xeneva-source-reference/BaseHdr_2pe_8h_source.html

#ifndef __PE_H__

#define __PE_H__


#include <stdint.h>


#pragma pack(push, 1)


typedef struct _IMAGE_DOS_HEADER_ {

    uint16_t e_magic;

    uint16_t e_cblp;

    uint16_t e_cp;

    uint16_t e_crlc;

    uint16_t e_cparhdr;

    uint16_t e_minalloc;

    uint16_t e_maxalloc;

    uint16_t e_ss;

    uint16_t e_sp;

    uint16_t e_csum;

    uint16_t e_ip;

    uint16_t e_cs;

    uint16_t e_lfarlc;

    uint16_t e_ovno;

    uint16_t e_res[4];

    uint16_t e_oemid;

    uint16_t e_oeminfo;

    uint16_t e_res2[10];

    uint16_t e_lfanew;

} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;


typedef struct _IMAGE_NT_HEADERS_PE32_ IMAGE_NT_HEADERS_PE32, *PIMAGE_NT_HEADERS_PE32;

typedef struct _IMAGE_NT_HEADERS_PE32PLUS_  IMAGE_NT_HEADERS_PE32PLYS, *PIMAGE_NT_HEADERS_PE32PLUS;


enum PeMachineType {

    IMAGE_FILE_MACHINE_AMD64 = 0x8664,

    IMAGE_FILE_MACHINE_ARM = 0x1C0,

    IMAGE_FILE_MACHINE_EBC = 0xEBC,

    IMAGE_FILE_MACHINE_I386 = 0x14c,

    IMAGE_FILE_MACHINE_THUMB = 0x1c2,

    IMAGE_FILE_MACHINE_ARM64 = 0xaa64,

    IMAGE_FILE_MACHINE_ARMNT = 0x1c4

};


typedef struct _IMAGE_FILE_HEADER_ {

    uint16_t Machine;

    uint16_t NumberOfSections;

    uint32_t TimeDateStamp;

    uint32_t PointerToSymbolTable;

    uint32_t NumberOfSymbols;

    uint16_t SizeOfOptionaHeader;

    uint16_t Characteristics;

} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;


enum PeOptionalMagic {

    MAGIC_PE32 = 0x10b,

    MAGIC_PE32P = 0x20b

};


typedef struct _IMAGE_DATA_DIRECTORY_ {

    uint32_t VirtualAddress;

    uint32_t Size;

} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;


#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16


typedef struct _IMAGE_OPTIONAL_HEADER_PE32_ {

    uint16_t Magic;

    uint8_t  MajorLinkerVersion;

    uint8_t  MinorLinkerVersion;

    uint32_t SizeOfCode;

    uint32_t SizeOfInitializedData;

    uint32_t SizeOfUninitializedData;

    uint32_t AddressOfEntryPoint;

    uint32_t BaseOfCode;

    uint32_t BaseOfData;

    uint32_t ImageBase;

    uint32_t SectionAlighnment;

    uint32_t FileAlignment;

    uint16_t MajorOperatingSystemVersion;

    uint16_t MinorOperatingSystemVersion;

    uint16_t MajorImageVersion;

    uint16_t MinorImageVersion;

    uint16_t MajorSubsystemVersion;

    uint16_t MinorSubsystemVersion;

    uint32_t Reserved1;

    uint32_t SizeOfImage;

    uint32_t SizeOfHeaders;

    uint32_t CheckSum;

    uint16_t Subsystem;

    uint16_t DllCharacteristics;

    uint32_t SizeOfStackReserve;

    uint32_t SizeOfStackCommit;

    uint32_t SizeOfHeapReserve;

    uint32_t SizeOfHeapCommit;

    uint32_t LoaderFlags;

    uint32_t NumberOfRvaAndSizes;

    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];

} IMAGE_OPTIONAL_HEADER_PE32, *PIMAGE_OPTIONAL_HEADER_PE32;


typedef struct _IMAGE_OPTIONAL_HEADER_PE32PLUS {


    uint16_t  Magic;                // not-so-magical number

    uint8_t   MajorLinkerVersion;           // linker version

    uint8_t   MinorLinkerVersion;

    uint32_t   SizeOfCode;              // size of .text in bytes

    uint32_t   SizeOfInitializedData;       // size of .bss (and others) in bytes

    uint32_t   SizeOfUninitializedData;     // size of .data,.sdata etc in bytes

    uint32_t   AddressOfEntryPoint;     // RVA of entry point

    uint32_t   BaseOfCode;              // base of .text

    uint64_t   ImageBase;               // image base VA

    uint32_t   SectionAlignment;            // file section alignment

    uint32_t   FileAlignment;           // file alignment

    uint16_t  MajorOperatingSystemVersion;  // Windows specific. OS version required to run image

    uint16_t  MinorOperatingSystemVersion;

    uint16_t  MajorImageVersion;            // version of program

    uint16_t  MinorImageVersion;

    uint16_t  MajorSubsystemVersion;        // Windows specific. Version of SubSystem

    uint16_t  MinorSubsystemVersion;

    uint32_t   Reserved1;

    uint32_t   SizeOfImage;         // size of image in bytes

    uint32_t   SizeOfHeaders;           // size of headers (and stub program) in bytes

    uint32_t   CheckSum;                // checksum

    uint16_t  Subsystem;                // Windows specific. subsystem type

    uint16_t  DllCharacteristics;           // DLL properties

    uint64_t   SizeOfStackReserve;          // size of stack, in bytes

    uint64_t   SizeOfStackCommit;           // size of stack to commit

    uint64_t   SizeOfHeapReserve;           // size of heap, in bytes

    uint64_t   SizeOfHeapCommit;            // size of heap to commit

    uint32_t   LoaderFlags;         // no longer used

    uint32_t   NumberOfRvaAndSizes;     // number of DataDirectory entries

    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];

} IMAGE_OPTIONAL_HEADER_PE32PLUS, *PIMAGE_OPTIONAL_HEADER_PE32PLUS;


struct _IMAGE_NT_HEADERS_PE32 {

    uint32_t                 Signature;

    IMAGE_FILE_HEADER     FileHeader;

    IMAGE_OPTIONAL_HEADER_PE32 OptionalHeader;

};


struct _IMAGE_NT_HEADERS_PE32PLUS {

    uint32_t                 Signature;

    IMAGE_FILE_HEADER     FileHeader;

    IMAGE_OPTIONAL_HEADER_PE32PLUS OptionalHeader;

};


#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16


#define IMAGE_SCN_CNT_CODE 0x00000020

#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040

#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080

#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000

#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000

#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000

#define IMAGE_SCN_MEM_SHARED 0x10000000

#define IMAGE_SCN_MEM_EXECUTE 0x20000000

#define IMAGE_SCN_MEM_READ 0x40000000

#define IMAGE_SCN_MEM_WRITE 0x80000000


typedef struct _IMAGE_SECTION_HEADER {

    char Name[8];

    uint32_t VirtualSize;

    uint32_t VirtualAddress;

    uint32_t SizeOfRawData;

    uint32_t PointerToRawData;

    uint32_t PointerToRelocations;

    uint32_t PointerToLinenumbers;

    uint16_t NumberOfRelocations;

    uint16_t NumberOfLinenumbers;

    uint32_t Characteristics;

}SECTION_HEADER, *PSECTION_HEADER;


#define IMAGE_DATA_DIRECTORY_EXPORT 0

#define IMAGE_DATA_DIRECTORY_IMPORT 1


typedef struct _IMAGE_EXPORT_DIRECTORY {

    uint32_t Characteristics;

    uint32_t TimeDateStamp;

    uint16_t MajorVersion;

    uint16_t MinorVersion;

    uint32_t Name;

    uint32_t Base;

    uint32_t NumberOfFunctions;

    uint32_t NumberOfNames;

    uint32_t AddressOfFunctions;   //export table rva

    uint32_t AddressOfNames;

    uint32_t AddressOfNameOrdinal;  //ordinal table rva

}IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;


typedef struct _IMAGE_IMPORT_DIRECTORY {

    union {

        uint32_t Characteristics;

        uint32_t OriginalFirstThunk;

    };

    uint32_t TimeDateStamp;

    uint32_t ForwarderChain;

    uint32_t NameRva;

    uint32_t ThunkTableRva;

}IMAGE_IMPORT_DIRECTORY, *PIMAGE_IMPORT_DIRECTORY;


typedef struct _IMAGE_RELOCATION_ENTRY_ {

    uint16_t offset : 12;

    uint16_t type : 4;

}IMAGE_RELOCATION_ENTRY, *PIMAGE_RELOCATION_ENTRY;


typedef struct _IMAGE_RELOCATION_BLOCK_ {

    uint32_t PageRVA;

    uint32_t BlockSize;

    IMAGE_RELOCATION_ENTRY entries[0];

}IMAGE_RELOCATION_BLOCK, *PIMAGE_RELOCATION_BLOCK;


typedef struct _IMAGE_IMPORT_HINT_TABLE {

    uint16_t Hint;

    char name[2];

}IMAGE_IMPORT_HINT_TABLE, *PIMAGE_IMPORT_HINT_TABLE;


#define IMAGE_IMPORT_LOOKUP_TABLE_FLAG_PE32 0x80000000

typedef uint32_t IMAGE_IMPORT_LOOKUP_TABLE_PE32, *PIMAGE_IMPORT_LOOKUP_TABLE_PE32;


#define IMAGE_IMPORT_LOOKUP_TABLE_FLAG_PE32P 0x8000000000000000

typedef unsigned long long IMAGE_IMPORT_LOOKUP_TABLE_PE32P, *PIMAGE_IMPORT_LOOKUP_TABLE_PE32P;


#pragma pack(pop)


typedef struct _IMAGE_NT_HEADERS_PE32PLUS IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;

typedef IMAGE_IMPORT_LOOKUP_TABLE_PE32  IMAGE_IMPORT_LOOKUP_TABLE, *PIMAGE_IMPORT_LOOKUP_TABLE;

typedef IMAGE_IMPORT_LOOKUP_TABLE_PE32P IMAGE_IMPORT_LOOKUP_TABLE_PE32P, *PIMAGE_IMPORT_LOOKUP_TABLE_PE32P;

static const enum PeOptionalMagic MAGIC_NATIVE = MAGIC_PE32;

static const enum PeMachineType   MACHINE_NATIVE = IMAGE_FILE_MACHINE_I386;

#define IMAGE_IMPORT_LOOKUP_TABLE_FLAG  IMAGE_IMPORT_LOOKUP_TABLE_FLAG_PE32


/*

* AuGetProcAddress -- get procedure address in a dll image

* @param image -- dll image

* @param procname -- procedure name

*/

extern void* AuGetProcAddress(void *image, const char* procname);


/*

* AuKernelLinkDLL -- Links a dll library to kernel symbols

* @param image -- dll image

*/

extern void AuKernelLinkDLL(void* image);


/*

* AuPEPrintExports -- get procedure address in a dll image

* @param image -- dll image

*/

extern void AuPEPrintExports(void *image);


/*

* AuKernelLinkImports -- Links kernel imports to dll

* @param image -- dll image

*/

extern void AuKernelLinkImports(void* image);


/*

* AuKernelRelocatePE -- relocates the image from its actual

* base address

* @param image -- pointer to executable image

* @param nt -- nt headers

* @param diff -- difference from its original

*/

extern void AuKernelRelocatePE(void* image, PIMAGE_NT_HEADERS nt, int diff);


/*

* AuPEFileIsDynamicallyLinked -- checks if the current

* binary image is dynamically linked

* @param image -- pointer to image address

*/

extern bool AuPEFileIsDynamicallyLinked(void* image);

#endif

IMAGE_RELOCATION_ENTRY
struct _IMAGE_RELOCATION_ENTRY_ IMAGE_RELOCATION_ENTRY

AuPEPrintExports
void AuPEPrintExports(void *image)
AuPEPrintExports – print all function exports for DEBUG purpose.
Definition pe.cpp:72

AuPEFileIsDynamicallyLinked
bool AuPEFileIsDynamicallyLinked(void *image)
AuPEFileIsDynamicallyLinked – checks if the current binary image is dynamically linked.
Definition pe.cpp:244

PIMAGE_FILE_HEADER
struct _IMAGE_FILE_HEADER_ * PIMAGE_FILE_HEADER

PeMachineType
PeMachineType
Definition pe.h:63

IMAGE_FILE_MACHINE_THUMB
@ IMAGE_FILE_MACHINE_THUMB
Definition pe.h:68

IMAGE_FILE_MACHINE_ARM
@ IMAGE_FILE_MACHINE_ARM
Definition pe.h:65

IMAGE_FILE_MACHINE_EBC
@ IMAGE_FILE_MACHINE_EBC
Definition pe.h:66

IMAGE_FILE_MACHINE_AMD64
@ IMAGE_FILE_MACHINE_AMD64
Definition pe.h:64

IMAGE_FILE_MACHINE_I386
@ IMAGE_FILE_MACHINE_I386
Definition pe.h:67

IMAGE_FILE_MACHINE_ARM64
@ IMAGE_FILE_MACHINE_ARM64
Definition pe.h:69

IMAGE_FILE_MACHINE_ARMNT
@ IMAGE_FILE_MACHINE_ARMNT
Definition pe.h:70

PIMAGE_IMPORT_HINT_TABLE
struct _IMAGE_IMPORT_HINT_TABLE * PIMAGE_IMPORT_HINT_TABLE

PIMAGE_IMPORT_LOOKUP_TABLE_PE32P
unsigned long long * PIMAGE_IMPORT_LOOKUP_TABLE_PE32P
Definition pe.h:252

IMAGE_DOS_HEADER
struct _IMAGE_DOS_HEADER_ IMAGE_DOS_HEADER

IMAGE_OPTIONAL_HEADER_PE32PLUS
struct _IMAGE_OPTIONAL_HEADER_PE32PLUS IMAGE_OPTIONAL_HEADER_PE32PLUS

AuKernelLinkDLL
void AuKernelLinkDLL(void *image)
AuKernelLinkDLL – Links a dll library to kernel symbols.
Definition pe.cpp:96

PIMAGE_IMPORT_DIRECTORY
struct _IMAGE_IMPORT_DIRECTORY * PIMAGE_IMPORT_DIRECTORY

PIMAGE_RELOCATION_BLOCK
struct _IMAGE_RELOCATION_BLOCK_ * PIMAGE_RELOCATION_BLOCK

PIMAGE_IMPORT_LOOKUP_TABLE
IMAGE_IMPORT_LOOKUP_TABLE_PE32 * PIMAGE_IMPORT_LOOKUP_TABLE
Definition pe.h:257

IMAGE_DATA_DIRECTORY
struct _IMAGE_DATA_DIRECTORY_ IMAGE_DATA_DIRECTORY

PIMAGE_OPTIONAL_HEADER_PE32PLUS
struct _IMAGE_OPTIONAL_HEADER_PE32PLUS * PIMAGE_OPTIONAL_HEADER_PE32PLUS

PIMAGE_IMPORT_LOOKUP_TABLE_PE32
uint32_t * PIMAGE_IMPORT_LOOKUP_TABLE_PE32
Definition pe.h:249

PIMAGE_NT_HEADERS
struct _IMAGE_NT_HEADERS_PE32PLUS * PIMAGE_NT_HEADERS
Definition pe.h:256

PIMAGE_NT_HEADERS_PE32
struct _IMAGE_NT_HEADERS_PE32_ * PIMAGE_NT_HEADERS_PE32
Definition pe.h:60

PIMAGE_OPTIONAL_HEADER_PE32
struct _IMAGE_OPTIONAL_HEADER_PE32_ * PIMAGE_OPTIONAL_HEADER_PE32

SECTION_HEADER
struct _IMAGE_SECTION_HEADER SECTION_HEADER

PIMAGE_EXPORT_DIRECTORY
struct _IMAGE_EXPORT_DIRECTORY * PIMAGE_EXPORT_DIRECTORY

IMAGE_RELOCATION_BLOCK
struct _IMAGE_RELOCATION_BLOCK_ IMAGE_RELOCATION_BLOCK

PSECTION_HEADER
struct _IMAGE_SECTION_HEADER * PSECTION_HEADER

IMAGE_OPTIONAL_HEADER_PE32
struct _IMAGE_OPTIONAL_HEADER_PE32_ IMAGE_OPTIONAL_HEADER_PE32

AuKernelLinkImports
void AuKernelLinkImports(void *image)
Definition pe.cpp:125

AuKernelRelocatePE
void AuKernelRelocatePE(void *image, PIMAGE_NT_HEADERS nt, int diff)
AuKernelRelocatePE – relocates the image from its actual base address.
Definition pe.cpp:187

PeOptionalMagic
PeOptionalMagic
Definition pe.h:83

MAGIC_PE32P
@ MAGIC_PE32P
Definition pe.h:85

MAGIC_PE32
@ MAGIC_PE32
Definition pe.h:84

IMAGE_IMPORT_DIRECTORY
struct _IMAGE_IMPORT_DIRECTORY IMAGE_IMPORT_DIRECTORY

PIMAGE_DOS_HEADER
struct _IMAGE_DOS_HEADER_ * PIMAGE_DOS_HEADER

IMAGE_EXPORT_DIRECTORY
struct _IMAGE_EXPORT_DIRECTORY IMAGE_EXPORT_DIRECTORY

IMAGE_IMPORT_LOOKUP_TABLE
IMAGE_IMPORT_LOOKUP_TABLE_PE32 IMAGE_IMPORT_LOOKUP_TABLE
Definition pe.h:257

PIMAGE_RELOCATION_ENTRY
struct _IMAGE_RELOCATION_ENTRY_ * PIMAGE_RELOCATION_ENTRY

PIMAGE_NT_HEADERS_PE32PLUS
struct _IMAGE_NT_HEADERS_PE32PLUS_ * PIMAGE_NT_HEADERS_PE32PLUS
Definition pe.h:61

IMAGE_NT_HEADERS_PE32PLYS
struct _IMAGE_NT_HEADERS_PE32PLUS_ IMAGE_NT_HEADERS_PE32PLYS
Definition pe.h:61

IMAGE_IMPORT_LOOKUP_TABLE_PE32P
unsigned long long IMAGE_IMPORT_LOOKUP_TABLE_PE32P
Definition pe.h:252

AuGetProcAddress
void * AuGetProcAddress(void *image, const char *procname)
AuGetProcAddress – get procedure address in a dll image.
Definition pe.cpp:41

IMAGE_IMPORT_HINT_TABLE
struct _IMAGE_IMPORT_HINT_TABLE IMAGE_IMPORT_HINT_TABLE

IMAGE_NT_HEADERS_PE32
struct _IMAGE_NT_HEADERS_PE32_ IMAGE_NT_HEADERS_PE32
Definition pe.h:60

PIMAGE_DATA_DIRECTORY
struct _IMAGE_DATA_DIRECTORY_ * PIMAGE_DATA_DIRECTORY

IMAGE_FILE_HEADER
struct _IMAGE_FILE_HEADER_ IMAGE_FILE_HEADER

IMAGE_IMPORT_LOOKUP_TABLE_PE32
uint32_t IMAGE_IMPORT_LOOKUP_TABLE_PE32
Definition pe.h:249

stdint.h

uint32_t
unsigned int uint32_t
Definition acefiex.h:163

uint8_t
unsigned char uint8_t
Definition acefiex.h:161

uint64_t
COMPILER_DEPENDENT_UINT64 uint64_t
Definition acefiex.h:165

uint16_t
unsigned short int uint16_t
Definition acefiex.h:162

IMAGE_NUMBEROF_DIRECTORY_ENTRIES
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES
Definition pe_.h:94

_IMAGE_DATA_DIRECTORY_
Definition pe.h:88

_IMAGE_DATA_DIRECTORY_::VirtualAddress
uint32_t VirtualAddress
Definition pe.h:89

_IMAGE_DATA_DIRECTORY_::Size
uint32_t Size
Definition pe.h:90

_IMAGE_DOS_HEADER_
Definition pe.h:38

_IMAGE_DOS_HEADER_::e_sp
uint16_t e_sp
Definition pe.h:47

_IMAGE_DOS_HEADER_::e_cparhdr
uint16_t e_cparhdr
Definition pe.h:43

_IMAGE_DOS_HEADER_::e_cs
uint16_t e_cs
Definition pe.h:50

_IMAGE_DOS_HEADER_::e_res
uint16_t e_res[4]
Definition pe.h:53

_IMAGE_DOS_HEADER_::e_ovno
uint16_t e_ovno
Definition pe.h:52

_IMAGE_DOS_HEADER_::e_ss
uint16_t e_ss
Definition pe.h:46

_IMAGE_DOS_HEADER_::e_oeminfo
uint16_t e_oeminfo
Definition pe.h:55

_IMAGE_DOS_HEADER_::e_lfarlc
uint16_t e_lfarlc
Definition pe.h:51

_IMAGE_DOS_HEADER_::e_cp
uint16_t e_cp
Definition pe.h:41

_IMAGE_DOS_HEADER_::e_minalloc
uint16_t e_minalloc
Definition pe.h:44

_IMAGE_DOS_HEADER_::e_crlc
uint16_t e_crlc
Definition pe.h:42

_IMAGE_DOS_HEADER_::e_ip
uint16_t e_ip
Definition pe.h:49

_IMAGE_DOS_HEADER_::e_csum
uint16_t e_csum
Definition pe.h:48

_IMAGE_DOS_HEADER_::e_res2
uint16_t e_res2[10]
Definition pe.h:56

_IMAGE_DOS_HEADER_::e_lfanew
uint16_t e_lfanew
Definition pe.h:57

_IMAGE_DOS_HEADER_::e_oemid
uint16_t e_oemid
Definition pe.h:54

_IMAGE_DOS_HEADER_::e_magic
uint16_t e_magic
Definition pe.h:39

_IMAGE_DOS_HEADER_::e_cblp
uint16_t e_cblp
Definition pe.h:40

_IMAGE_DOS_HEADER_::e_maxalloc
uint16_t e_maxalloc
Definition pe.h:45

_IMAGE_EXPORT_DIRECTORY
Definition pe.h:206

_IMAGE_EXPORT_DIRECTORY::TimeDateStamp
uint32_t TimeDateStamp
Definition pe.h:208

_IMAGE_EXPORT_DIRECTORY::AddressOfNames
uint32_t AddressOfNames
Definition pe.h:216

_IMAGE_EXPORT_DIRECTORY::NumberOfFunctions
uint32_t NumberOfFunctions
Definition pe.h:213

_IMAGE_EXPORT_DIRECTORY::Base
uint32_t Base
Definition pe.h:212

_IMAGE_EXPORT_DIRECTORY::NumberOfNames
uint32_t NumberOfNames
Definition pe.h:214

_IMAGE_EXPORT_DIRECTORY::MajorVersion
uint16_t MajorVersion
Definition pe.h:209

_IMAGE_EXPORT_DIRECTORY::Characteristics
uint32_t Characteristics
Definition pe.h:207

_IMAGE_EXPORT_DIRECTORY::AddressOfFunctions
uint32_t AddressOfFunctions
Definition pe.h:215

_IMAGE_EXPORT_DIRECTORY::AddressOfNameOrdinal
uint32_t AddressOfNameOrdinal
Definition pe.h:217

_IMAGE_EXPORT_DIRECTORY::MinorVersion
uint16_t MinorVersion
Definition pe.h:210

_IMAGE_EXPORT_DIRECTORY::Name
uint32_t Name
Definition pe.h:211

_IMAGE_FILE_HEADER_
Definition pe.h:73

_IMAGE_FILE_HEADER_::Machine
uint16_t Machine
Definition pe.h:74

_IMAGE_FILE_HEADER_::NumberOfSymbols
uint32_t NumberOfSymbols
Definition pe.h:78

_IMAGE_FILE_HEADER_::Characteristics
uint16_t Characteristics
Definition pe.h:80

_IMAGE_FILE_HEADER_::PointerToSymbolTable
uint32_t PointerToSymbolTable
Definition pe.h:77

_IMAGE_FILE_HEADER_::NumberOfSections
uint16_t NumberOfSections
Definition pe.h:75

_IMAGE_FILE_HEADER_::SizeOfOptionaHeader
uint16_t SizeOfOptionaHeader
Definition pe.h:79

_IMAGE_FILE_HEADER_::TimeDateStamp
uint32_t TimeDateStamp
Definition pe.h:76

_IMAGE_IMPORT_DIRECTORY
Definition pe.h:220

_IMAGE_IMPORT_DIRECTORY::Characteristics
uint32_t Characteristics
Definition pe.h:222

_IMAGE_IMPORT_DIRECTORY::OriginalFirstThunk
uint32_t OriginalFirstThunk
Definition pe.h:223

_IMAGE_IMPORT_DIRECTORY::ThunkTableRva
uint32_t ThunkTableRva
Definition pe.h:228

_IMAGE_IMPORT_DIRECTORY::ForwarderChain
uint32_t ForwarderChain
Definition pe.h:226

_IMAGE_IMPORT_DIRECTORY::TimeDateStamp
uint32_t TimeDateStamp
Definition pe.h:225

_IMAGE_IMPORT_DIRECTORY::NameRva
uint32_t NameRva
Definition pe.h:227

_IMAGE_IMPORT_HINT_TABLE
Definition pe.h:242

_IMAGE_IMPORT_HINT_TABLE::name
char name[2]
Definition pe.h:244

_IMAGE_IMPORT_HINT_TABLE::Hint
uint16_t Hint
Definition pe.h:243

_IMAGE_NT_HEADERS_PE32PLUS
Definition pe.h:169

_IMAGE_NT_HEADERS_PE32PLUS::OptionalHeader
IMAGE_OPTIONAL_HEADER_PE32PLUS OptionalHeader
Definition pe.h:172

_IMAGE_NT_HEADERS_PE32PLUS::Signature
uint32_t Signature
Definition pe.h:170

_IMAGE_NT_HEADERS_PE32PLUS::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition pe.h:171

_IMAGE_NT_HEADERS_PE32
Definition pe.h:163

_IMAGE_NT_HEADERS_PE32::FileHeader
IMAGE_FILE_HEADER FileHeader
Definition pe.h:165

_IMAGE_NT_HEADERS_PE32::Signature
uint32_t Signature
Definition pe.h:164

_IMAGE_NT_HEADERS_PE32::OptionalHeader
IMAGE_OPTIONAL_HEADER_PE32 OptionalHeader
Definition pe.h:166

_IMAGE_OPTIONAL_HEADER_PE32PLUS
Definition pe.h:129

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MinorOperatingSystemVersion
uint16_t MinorOperatingSystemVersion
Definition pe.h:143

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SectionAlignment
uint32_t SectionAlignment
Definition pe.h:140

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfStackReserve
uint64_t SizeOfStackReserve
Definition pe.h:154

_IMAGE_OPTIONAL_HEADER_PE32PLUS::DllCharacteristics
uint16_t DllCharacteristics
Definition pe.h:153

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MajorSubsystemVersion
uint16_t MajorSubsystemVersion
Definition pe.h:146

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfInitializedData
uint32_t SizeOfInitializedData
Definition pe.h:135

_IMAGE_OPTIONAL_HEADER_PE32PLUS::DataDirectory
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
Definition pe.h:160

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfImage
uint32_t SizeOfImage
Definition pe.h:149

_IMAGE_OPTIONAL_HEADER_PE32PLUS::FileAlignment
uint32_t FileAlignment
Definition pe.h:141

_IMAGE_OPTIONAL_HEADER_PE32PLUS::Subsystem
uint16_t Subsystem
Definition pe.h:152

_IMAGE_OPTIONAL_HEADER_PE32PLUS::Reserved1
uint32_t Reserved1
Definition pe.h:148

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfUninitializedData
uint32_t SizeOfUninitializedData
Definition pe.h:136

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MajorImageVersion
uint16_t MajorImageVersion
Definition pe.h:144

_IMAGE_OPTIONAL_HEADER_PE32PLUS::NumberOfRvaAndSizes
uint32_t NumberOfRvaAndSizes
Definition pe.h:159

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfStackCommit
uint64_t SizeOfStackCommit
Definition pe.h:155

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MajorOperatingSystemVersion
uint16_t MajorOperatingSystemVersion
Definition pe.h:142

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MinorSubsystemVersion
uint16_t MinorSubsystemVersion
Definition pe.h:147

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfHeapReserve
uint64_t SizeOfHeapReserve
Definition pe.h:156

_IMAGE_OPTIONAL_HEADER_PE32PLUS::LoaderFlags
uint32_t LoaderFlags
Definition pe.h:158

_IMAGE_OPTIONAL_HEADER_PE32PLUS::ImageBase
uint64_t ImageBase
Definition pe.h:139

_IMAGE_OPTIONAL_HEADER_PE32PLUS::BaseOfCode
uint32_t BaseOfCode
Definition pe.h:138

_IMAGE_OPTIONAL_HEADER_PE32PLUS::Magic
uint16_t Magic
Definition pe.h:131

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfCode
uint32_t SizeOfCode
Definition pe.h:134

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfHeapCommit
uint64_t SizeOfHeapCommit
Definition pe.h:157

_IMAGE_OPTIONAL_HEADER_PE32PLUS::AddressOfEntryPoint
uint32_t AddressOfEntryPoint
Definition pe.h:137

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MinorImageVersion
uint16_t MinorImageVersion
Definition pe.h:145

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MinorLinkerVersion
uint8_t MinorLinkerVersion
Definition pe.h:133

_IMAGE_OPTIONAL_HEADER_PE32PLUS::MajorLinkerVersion
uint8_t MajorLinkerVersion
Definition pe.h:132

_IMAGE_OPTIONAL_HEADER_PE32PLUS::CheckSum
uint32_t CheckSum
Definition pe.h:151

_IMAGE_OPTIONAL_HEADER_PE32PLUS::SizeOfHeaders
uint32_t SizeOfHeaders
Definition pe.h:150

_IMAGE_OPTIONAL_HEADER_PE32_
Definition pe.h:95

_IMAGE_OPTIONAL_HEADER_PE32_::MinorLinkerVersion
uint8_t MinorLinkerVersion
Definition pe.h:98

_IMAGE_OPTIONAL_HEADER_PE32_::MajorOperatingSystemVersion
uint16_t MajorOperatingSystemVersion
Definition pe.h:108

_IMAGE_OPTIONAL_HEADER_PE32_::SectionAlighnment
uint32_t SectionAlighnment
Definition pe.h:106

_IMAGE_OPTIONAL_HEADER_PE32_::Reserved1
uint32_t Reserved1
Definition pe.h:114

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfUninitializedData
uint32_t SizeOfUninitializedData
Definition pe.h:101

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfHeaders
uint32_t SizeOfHeaders
Definition pe.h:116

_IMAGE_OPTIONAL_HEADER_PE32_::MajorImageVersion
uint16_t MajorImageVersion
Definition pe.h:110

_IMAGE_OPTIONAL_HEADER_PE32_::MinorOperatingSystemVersion
uint16_t MinorOperatingSystemVersion
Definition pe.h:109

_IMAGE_OPTIONAL_HEADER_PE32_::DllCharacteristics
uint16_t DllCharacteristics
Definition pe.h:119

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfHeapReserve
uint32_t SizeOfHeapReserve
Definition pe.h:122

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfImage
uint32_t SizeOfImage
Definition pe.h:115

_IMAGE_OPTIONAL_HEADER_PE32_::MajorSubsystemVersion
uint16_t MajorSubsystemVersion
Definition pe.h:112

_IMAGE_OPTIONAL_HEADER_PE32_::FileAlignment
uint32_t FileAlignment
Definition pe.h:107

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfStackCommit
uint32_t SizeOfStackCommit
Definition pe.h:121

_IMAGE_OPTIONAL_HEADER_PE32_::AddressOfEntryPoint
uint32_t AddressOfEntryPoint
Definition pe.h:102

_IMAGE_OPTIONAL_HEADER_PE32_::MinorSubsystemVersion
uint16_t MinorSubsystemVersion
Definition pe.h:113

_IMAGE_OPTIONAL_HEADER_PE32_::Magic
uint16_t Magic
Definition pe.h:96

_IMAGE_OPTIONAL_HEADER_PE32_::BaseOfData
uint32_t BaseOfData
Definition pe.h:104

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfStackReserve
uint32_t SizeOfStackReserve
Definition pe.h:120

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfInitializedData
uint32_t SizeOfInitializedData
Definition pe.h:100

_IMAGE_OPTIONAL_HEADER_PE32_::DataDirectory
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
Definition pe.h:126

_IMAGE_OPTIONAL_HEADER_PE32_::BaseOfCode
uint32_t BaseOfCode
Definition pe.h:103

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfHeapCommit
uint32_t SizeOfHeapCommit
Definition pe.h:123

_IMAGE_OPTIONAL_HEADER_PE32_::Subsystem
uint16_t Subsystem
Definition pe.h:118

_IMAGE_OPTIONAL_HEADER_PE32_::ImageBase
uint32_t ImageBase
Definition pe.h:105

_IMAGE_OPTIONAL_HEADER_PE32_::NumberOfRvaAndSizes
uint32_t NumberOfRvaAndSizes
Definition pe.h:125

_IMAGE_OPTIONAL_HEADER_PE32_::CheckSum
uint32_t CheckSum
Definition pe.h:117

_IMAGE_OPTIONAL_HEADER_PE32_::LoaderFlags
uint32_t LoaderFlags
Definition pe.h:124

_IMAGE_OPTIONAL_HEADER_PE32_::MajorLinkerVersion
uint8_t MajorLinkerVersion
Definition pe.h:97

_IMAGE_OPTIONAL_HEADER_PE32_::MinorImageVersion
uint16_t MinorImageVersion
Definition pe.h:111

_IMAGE_OPTIONAL_HEADER_PE32_::SizeOfCode
uint32_t SizeOfCode
Definition pe.h:99

_IMAGE_RELOCATION_BLOCK_
Definition pe.h:236

_IMAGE_RELOCATION_BLOCK_::entries
IMAGE_RELOCATION_ENTRY entries[0]
Definition pe.h:239

_IMAGE_RELOCATION_BLOCK_::BlockSize
uint32_t BlockSize
Definition pe.h:238

_IMAGE_RELOCATION_BLOCK_::PageRVA
uint32_t PageRVA
Definition pe.h:237

_IMAGE_RELOCATION_ENTRY_
Definition pe.h:231

_IMAGE_RELOCATION_ENTRY_::offset
uint16_t offset
Definition pe.h:232

_IMAGE_RELOCATION_ENTRY_::type
uint16_t type
Definition pe.h:233

_IMAGE_SECTION_HEADER
Definition pe.h:190

_IMAGE_SECTION_HEADER::SizeOfRawData
uint32_t SizeOfRawData
Definition pe.h:194

_IMAGE_SECTION_HEADER::PointerToLinenumbers
uint32_t PointerToLinenumbers
Definition pe.h:197

_IMAGE_SECTION_HEADER::PointerToRelocations
uint32_t PointerToRelocations
Definition pe.h:196

_IMAGE_SECTION_HEADER::PointerToRawData
uint32_t PointerToRawData
Definition pe.h:195

_IMAGE_SECTION_HEADER::VirtualSize
uint32_t VirtualSize
Definition pe.h:192

_IMAGE_SECTION_HEADER::Characteristics
uint32_t Characteristics
Definition pe.h:200

_IMAGE_SECTION_HEADER::NumberOfRelocations
uint16_t NumberOfRelocations
Definition pe.h:198

_IMAGE_SECTION_HEADER::VirtualAddress
uint32_t VirtualAddress
Definition pe.h:193

_IMAGE_SECTION_HEADER::Name
char Name[8]
Definition pe.h:191

_IMAGE_SECTION_HEADER::NumberOfLinenumbers
uint16_t NumberOfLinenumbers
Definition pe.h:199