189 lines
4.8 KiB
C
189 lines
4.8 KiB
C
|
|
||
|
typedef unsigned short WORD;
|
||
|
typedef unsigned int DWORD;
|
||
|
typedef unsigned int LONG;
|
||
|
typedef unsigned char BYTE;
|
||
|
|
||
|
#define IMAGE_DOS_SIGNATURE 0x5A4D
|
||
|
#define IMAGE_NT_SIGNATURE 0x00004550
|
||
|
#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b
|
||
|
|
||
|
#pragma pack(push,2)
|
||
|
typedef struct _IMAGE_DOS_HEADER
|
||
|
{
|
||
|
WORD e_magic;
|
||
|
WORD e_cblp;
|
||
|
WORD e_cp;
|
||
|
WORD e_crlc;
|
||
|
WORD e_cparhdr;
|
||
|
WORD e_minalloc;
|
||
|
WORD e_maxalloc;
|
||
|
WORD e_ss;
|
||
|
WORD e_sp;
|
||
|
WORD e_csum;
|
||
|
WORD e_ip;
|
||
|
WORD e_cs;
|
||
|
WORD e_lfarlc;
|
||
|
WORD e_ovno;
|
||
|
WORD e_res[4];
|
||
|
WORD e_oemid;
|
||
|
WORD e_oeminfo;
|
||
|
WORD e_res2[10];
|
||
|
LONG e_lfanew;
|
||
|
} IMAGE_DOS_HEADER,*PIMAGE_DOS_HEADER;
|
||
|
#pragma pack(pop)
|
||
|
|
||
|
|
||
|
#pragma pack(push,4)
|
||
|
typedef struct _IMAGE_FILE_HEADER
|
||
|
{
|
||
|
WORD Machine;
|
||
|
WORD NumberOfSections;
|
||
|
DWORD TimeDateStamp;
|
||
|
DWORD PointerToSymbolTable;
|
||
|
DWORD NumberOfSymbols;
|
||
|
WORD SizeOfOptionalHeader;
|
||
|
WORD Characteristics;
|
||
|
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
|
||
|
|
||
|
#define IMAGE_FILE_DLL 0x2000
|
||
|
|
||
|
#define IMAGE_FILE_MACHINE_I386 0x014c /* Intel 386 or later processors
|
||
|
and compatible processors */
|
||
|
typedef struct _IMAGE_DATA_DIRECTORY {
|
||
|
DWORD VirtualAddress;
|
||
|
DWORD Size;
|
||
|
} IMAGE_DATA_DIRECTORY,*PIMAGE_DATA_DIRECTORY;
|
||
|
|
||
|
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
|
||
|
|
||
|
typedef struct _IMAGE_OPTIONAL_HEADER {
|
||
|
WORD Magic;
|
||
|
BYTE MajorLinkerVersion;
|
||
|
BYTE MinorLinkerVersion;
|
||
|
DWORD SizeOfCode;
|
||
|
DWORD SizeOfInitializedData;
|
||
|
DWORD SizeOfUninitializedData;
|
||
|
DWORD AddressOfEntryPoint;
|
||
|
DWORD BaseOfCode;
|
||
|
DWORD BaseOfData;
|
||
|
DWORD ImageBase;
|
||
|
DWORD SectionAlignment;
|
||
|
DWORD FileAlignment;
|
||
|
WORD MajorOperatingSystemVersion;
|
||
|
WORD MinorOperatingSystemVersion;
|
||
|
WORD MajorImageVersion;
|
||
|
WORD MinorImageVersion;
|
||
|
WORD MajorSubsystemVersion;
|
||
|
WORD MinorSubsystemVersion;
|
||
|
DWORD Win32VersionValue;
|
||
|
DWORD SizeOfImage;
|
||
|
DWORD SizeOfHeaders;
|
||
|
DWORD CheckSum;
|
||
|
WORD Subsystem;
|
||
|
WORD DllCharacteristics;
|
||
|
DWORD SizeOfStackReserve;
|
||
|
DWORD SizeOfStackCommit;
|
||
|
DWORD SizeOfHeapReserve;
|
||
|
DWORD SizeOfHeapCommit;
|
||
|
DWORD LoaderFlags;
|
||
|
DWORD NumberOfRvaAndSizes;
|
||
|
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
|
||
|
} IMAGE_OPTIONAL_HEADER,*PIMAGE_OPTIONAL_HEADER;
|
||
|
|
||
|
#pragma pack(pop)
|
||
|
|
||
|
|
||
|
#pragma pack(push,4)
|
||
|
typedef struct _IMAGE_NT_HEADERS
|
||
|
{
|
||
|
DWORD Signature;
|
||
|
IMAGE_FILE_HEADER FileHeader;
|
||
|
IMAGE_OPTIONAL_HEADER OptionalHeader;
|
||
|
} IMAGE_NT_HEADERS32,*PIMAGE_NT_HEADERS32;
|
||
|
|
||
|
#define IMAGE_SIZEOF_SHORT_NAME 8
|
||
|
|
||
|
typedef struct _IMAGE_SECTION_HEADER
|
||
|
{
|
||
|
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
|
||
|
union
|
||
|
{
|
||
|
DWORD PhysicalAddress;
|
||
|
DWORD VirtualSize;
|
||
|
} Misc;
|
||
|
DWORD VirtualAddress;
|
||
|
DWORD SizeOfRawData;
|
||
|
DWORD PointerToRawData;
|
||
|
DWORD PointerToRelocations;
|
||
|
DWORD PointerToLinenumbers;
|
||
|
WORD NumberOfRelocations;
|
||
|
WORD NumberOfLinenumbers;
|
||
|
DWORD Characteristics;
|
||
|
} IMAGE_SECTION_HEADER,*PIMAGE_SECTION_HEADER;
|
||
|
#pragma pack(pop)
|
||
|
|
||
|
#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040
|
||
|
#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080
|
||
|
#define IMAGE_SCN_MEM_SHARED 0x10000000
|
||
|
#define IMAGE_SCN_MEM_EXECUTE 0x20000000
|
||
|
#define IMAGE_SCN_MEM_WRITE 0x80000000
|
||
|
|
||
|
#pragma pack(push,4)
|
||
|
typedef struct _IMAGE_BASE_RELOCATION {
|
||
|
DWORD VirtualAddress;
|
||
|
DWORD SizeOfBlock;
|
||
|
} IMAGE_BASE_RELOCATION,*PIMAGE_BASE_RELOCATION;
|
||
|
#pragma pack(pop)
|
||
|
|
||
|
typedef struct _IMAGE_IMPORT_DESCRIPTOR
|
||
|
{
|
||
|
union
|
||
|
{
|
||
|
DWORD Characteristics;
|
||
|
DWORD OriginalFirstThunk;
|
||
|
};
|
||
|
DWORD TimeDateStamp;
|
||
|
DWORD ForwarderChain;
|
||
|
DWORD Name;
|
||
|
DWORD FirstThunk;
|
||
|
} IMAGE_IMPORT_DESCRIPTOR,*PIMAGE_IMPORT_DESCRIPTOR;
|
||
|
|
||
|
typedef struct _IMAGE_THUNK_DATA32
|
||
|
{
|
||
|
union
|
||
|
{
|
||
|
DWORD ForwarderString;
|
||
|
DWORD Function;
|
||
|
DWORD Ordinal;
|
||
|
DWORD AddressOfData;
|
||
|
} u1;
|
||
|
} IMAGE_THUNK_DATA32,*PIMAGE_THUNK_DATA32;
|
||
|
|
||
|
typedef struct _IMAGE_IMPORT_BY_NAME
|
||
|
{
|
||
|
WORD Hint;
|
||
|
BYTE Name[1];
|
||
|
} IMAGE_IMPORT_BY_NAME,*PIMAGE_IMPORT_BY_NAME;
|
||
|
|
||
|
#define IMAGE_ORDINAL_FLAG 0x80000000
|
||
|
|
||
|
typedef struct _IMAGE_EXPORT_DIRECTORY {
|
||
|
DWORD Characteristics;
|
||
|
DWORD TimeDateStamp;
|
||
|
WORD MajorVersion;
|
||
|
WORD MinorVersion;
|
||
|
DWORD Name;
|
||
|
DWORD Base;
|
||
|
DWORD NumberOfFunctions;
|
||
|
DWORD NumberOfNames;
|
||
|
DWORD AddressOfFunctions;
|
||
|
DWORD AddressOfNames;
|
||
|
DWORD AddressOfNameOrdinals;
|
||
|
} IMAGE_EXPORT_DIRECTORY,*PIMAGE_EXPORT_DIRECTORY;
|
||
|
|
||
|
|
||
|
#define MakePtr( cast, ptr, addValue ) (cast)( (uint32_t)(ptr) + (uint32_t)(addValue) )
|
||
|
|
||
|
|