📄 pedata.inc
字号:
STRUC PEStruc
.EIP RESD 1
.ImageBase RESD 1 ; 4
.ImageSize RESD 1 ; 8
.FileSize RESD 1 ; C
.HeaderSize RESD 1
.CodeStart RESD 1
.CodeLen RESD 1
.FAlign RESD 1
.SAlign RESD 1
.CheckSum RESD 1
.PEOff RESD 1
.NbObj RESD 1
.ObjStart RESD 1
.ImportRVA RESD 1
.ImportSize RESD 1
.ExportRVA RESD 1
.ExportSize RESD 1
.RsrcRVA RESD 1
.RsrcSize RESD 1
.IATRVA RESD 1
.IATSize RESD 1
.DelayRVA RESD 1
.DelaySize RESD 1
.TLSRVA RESD 1
.TLSSize RESD 1
.RelocRVA RESD 1
.RelocSize RESD 1
ENDSTRUC
STRUC DLLStruc
.Base resd 1 ; prefered base
.hMod resd 1 ; Actual base
.DLLName resd 1 ; DLL Name pointer
.OrdBase resd 1 ; Ordinal Number start
.NbOrdinals resd 1 ; Total of Exports
.NbName resd 1 ; Total of Exports by name
.ExportAddress resd 1 ; Export Address Table
.OrdTable resd 1 ; Function by Ord Table
.NameTable resd 1 ; Function by name Table
.StartRVA resd 1 ; Export Start RVA
.EndRVA resd 1 ; Export End RVA
.Unload resd 1 ; Unload needed ?
ENDSTRUC
Struc PlugStruc
.hMod RESD 1
.DLLName RESB 100h
.Next RESD 1
.Prev RESD 1
EndStruc
Struc DLLList
.ModPath RESB 100h ; Module Name [full path]
.Base RESD 1 ; Module Image Base
.Size RESD 1 ; Module Image Size
ENDSTRUC
Struc IATStorage
.Module RESB 100h ; Module Name [full path]
.IATStart RESD 1 ; RVA of IAT start
.IATLength RESD 1 ; IAT length [in DWORD]
ENDSTRUC
Struc Object
.Name RESB 8 ; 00 ; Object name
.VSize RESD 1 ; 08 ; Virtual Size
.RVA RESD 1 ; 0C ; Virtual Address
.PSize RESD 1 ; 10 ; Physical Size
.Offset RESD 1 ; 14 ; Physical Offset
.reserved RESD 3 ; 18 ;
.Flags RESD 1 ; 24 ; Object flags
EndStruc
Struc ImportDir
.IAT resd 1 ; IAT pointer
.TimeStamp resd 1 ; TimeStamp (runtime||static)
.Major resw 1 ; Major Version
.Minor resw 1 ; Minor Version
.Name resd 1 ; Import DLL Name Pointer
.Lookup resd 1 ; Function Table Pointer
ENDSTRUC
STRUC ExportDir
.Flags resd 1 ; 00
.TimeStamp resd 1 ; 04
.Major resw 1 ; 08
.Minor resw 1 ; 0A
.DLLName resd 1 ; 0C
.OrdBase resd 1 ; 10
.NbExport resd 1 ; 14
.NbName resd 1 ; 18
.ExportAddress resd 1 ; 1C
.FuncTable resd 1 ; 20
.OrdTable resd 1 ; 24
ENDSTRUC
Struc DelayDir
.Chars resd 1
.DLLName resd 1
.Bound resd 1
.IAT resd 1
.Lookup resd 1
.Unload resd 1
.TimeStamp resd 1
.PadDelay resd 1
ENDSTRUC
STRUC MZHEADER
.Magic resw 1 ; 0
.Cblp resw 1 ; 2
.Cp resw 1 ; 4
.Crlc resw 1 ; 6
.Cparhdr resw 1 ; 8
.MinAlloc resw 1 ; A
.MaxAlloc resw 1 ; C
.ss resw 1 ; E
.sp resw 1 ; 10
.Checksum resw 1 ; 12
.ip resw 1 ; 14
.cs resw 1 ; 16
.Reloc resw 1 ; 18
.NbOverlay resw 1 ; 1A
.Res resw 4 ; 1C
.OEMId resw 1 ; 24
.OEMInfo resw 1 ; 26
.Res2 resw 10 ; 3A
.NewHeader resd 1 ; 3C
ENDSTRUC
Struc PEHeader
.Magic resd 1
.CPU resw 1
.NbObj resw 1
.TimeStamp resd 1
.reserved1 resd 1
.reserved2 resd 1
.NTHeaderSize resw 1
.Flags resw 1
.Filler resw 1
.LinkMinor resb 1
.LinkMajor resb 1
.CodeSize resd 1
.DataSize resd 1
.BSSSize resd 1
.EIP resd 1
.CodeStart resd 1
.DataStart resd 1
.ImageBase resd 1
.SAlign resd 1
.FAlign resd 1
.OSMajor resw 1
.OSMinor resw 1
.UserMajor resw 1
.UserMinor resw 1
.SubSysMajor resw 1
.SubSysMinor resw 1
.Reserved3 resd 1
.ImageSize resd 1
.HeaderSize resd 1
.CheckSum resd 1
.SubSystem resw 1
.DLLFlags resw 1
.StackMin resd 1
.StackMax resd 1
.HeapMin resd 1
.HeapMax resd 1
.Reserved4 resd 1
.NbDir resd 1
.ExportRVA resd 1
.ExportSize resd 1
.ImportRVA resd 1
.ImportSize resd 1
.RsrcRVA resd 1
.RsrcSize resd 1
.ExceptRVA resd 1
.ExceptSize resd 1
.SecurityRVA resd 1
.SecuritySize resd 1
.RelocRVA resd 1
.RelocSize resd 1
.DebugRVA resd 1
.DebugSize resd 1
.DescriptRVA resd 1
.DescriptSize resd 1
.GlobalPtrRVA resd 1
.GlobalPtrSize resd 1
.TLSRVA resd 1
.TLSSize resd 1
.LoadCfgRVA resd 1
.LoadCfgSize resd 1
.BoundRVA resd 1
.BoundSize resd 1
.IATRVA resd 1
.IATSize resd 1
.DelayRVA resd 1
.DelaySize resd 1
.unk1RVA resd 1
.Unk1Size resd 1
.unk2RVA resd 1
.Unk2Size resd 1
EndStruc
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -