📄 mype.h
字号:
typedef struct _IMTE
{
DWORD un1; // 00h
// PIMAGE_NT_HEADERS pNTHdr; // 04h
DWORD pNTHdr;
DWORD un2; // 08h
PSTR pszFileName; // 0Ch
PSTR pszModName; // 10h
WORD cbFileName; // 14h
WORD cbModName; // 16h
DWORD un3; // 18h
DWORD cSections; // 1Ch
DWORD un5; // 20h
DWORD baseAddress; // 24h
WORD hModule16; // 28h
WORD cUsage; // 2Ah
DWORD un7; // 2Ch
PSTR pszFileName2; // 30h
WORD cbFileName2; // 34h
DWORD pszModName2; // 36h
WORD cbModName2; // 3Ah
} IMTE, *PIMTE;
typedef struct {
DWORD Signature; //00 'PE'
// IMAGE_FILE_HEADER FileHeader;
WORD Machine; //04
WORD NumberOfSections; //06
DWORD TimeDateStamp; //08
DWORD PointerToSymbolTable; //0c
DWORD NumberOfSymbols; //10
WORD SizeOfOptionalHeader; //14
WORD Characteristics; //16
// IMAGE_OPTIONAL_HEADER OptionalHeader;
WORD Magic; //+18
BYTE MajorLinkerVersion; //+1a
BYTE MinorLinkerVersion;
DWORD SizeOfCode; //+1c
DWORD SizeOfInitializedData; //+20
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode; //+2c
DWORD BaseOfData; //+30
DWORD ImageBase; //+34
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion; //+40
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion; //+48
WORD MinorSubsystemVersion;
DWORD Win32VersionValue; //+4c
DWORD SizeOfImage; //+50
DWORD SizeOfHeaders;
DWORD CheckSum; //+58
WORD Subsystem; //+5c
WORD DllCharacteristics;
DWORD SizeOfStackReserve; //+60
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags; //+70
DWORD NumberOfRvaAndSizes; //+74
// IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
DWORD EXPORT_VirtualAddress; //+78
DWORD EXPORT_Size; //+7c
DWORD IMPORT_VirtualAddress; //+80
DWORD IMPORT_Size; //+84
DWORD RESORC_VirtualAddress; //+88
DWORD RESORC_Size; //+8c
DWORD EXCEPT_VirtualAddress; //+90
DWORD EXCEPT_Size; //+94
DWORD SECURT_VirtualAddress; //+98
DWORD SECURT_Size; //+9c
} myPE,*PmyPE;
//
// Section header format.
//
#define IMAGE_SIZEOF_SHORT_NAME 8
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
union {
DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
#define IMAGE_SIZEOF_SECTION_HEADER 40
#define my_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
((DWORD)ntheader + 0x18 + \
ntheader->SizeOfOptionalHeader \
))
//
// Export Format
//
typedef struct _IMAGE_EXPORT_DIRECTORY {
DWORD Characteristics; //00
DWORD TimeDateStamp; //04
WORD MajorVersion; //08
WORD MinorVersion; //0a
DWORD Name; //0c
DWORD Base; //10
DWORD NumberOfFunctions; //14
DWORD NumberOfNames; //18
PDWORD *AddressOfFunctions;//1c
PDWORD *AddressOfNames; //20
PWORD *AddressOfNameOrdinals;//24
} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
typedef struct { //size = 40
BYTE Name[8]; //+0
DWORD VirtualSize; //+8
DWORD RVA; //+c
DWORD PhysicalSize; //+10
DWORD PhysicalOffset; //+14
DWORD PointerToRelocations; //+18
DWORD PointerToLinenumbers; //+1c
WORD NumberOfRelocations; //+20
WORD NumberOfLinenumbers; //+22
DWORD Object_Flags; //+24
} Object_Table, *PObject_Table;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -