAGE_FILE_MACHINE_IA64 0x200 // IA-64 119 #define IMAGE_FILE_MACHINE_TAHOE 0x7cc // Intel EM machine 120 #define IMAGE_FILE_MACHINE_EBC 0xebc // EFI Byte Code 121 #define IMAGE_FILE_MACHINE_X64 0x8664 // x86_64 122 // 123 // Directory format. 124 // 125 126 typedef struct _IMAGE_DATA_DIRECTORY { 127 UINT32 VirtualAddress; 128 UINT32 Size; 129 } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; 130 131 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 132 133 134 typedef struct _IMAGE_ROM_OPTIONAL_HEADER { 135 UINT16 Magic; 136 UINT8 MajorLinkerVersion; 137 UINT8 MinorLinkerVersion; 138 UINT32 SizeOfCode; 139 UINT32 SizeOfInitializedData; 140 UINT32 SizeOfUninitializedData; 141 UINT32 AddressOfEntryPoint; 142 UINT32 BaseOfCode; 143 UINT32 BaseOfData; 144 UINT32 BaseOfBss; 145 UINT32 GprMask; 146 UINT32 CprMask[4]; 147 UINT32 GpValue; 148 } IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER; 149 150 typedef struct _IMAGE_OPTIONAL_HEADER { 151 UINT16 Magic; 152 UINT8 MajorLinkerVersion; 153 UINT8 MinorLinkerVersion; 154 UINT32 SizeOfCode; 155 UINT32 SizeOfInitializedData; 156 UINT32 SizeOfUninitializedData; 157 UINT32 AddressOfEntryPoint; 158 UINT32 BaseOfCode; 159 // UINT32 BaseOfData; 160 UINT64 ImageBase; 161 UINT32 SectionAlignment; 162 UINT32 FileAlignment; 163 UINT16 MajorOperatingSystemVersion; 164 UINT16 MinorOperatingSystemVersion; 165 UINT16 MajorImageVersion; 166 UINT16 MinorImageVersion; 167 UINT16 MajorSubsystemVersion; 168 UINT16 MinorSubsystemVersion; 169 UINT32 Win32VersionValue; 170 UINT32 SizeOfImage; 171 UINT32 SizeOfHeaders; 172 UINT32 CheckSum; 173 UINT16 Subsystem; 174 UINT16 DllCharacteristics; 175 UINT64 SizeOfStackReserve; 176 UINT64 SizeOfStackCommit; 177 UINT64 SizeOfHeapReserve; 178 UINT64 SizeOfHeapCommit; 179 UINT32 LoaderFlags; 180 UINT32 NumberOfRvaAndSizes; 181 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 182 } IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; 183 184 185 #define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56 186 #define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28 187 #define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224 188 #define IMAGE_SIZEOF_NT_OPTIONAL64_HEADER 244 189 190 #define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b 191 #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b 192 #define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 193 194 typedef struct _IMAGE_NT_HEADERS { 195 UINT32 Signature; 196 IMAGE_FILE_HEADER FileHeader; 197 IMAGE_OPTIONAL_HEADER OptionalHeader; 198 } IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS; 199 200 typedef struct _IMAGE_ROM_HEADERS { 201 IMAGE_FILE_HEADER FileHeader; 202 IMAGE_ROM_OPTIONAL_HEADER OptionalHeader; 203 } IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS; 204 205 #define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \ 206 ((UINT32)ntheader + \ 207 FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \ 208 ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \ 209 )) 210 211 212 // Subsystem Values 213 214 #define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem. 215 #define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem. 216 #define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem. 217 #define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem. 218 #define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem. 219 #define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem. 220 221 222 // Directory Entries 223 224 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory 225 #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory 226 #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory 227 #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory 228 #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory 229 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table 230 #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory 231 #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String 232 #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) 233 #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory 234 #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory 235 236 // 237 // Section header format. 238 // 239 240 #define IMAGE_SIZEOF_SHORT_NAME 8 241 242 typedef struct _IMAGE_SECTION_HEADER { 243 UINT8 Name[IMAGE_SIZEOF_SHORT_NAME]; 244 union { 245 UINT32 PhysicalAddress; 246 UINT32 VirtualSize; 247 } Misc; 248 UINT32 VirtualAddress; 249 UINT32 SizeOfRawData; 250 UINT32 PointerToRawData; 251 UINT32 PointerToRelocations; 252 UINT32 PointerToLinenumbers; 253 UINT16 NumberOfRelocations; 254 UINT16 NumberOfLinenumbers; 255 UINT32 Characteristics; 256 } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; 257 258 #define IMAGE_SIZEOF_SECTION_HEADER 40 259 260 #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. 261 262 #define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. 263 #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. 264 #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. 265 266 #define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. 267 #define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. 268 #define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. 269 #define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. 270 271 #define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // 272 #define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // 273 #define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // 274 #define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // 275 #define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified. 276 #define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // 277 #define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // 278 279 #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. 280 #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. 281 #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. 282 #define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable. 283 #define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable. 284 #define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable. 285 #define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable. 286 287 // 288 // Symbol format. 289 // 290 291 292 #define IMAGE_SIZEOF_SYMBOL 18 293 294 // 295 // Section values. 296 // 297 // Symbols have a section number of the section in which they are 298 // defined. Otherwise, section numbers have the following meanings: 299 // 300 301 #define IMAGE_SYM_UNDEFINED (UINT16)0 // Symbol is undefined or is common. 302 #define IMAGE_SYM_ABSOLUTE (UINT16)-1 // Symbol is an absolute value. 303 #define IMAGE_SYM_DEBUG (UINT16)-2 // Symbol is a special debug item. 304 305 // 306 // Type (fundamental) values. 307 // 308 309 #define IMAGE_SYM_TYPE_NULL 0 // no type. 310 #define IMAGE_SYM_TYPE_VOID 1 // 311 #define IMAGE_SYM_TYPE_CHAR 2 // type character. 312 #define IMAGE_SYM_TYPE_SHORT 3 // type short integer. 313 #define IMAGE_SYM_TYPE_INT 4 // 314 #define IMAGE_SYM_TYPE_LONG 5 // 315 #define IMAGE_SYM_TYPE_FLOAT 6 // 316 #define IMAGE_SYM_TYPE_DOUBLE 7 // 317 #define IMAGE_SYM_TYPE_STRUCT 8 // 318 #define IMAGE_SYM_TYPE_UNION 9 // 319 #define IMAGE_SYM_TYPE_ENUM 10 // enumeration. 320 #define IMAGE_SYM_TYPE_MOE 11 // member of enumeration. 321 #define IMAGE_SYM_TYPE_BYTE 12 // 322 #define IMAGE_SYM_TYPE_WORD 13 // 323 #define IMAGE_SYM_TYPE_UINT 14 // 324 #define IMAGE_SYM_TYPE_DWORD 15 // 325 326 // 327 // Type (derived) values. 328 // 329 330 #define IMAGE_SYM_DTYPE_NULL 0 // no derived type. 331 #define IMAGE_SYM_DTYPE_POINTER 1 // pointer. 332 #define IMAGE_SYM_DTYPE_FUNCTION 2 // function. 333 #define IMAGE_SYM_DTYPE_ARRAY 3 // array. 334 335 // 336 // Storage classes. 337 // 338 339 #define IMAGE_SYM_CLASS_END_OF_FUNCTION (BYTE )-1 340 #define IMAGE_SYM_CLASS_NULL 0 341 #define IMAGE_SYM_CLASS_AUTOMATIC 1 342 #define IMAGE_SYM_CLASS_EXTERNAL 2 343 #define IMAGE_SYM_CLASS_STATIC 3 344 #define IMAGE_SYM_CLASS_REGISTER 4 345 #define IMAGE_SYM_CLASS_EXTERNAL_DEF 5 346 #define IMAGE_SYM_CLASS_LABEL 6 347 #define IMAGE_SYM_CLASS_UNDEFINED_LABEL 7 348 #define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 8 349 #define IMAGE_SYM_CLASS_ARGUMENT 9 350 #define IMAGE_SYM_CLASS_STRUCT_TAG 10 351 #define IMAGE_SYM_CLASS_MEMBER_OF_UNION 11 352 #define IMAGE_SYM_CLASS_UNION_TAG 12 353 #define IMAGE_SYM_CLASS_TYPE_DEFINITION 13 354 #define IMAGE_SYM_CLASS_UNDEFINED_STATIC 14 355 #define IMAGE_SYM_CLASS_ENUM_TAG 15 356 #define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 16 357 #define IMAGE_SYM_CLASS_REGISTER_PARAM 17 358 #define IMAGE_SYM_CLASS_BIT_FIELD 18 359 #define IMAGE_SYM_CLASS_BLOCK 100 360 #define IMAGE_SYM_CLASS_FUNCTION 101 361 #define IMAGE_SYM_CLASS_END_OF_STRUCT 102 362 #define IMAGE_SYM_CLASS_FILE 103 363 // new 364 #define IMAGE_SYM_CLASS_SECTION 104 365 #define IMAGE_SYM_CLASS_WEAK_EXTERNAL 105 366 367 // type packing constants 368 369 #define N_BTMASK 017 370 #define N_TMASK 060 371 #define N_TMASK1 0300 372 #define N_TMASK2 0360 373 #define N_BTSHFT 4 374 #define N_TSHIFT 2 375 376 // MACROS 377 378 // 379 // Communal selection types. 380 // 381 382 #define IMAGE_COMDAT_SELECT_NODUPLICATES 1 383 #define IMAGE_COMDAT_SELECT_ANY 2 384 #define IMAGE_COMDAT_SELECT_SAME_SIZE 3 385 #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4 386 #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5 387 388 #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1 389 #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2 390 #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3 391 392 393 // 394 // Relocation format. 395 // 396 397 typedef struct _IMAGE_RELOCATION { 398 UINT32 VirtualAddress; 399 UINT32 SymbolTableIndex; 400 UINT16 Type; 401 } IMAGE_RELOCATION; 402 403 #define IMAGE_SIZEOF_RELOCATION 10 404 405 // 406 // I386 relocation types. 407 // 408 409 #define IMAGE_REL_I386_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 410 #define IMAGE_REL_I386_DIR16 01 // Direct 16-bit reference to the symbols virtual address 411 #define IMAGE_REL_I386_REL16 02 // PC-relative 16-bit reference to the symbols virtual address 412 #define IMAGE_REL_I386_DIR32 06 // Direct 32-bit reference to the symbols virtual address 413 #define IMAGE_REL_I386_DIR32NB 07 // Direct 32-bit reference to the symbols virtual address, base not included 414 #define IMAGE_REL_I386_SEG12 011 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address 415 #define IMAGE_REL_I386_SECTION 012 416 #define IMAGE_REL_I386_SECREL 013 417 #define IMAGE_REL_I386_REL32 024 // PC-relative 32-bit reference to the symbols virtual address 418 419 // 420 // MIPS relocation types. 421 // 422 423 #define IMAGE_REL_MIPS_ABSOLUTE 0 // Reference is absolute, no relocation is necessary 424 #define IMAGE_REL_MIPS_REFHALF 01 425 #define IMAGE_REL_MIPS_REFWORD 02 426 #define IMAGE_REL_MIPS_JMPADDR 03 427 #define IMAGE_REL_MIPS_REFHI 04 428 #define IMAGE_REL_MIPS_REFLO 05 429 #define IMAGE_REL_MIPS_GPREL 06 430 #define IMAGE_REL_MIPS_LITERAL 07 431 #define IMAGE_REL_MIPS_SECTION 012 432 #define IMAGE_REL_MIPS_SECREL 013 433 #define IMAGE_REL_MIPS_REFWORDNB 042 434 #define IMAGE_REL_MIPS_PAIR 045 435 436 // 437 // Alpha Relocation types. 438 // 439 440 #define IMAGE_REL_ALPHA_ABSOLUTE 0x0 441 #define IMAGE_REL_ALPHA_REFLONG 0x1 442 #define IMAGE_REL_ALPHA_REFQUAD 0x2 443 #define IMAGE_REL_ALPHA_GPREL32 0x3 444 #define IMAGE_REL_ALPHA_LITERAL 0x4 445 #define IMAGE_REL_ALPHA_LITUSE 0x5 446 #define IMAGE_REL_ALPHA_GPDISP 0x6 447 #define IMAGE_REL_ALPHA_BRADDR 0x7 448 #define IMAGE_REL_ALPHA_HINT 0x8 449 #define IMAGE_REL_ALPHA_INLINE_REFLONG 0x9 450 #define IMAGE_REL_ALPHA_REFHI 0xA 451 #define IMAGE_REL_ALPHA_REFLO 0xB 452 #define IMAGE_REL_ALPHA_PAIR 0xC 453 #define IMAGE_REL_ALPHA_MATCH 0xD 454 #define IMAGE_REL_ALPHA_SECTION 0xE 455 #define IMAGE_REL_ALPHA_SECREL 0xF 456 #define IMAGE_REL_ALPHA_REFLONGNB 0x10 457 458 // 459 // IBM PowerPC relocation types. 460 // 461 462 #define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP 463 #define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address 464 #define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address 465 #define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute) 466 #define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address 467 #define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword) 468 #define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative) 469 #define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative) 470 #define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base 471 #define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword) 472 473 #define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base 474 #define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr) 475 #define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number 476 #define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code 477 #define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction 478 479 #define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type 480 481 // Flag bits in IMAGE_RELOCATION.TYPE 482 483 #define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it 484 #define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken 485 #define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken 486 #define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc) 487 488 // 489 // Based relocation format. 490 // 491 492 typedef struct _IMAGE_BASE_RELOCATION { 493 UINT32 VirtualAddress; 494 UINT32 SizeOfBlock; 495 // UINT16 TypeOffset[1]; 496 } IMAGE_BASE_RELOCATION, *PIMAGE_BASE_RELOCATION; 497 498 #define IMAGE_SIZEOF_BASE_RELOCATION 8 499 500 // 501 // Based relocation types. 502 // 503 504 #define IMAGE_REL_BASED_ABSOLUTE 0 505 #define IMAGE_REL_BASED_HIGH 1 506 #define IMAGE_REL_BASED_LOW 2 507 #define IMAGE_REL_BASED_HIGHLOW 3 508 #define IMAGE_REL_BASED_HIGHADJ 4 509 #define IMAGE_REL_BASED_MIPS_JMPADDR 5 510 #define IMAGE_REL_BASED_IA64_IMM64 9 511 #define IMAGE_REL_BASED_DIR64 10 512 513 // 514 // Line number format. 515 // 516 517 typedef struct _IMAGE_LINENUMBER { 518 union { 519 UINT32 SymbolTableIndex; // Symbol table index of function name if Linenumber is 0. 520 UINT32 VirtualAddress; // Virtual address of line number. 521 } Type; 522 UINT16 Linenumber; // Line number. 523 } IMAGE_LINENUMBER; 524 525 #define IMAGE_SIZEOF_LINENUMBER 6 526 527 // 528 // Archive format. 529 // 530 531 #define IMAGE_ARCHIVE_START_SIZE 8 532 #define IMAGE_ARCHIVE_START "!<arch>\n" 533 #define IMAGE_ARCHIVE_END "`\n" 534 #define IMAGE_ARCHIVE_PAD "\n" 535 #define IMAGE_ARCHIVE_LINKER_MEMBER "/ " 536 #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// " 537 538 typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER { 539 UINT8 Name[16]; // File member name - `/' terminated. 540 UINT8 Date[12]; // File member date - decimal. 541 UINT8 UserID[6]; // File member user id - decimal. 542 UINT8 GroupID[6]; // File member group id - decimal. 543 UINT8 Mode[8]; // File member mode - octal. 544 UINT8 Size[10]; // File member size - decimal. 545 UINT8 EndHeader[2]; // String to end header. 546 } IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER; 547 548 #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60 549 550 // 551 // DLL support. 552 // 553 554 // 555 // Export Format 556 // 557 558 typedef struct _IMAGE_EXPORT_DIRECTORY { 559 UINT32 Characteristics; 560 UINT32 TimeDateStamp; 561 UINT16 MajorVersion; 562 UINT16 MinorVersion; 563 UINT32 Name; 564 UINT32 Base; 565 UINT32 NumberOfFunctions; 566 UINT32 NumberOfNames; 567 UINT32 AddressOfFunctions; 568 UINT32 AddressOfNames; 569 UINT32 AddressOfNameOrdinals; 570 } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY; 571 572 // 573 // Import Format 574 // 575 576 typedef struct _IMAGE_IMPORT_BY_NAME { 577 UINT16 Hint; 578 UINT8 Name[1]; 579 } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; 580 581 typedef struct _IMAGE_THUNK_DATA { 582 union { 583 UINT32 Function; 584 UINT32 Ordinal; 585 PIMAGE_IMPORT_BY_NAME AddressOfData; 586 } u1; 587 } IMAGE_THUNK_DATA, *PIMAGE_THUNK_DATA; 588 589 #define IMAGE_ORDINAL_FLAG 0x80000000 590 #define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0) 591 #define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff) 592 593 typedef struct _IMAGE_IMPORT_DESCRIPTOR { 594 UINT32 Characteristics; 595 UINT32 TimeDateStamp; 596 UINT32 ForwarderChain; 597 UINT32 Name; 598 PIMAGE_THUNK_DATA FirstThunk; 599 } IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; 600 601 #endif 602