VirtualBox

source: vbox/trunk/include/iprt/formats/pecoff.h@ 67948

Last change on this file since 67948 was 67948, checked in by vboxsync, 7 years ago

pecoff,ldrPE: Another load config change surfaced in build 16237, 64-bit bcrypt*.dll uses it while 32-bit doesn't. Sigh.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 85.0 KB
Line 
1/* $Id: pecoff.h 67948 2017-07-13 10:00:40Z vboxsync $ */
2/** @file
3 * IPRT - Windows NT PE & COFF Structures and Constants.
4 */
5
6/*
7 * Copyright (C) 2006-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_formats_pecoff_h
28#define ___iprt_formats_pecoff_h
29
30#include <iprt/types.h>
31#include <iprt/assert.h>
32
33
34/** @defgroup grp_rt_formats_pecoff PE & Microsoft COFF structures and definitions
35 * @ingroup grp_rt_formats
36 * @{
37 */
38
39
40/**
41 * PE & COFF file header.
42 *
43 * This starts COFF files, while in PE files it's preceeded by the PE signature
44 * (see IMAGE_NT_HEADERS32, IMAGE_NT_HEADERS64).
45 */
46typedef struct _IMAGE_FILE_HEADER
47{
48 uint16_t Machine; /**< 0x00 */
49 uint16_t NumberOfSections; /**< 0x02 */
50 uint32_t TimeDateStamp; /**< 0x04 */
51 uint32_t PointerToSymbolTable; /**< 0x08 */
52 uint32_t NumberOfSymbols; /**< 0x0c */
53 uint16_t SizeOfOptionalHeader; /**< 0x10 */
54 uint16_t Characteristics; /**< 0x12 */
55} IMAGE_FILE_HEADER; /* size: 0x14 */
56AssertCompileSize(IMAGE_FILE_HEADER, 0x14);
57typedef IMAGE_FILE_HEADER *PIMAGE_FILE_HEADER;
58typedef IMAGE_FILE_HEADER const *PCIMAGE_FILE_HEADER;
59
60
61/** @name PE & COFF machine types.
62 * Used by IMAGE_FILE_HEADER::Machine and IMAGE_SEPARATE_DEBUG_HEADER::Machine.
63 * @{ */
64/** X86 compatible CPU, 32-bit instructions. */
65#define IMAGE_FILE_MACHINE_I386 UINT16_C(0x014c)
66/** AMD64 compatible CPU, 64-bit instructions. */
67#define IMAGE_FILE_MACHINE_AMD64 UINT16_C(0x8664)
68
69/** Unknown target CPU. */
70#define IMAGE_FILE_MACHINE_UNKNOWN UINT16_C(0x0000)
71/** Matshushita AM33 CPU. */
72#define IMAGE_FILE_MACHINE_AM33 UINT16_C(0x01d3)
73/** Little endian ARM CPU. */
74#define IMAGE_FILE_MACHINE_ARM UINT16_C(0x01c0)
75/** ARM or Thumb stuff. */
76#define IMAGE_FILE_MACHINE_THUMB UINT16_C(0x01c2)
77/** ARMv7 or higher CPU, Thumb mode. */
78#define IMAGE_FILE_MACHINE_ARMNT UINT16_C(0x01c4)
79/** ARMv8 CPU, 64-bit mode. */
80#define IMAGE_FILE_MACHINE_ARM64 UINT16_C(0xaa64)
81/** EFI byte code. */
82#define IMAGE_FILE_MACHINE_EBC UINT16_C(0x0ebc)
83/** "Itanic" CPU. */
84#define IMAGE_FILE_MACHINE_IA64 UINT16_C(0x0200)
85/** Mitsubishi M32R CPU, little endian. */
86#define IMAGE_FILE_MACHINE_M32R UINT16_C(0x9041)
87/** MIPS CPU, compact 16-bit instructions only? */
88#define IMAGE_FILE_MACHINE_MIPS16 UINT16_C(0x0266)
89/** MIPS CPU with FPU, full 32-bit instructions only? */
90#define IMAGE_FILE_MACHINE_MIPSFPU UINT16_C(0x0366)
91/** MIPS CPU with FPU, compact 16-bit instructions? */
92#define IMAGE_FILE_MACHINE_MIPSFPU16 UINT16_C(0x0466)
93/** MIPS CPU, little endian, Windows CE (?) v2 designation. */
94#define IMAGE_FILE_MACHINE_WCEMIPSV2 UINT16_C(0x0169)
95/** Power PC CPU, little endian. */
96#define IMAGE_FILE_MACHINE_POWERPC UINT16_C(0x01f0)
97/** Power PC CPU with FPU, also little endian? */
98#define IMAGE_FILE_MACHINE_POWERPCFP UINT16_C(0x01f1)
99/** MIPS R4000 CPU, little endian. */
100#define IMAGE_FILE_MACHINE_R4000 UINT16_C(0x0166)
101/** Hitachi SH3 CPU. */
102#define IMAGE_FILE_MACHINE_SH3 UINT16_C(0x01a2)
103/** Hitachi SH3 DSP. */
104#define IMAGE_FILE_MACHINE_SH3DSP UINT16_C(0x01a3)
105/** Hitachi SH4 CPU. */
106#define IMAGE_FILE_MACHINE_SH4 UINT16_C(0x01a6)
107/** Hitachi SH5 CPU. */
108#define IMAGE_FILE_MACHINE_SH5 UINT16_C(0x01a8)
109/** @} */
110
111/** @name File header characteristics (IMAGE_FILE_HEADER::Characteristics)
112 * @{ */
113#define IMAGE_FILE_RELOCS_STRIPPED UINT16_C(0x0001)
114#define IMAGE_FILE_EXECUTABLE_IMAGE UINT16_C(0x0002)
115#define IMAGE_FILE_LINE_NUMS_STRIPPED UINT16_C(0x0004)
116#define IMAGE_FILE_LOCAL_SYMS_STRIPPED UINT16_C(0x0008)
117#define IMAGE_FILE_AGGRESIVE_WS_TRIM UINT16_C(0x0010)
118#define IMAGE_FILE_LARGE_ADDRESS_AWARE UINT16_C(0x0020)
119#define IMAGE_FILE_16BIT_MACHINE UINT16_C(0x0040)
120#define IMAGE_FILE_BYTES_REVERSED_LO UINT16_C(0x0080)
121#define IMAGE_FILE_32BIT_MACHINE UINT16_C(0x0100)
122#define IMAGE_FILE_DEBUG_STRIPPED UINT16_C(0x0200)
123#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP UINT16_C(0x0400)
124#define IMAGE_FILE_NET_RUN_FROM_SWAP UINT16_C(0x0800)
125#define IMAGE_FILE_SYSTEM UINT16_C(0x1000)
126#define IMAGE_FILE_DLL UINT16_C(0x2000)
127#define IMAGE_FILE_UP_SYSTEM_ONLY UINT16_C(0x4000)
128#define IMAGE_FILE_BYTES_REVERSED_HI UINT16_C(0x8000)
129/** @} */
130
131
132/**
133 * PE data directory.
134 *
135 * This is used to locate data in the loaded image so the dynamic linker or
136 * others can make use of it. However, in the case of
137 * IMAGE_DIRECTORY_ENTRY_SECURITY it is referring to raw file offsets.
138 */
139typedef struct _IMAGE_DATA_DIRECTORY
140{
141 uint32_t VirtualAddress;
142 uint32_t Size;
143} IMAGE_DATA_DIRECTORY;
144AssertCompileSize(IMAGE_DATA_DIRECTORY, 0x8);
145typedef IMAGE_DATA_DIRECTORY *PIMAGE_DATA_DIRECTORY;
146typedef IMAGE_DATA_DIRECTORY const *PCIMAGE_DATA_DIRECTORY;
147
148/** The standard number of data directories in the optional header.
149 * I.e. the dimensions of IMAGE_OPTIONAL_HEADER32::DataDirectory and
150 * IMAGE_OPTIONAL_HEADER64::DataDirectory.
151 */
152#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 0x10
153
154
155/**
156 * PE optional header, 32-bit version.
157 */
158typedef struct _IMAGE_OPTIONAL_HEADER32
159{
160 uint16_t Magic; /**< 0x00 */
161 uint8_t MajorLinkerVersion; /**< 0x02 */
162 uint8_t MinorLinkerVersion; /**< 0x03 */
163 uint32_t SizeOfCode; /**< 0x04 */
164 uint32_t SizeOfInitializedData; /**< 0x08 */
165 uint32_t SizeOfUninitializedData; /**< 0x0c */
166 uint32_t AddressOfEntryPoint; /**< 0x10 */
167 uint32_t BaseOfCode; /**< 0x14 */
168 uint32_t BaseOfData; /**< 0x18 */
169 uint32_t ImageBase; /**< 0x1c */
170 uint32_t SectionAlignment; /**< 0x20 */
171 uint32_t FileAlignment; /**< 0x24 */
172 uint16_t MajorOperatingSystemVersion; /**< 0x28 */
173 uint16_t MinorOperatingSystemVersion; /**< 0x2a */
174 uint16_t MajorImageVersion; /**< 0x2c */
175 uint16_t MinorImageVersion; /**< 0x2e */
176 uint16_t MajorSubsystemVersion; /**< 0x30 */
177 uint16_t MinorSubsystemVersion; /**< 0x32 */
178 uint32_t Win32VersionValue; /**< 0x34 */
179 uint32_t SizeOfImage; /**< 0x38 */
180 uint32_t SizeOfHeaders; /**< 0x3c */
181 uint32_t CheckSum; /**< 0x40 */
182 uint16_t Subsystem; /**< 0x44 */
183 uint16_t DllCharacteristics; /**< 0x46 */
184 uint32_t SizeOfStackReserve; /**< 0x48 */
185 uint32_t SizeOfStackCommit; /**< 0x4c */
186 uint32_t SizeOfHeapReserve; /**< 0x50 */
187 uint32_t SizeOfHeapCommit; /**< 0x54 */
188 uint32_t LoaderFlags; /**< 0x58 */
189 uint32_t NumberOfRvaAndSizes; /**< 0x5c */
190 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; /**< 0x60; 0x10*8 = 0x80 */
191} IMAGE_OPTIONAL_HEADER32; /* size: 0xe0 */
192AssertCompileSize(IMAGE_OPTIONAL_HEADER32, 0xe0);
193typedef IMAGE_OPTIONAL_HEADER32 *PIMAGE_OPTIONAL_HEADER32;
194typedef IMAGE_OPTIONAL_HEADER32 const *PCIMAGE_OPTIONAL_HEADER32;
195
196/**
197 * PE optional header, 64-bit version.
198 */
199typedef struct _IMAGE_OPTIONAL_HEADER64
200{
201 uint16_t Magic; /**< 0x00 */
202 uint8_t MajorLinkerVersion; /**< 0x02 */
203 uint8_t MinorLinkerVersion; /**< 0x03 */
204 uint32_t SizeOfCode; /**< 0x04 */
205 uint32_t SizeOfInitializedData; /**< 0x08 */
206 uint32_t SizeOfUninitializedData; /**< 0x0c */
207 uint32_t AddressOfEntryPoint; /**< 0x10 */
208 uint32_t BaseOfCode; /**< 0x14 */
209 uint64_t ImageBase; /**< 0x18 */
210 uint32_t SectionAlignment; /**< 0x20 */
211 uint32_t FileAlignment; /**< 0x24 */
212 uint16_t MajorOperatingSystemVersion; /**< 0x28 */
213 uint16_t MinorOperatingSystemVersion; /**< 0x2a */
214 uint16_t MajorImageVersion; /**< 0x2c */
215 uint16_t MinorImageVersion; /**< 0x2e */
216 uint16_t MajorSubsystemVersion; /**< 0x30 */
217 uint16_t MinorSubsystemVersion; /**< 0x32 */
218 uint32_t Win32VersionValue; /**< 0x34 */
219 uint32_t SizeOfImage; /**< 0x38 */
220 uint32_t SizeOfHeaders; /**< 0x3c */
221 uint32_t CheckSum; /**< 0x40 */
222 uint16_t Subsystem; /**< 0x44 */
223 uint16_t DllCharacteristics; /**< 0x46 */
224 uint64_t SizeOfStackReserve; /**< 0x48 */
225 uint64_t SizeOfStackCommit; /**< 0x50 */
226 uint64_t SizeOfHeapReserve; /**< 0x58 */
227 uint64_t SizeOfHeapCommit; /**< 0x60 */
228 uint32_t LoaderFlags; /**< 0x68 */
229 uint32_t NumberOfRvaAndSizes; /**< 0x6c */
230 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; /**< 0x70; 0x10*8 = 0x80 */
231} IMAGE_OPTIONAL_HEADER64; /* size: 0xf0 */
232AssertCompileSize(IMAGE_OPTIONAL_HEADER64, 0xf0);
233typedef IMAGE_OPTIONAL_HEADER64 *PIMAGE_OPTIONAL_HEADER64;
234typedef IMAGE_OPTIONAL_HEADER64 const *PCIMAGE_OPTIONAL_HEADER64;
235
236/** @name Optional header magic values.
237 * @{ */
238#define IMAGE_NT_OPTIONAL_HDR32_MAGIC UINT16_C(0x010b)
239#define IMAGE_NT_OPTIONAL_HDR64_MAGIC UINT16_C(0x020b)
240/** @} */
241
242/** @name IMAGE_SUBSYSTEM_XXX - Optional header subsystems.
243 * IMAGE_OPTIONAL_HEADER32::Subsystem, IMAGE_OPTIONAL_HEADER64::Subsystem
244 * @{ */
245#define IMAGE_SUBSYSTEM_UNKNOWN UINT16_C(0x0000)
246#define IMAGE_SUBSYSTEM_NATIVE UINT16_C(0x0001)
247#define IMAGE_SUBSYSTEM_WINDOWS_GUI UINT16_C(0x0002)
248#define IMAGE_SUBSYSTEM_WINDOWS_CUI UINT16_C(0x0003)
249#define IMAGE_SUBSYSTEM_OS2_GUI UINT16_C(0x0004)
250#define IMAGE_SUBSYSTEM_OS2_CUI UINT16_C(0x0005)
251#define IMAGE_SUBSYSTEM_POSIX_CUI UINT16_C(0x0007)
252/** @} */
253
254/** @name Optional header characteristics.
255 * @{ */
256#define IMAGE_LIBRARY_PROCESS_INIT UINT16_C(0x0001)
257#define IMAGE_LIBRARY_PROCESS_TERM UINT16_C(0x0002)
258#define IMAGE_LIBRARY_THREAD_INIT UINT16_C(0x0004)
259#define IMAGE_LIBRARY_THREAD_TERM UINT16_C(0x0008)
260#define IMAGE_DLLCHARACTERISTICS_RESERVED UINT16_C(0x0010)
261#define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA UINT16_C(0x0020)
262#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE UINT16_C(0x0040)
263#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY UINT16_C(0x0080)
264#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT UINT16_C(0x0100)
265#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION UINT16_C(0x0200)
266#define IMAGE_DLLCHARACTERISTICS_NO_SEH UINT16_C(0x0400)
267#define IMAGE_DLLCHARACTERISTICS_NO_BIND UINT16_C(0x0800)
268#define IMAGE_DLLCHARACTERISTICS_APPCONTAINER UINT16_C(0x1000)
269#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER UINT16_C(0x2000)
270#define IMAGE_DLLCHARACTERISTICS_GUARD_CF UINT16_C(0x4000)
271#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE UINT16_C(0x8000)
272/** @} */
273
274
275/** @name IMAGE_DIRECTORY_ENTRY_XXX - Data directory indexes.
276 * Used to index IMAGE_OPTIONAL_HEADER32::DataDirectory and
277 * IMAGE_OPTIONAL_HEADER64::DataDirectory
278 * @{ */
279#define IMAGE_DIRECTORY_ENTRY_EXPORT 0x0
280#define IMAGE_DIRECTORY_ENTRY_IMPORT 0x1
281#define IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2
282#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x3
283#define IMAGE_DIRECTORY_ENTRY_SECURITY 0x4
284#define IMAGE_DIRECTORY_ENTRY_BASERELOC 0x5
285#define IMAGE_DIRECTORY_ENTRY_DEBUG 0x6
286#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 0x7
287#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
288#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x8
289#define IMAGE_DIRECTORY_ENTRY_TLS 0x9
290#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0xa
291#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0xb
292#define IMAGE_DIRECTORY_ENTRY_IAT 0xc
293#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0xd
294#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0xe
295/** @} */
296
297
298/**
299 * PE (NT) headers, 32-bit version.
300 */
301typedef struct _IMAGE_NT_HEADERS32
302{
303 uint32_t Signature; /**< 0x00 */
304 IMAGE_FILE_HEADER FileHeader; /**< 0x04 */
305 IMAGE_OPTIONAL_HEADER32 OptionalHeader; /**< 0x18 */
306} IMAGE_NT_HEADERS32; /* size: 0xf8 */
307AssertCompileSize(IMAGE_NT_HEADERS32, 0xf8);
308AssertCompileMemberOffset(IMAGE_NT_HEADERS32, FileHeader, 4);
309AssertCompileMemberOffset(IMAGE_NT_HEADERS32, OptionalHeader, 24);
310typedef IMAGE_NT_HEADERS32 *PIMAGE_NT_HEADERS32;
311typedef IMAGE_NT_HEADERS32 const *PCIMAGE_NT_HEADERS32;
312
313/**
314 * PE (NT) headers, 64-bit version.
315 */
316typedef struct _IMAGE_NT_HEADERS64
317{
318 uint32_t Signature; /**< 0x00 */
319 IMAGE_FILE_HEADER FileHeader; /**< 0x04 */
320 IMAGE_OPTIONAL_HEADER64 OptionalHeader; /**< 0x18 */
321} IMAGE_NT_HEADERS64; /**< 0x108 */
322AssertCompileSize(IMAGE_NT_HEADERS64, 0x108);
323AssertCompileMemberOffset(IMAGE_NT_HEADERS64, FileHeader, 4);
324AssertCompileMemberOffset(IMAGE_NT_HEADERS64, OptionalHeader, 24);
325typedef IMAGE_NT_HEADERS64 *PIMAGE_NT_HEADERS64;
326typedef IMAGE_NT_HEADERS64 const *PCIMAGE_NT_HEADERS64;
327
328/** The PE signature.
329 * Used by IMAGE_NT_HEADERS32::Signature, IMAGE_NT_HEADERS64::Signature. */
330#define IMAGE_NT_SIGNATURE UINT32_C(0x00004550)
331
332
333/** Section header short name length (IMAGE_SECTION_HEADER::Name). */
334#define IMAGE_SIZEOF_SHORT_NAME 0x8
335
336/**
337 * PE & COFF section header.
338 */
339typedef struct _IMAGE_SECTION_HEADER
340{
341 uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
342 union
343 {
344 uint32_t PhysicalAddress;
345 uint32_t VirtualSize;
346 } Misc;
347 uint32_t VirtualAddress;
348 uint32_t SizeOfRawData;
349 uint32_t PointerToRawData;
350 uint32_t PointerToRelocations;
351 uint32_t PointerToLinenumbers;
352 uint16_t NumberOfRelocations;
353 uint16_t NumberOfLinenumbers;
354 uint32_t Characteristics;
355} IMAGE_SECTION_HEADER;
356AssertCompileSize(IMAGE_SECTION_HEADER, 40);
357typedef IMAGE_SECTION_HEADER *PIMAGE_SECTION_HEADER;
358typedef IMAGE_SECTION_HEADER const *PCIMAGE_SECTION_HEADER;
359
360/** @name IMAGE_SCN_XXX - Section header characteristics.
361 * Used by IMAGE_SECTION_HEADER::Characteristics.
362 * @{ */
363#define IMAGE_SCN_TYPE_REG UINT32_C(0x00000000)
364#define IMAGE_SCN_TYPE_DSECT UINT32_C(0x00000001)
365#define IMAGE_SCN_TYPE_NOLOAD UINT32_C(0x00000002)
366#define IMAGE_SCN_TYPE_GROUP UINT32_C(0x00000004)
367#define IMAGE_SCN_TYPE_NO_PAD UINT32_C(0x00000008)
368#define IMAGE_SCN_TYPE_COPY UINT32_C(0x00000010)
369
370#define IMAGE_SCN_CNT_CODE UINT32_C(0x00000020)
371#define IMAGE_SCN_CNT_INITIALIZED_DATA UINT32_C(0x00000040)
372#define IMAGE_SCN_CNT_UNINITIALIZED_DATA UINT32_C(0x00000080)
373
374#define IMAGE_SCN_LNK_OTHER UINT32_C(0x00000100)
375#define IMAGE_SCN_LNK_INFO UINT32_C(0x00000200)
376#define IMAGE_SCN_TYPE_OVER UINT32_C(0x00000400)
377#define IMAGE_SCN_LNK_REMOVE UINT32_C(0x00000800)
378#define IMAGE_SCN_LNK_COMDAT UINT32_C(0x00001000)
379#define IMAGE_SCN_MEM_PROTECTED UINT32_C(0x00004000)
380#define IMAGE_SCN_NO_DEFER_SPEC_EXC UINT32_C(0x00004000)
381#define IMAGE_SCN_GPREL UINT32_C(0x00008000)
382#define IMAGE_SCN_MEM_FARDATA UINT32_C(0x00008000)
383#define IMAGE_SCN_MEM_SYSHEAP UINT32_C(0x00010000)
384#define IMAGE_SCN_MEM_PURGEABLE UINT32_C(0x00020000)
385#define IMAGE_SCN_MEM_16BIT UINT32_C(0x00020000)
386#define IMAGE_SCN_MEM_LOCKED UINT32_C(0x00040000)
387#define IMAGE_SCN_MEM_PRELOAD UINT32_C(0x00080000)
388
389#define IMAGE_SCN_ALIGN_1BYTES UINT32_C(0x00100000)
390#define IMAGE_SCN_ALIGN_2BYTES UINT32_C(0x00200000)
391#define IMAGE_SCN_ALIGN_4BYTES UINT32_C(0x00300000)
392#define IMAGE_SCN_ALIGN_8BYTES UINT32_C(0x00400000)
393#define IMAGE_SCN_ALIGN_16BYTES UINT32_C(0x00500000)
394#define IMAGE_SCN_ALIGN_32BYTES UINT32_C(0x00600000)
395#define IMAGE_SCN_ALIGN_64BYTES UINT32_C(0x00700000)
396#define IMAGE_SCN_ALIGN_128BYTES UINT32_C(0x00800000)
397#define IMAGE_SCN_ALIGN_256BYTES UINT32_C(0x00900000)
398#define IMAGE_SCN_ALIGN_512BYTES UINT32_C(0x00A00000)
399#define IMAGE_SCN_ALIGN_1024BYTES UINT32_C(0x00B00000)
400#define IMAGE_SCN_ALIGN_2048BYTES UINT32_C(0x00C00000)
401#define IMAGE_SCN_ALIGN_4096BYTES UINT32_C(0x00D00000)
402#define IMAGE_SCN_ALIGN_8192BYTES UINT32_C(0x00E00000)
403#define IMAGE_SCN_ALIGN_MASK UINT32_C(0x00F00000)
404#define IMAGE_SCN_ALIGN_SHIFT 20
405
406#define IMAGE_SCN_LNK_NRELOC_OVFL UINT32_C(0x01000000)
407#define IMAGE_SCN_MEM_DISCARDABLE UINT32_C(0x02000000)
408#define IMAGE_SCN_MEM_NOT_CACHED UINT32_C(0x04000000)
409#define IMAGE_SCN_MEM_NOT_PAGED UINT32_C(0x08000000)
410#define IMAGE_SCN_MEM_SHARED UINT32_C(0x10000000)
411#define IMAGE_SCN_MEM_EXECUTE UINT32_C(0x20000000)
412#define IMAGE_SCN_MEM_READ UINT32_C(0x40000000)
413#define IMAGE_SCN_MEM_WRITE UINT32_C(0x80000000)
414/** @} */
415
416
417/**
418 * PE image base relocations block header.
419 *
420 * This found in IMAGE_DIRECTORY_ENTRY_BASERELOC. Each entry is follow
421 * immediately by an array of 16-bit words, where the lower 12-bits are used
422 * for the page offset and the upper 4-bits for the base relocation type
423 * (IMAGE_REL_BASE_XXX). The block should be padded with
424 * IMAGE_REL_BASED_ABSOLUTE entries to ensure 32-bit alignment of this header.
425 */
426typedef struct _IMAGE_BASE_RELOCATION
427{
428 /** The RVA of the page/block the following ase relocations applies to. */
429 uint32_t VirtualAddress;
430 /** The size of this relocation block, including this header. */
431 uint32_t SizeOfBlock;
432} IMAGE_BASE_RELOCATION;
433AssertCompileSize(IMAGE_BASE_RELOCATION, 8);
434typedef IMAGE_BASE_RELOCATION *PIMAGE_BASE_RELOCATION;
435typedef IMAGE_BASE_RELOCATION const *PCIMAGE_BASE_RELOCATION;
436
437/** @name IMAGE_REL_BASED_XXX - PE base relocations.
438 * Found in the IMAGE_DIRECTORY_ENTRY_BASERELOC data directory.
439 * @{ */
440#define IMAGE_REL_BASED_ABSOLUTE UINT16_C(0x0)
441#define IMAGE_REL_BASED_HIGH UINT16_C(0x1)
442#define IMAGE_REL_BASED_LOW UINT16_C(0x2)
443#define IMAGE_REL_BASED_HIGHLOW UINT16_C(0x3)
444#define IMAGE_REL_BASED_HIGHADJ UINT16_C(0x4)
445#define IMAGE_REL_BASED_MIPS_JMPADDR UINT16_C(0x5)
446#define IMAGE_REL_BASED_MIPS_JMPADDR16 UINT16_C(0x9)
447#define IMAGE_REL_BASED_IA64_IMM64 UINT16_C(0x9)
448#define IMAGE_REL_BASED_DIR64 UINT16_C(0xa)
449#define IMAGE_REL_BASED_HIGH3ADJ UINT16_C(0xb)
450/** @} */
451
452/**
453 * PE export directory entry.
454 */
455typedef struct _IMAGE_EXPORT_DIRECTORY
456{
457 uint32_t Characteristics;
458 uint32_t TimeDateStamp;
459 uint16_t MajorVersion;
460 uint16_t MinorVersion;
461 uint32_t Name;
462 uint32_t Base;
463 uint32_t NumberOfFunctions;
464 uint32_t NumberOfNames;
465 uint32_t AddressOfFunctions;
466 uint32_t AddressOfNames;
467 uint32_t AddressOfNameOrdinals;
468} IMAGE_EXPORT_DIRECTORY;
469AssertCompileSize(IMAGE_EXPORT_DIRECTORY, 40);
470typedef IMAGE_EXPORT_DIRECTORY *PIMAGE_EXPORT_DIRECTORY;
471typedef IMAGE_EXPORT_DIRECTORY const *PCIMAGE_EXPORT_DIRECTORY;
472
473
474/**
475 * PE import directory entry.
476 */
477typedef struct _IMAGE_IMPORT_DESCRIPTOR
478{
479 union
480 {
481 uint32_t Characteristics;
482 uint32_t OriginalFirstThunk;
483 } u;
484 uint32_t TimeDateStamp;
485 uint32_t ForwarderChain;
486 uint32_t Name;
487 uint32_t FirstThunk;
488} IMAGE_IMPORT_DESCRIPTOR;
489AssertCompileSize(IMAGE_IMPORT_DESCRIPTOR, 20);
490typedef IMAGE_IMPORT_DESCRIPTOR *PIMAGE_IMPORT_DESCRIPTOR;
491typedef IMAGE_IMPORT_DESCRIPTOR const *PCIMAGE_IMPORT_DESCRIPTOR;
492
493/**
494 * Something we currently don't make use of...
495 */
496typedef struct _IMAGE_IMPORT_BY_NAME
497{
498 uint16_t Hint;
499 uint8_t Name[1];
500} IMAGE_IMPORT_BY_NAME;
501AssertCompileSize(IMAGE_IMPORT_BY_NAME, 4);
502typedef IMAGE_IMPORT_BY_NAME *PIMAGE_IMPORT_BY_NAME;
503typedef IMAGE_IMPORT_BY_NAME const *PCIMAGE_IMPORT_BY_NAME;
504
505
506#if 0
507/* The image_thunk_data32/64 structures are not very helpful except for getting RSI.
508 keep them around till all the code has been converted. */
509typedef struct _IMAGE_THUNK_DATA64
510{
511 union
512 {
513 uint64_t ForwarderString;
514 uint64_t Function;
515 uint64_t Ordinal;
516 uint64_t AddressOfData;
517 } u1;
518} IMAGE_THUNK_DATA64;
519typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64;
520typedef IMAGE_THUNK_DATA64 const *PCIMAGE_THUNK_DATA64;
521
522typedef struct _IMAGE_THUNK_DATA32
523{
524 union
525 {
526 uint32_t ForwarderString;
527 uint32_t Function;
528 uint32_t Ordinal;
529 uint32_t AddressOfData;
530 } u1;
531} IMAGE_THUNK_DATA32;
532typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32;
533typedef IMAGE_THUNK_DATA32 const *PCIMAGE_THUNK_DATA32;
534#endif
535
536/** @name PE import directory macros.
537 * @{ */
538#define IMAGE_ORDINAL_FLAG32 UINT32_C(0x80000000)
539#define IMAGE_ORDINAL32(ord) ((ord) & UINT32_C(0xffff))
540#define IMAGE_SNAP_BY_ORDINAL32(ord) (!!((ord) & IMAGE_ORDINAL_FLAG32))
541
542#define IMAGE_ORDINAL_FLAG64 UINT64_C(0x8000000000000000)
543#define IMAGE_ORDINAL64(ord) ((ord) & UINT32_C(0xffff))
544#define IMAGE_SNAP_BY_ORDINAL64(ord) (!!((ord) & IMAGE_ORDINAL_FLAG64))
545/** @} */
546
547/** @name PE Resource directory
548 * @{ */
549typedef struct _IMAGE_RESOURCE_DIRECTORY
550{
551 uint32_t Characteristics;
552 uint32_t TimeDateStamp;
553 uint16_t MajorVersion;
554 uint16_t MinorVersion;
555 uint16_t NumberOfNamedEntries;
556 uint16_t NumberOfIdEntries;
557} IMAGE_RESOURCE_DIRECTORY;
558typedef IMAGE_RESOURCE_DIRECTORY *PIMAGE_RESOURCE_DIRECTORY;
559typedef IMAGE_RESOURCE_DIRECTORY const *PCIMAGE_RESOURCE_DIRECTORY;
560
561typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY
562{
563 union
564 {
565 struct
566 {
567 uint32_t NameOffset : 31;
568 uint32_t NameIsString : 1; /**< IMAGE_RESOURCE_NAME_IS_STRING */
569 } s;
570 uint32_t Name;
571 uint16_t Id;
572 } u;
573 union
574 {
575 struct
576 {
577 uint32_t OffsetToDirectory : 31;
578 uint32_t DataIsDirectory : 1; /**< IMAGE_RESOURCE_DATA_IS_DIRECTORY*/
579 } s2;
580 uint32_t OffsetToData;
581 } u2;
582} IMAGE_RESOURCE_DIRECTORY_ENTRY;
583typedef IMAGE_RESOURCE_DIRECTORY_ENTRY *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
584typedef IMAGE_RESOURCE_DIRECTORY_ENTRY const *PCIMAGE_RESOURCE_DIRECTORY_ENTRY;
585
586#define IMAGE_RESOURCE_NAME_IS_STRING UINT32_C(0x80000000)
587#define IMAGE_RESOURCE_DATA_IS_DIRECTORY UINT32_C(0x80000000)
588
589typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING
590{
591 uint16_t Length;
592 char NameString[1];
593} IMAGE_RESOURCE_DIRECTORY_STRING;
594typedef IMAGE_RESOURCE_DIRECTORY_STRING *PIMAGE_RESOURCE_DIRECTORY_STRING;
595typedef IMAGE_RESOURCE_DIRECTORY_STRING const *PCIMAGE_RESOURCE_DIRECTORY_STRING;
596
597
598typedef struct _IMAGE_RESOURCE_DIR_STRING_U
599{
600 uint16_t Length;
601 RTUTF16 NameString[1];
602} IMAGE_RESOURCE_DIR_STRING_U;
603typedef IMAGE_RESOURCE_DIR_STRING_U *PIMAGE_RESOURCE_DIR_STRING_U;
604typedef IMAGE_RESOURCE_DIR_STRING_U const *PCIMAGE_RESOURCE_DIR_STRING_U;
605
606
607typedef struct _IMAGE_RESOURCE_DATA_ENTRY
608{
609 uint32_t OffsetToData;
610 uint32_t Size;
611 uint32_t CodePage;
612 uint32_t Reserved;
613} IMAGE_RESOURCE_DATA_ENTRY;
614typedef IMAGE_RESOURCE_DATA_ENTRY *PIMAGE_RESOURCE_DATA_ENTRY;
615typedef IMAGE_RESOURCE_DATA_ENTRY const *PCIMAGE_RESOURCE_DATA_ENTRY;
616
617/** @} */
618
619
620
621/** @name Image load config directories
622 * @{ */
623
624/** @since Windows 10 (preview 9879) */
625typedef struct _IMAGE_LOAD_CONFIG_CODE_INTEGRITY
626{
627 uint16_t Flags;
628 uint16_t Catalog;
629 uint32_t CatalogOffset;
630 uint32_t Reserved;
631} IMAGE_LOAD_CONFIG_CODE_INTEGRITY;
632AssertCompileSize(IMAGE_LOAD_CONFIG_CODE_INTEGRITY, 12);
633typedef IMAGE_LOAD_CONFIG_CODE_INTEGRITY *PIMAGE_LOAD_CONFIG_CODE_INTEGRITY;
634typedef IMAGE_LOAD_CONFIG_CODE_INTEGRITY const *PCIMAGE_LOAD_CONFIG_CODE_INTEGRITY;
635
636typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V1
637{
638 uint32_t Size;
639 uint32_t TimeDateStamp;
640 uint16_t MajorVersion;
641 uint16_t MinorVersion;
642 uint32_t GlobalFlagsClear;
643 uint32_t GlobalFlagsSet;
644 uint32_t CriticalSectionDefaultTimeout;
645 uint32_t DeCommitFreeBlockThreshold;
646 uint32_t DeCommitTotalFreeThreshold;
647 uint32_t LockPrefixTable;
648 uint32_t MaximumAllocationSize;
649 uint32_t VirtualMemoryThreshold;
650 uint32_t ProcessHeapFlags;
651 uint32_t ProcessAffinityMask;
652 uint16_t CSDVersion;
653 uint16_t DependentLoadFlags;
654 uint32_t EditList;
655 uint32_t SecurityCookie;
656} IMAGE_LOAD_CONFIG_DIRECTORY32_V1;
657AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V1, 0x40);
658typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V1 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V1;
659typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V1 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V1;
660
661typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V2
662{
663 uint32_t Size;
664 uint32_t TimeDateStamp;
665 uint16_t MajorVersion;
666 uint16_t MinorVersion;
667 uint32_t GlobalFlagsClear;
668 uint32_t GlobalFlagsSet;
669 uint32_t CriticalSectionDefaultTimeout;
670 uint32_t DeCommitFreeBlockThreshold;
671 uint32_t DeCommitTotalFreeThreshold;
672 uint32_t LockPrefixTable;
673 uint32_t MaximumAllocationSize;
674 uint32_t VirtualMemoryThreshold;
675 uint32_t ProcessHeapFlags;
676 uint32_t ProcessAffinityMask;
677 uint16_t CSDVersion;
678 uint16_t DependentLoadFlags;
679 uint32_t EditList;
680 uint32_t SecurityCookie;
681 uint32_t SEHandlerTable;
682 uint32_t SEHandlerCount;
683} IMAGE_LOAD_CONFIG_DIRECTORY32_V2;
684AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V2, 0x48);
685typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V2 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V2;
686typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V2 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V2;
687
688typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V3
689{
690 uint32_t Size;
691 uint32_t TimeDateStamp;
692 uint16_t MajorVersion;
693 uint16_t MinorVersion;
694 uint32_t GlobalFlagsClear;
695 uint32_t GlobalFlagsSet;
696 uint32_t CriticalSectionDefaultTimeout;
697 uint32_t DeCommitFreeBlockThreshold;
698 uint32_t DeCommitTotalFreeThreshold;
699 uint32_t LockPrefixTable;
700 uint32_t MaximumAllocationSize;
701 uint32_t VirtualMemoryThreshold;
702 uint32_t ProcessHeapFlags;
703 uint32_t ProcessAffinityMask;
704 uint16_t CSDVersion;
705 uint16_t DependentLoadFlags;
706 uint32_t EditList;
707 uint32_t SecurityCookie;
708 uint32_t SEHandlerTable;
709 uint32_t SEHandlerCount;
710 uint32_t GuardCFCCheckFunctionPointer;
711 uint32_t GuardCFDispatchFunctionPointer;
712 uint32_t GuardCFFunctionTable;
713 uint32_t GuardCFFunctionCount;
714 uint32_t GuardFlags;
715} IMAGE_LOAD_CONFIG_DIRECTORY32_V3;
716AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V3, 0x5c);
717typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V3;
718typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V3;
719
720/** @since Windows 10 (preview 9879) */
721typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V4
722{
723 uint32_t Size;
724 uint32_t TimeDateStamp;
725 uint16_t MajorVersion;
726 uint16_t MinorVersion;
727 uint32_t GlobalFlagsClear;
728 uint32_t GlobalFlagsSet;
729 uint32_t CriticalSectionDefaultTimeout;
730 uint32_t DeCommitFreeBlockThreshold;
731 uint32_t DeCommitTotalFreeThreshold;
732 uint32_t LockPrefixTable;
733 uint32_t MaximumAllocationSize;
734 uint32_t VirtualMemoryThreshold;
735 uint32_t ProcessHeapFlags;
736 uint32_t ProcessAffinityMask;
737 uint16_t CSDVersion;
738 uint16_t DependentLoadFlags;
739 uint32_t EditList;
740 uint32_t SecurityCookie;
741 uint32_t SEHandlerTable;
742 uint32_t SEHandlerCount;
743 uint32_t GuardCFCCheckFunctionPointer;
744 uint32_t GuardCFDispatchFunctionPointer;
745 uint32_t GuardCFFunctionTable;
746 uint32_t GuardCFFunctionCount;
747 uint32_t GuardFlags;
748 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity;
749} IMAGE_LOAD_CONFIG_DIRECTORY32_V4;
750AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V4, 0x68);
751typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V4 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V4;
752typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V4 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V4;
753
754/** @since Windows 10 build 14286 (or maybe earlier). */
755typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V5
756{
757 uint32_t Size;
758 uint32_t TimeDateStamp;
759 uint16_t MajorVersion;
760 uint16_t MinorVersion;
761 uint32_t GlobalFlagsClear;
762 uint32_t GlobalFlagsSet;
763 uint32_t CriticalSectionDefaultTimeout;
764 uint32_t DeCommitFreeBlockThreshold;
765 uint32_t DeCommitTotalFreeThreshold;
766 uint32_t LockPrefixTable;
767 uint32_t MaximumAllocationSize;
768 uint32_t VirtualMemoryThreshold;
769 uint32_t ProcessHeapFlags;
770 uint32_t ProcessAffinityMask;
771 uint16_t CSDVersion;
772 uint16_t DependentLoadFlags;
773 uint32_t EditList;
774 uint32_t SecurityCookie;
775 uint32_t SEHandlerTable;
776 uint32_t SEHandlerCount;
777 uint32_t GuardCFCCheckFunctionPointer;
778 uint32_t GuardCFDispatchFunctionPointer;
779 uint32_t GuardCFFunctionTable;
780 uint32_t GuardCFFunctionCount;
781 uint32_t GuardFlags;
782 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity;
783 uint32_t GuardAddressTakenIatEntryTable;
784 uint32_t GuardAddressTakenIatEntryCount;
785 uint32_t GuardLongJumpTargetTable;
786 uint32_t GuardLongJumpTargetCount;
787} IMAGE_LOAD_CONFIG_DIRECTORY32_V5;
788AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V5, 0x78);
789typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V5 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V5;
790typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V5 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V5;
791
792/** @since Windows 10 build 14383 (or maybe earlier). */
793typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V6
794{
795 uint32_t Size; /**< 0x00 */
796 uint32_t TimeDateStamp; /**< 0x04 */
797 uint16_t MajorVersion; /**< 0x08 */
798 uint16_t MinorVersion; /**< 0x0a */
799 uint32_t GlobalFlagsClear; /**< 0x0c */
800 uint32_t GlobalFlagsSet; /**< 0x10 */
801 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
802 uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
803 uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
804 uint32_t LockPrefixTable; /**< 0x20 */
805 uint32_t MaximumAllocationSize; /**< 0x24 */
806 uint32_t VirtualMemoryThreshold; /**< 0x28 */
807 uint32_t ProcessHeapFlags; /**< 0x2c */
808 uint32_t ProcessAffinityMask; /**< 0x30 */
809 uint16_t CSDVersion; /**< 0x34 */
810 uint16_t DependentLoadFlags; /**< 0x36 */
811 uint32_t EditList; /**< 0x38 */
812 uint32_t SecurityCookie; /**< 0x3c */
813 uint32_t SEHandlerTable; /**< 0x40 */
814 uint32_t SEHandlerCount; /**< 0x44 */
815 uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
816 uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
817 uint32_t GuardCFFunctionTable; /**< 0x50 */
818 uint32_t GuardCFFunctionCount; /**< 0x54 */
819 uint32_t GuardFlags; /**< 0x58 */
820 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
821 uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
822 uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
823 uint32_t GuardLongJumpTargetTable; /**< 0x70 */
824 uint32_t GuardLongJumpTargetCount; /**< 0x74 */
825 uint32_t DynamicValueRelocTable; /**< 0x78 */
826 uint32_t HybridMetadataPointer; /**< 0x7c */
827} IMAGE_LOAD_CONFIG_DIRECTORY32_V6;
828AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V6, 0x80);
829typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V6 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V6;
830typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V6 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V6;
831
832/** @since Windows 10 build 14901 (or maybe earlier). */
833typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V7
834{
835 uint32_t Size; /**< 0x00 */
836 uint32_t TimeDateStamp; /**< 0x04 */
837 uint16_t MajorVersion; /**< 0x08 */
838 uint16_t MinorVersion; /**< 0x0a */
839 uint32_t GlobalFlagsClear; /**< 0x0c */
840 uint32_t GlobalFlagsSet; /**< 0x10 */
841 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
842 uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
843 uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
844 uint32_t LockPrefixTable; /**< 0x20 */
845 uint32_t MaximumAllocationSize; /**< 0x24 */
846 uint32_t VirtualMemoryThreshold; /**< 0x28 */
847 uint32_t ProcessHeapFlags; /**< 0x2c */
848 uint32_t ProcessAffinityMask; /**< 0x30 */
849 uint16_t CSDVersion; /**< 0x34 */
850 uint16_t DependentLoadFlags; /**< 0x36 */
851 uint32_t EditList; /**< 0x38 */
852 uint32_t SecurityCookie; /**< 0x3c */
853 uint32_t SEHandlerTable; /**< 0x40 */
854 uint32_t SEHandlerCount; /**< 0x44 */
855 uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
856 uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
857 uint32_t GuardCFFunctionTable; /**< 0x50 */
858 uint32_t GuardCFFunctionCount; /**< 0x54 */
859 uint32_t GuardFlags; /**< 0x58 */
860 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
861 uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
862 uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
863 uint32_t GuardLongJumpTargetTable; /**< 0x70 */
864 uint32_t GuardLongJumpTargetCount; /**< 0x74 */
865 uint32_t DynamicValueRelocTable; /**< 0x78 */
866 uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
867 uint32_t GuardRFFailureRoutine; /**< 0x80 */
868 uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
869 uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
870 uint16_t DynamicValueRelocTableSection; /**< 0x8c */
871 uint16_t Reserved2; /**< 0x8e */
872} IMAGE_LOAD_CONFIG_DIRECTORY32_V7;
873AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V7, 0x90);
874typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V7 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V7;
875typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V7 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V7;
876
877/** @since Windows 10 build 15002 (or maybe earlier). */
878typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V8
879{
880 uint32_t Size; /**< 0x00 */
881 uint32_t TimeDateStamp; /**< 0x04 */
882 uint16_t MajorVersion; /**< 0x08 */
883 uint16_t MinorVersion; /**< 0x0a */
884 uint32_t GlobalFlagsClear; /**< 0x0c */
885 uint32_t GlobalFlagsSet; /**< 0x10 */
886 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
887 uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
888 uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
889 uint32_t LockPrefixTable; /**< 0x20 */
890 uint32_t MaximumAllocationSize; /**< 0x24 */
891 uint32_t VirtualMemoryThreshold; /**< 0x28 */
892 uint32_t ProcessHeapFlags; /**< 0x2c */
893 uint32_t ProcessAffinityMask; /**< 0x30 */
894 uint16_t CSDVersion; /**< 0x34 */
895 uint16_t DependentLoadFlags; /**< 0x36 */
896 uint32_t EditList; /**< 0x38 */
897 uint32_t SecurityCookie; /**< 0x3c */
898 uint32_t SEHandlerTable; /**< 0x40 */
899 uint32_t SEHandlerCount; /**< 0x44 */
900 uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
901 uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
902 uint32_t GuardCFFunctionTable; /**< 0x50 */
903 uint32_t GuardCFFunctionCount; /**< 0x54 */
904 uint32_t GuardFlags; /**< 0x58 */
905 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
906 uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
907 uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
908 uint32_t GuardLongJumpTargetTable; /**< 0x70 */
909 uint32_t GuardLongJumpTargetCount; /**< 0x74 */
910 uint32_t DynamicValueRelocTable; /**< 0x78 */
911 uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
912 uint32_t GuardRFFailureRoutine; /**< 0x80 */
913 uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
914 uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
915 uint16_t DynamicValueRelocTableSection; /**< 0x8c */
916 uint16_t Reserved2; /**< 0x8e */
917 uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
918 uint32_t HotPatchTableOffset; /**< 0x94 */
919} IMAGE_LOAD_CONFIG_DIRECTORY32_V8;
920AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V8, 0x98);
921typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V8 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V8;
922typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V8 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V8;
923
924/** @since Windows 10 build 16237 (or maybe earlier). */
925typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V9
926{
927 uint32_t Size; /**< 0x00 */
928 uint32_t TimeDateStamp; /**< 0x04 */
929 uint16_t MajorVersion; /**< 0x08 */
930 uint16_t MinorVersion; /**< 0x0a */
931 uint32_t GlobalFlagsClear; /**< 0x0c */
932 uint32_t GlobalFlagsSet; /**< 0x10 */
933 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
934 uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
935 uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
936 uint32_t LockPrefixTable; /**< 0x20 */
937 uint32_t MaximumAllocationSize; /**< 0x24 */
938 uint32_t VirtualMemoryThreshold; /**< 0x28 */
939 uint32_t ProcessHeapFlags; /**< 0x2c */
940 uint32_t ProcessAffinityMask; /**< 0x30 */
941 uint16_t CSDVersion; /**< 0x34 */
942 uint16_t DependentLoadFlags; /**< 0x36 */
943 uint32_t EditList; /**< 0x38 */
944 uint32_t SecurityCookie; /**< 0x3c */
945 uint32_t SEHandlerTable; /**< 0x40 */
946 uint32_t SEHandlerCount; /**< 0x44 */
947 uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
948 uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
949 uint32_t GuardCFFunctionTable; /**< 0x50 */
950 uint32_t GuardCFFunctionCount; /**< 0x54 */
951 uint32_t GuardFlags; /**< 0x58 */
952 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
953 uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
954 uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
955 uint32_t GuardLongJumpTargetTable; /**< 0x70 */
956 uint32_t GuardLongJumpTargetCount; /**< 0x74 */
957 uint32_t DynamicValueRelocTable; /**< 0x78 */
958 uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
959 uint32_t GuardRFFailureRoutine; /**< 0x80 */
960 uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
961 uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
962 uint16_t DynamicValueRelocTableSection; /**< 0x8c */
963 uint16_t Reserved2; /**< 0x8e */
964 uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
965 uint32_t HotPatchTableOffset; /**< 0x94 */
966 uint32_t AddressOfSomeUnicodeString; /**< 0x98 - 64-bit version has this member about here. not sure about location yet. */
967 uint32_t Reserved3QuestionMark; /**< 0x9a - Did they 8-byte pad the structure or is AddressOfSomeUnicodeString 64-bit? */
968} IMAGE_LOAD_CONFIG_DIRECTORY32_V9;
969AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V9, 0xa0);
970typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V9 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V9;
971typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V9 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V9;
972
973typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V9 IMAGE_LOAD_CONFIG_DIRECTORY32;
974typedef PIMAGE_LOAD_CONFIG_DIRECTORY32_V9 PIMAGE_LOAD_CONFIG_DIRECTORY32;
975typedef PCIMAGE_LOAD_CONFIG_DIRECTORY32_V9 PCIMAGE_LOAD_CONFIG_DIRECTORY32;
976
977
978/* No _IMAGE_LOAD_CONFIG_DIRECTORY64_V1 exists. */
979
980typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V2
981{
982 uint32_t Size;
983 uint32_t TimeDateStamp;
984 uint16_t MajorVersion;
985 uint16_t MinorVersion;
986 uint32_t GlobalFlagsClear;
987 uint32_t GlobalFlagsSet;
988 uint32_t CriticalSectionDefaultTimeout;
989 uint64_t DeCommitFreeBlockThreshold;
990 uint64_t DeCommitTotalFreeThreshold;
991 uint64_t LockPrefixTable;
992 uint64_t MaximumAllocationSize;
993 uint64_t VirtualMemoryThreshold;
994 uint64_t ProcessAffinityMask;
995 uint32_t ProcessHeapFlags;
996 uint16_t CSDVersion;
997 uint16_t DependentLoadFlags;
998 uint64_t EditList;
999 uint64_t SecurityCookie;
1000 uint64_t SEHandlerTable;
1001 uint64_t SEHandlerCount;
1002} IMAGE_LOAD_CONFIG_DIRECTORY64_V2;
1003AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V2, 0x70);
1004typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V2 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V2;
1005typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V2 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V2;
1006
1007#pragma pack(4) /* Why not 8 byte alignment, baka microsofties?!? */
1008typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V3
1009{
1010 uint32_t Size;
1011 uint32_t TimeDateStamp;
1012 uint16_t MajorVersion;
1013 uint16_t MinorVersion;
1014 uint32_t GlobalFlagsClear;
1015 uint32_t GlobalFlagsSet;
1016 uint32_t CriticalSectionDefaultTimeout;
1017 uint64_t DeCommitFreeBlockThreshold;
1018 uint64_t DeCommitTotalFreeThreshold;
1019 uint64_t LockPrefixTable;
1020 uint64_t MaximumAllocationSize;
1021 uint64_t VirtualMemoryThreshold;
1022 uint64_t ProcessAffinityMask;
1023 uint32_t ProcessHeapFlags;
1024 uint16_t CSDVersion;
1025 uint16_t DependentLoadFlags;
1026 uint64_t EditList;
1027 uint64_t SecurityCookie;
1028 uint64_t SEHandlerTable;
1029 uint64_t SEHandlerCount;
1030 uint64_t GuardCFCCheckFunctionPointer;
1031 uint64_t GuardCFDispatchFunctionPointer;
1032 uint64_t GuardCFFunctionTable;
1033 uint64_t GuardCFFunctionCount;
1034 uint32_t GuardFlags;
1035} IMAGE_LOAD_CONFIG_DIRECTORY64_V3;
1036#pragma pack()
1037AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V3, 0x94);
1038typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V3;
1039typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V3;
1040
1041/** @since Windows 10 (Preview (9879). */
1042typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V4
1043{
1044 uint32_t Size; /**< 0x00 */
1045 uint32_t TimeDateStamp; /**< 0x04 */
1046 uint16_t MajorVersion; /**< 0x08 */
1047 uint16_t MinorVersion; /**< 0x0a */
1048 uint32_t GlobalFlagsClear; /**< 0x0c */
1049 uint32_t GlobalFlagsSet; /**< 0x10 */
1050 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
1051 uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
1052 uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
1053 uint64_t LockPrefixTable; /**< 0x28 */
1054 uint64_t MaximumAllocationSize; /**< 0x30 */
1055 uint64_t VirtualMemoryThreshold; /**< 0x38 */
1056 uint64_t ProcessAffinityMask; /**< 0x40 */
1057 uint32_t ProcessHeapFlags; /**< 0x48 */
1058 uint16_t CSDVersion; /**< 0x4c */
1059 uint16_t DependentLoadFlags; /**< 0x4e */
1060 uint64_t EditList; /**< 0x50 */
1061 uint64_t SecurityCookie; /**< 0x58 */
1062 uint64_t SEHandlerTable; /**< 0x60 */
1063 uint64_t SEHandlerCount; /**< 0x68 */
1064 uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
1065 uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
1066 uint64_t GuardCFFunctionTable; /**< 0x80 */
1067 uint64_t GuardCFFunctionCount; /**< 0x88 */
1068 uint32_t GuardFlags; /**< 0x90 */
1069 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
1070} IMAGE_LOAD_CONFIG_DIRECTORY64_V4;
1071AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V4, 0xa0);
1072typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V4 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V4;
1073typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V4 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V4;
1074
1075/** @since Windows 10 build 14286 (or maybe earlier). */
1076typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V5
1077{
1078 uint32_t Size; /**< 0x00 */
1079 uint32_t TimeDateStamp; /**< 0x04 */
1080 uint16_t MajorVersion; /**< 0x08 */
1081 uint16_t MinorVersion; /**< 0x0a */
1082 uint32_t GlobalFlagsClear; /**< 0x0c */
1083 uint32_t GlobalFlagsSet; /**< 0x10 */
1084 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
1085 uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
1086 uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
1087 uint64_t LockPrefixTable; /**< 0x28 */
1088 uint64_t MaximumAllocationSize; /**< 0x30 */
1089 uint64_t VirtualMemoryThreshold; /**< 0x38 */
1090 uint64_t ProcessAffinityMask; /**< 0x40 */
1091 uint32_t ProcessHeapFlags; /**< 0x48 */
1092 uint16_t CSDVersion; /**< 0x4c */
1093 uint16_t DependentLoadFlags; /**< 0x4e */
1094 uint64_t EditList; /**< 0x50 */
1095 uint64_t SecurityCookie; /**< 0x58 */
1096 uint64_t SEHandlerTable; /**< 0x60 */
1097 uint64_t SEHandlerCount; /**< 0x68 */
1098 uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
1099 uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
1100 uint64_t GuardCFFunctionTable; /**< 0x80 */
1101 uint64_t GuardCFFunctionCount; /**< 0x88 */
1102 uint32_t GuardFlags; /**< 0x90 */
1103 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
1104 uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
1105 uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
1106 uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
1107 uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
1108} IMAGE_LOAD_CONFIG_DIRECTORY64_V5;
1109AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V5, 0xc0);
1110typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V5 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V5;
1111typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V5 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V5;
1112
1113/** @since Windows 10 build 14393 (or maybe earlier). */
1114typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V6
1115{
1116 uint32_t Size; /**< 0x00 */
1117 uint32_t TimeDateStamp; /**< 0x04 */
1118 uint16_t MajorVersion; /**< 0x08 */
1119 uint16_t MinorVersion; /**< 0x0a */
1120 uint32_t GlobalFlagsClear; /**< 0x0c */
1121 uint32_t GlobalFlagsSet; /**< 0x10 */
1122 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
1123 uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
1124 uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
1125 uint64_t LockPrefixTable; /**< 0x28 */
1126 uint64_t MaximumAllocationSize; /**< 0x30 */
1127 uint64_t VirtualMemoryThreshold; /**< 0x38 */
1128 uint64_t ProcessAffinityMask; /**< 0x40 */
1129 uint32_t ProcessHeapFlags; /**< 0x48 */
1130 uint16_t CSDVersion; /**< 0x4c */
1131 uint16_t DependentLoadFlags; /**< 0x4e */
1132 uint64_t EditList; /**< 0x50 */
1133 uint64_t SecurityCookie; /**< 0x58 */
1134 uint64_t SEHandlerTable; /**< 0x60 */
1135 uint64_t SEHandlerCount; /**< 0x68 */
1136 uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
1137 uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
1138 uint64_t GuardCFFunctionTable; /**< 0x80 */
1139 uint64_t GuardCFFunctionCount; /**< 0x88 */
1140 uint32_t GuardFlags; /**< 0x90 */
1141 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
1142 uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
1143 uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
1144 uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
1145 uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
1146 uint64_t DynamicValueRelocTable; /**< 0xc0 */
1147 uint64_t HybridMetadataPointer; /**< 0xc8 */
1148} IMAGE_LOAD_CONFIG_DIRECTORY64_V6;
1149AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V6, 0xd0);
1150typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V6 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V6;
1151typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V6 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V6;
1152
1153/** @since Windows 10 build 14901 (or maybe earlier). */
1154typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V7
1155{
1156 uint32_t Size; /**< 0x00 */
1157 uint32_t TimeDateStamp; /**< 0x04 */
1158 uint16_t MajorVersion; /**< 0x08 */
1159 uint16_t MinorVersion; /**< 0x0a */
1160 uint32_t GlobalFlagsClear; /**< 0x0c */
1161 uint32_t GlobalFlagsSet; /**< 0x10 */
1162 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
1163 uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
1164 uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
1165 uint64_t LockPrefixTable; /**< 0x28 */
1166 uint64_t MaximumAllocationSize; /**< 0x30 */
1167 uint64_t VirtualMemoryThreshold; /**< 0x38 */
1168 uint64_t ProcessAffinityMask; /**< 0x40 */
1169 uint32_t ProcessHeapFlags; /**< 0x48 */
1170 uint16_t CSDVersion; /**< 0x4c */
1171 uint16_t DependentLoadFlags; /**< 0x4e */
1172 uint64_t EditList; /**< 0x50 */
1173 uint64_t SecurityCookie; /**< 0x58 */
1174 uint64_t SEHandlerTable; /**< 0x60 */
1175 uint64_t SEHandlerCount; /**< 0x68 */
1176 uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
1177 uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
1178 uint64_t GuardCFFunctionTable; /**< 0x80 */
1179 uint64_t GuardCFFunctionCount; /**< 0x88 */
1180 uint32_t GuardFlags; /**< 0x90 */
1181 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
1182 uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
1183 uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
1184 uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
1185 uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
1186 uint64_t DynamicValueRelocTable; /**< 0xc0 */
1187 uint64_t CHPEMetadataPointer; /**< 0xc8 Not sure when this was renamed from HybridMetadataPointer. */
1188 uint64_t GuardRFFailureRoutine; /**< 0xd0 */
1189 uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
1190 uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
1191 uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
1192 uint16_t Reserved2; /**< 0xe6 */
1193} IMAGE_LOAD_CONFIG_DIRECTORY64_V7;
1194AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V7, 0xe8);
1195typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V7 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V7;
1196typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V7 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V7;
1197
1198/** @since Windows 10 build 15002 (or maybe earlier). */
1199#pragma pack(4) /* Stupid, stupid microsofties! */
1200typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V8
1201{
1202 uint32_t Size; /**< 0x00 */
1203 uint32_t TimeDateStamp; /**< 0x04 */
1204 uint16_t MajorVersion; /**< 0x08 */
1205 uint16_t MinorVersion; /**< 0x0a */
1206 uint32_t GlobalFlagsClear; /**< 0x0c */
1207 uint32_t GlobalFlagsSet; /**< 0x10 */
1208 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
1209 uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
1210 uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
1211 uint64_t LockPrefixTable; /**< 0x28 */
1212 uint64_t MaximumAllocationSize; /**< 0x30 */
1213 uint64_t VirtualMemoryThreshold; /**< 0x38 */
1214 uint64_t ProcessAffinityMask; /**< 0x40 */
1215 uint32_t ProcessHeapFlags; /**< 0x48 */
1216 uint16_t CSDVersion; /**< 0x4c */
1217 uint16_t DependentLoadFlags; /**< 0x4e */
1218 uint64_t EditList; /**< 0x50 */
1219 uint64_t SecurityCookie; /**< 0x58 */
1220 uint64_t SEHandlerTable; /**< 0x60 */
1221 uint64_t SEHandlerCount; /**< 0x68 */
1222 uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
1223 uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
1224 uint64_t GuardCFFunctionTable; /**< 0x80 */
1225 uint64_t GuardCFFunctionCount; /**< 0x88 */
1226 uint32_t GuardFlags; /**< 0x90 */
1227 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
1228 uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
1229 uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
1230 uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
1231 uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
1232 uint64_t DynamicValueRelocTable; /**< 0xc0 */
1233 uint64_t CHPEMetadataPointer; /**< 0xc8 */
1234 uint64_t GuardRFFailureRoutine; /**< 0xd0 */
1235 uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
1236 uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
1237 uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
1238 uint16_t Reserved2; /**< 0xe6 */
1239 uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
1240 uint32_t HotPatchTableOffset; /**< 0xf0 */
1241} IMAGE_LOAD_CONFIG_DIRECTORY64_V8;
1242#pragma pack()
1243AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V8, 0xf4);
1244typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V8 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V8;
1245typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V8 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V8;
1246
1247/** @since Windows 10 build 15002 (or maybe earlier). */
1248typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V9
1249{
1250 uint32_t Size; /**< 0x00 */
1251 uint32_t TimeDateStamp; /**< 0x04 */
1252 uint16_t MajorVersion; /**< 0x08 */
1253 uint16_t MinorVersion; /**< 0x0a */
1254 uint32_t GlobalFlagsClear; /**< 0x0c */
1255 uint32_t GlobalFlagsSet; /**< 0x10 */
1256 uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
1257 uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
1258 uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
1259 uint64_t LockPrefixTable; /**< 0x28 */
1260 uint64_t MaximumAllocationSize; /**< 0x30 */
1261 uint64_t VirtualMemoryThreshold; /**< 0x38 */
1262 uint64_t ProcessAffinityMask; /**< 0x40 */
1263 uint32_t ProcessHeapFlags; /**< 0x48 */
1264 uint16_t CSDVersion; /**< 0x4c */
1265 uint16_t DependentLoadFlags; /**< 0x4e */
1266 uint64_t EditList; /**< 0x50 */
1267 uint64_t SecurityCookie; /**< 0x58 */
1268 uint64_t SEHandlerTable; /**< 0x60 */
1269 uint64_t SEHandlerCount; /**< 0x68 */
1270 uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
1271 uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
1272 uint64_t GuardCFFunctionTable; /**< 0x80 */
1273 uint64_t GuardCFFunctionCount; /**< 0x88 */
1274 uint32_t GuardFlags; /**< 0x90 */
1275 IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
1276 uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
1277 uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
1278 uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
1279 uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
1280 uint64_t DynamicValueRelocTable; /**< 0xc0 */
1281 uint64_t CHPEMetadataPointer; /**< 0xc8 */
1282 uint64_t GuardRFFailureRoutine; /**< 0xd0 */
1283 uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
1284 uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
1285 uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
1286 uint16_t Reserved2; /**< 0xe6 */
1287 uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
1288 uint32_t HotPatchTableOffset; /**< 0xf0 */
1289 uint32_t Reserved3; /**< 0xf4 */
1290 uint64_t AddressOfSomeUnicodeString; /**< 0xf8 - seen in bcrypt and bcryptprimitives pointing to the string "L". */
1291} IMAGE_LOAD_CONFIG_DIRECTORY64_V9;
1292AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V9, 0x100);
1293typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V9 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V9;
1294typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V9 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V9;
1295
1296typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V9 IMAGE_LOAD_CONFIG_DIRECTORY64;
1297typedef PIMAGE_LOAD_CONFIG_DIRECTORY64_V9 PIMAGE_LOAD_CONFIG_DIRECTORY64;
1298typedef PCIMAGE_LOAD_CONFIG_DIRECTORY64_V9 PCIMAGE_LOAD_CONFIG_DIRECTORY64;
1299
1300/** @} */
1301
1302
1303/**
1304 * PE certificate directory.
1305 *
1306 * Found in IMAGE_DIRECTORY_ENTRY_SECURITY.
1307 */
1308typedef struct WIN_CERTIFICATE
1309{
1310 uint32_t dwLength;
1311 uint16_t wRevision;
1312 uint16_t wCertificateType;
1313 uint8_t bCertificate[8];
1314} WIN_CERTIFICATE;
1315AssertCompileSize(WIN_CERTIFICATE, 16);
1316typedef WIN_CERTIFICATE *PWIN_CERTIFICATE;
1317typedef WIN_CERTIFICATE const *PCWIN_CERTIFICATE;
1318
1319/** @name WIN_CERT_REVISION_XXX - Certificate data directory revision.
1320 * Used WIN_CERTIFICATE::wRevision found in the
1321 * IMAGE_DIRECTORY_ENTRY_SECURITY data directory. */
1322#define WIN_CERT_REVISION_1_0 UINT16_C(0x0100)
1323#define WIN_CERT_REVISION_2_0 UINT16_C(0x0200)
1324/** @} */
1325
1326/** @name WIN_CERT_TYPE_XXX - Signature type.
1327 * Used by WIN_CERTIFICATE::wCertificateType.
1328 * @{ */
1329#define WIN_CERT_TYPE_X509 UINT16_C(1)
1330#define WIN_CERT_TYPE_PKCS_SIGNED_DATA UINT16_C(2)
1331#define WIN_CERT_TYPE_RESERVED_1 UINT16_C(3)
1332#define WIN_CERT_TYPE_TS_STACK_SIGNED UINT16_C(4)
1333#define WIN_CERT_TYPE_EFI_PKCS115 UINT16_C(0x0ef0)
1334#define WIN_CERT_TYPE_EFI_GUID UINT16_C(0x0ef1)
1335/** @} */
1336
1337/** The alignment of the certificate table.
1338 * @remarks Found thru signtool experiments. */
1339#define WIN_CERTIFICATE_ALIGNMENT UINT32_C(8)
1340
1341
1342/**
1343 * Debug directory.
1344 *
1345 * Found in IMAGE_DIRECTORY_ENTRY_DEBUG.
1346 */
1347typedef struct _IMAGE_DEBUG_DIRECTORY
1348{
1349 uint32_t Characteristics;
1350 uint32_t TimeDateStamp;
1351 uint16_t MajorVersion;
1352 uint16_t MinorVersion;
1353 uint32_t Type;
1354 uint32_t SizeOfData;
1355 uint32_t AddressOfRawData;
1356 uint32_t PointerToRawData;
1357} IMAGE_DEBUG_DIRECTORY;
1358AssertCompileSize(IMAGE_DEBUG_DIRECTORY, 28);
1359typedef IMAGE_DEBUG_DIRECTORY *PIMAGE_DEBUG_DIRECTORY;
1360typedef IMAGE_DEBUG_DIRECTORY const *PCIMAGE_DEBUG_DIRECTORY;
1361
1362/** @name IMAGE_DEBUG_TYPE_XXX - Debug format types.
1363 * Used by IMAGE_DEBUG_DIRECTORY::Type.
1364 * @{ */
1365#define IMAGE_DEBUG_TYPE_UNKNOWN UINT32_C(0x0)
1366#define IMAGE_DEBUG_TYPE_COFF UINT32_C(0x1)
1367#define IMAGE_DEBUG_TYPE_CODEVIEW UINT32_C(0x2)
1368#define IMAGE_DEBUG_TYPE_FPO UINT32_C(0x3)
1369#define IMAGE_DEBUG_TYPE_MISC UINT32_C(0x4)
1370#define IMAGE_DEBUG_TYPE_EXCEPTION UINT32_C(0x5)
1371#define IMAGE_DEBUG_TYPE_FIXUP UINT32_C(0x6)
1372#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC UINT32_C(0x7)
1373#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC UINT32_C(0x8)
1374#define IMAGE_DEBUG_TYPE_BORLAND UINT32_C(0x9)
1375#define IMAGE_DEBUG_TYPE_RESERVED10 UINT32_C(0x10)
1376/** @} */
1377
1378/** @name IMAGE_DEBUG_MISC_XXX - Misc debug data type.
1379 * Used by IMAGE_DEBUG_MISC::DataType.
1380 * @{ */
1381#define IMAGE_DEBUG_MISC_EXENAME UINT32_C(1)
1382/** @} */
1383
1384
1385/**
1386 * The format of IMAGE_DEBUG_TYPE_MISC debug info.
1387 */
1388typedef struct _IMAGE_DEBUG_MISC
1389{
1390 uint32_t DataType;
1391 uint32_t Length;
1392 uint8_t Unicode;
1393 uint8_t Reserved[3];
1394 uint8_t Data[1];
1395} IMAGE_DEBUG_MISC;
1396AssertCompileSize(IMAGE_DEBUG_MISC, 16);
1397typedef IMAGE_DEBUG_MISC *PIMAGE_DEBUG_MISC;
1398typedef IMAGE_DEBUG_MISC const *PCIMAGE_DEBUG_MISC;
1399
1400
1401
1402/**
1403 * The header of a .DBG file (NT4).
1404 */
1405typedef struct _IMAGE_SEPARATE_DEBUG_HEADER
1406{
1407 uint16_t Signature; /**< 0x00 */
1408 uint16_t Flags; /**< 0x02 */
1409 uint16_t Machine; /**< 0x04 */
1410 uint16_t Characteristics; /**< 0x06 */
1411 uint32_t TimeDateStamp; /**< 0x08 */
1412 uint32_t CheckSum; /**< 0x0c */
1413 uint32_t ImageBase; /**< 0x10 */
1414 uint32_t SizeOfImage; /**< 0x14 */
1415 uint32_t NumberOfSections; /**< 0x18 */
1416 uint32_t ExportedNamesSize; /**< 0x1c */
1417 uint32_t DebugDirectorySize; /**< 0x20 */
1418 uint32_t SectionAlignment; /**< 0x24 */
1419 uint32_t Reserved[2]; /**< 0x28 */
1420} IMAGE_SEPARATE_DEBUG_HEADER; /* size: 0x30 */
1421AssertCompileSize(IMAGE_SEPARATE_DEBUG_HEADER, 0x30);
1422typedef IMAGE_SEPARATE_DEBUG_HEADER *PIMAGE_SEPARATE_DEBUG_HEADER;
1423typedef IMAGE_SEPARATE_DEBUG_HEADER const *PCIMAGE_SEPARATE_DEBUG_HEADER;
1424
1425/** The signature of a IMAGE_SEPARATE_DEBUG_HEADER. */
1426#define IMAGE_SEPARATE_DEBUG_SIGNATURE UINT16_C(0x4944)
1427
1428
1429/**
1430 * The format of IMAGE_DEBUG_TYPE_COFF debug info.
1431 */
1432typedef struct _IMAGE_COFF_SYMBOLS_HEADER
1433{
1434 uint32_t NumberOfSymbols;
1435 uint32_t LvaToFirstSymbol;
1436 uint32_t NumberOfLinenumbers;
1437 uint32_t LvaToFirstLinenumber;
1438 uint32_t RvaToFirstByteOfCode;
1439 uint32_t RvaToLastByteOfCode;
1440 uint32_t RvaToFirstByteOfData;
1441 uint32_t RvaToLastByteOfData;
1442} IMAGE_COFF_SYMBOLS_HEADER;
1443AssertCompileSize(IMAGE_COFF_SYMBOLS_HEADER, 0x20);
1444typedef IMAGE_COFF_SYMBOLS_HEADER *PIMAGE_COFF_SYMBOLS_HEADER;
1445typedef IMAGE_COFF_SYMBOLS_HEADER const *PCIMAGE_COFF_SYMBOLS_HEADER;
1446
1447
1448/**
1449 * Line number format of IMAGE_DEBUG_TYPE_COFF debug info.
1450 *
1451 * @remarks This has misaligned members.
1452 */
1453#pragma pack(2)
1454typedef struct _IMAGE_LINENUMBER
1455{
1456 union
1457 {
1458 uint32_t VirtualAddress;
1459 uint32_t SymbolTableIndex;
1460 } Type;
1461 uint16_t Linenumber;
1462} IMAGE_LINENUMBER;
1463#pragma pack()
1464AssertCompileSize(IMAGE_LINENUMBER, 6);
1465typedef IMAGE_LINENUMBER *PIMAGE_LINENUMBER;
1466typedef IMAGE_LINENUMBER const *PCIMAGE_LINENUMBER;
1467
1468
1469/** The size of a IMAGE_SYMBOL & IMAGE_AUX_SYMBOL structure. */
1470#define IMAGE_SIZE_OF_SYMBOL 18
1471/** The size of a IMAGE_SYMBOL_EX & IMAGE_AUX_SYMBOL_EX structure. */
1472#define IMAGE_SIZE_OF_SYMBOL_EX 20
1473
1474/**
1475 * COFF symbol.
1476 */
1477#pragma pack(2)
1478typedef struct _IMAGE_SYMBOL
1479{
1480 union
1481 {
1482 uint8_t ShortName[8];
1483 struct
1484 {
1485 uint32_t Short;
1486 uint32_t Long;
1487 } Name;
1488 uint32_t LongName[2];
1489 } N;
1490
1491 uint32_t Value;
1492 int16_t SectionNumber;
1493 uint16_t Type;
1494 uint8_t StorageClass;
1495 uint8_t NumberOfAuxSymbols;
1496} IMAGE_SYMBOL;
1497#pragma pack()
1498AssertCompileSize(IMAGE_SYMBOL, IMAGE_SIZE_OF_SYMBOL);
1499typedef IMAGE_SYMBOL *PIMAGE_SYMBOL;
1500typedef IMAGE_SYMBOL const *PCIMAGE_SYMBOL;
1501
1502/**
1503 * COFF auxiliary symbol token defintion (whatever that is).
1504 */
1505#pragma pack(2)
1506typedef struct IMAGE_AUX_SYMBOL_TOKEN_DEF
1507{
1508 uint8_t bAuxType;
1509 uint8_t bReserved;
1510 uint32_t SymbolTableIndex;
1511 uint8_t rgbReserved[12];
1512} IMAGE_AUX_SYMBOL_TOKEN_DEF;
1513#pragma pack()
1514AssertCompileSize(IMAGE_AUX_SYMBOL_TOKEN_DEF, IMAGE_SIZE_OF_SYMBOL);
1515typedef IMAGE_AUX_SYMBOL_TOKEN_DEF *PIMAGE_AUX_SYMBOL_TOKEN_DEF;
1516typedef IMAGE_AUX_SYMBOL_TOKEN_DEF const *PCIMAGE_AUX_SYMBOL_TOKEN_DEF;
1517
1518/**
1519 * COFF auxiliary symbol.
1520 */
1521#pragma pack(1)
1522typedef union _IMAGE_AUX_SYMBOL
1523{
1524 struct
1525 {
1526 uint32_t TagIndex;
1527 union
1528 {
1529 struct
1530 {
1531 uint16_t Linenumber;
1532 uint16_t Size;
1533 } LnSz;
1534 } Misc;
1535 union
1536 {
1537 struct
1538 {
1539 uint32_t PointerToLinenumber;
1540 uint32_t PointerToNextFunction;
1541 } Function;
1542 struct
1543 {
1544 uint16_t Dimension[4];
1545 } Array;
1546 } FcnAry;
1547 uint16_t TvIndex;
1548 } Sym;
1549
1550 struct
1551 {
1552 uint8_t Name[IMAGE_SIZE_OF_SYMBOL];
1553 } File;
1554
1555 struct
1556 {
1557 uint32_t Length;
1558 uint16_t NumberOfRelocations;
1559 uint16_t NumberOfLinenumbers;
1560 uint32_t CheckSum;
1561 uint16_t Number;
1562 uint8_t Selection;
1563 uint8_t bReserved;
1564 uint16_t HighNumber;
1565 } Section;
1566
1567 IMAGE_AUX_SYMBOL_TOKEN_DEF TokenDef;
1568 struct
1569 {
1570 uint32_t crc;
1571 uint8_t rgbReserved[14];
1572 } CRC;
1573} IMAGE_AUX_SYMBOL;
1574#pragma pack()
1575AssertCompileSize(IMAGE_AUX_SYMBOL, IMAGE_SIZE_OF_SYMBOL);
1576typedef IMAGE_AUX_SYMBOL *PIMAGE_AUX_SYMBOL;
1577typedef IMAGE_AUX_SYMBOL const *PCIMAGE_AUX_SYMBOL;
1578
1579
1580/**
1581 * Extended COFF symbol.
1582 */
1583typedef struct _IMAGE_SYMBOL_EX
1584{
1585 union
1586 {
1587 uint8_t ShortName[8];
1588 struct
1589 {
1590 uint32_t Short;
1591 uint32_t Long;
1592 } Name;
1593 uint32_t LongName[2];
1594 } N;
1595
1596 uint32_t Value;
1597 int32_t SectionNumber; /* The difference from IMAGE_SYMBOL */
1598 uint16_t Type;
1599 uint8_t StorageClass;
1600 uint8_t NumberOfAuxSymbols;
1601} IMAGE_SYMBOL_EX;
1602AssertCompileSize(IMAGE_SYMBOL_EX, IMAGE_SIZE_OF_SYMBOL_EX);
1603typedef IMAGE_SYMBOL_EX *PIMAGE_SYMBOL_EX;
1604typedef IMAGE_SYMBOL_EX const *PCIMAGE_SYMBOL_EX;
1605
1606/**
1607 * Extended COFF auxiliary symbol.
1608 */
1609typedef union _IMAGE_AUX_SYMBOL_EX
1610{
1611 struct
1612 {
1613 uint32_t WeakDefaultSymIndex;
1614 uint32_t WeakSearchType;
1615 uint8_t rgbReserved[12];
1616 } Sym;
1617
1618 struct
1619 {
1620 uint8_t Name[IMAGE_SIZE_OF_SYMBOL_EX];
1621 } File;
1622
1623 struct
1624 {
1625 uint32_t Length;
1626 uint16_t NumberOfRelocations;
1627 uint16_t NumberOfLinenumbers;
1628 uint32_t CheckSum;
1629 uint16_t Number;
1630 uint8_t Selection;
1631 uint8_t bReserved;
1632 uint16_t HighNumber;
1633 uint8_t rgbReserved[2];
1634 } Section;
1635
1636 IMAGE_AUX_SYMBOL_TOKEN_DEF TokenDef;
1637
1638 struct
1639 {
1640 uint32_t crc;
1641 uint8_t rgbReserved[16];
1642 } CRC;
1643} IMAGE_AUX_SYMBOL_EX;
1644AssertCompileSize(IMAGE_AUX_SYMBOL_EX, IMAGE_SIZE_OF_SYMBOL_EX);
1645typedef IMAGE_AUX_SYMBOL_EX *PIMAGE_AUX_SYMBOL_EX;
1646typedef IMAGE_AUX_SYMBOL_EX const *PCIMAGE_AUX_SYMBOL_EX;
1647
1648/** @name Special COFF section numbers.
1649 * Used by IMAGE_SYMBOL::SectionNumber and IMAGE_SYMBOL_EX::SectionNumber
1650 * @{ */
1651#define IMAGE_SYM_UNDEFINED INT16_C(0)
1652#define IMAGE_SYM_ABSOLUTE INT16_C(-1)
1653#define IMAGE_SYM_DEBUG INT16_C(-2)
1654/** @} */
1655
1656/** @name IMAGE_SYM_CLASS_XXX - COFF symbol storage classes.
1657 * @{ */
1658#define IMAGE_SYM_CLASS_END_OF_FUNCTION UINT8_C(0xff) /* -1 */
1659#define IMAGE_SYM_CLASS_NULL UINT8_C(0)
1660#define IMAGE_SYM_CLASS_AUTOMATIC UINT8_C(1)
1661#define IMAGE_SYM_CLASS_EXTERNAL UINT8_C(2)
1662#define IMAGE_SYM_CLASS_STATIC UINT8_C(3)
1663#define IMAGE_SYM_CLASS_REGISTER UINT8_C(4)
1664#define IMAGE_SYM_CLASS_EXTERNAL_DEF UINT8_C(5)
1665#define IMAGE_SYM_CLASS_LABEL UINT8_C(6)
1666#define IMAGE_SYM_CLASS_UNDEFINED_LABEL UINT8_C(7)
1667#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT UINT8_C(8)
1668#define IMAGE_SYM_CLASS_ARGUMENT UINT8_C(9)
1669#define IMAGE_SYM_CLASS_STRUCT_TAG UINT8_C(10)
1670#define IMAGE_SYM_CLASS_MEMBER_OF_UNION UINT8_C(11)
1671#define IMAGE_SYM_CLASS_UNION_TAG UINT8_C(12)
1672#define IMAGE_SYM_CLASS_TYPE_DEFINITION UINT8_C(13)
1673#define IMAGE_SYM_CLASS_UNDEFINED_STATIC UINT8_C(14)
1674#define IMAGE_SYM_CLASS_ENUM_TAG UINT8_C(15)
1675#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM UINT8_C(16)
1676#define IMAGE_SYM_CLASS_REGISTER_PARAM UINT8_C(17)
1677#define IMAGE_SYM_CLASS_BIT_FIELD UINT8_C(18)
1678#define IMAGE_SYM_CLASS_FAR_EXTERNAL UINT8_C(68)
1679#define IMAGE_SYM_CLASS_BLOCK UINT8_C(100)
1680#define IMAGE_SYM_CLASS_FUNCTION UINT8_C(101)
1681#define IMAGE_SYM_CLASS_END_OF_STRUCT UINT8_C(102)
1682#define IMAGE_SYM_CLASS_FILE UINT8_C(103)
1683#define IMAGE_SYM_CLASS_SECTION UINT8_C(104)
1684#define IMAGE_SYM_CLASS_WEAK_EXTERNAL UINT8_C(105)
1685#define IMAGE_SYM_CLASS_CLR_TOKEN UINT8_C(107)
1686/** @} */
1687
1688/** @name IMAGE_SYM_TYPE_XXX - COFF symbol base types
1689 * @{ */
1690#define IMAGE_SYM_TYPE_NULL UINT16_C(0x0000)
1691#define IMAGE_SYM_TYPE_VOID UINT16_C(0x0001)
1692#define IMAGE_SYM_TYPE_CHAR UINT16_C(0x0002)
1693#define IMAGE_SYM_TYPE_SHORT UINT16_C(0x0003)
1694#define IMAGE_SYM_TYPE_INT UINT16_C(0x0004)
1695#define IMAGE_SYM_TYPE_LONG UINT16_C(0x0005)
1696#define IMAGE_SYM_TYPE_FLOAT UINT16_C(0x0006)
1697#define IMAGE_SYM_TYPE_DOUBLE UINT16_C(0x0007)
1698#define IMAGE_SYM_TYPE_STRUCT UINT16_C(0x0008)
1699#define IMAGE_SYM_TYPE_UNION UINT16_C(0x0009)
1700#define IMAGE_SYM_TYPE_ENUM UINT16_C(0x000a)
1701#define IMAGE_SYM_TYPE_MOE UINT16_C(0x000b)
1702#define IMAGE_SYM_TYPE_BYTE UINT16_C(0x000c)
1703#define IMAGE_SYM_TYPE_WORD UINT16_C(0x000d)
1704#define IMAGE_SYM_TYPE_UINT UINT16_C(0x000e)
1705#define IMAGE_SYM_TYPE_DWORD UINT16_C(0x000f)
1706#define IMAGE_SYM_TYPE_PCODE UINT16_C(0x8000)
1707/** @} */
1708
1709/** @name IMAGE_SYM_DTYPE_XXX - COFF symbol complex types
1710 * @{ */
1711#define IMAGE_SYM_DTYPE_NULL UINT16_C(0x0)
1712#define IMAGE_SYM_DTYPE_POINTER UINT16_C(0x1)
1713#define IMAGE_SYM_DTYPE_FUNCTION UINT16_C(0x2)
1714#define IMAGE_SYM_DTYPE_ARRAY UINT16_C(0x3)
1715/** @} */
1716
1717/** @name COFF Symbol type masks and shift counts.
1718 * @{ */
1719#define N_BTMASK UINT16_C(0x000f)
1720#define N_TMASK UINT16_C(0x0030)
1721#define N_TMASK1 UINT16_C(0x00c0)
1722#define N_TMASK2 UINT16_C(0x00f0)
1723#define N_BTSHFT 4
1724#define N_TSHIFT 2
1725/** @} */
1726
1727/** @name COFF Symbol type macros.
1728 * @{ */
1729#define BTYPE(a_Type) ( (a_Type) & N_BTMASK )
1730#define ISPTR(a_Type) ( ((a_Type) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT) )
1731#define ISFCN(a_Type) ( ((a_Type) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT) )
1732#define ISARY(a_Type) ( ((a_Type) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT) )
1733#define ISTAG(a_StorageClass) ( (a_StorageClass) == IMAGE_SYM_CLASS_STRUCT_TAG \
1734 || (a_StorageClass) == IMAGE_SYM_CLASS_UNION_TAG \
1735 || (a_StorageClass) == IMAGE_SYM_CLASS_ENUM_TAG )
1736/** @} */
1737
1738
1739/**
1740 * COFF relocation table entry.
1741 *
1742 * @note The size of the structure is not a multiple of the largest member
1743 * (uint32_t), so odd relocation table entry members will have
1744 * misaligned uint32_t members.
1745 */
1746#pragma pack(1)
1747typedef struct _IMAGE_RELOCATION
1748{
1749 union
1750 {
1751 uint32_t VirtualAddress;
1752 uint32_t RelocCount;
1753 } u;
1754 uint32_t SymbolTableIndex;
1755 uint16_t Type;
1756} IMAGE_RELOCATION;
1757#pragma pack()
1758/** The size of a COFF relocation entry. */
1759#define IMAGE_SIZEOF_RELOCATION 10
1760AssertCompileSize(IMAGE_RELOCATION, IMAGE_SIZEOF_RELOCATION);
1761typedef IMAGE_RELOCATION *PIMAGE_RELOCATION;
1762typedef IMAGE_RELOCATION const *PCIMAGE_RELOCATION;
1763
1764
1765/** @name IMAGE_REL_AMD64_XXX - COFF relocations for AMD64 CPUs.
1766 * Used by IMAGE_RELOCATION::Type.
1767 * @{ */
1768#define IMAGE_REL_AMD64_ABSOLUTE UINT16_C(0x0000)
1769#define IMAGE_REL_AMD64_ADDR64 UINT16_C(0x0001)
1770#define IMAGE_REL_AMD64_ADDR32 UINT16_C(0x0002)
1771#define IMAGE_REL_AMD64_ADDR32NB UINT16_C(0x0003)
1772#define IMAGE_REL_AMD64_REL32 UINT16_C(0x0004)
1773#define IMAGE_REL_AMD64_REL32_1 UINT16_C(0x0005)
1774#define IMAGE_REL_AMD64_REL32_2 UINT16_C(0x0006)
1775#define IMAGE_REL_AMD64_REL32_3 UINT16_C(0x0007)
1776#define IMAGE_REL_AMD64_REL32_4 UINT16_C(0x0008)
1777#define IMAGE_REL_AMD64_REL32_5 UINT16_C(0x0009)
1778#define IMAGE_REL_AMD64_SECTION UINT16_C(0x000a)
1779#define IMAGE_REL_AMD64_SECREL UINT16_C(0x000b)
1780#define IMAGE_REL_AMD64_SECREL7 UINT16_C(0x000c)
1781#define IMAGE_REL_AMD64_TOKEN UINT16_C(0x000d)
1782#define IMAGE_REL_AMD64_SREL32 UINT16_C(0x000e)
1783#define IMAGE_REL_AMD64_PAIR UINT16_C(0x000f)
1784#define IMAGE_REL_AMD64_SSPAN32 UINT16_C(0x0010)
1785/** @} */
1786
1787/** @name ARM IMAGE_REL_ARM_XXX - COFF relocations for ARM CPUs.
1788 * Used by IMAGE_RELOCATION::Type.
1789 * @{ */
1790#define IMAGE_REL_ARM_ABSOLUTE UINT16_C(0x0000)
1791#define IMAGE_REL_ARM_ADDR32 UINT16_C(0x0001)
1792#define IMAGE_REL_ARM_ADDR32NB UINT16_C(0x0002)
1793#define IMAGE_REL_ARM_BRANCH24 UINT16_C(0x0003)
1794#define IMAGE_REL_ARM_BRANCH11 UINT16_C(0x0004)
1795#define IMAGE_REL_ARM_TOKEN UINT16_C(0x0005)
1796#define IMAGE_REL_ARM_BLX24 UINT16_C(0x0008)
1797#define IMAGE_REL_ARM_BLX11 UINT16_C(0x0009)
1798#define IMAGE_REL_ARM_SECTION UINT16_C(0x000e)
1799#define IMAGE_REL_ARM_SECREL UINT16_C(0x000f)
1800#define IMAGE_REL_ARM_MOV32A UINT16_C(0x0010)
1801#define IMAGE_REL_ARM_MOV32T UINT16_C(0x0011)
1802#define IMAGE_REL_ARM_BRANCH20T UINT16_C(0x0012)
1803#define IMAGE_REL_ARM_BRANCH24T UINT16_C(0x0014)
1804#define IMAGE_REL_ARM_BLX23T UINT16_C(0x0015)
1805/** @} */
1806
1807/** @name IMAGE_REL_ARM64_XXX - COFF relocations for ARMv8 CPUs (64-bit).
1808 * Used by IMAGE_RELOCATION::Type.
1809 * @{ */
1810#define IMAGE_REL_ARM64_ABSOLUTE UINT16_C(0x0000)
1811#define IMAGE_REL_ARM64_ADDR32 UINT16_C(0x0001)
1812#define IMAGE_REL_ARM64_ADDR32NB UINT16_C(0x0002)
1813#define IMAGE_REL_ARM64_BRANCH26 UINT16_C(0x0003)
1814#define IMAGE_REL_ARM64_PAGEBASE_REL21 UINT16_C(0x0004)
1815#define IMAGE_REL_ARM64_REL21 UINT16_C(0x0005)
1816#define IMAGE_REL_ARM64_PAGEOFFSET_12A UINT16_C(0x0006)
1817#define IMAGE_REL_ARM64_PAGEOFFSET_12L UINT16_C(0x0007)
1818#define IMAGE_REL_ARM64_SECREL UINT16_C(0x0008)
1819#define IMAGE_REL_ARM64_SECREL_LOW12A UINT16_C(0x0009)
1820#define IMAGE_REL_ARM64_SECREL_HIGH12A UINT16_C(0x000a)
1821#define IMAGE_REL_ARM64_SECREL_LOW12L UINT16_C(0x000b)
1822#define IMAGE_REL_ARM64_TOKEN UINT16_C(0x000c)
1823#define IMAGE_REL_ARM64_SECTION UINT16_C(0x000d)
1824#define IMAGE_REL_ARM64_ADDR64 UINT16_C(0x000e)
1825/** @} */
1826
1827/** @name IMAGE_REL_SH3_XXX - COFF relocation for Hitachi SuperH CPUs.
1828 * Used by IMAGE_RELOCATION::Type.
1829 * @{ */
1830#define IMAGE_REL_SH3_ABSOLUTE UINT16_C(0x0000)
1831#define IMAGE_REL_SH3_DIRECT16 UINT16_C(0x0001)
1832#define IMAGE_REL_SH3_DIRECT32 UINT16_C(0x0002)
1833#define IMAGE_REL_SH3_DIRECT8 UINT16_C(0x0003)
1834#define IMAGE_REL_SH3_DIRECT8_WORD UINT16_C(0x0004)
1835#define IMAGE_REL_SH3_DIRECT8_LONG UINT16_C(0x0005)
1836#define IMAGE_REL_SH3_DIRECT4 UINT16_C(0x0006)
1837#define IMAGE_REL_SH3_DIRECT4_WORD UINT16_C(0x0007)
1838#define IMAGE_REL_SH3_DIRECT4_LONG UINT16_C(0x0008)
1839#define IMAGE_REL_SH3_PCREL8_WORD UINT16_C(0x0009)
1840#define IMAGE_REL_SH3_PCREL8_LONG UINT16_C(0x000a)
1841#define IMAGE_REL_SH3_PCREL12_WORD UINT16_C(0x000b)
1842#define IMAGE_REL_SH3_STARTOF_SECTION UINT16_C(0x000c)
1843#define IMAGE_REL_SH3_SIZEOF_SECTION UINT16_C(0x000d)
1844#define IMAGE_REL_SH3_SECTION UINT16_C(0x000e)
1845#define IMAGE_REL_SH3_SECREL UINT16_C(0x000f)
1846#define IMAGE_REL_SH3_DIRECT32_NB UINT16_C(0x0010)
1847#define IMAGE_REL_SH3_GPREL4_LONG UINT16_C(0x0011)
1848#define IMAGE_REL_SH3_TOKEN UINT16_C(0x0012)
1849#define IMAGE_REL_SHM_PCRELPT UINT16_C(0x0013)
1850#define IMAGE_REL_SHM_REFLO UINT16_C(0x0014)
1851#define IMAGE_REL_SHM_REFHALF UINT16_C(0x0015)
1852#define IMAGE_REL_SHM_RELLO UINT16_C(0x0016)
1853#define IMAGE_REL_SHM_RELHALF UINT16_C(0x0017)
1854#define IMAGE_REL_SHM_PAIR UINT16_C(0x0018)
1855#define IMAGE_REL_SHM_NOMODE UINT16_C(0x8000)
1856/** @} */
1857
1858/** @name IMAGE_REL_PPC_XXX - COFF relocations for IBM PowerPC CPUs.
1859 * Used by IMAGE_RELOCATION::Type.
1860 * @{ */
1861#define IMAGE_REL_PPC_ABSOLUTE UINT16_C(0x0000)
1862#define IMAGE_REL_PPC_ADDR64 UINT16_C(0x0001)
1863#define IMAGE_REL_PPC_ADDR32 UINT16_C(0x0002)
1864#define IMAGE_REL_PPC_ADDR24 UINT16_C(0x0003)
1865#define IMAGE_REL_PPC_ADDR16 UINT16_C(0x0004)
1866#define IMAGE_REL_PPC_ADDR14 UINT16_C(0x0005)
1867#define IMAGE_REL_PPC_REL24 UINT16_C(0x0006)
1868#define IMAGE_REL_PPC_REL14 UINT16_C(0x0007)
1869#define IMAGE_REL_PPC_ADDR32NB UINT16_C(0x000a)
1870#define IMAGE_REL_PPC_SECREL UINT16_C(0x000b)
1871#define IMAGE_REL_PPC_SECTION UINT16_C(0x000c)
1872#define IMAGE_REL_PPC_SECREL16 UINT16_C(0x000f)
1873#define IMAGE_REL_PPC_REFHI UINT16_C(0x0010)
1874#define IMAGE_REL_PPC_REFLO UINT16_C(0x0011)
1875#define IMAGE_REL_PPC_PAIR UINT16_C(0x0012)
1876#define IMAGE_REL_PPC_SECRELLO UINT16_C(0x0013)
1877#define IMAGE_REL_PPC_GPREL UINT16_C(0x0015)
1878#define IMAGE_REL_PPC_TOKEN UINT16_C(0x0016)
1879/** @} */
1880
1881/** @name IMAGE_REL_I386_XXX - COFF relocations for x86 CPUs.
1882 * Used by IMAGE_RELOCATION::Type.
1883 * @{ */
1884#define IMAGE_REL_I386_ABSOLUTE UINT16_C(0x0000)
1885#define IMAGE_REL_I386_DIR16 UINT16_C(0x0001)
1886#define IMAGE_REL_I386_REL16 UINT16_C(0x0002)
1887#define IMAGE_REL_I386_DIR32 UINT16_C(0x0006)
1888#define IMAGE_REL_I386_DIR32NB UINT16_C(0x0007)
1889#define IMAGE_REL_I386_SEG12 UINT16_C(0x0009)
1890#define IMAGE_REL_I386_SECTION UINT16_C(0x000A)
1891#define IMAGE_REL_I386_SECREL UINT16_C(0x000B)
1892#define IMAGE_REL_I386_TOKEN UINT16_C(0x000C)
1893#define IMAGE_REL_I386_SECREL7 UINT16_C(0x000D)
1894#define IMAGE_REL_I386_REL32 UINT16_C(0x0014)
1895/** @} */
1896
1897/** @name IMAGE_REL_IA64_XXX - COFF relocations for "Itanic" CPUs.
1898 * @{ */
1899#define IMAGE_REL_IA64_ABSOLUTE UINT16_C(0x0000)
1900#define IMAGE_REL_IA64_IMM14 UINT16_C(0x0001)
1901#define IMAGE_REL_IA64_IMM22 UINT16_C(0x0002)
1902#define IMAGE_REL_IA64_IMM64 UINT16_C(0x0003)
1903#define IMAGE_REL_IA64_DIR32 UINT16_C(0x0004)
1904#define IMAGE_REL_IA64_DIR64 UINT16_C(0x0005)
1905#define IMAGE_REL_IA64_PCREL21B UINT16_C(0x0006)
1906#define IMAGE_REL_IA64_PCREL21M UINT16_C(0x0007)
1907#define IMAGE_REL_IA64_PCREL21F UINT16_C(0x0008)
1908#define IMAGE_REL_IA64_GPREL22 UINT16_C(0x0009)
1909#define IMAGE_REL_IA64_LTOFF22 UINT16_C(0x000a)
1910#define IMAGE_REL_IA64_SECTION UINT16_C(0x000b)
1911#define IMAGE_REL_IA64_SECREL22 UINT16_C(0x000c)
1912#define IMAGE_REL_IA64_SECREL64I UINT16_C(0x000d)
1913#define IMAGE_REL_IA64_SECREL32 UINT16_C(0x000e)
1914#define IMAGE_REL_IA64_DIR32NB UINT16_C(0x0010)
1915#define IMAGE_REL_IA64_SREL14 UINT16_C(0x0011)
1916#define IMAGE_REL_IA64_SREL22 UINT16_C(0x0012)
1917#define IMAGE_REL_IA64_SREL32 UINT16_C(0x0013)
1918#define IMAGE_REL_IA64_UREL32 UINT16_C(0x0014)
1919#define IMAGE_REL_IA64_PCREL60X UINT16_C(0x0015)
1920#define IMAGE_REL_IA64_PCREL60B UINT16_C(0x0016)
1921#define IMAGE_REL_IA64_PCREL60F UINT16_C(0x0017)
1922#define IMAGE_REL_IA64_PCREL60I UINT16_C(0x0018)
1923#define IMAGE_REL_IA64_PCREL60M UINT16_C(0x0019)
1924#define IMAGE_REL_IA64_IMMGPREL64 UINT16_C(0x001a)
1925#define IMAGE_REL_IA64_TOKEN UINT16_C(0x001b)
1926#define IMAGE_REL_IA64_GPREL32 UINT16_C(0x001c)
1927#define IMAGE_REL_IA64_ADDEND UINT16_C(0x001f)
1928/** @} */
1929
1930/** @name IMAGE_REL_MIPS_XXX - COFF relocations for MIPS CPUs.
1931 * Used by IMAGE_RELOCATION::Type.
1932 * @{ */
1933#define IMAGE_REL_MIPS_ABSOLUTE UINT16_C(0x0000)
1934#define IMAGE_REL_MIPS_REFHALF UINT16_C(0x0001)
1935#define IMAGE_REL_MIPS_REFWORD UINT16_C(0x0002)
1936#define IMAGE_REL_MIPS_JMPADDR UINT16_C(0x0003)
1937#define IMAGE_REL_MIPS_REFHI UINT16_C(0x0004)
1938#define IMAGE_REL_MIPS_REFLO UINT16_C(0x0005)
1939#define IMAGE_REL_MIPS_GPREL UINT16_C(0x0006)
1940#define IMAGE_REL_MIPS_LITERAL UINT16_C(0x0007)
1941#define IMAGE_REL_MIPS_SECTION UINT16_C(0x000a)
1942#define IMAGE_REL_MIPS_SECREL UINT16_C(0x000b)
1943#define IMAGE_REL_MIPS_SECRELLO UINT16_C(0x000c)
1944#define IMAGE_REL_MIPS_SECRELHI UINT16_C(0x000d)
1945#define IMAGE_REL_MIPS_JMPADDR16 UINT16_C(0x0010)
1946#define IMAGE_REL_MIPS_REFWORDNB UINT16_C(0x0022)
1947#define IMAGE_REL_MIPS_PAIR UINT16_C(0x0025)
1948/** @} */
1949
1950/** @name IMAGE_REL_M32R_XXX - COFF relocations for Mitsubishi M32R CPUs.
1951 * Used by IMAGE_RELOCATION::Type.
1952 * @{ */
1953#define IMAGE_REL_M32R_ABSOLUTE UINT16_C(0x0000)
1954#define IMAGE_REL_M32R_ADDR32 UINT16_C(0x0001)
1955#define IMAGE_REL_M32R_ADDR32NB UINT16_C(0x0002)
1956#define IMAGE_REL_M32R_ADDR24 UINT16_C(0x0003)
1957#define IMAGE_REL_M32R_GPREL16 UINT16_C(0x0004)
1958#define IMAGE_REL_M32R_PCREL24 UINT16_C(0x0005)
1959#define IMAGE_REL_M32R_PCREL16 UINT16_C(0x0006)
1960#define IMAGE_REL_M32R_PCREL8 UINT16_C(0x0007)
1961#define IMAGE_REL_M32R_REFHALF UINT16_C(0x0008)
1962#define IMAGE_REL_M32R_REFHI UINT16_C(0x0009)
1963#define IMAGE_REL_M32R_REFLO UINT16_C(0x000a)
1964#define IMAGE_REL_M32R_PAIR UINT16_C(0x000b)
1965#define IMAGE_REL_M32R_SECTION UINT16_C(0x000c)
1966#define IMAGE_REL_M32R_SECREL UINT16_C(0x000d)
1967#define IMAGE_REL_M32R_TOKEN UINT16_C(0x000e)
1968/** @} */
1969
1970
1971/** @} */
1972
1973#endif
1974
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette