📄 binimg.h
字号:
#define C_ULABEL 0x0007 /* undefined label */
#define C_MOS 0x0008 /* member of structure */
#define C_ARG 0x0009 /* function argument */
#define C_STRTAG 0x000A /* structure tag */
#define C_MOU 0x000B /* member of union */
#define C_UNTAG 0x000C /* union tag */
#define C_TPDEF 0x000D /* type definition */
#define C_USTATIC 0x000E /* undefined static */
#define C_ENTAG 0x000F /* enumeration tag */
#define C_MOE 0x0010 /* member of enumeration */
#define C_REGPARM 0x0011 /* register parameter */
#define C_FIELD 0x0012 /* bit field */
#define C_AUTOARG 0x0013 /* auto argument */
#define C_LASTENT 0x0014 /* dummy entry (end of block) */
#define C_FAREXT 0x0044 /* far external NT */
#define C_BLOCK 0x0064 /* ".bb" or ".eb" */
#define C_FCN 0x0065 /* ".bf" or ".ef" */
#define C_EOS 0x0066 /* end of structure */
#define C_FILE 0x0067 /* file name */
#define C_LINE 0x0068 /* line # reformatted as symbol table entry */
#define C_SECTION 0x0068 /* new NT section */
#define C_ALIAS 0x0069 /* duplicate tag */
#define C_WEAKEXT 0x0069 /* new NT weak external */
#define C_HIDDEN 0x0070 /* ext symbol in dmert public lib */
/********************** RELOCATION DIRECTIVES **********************/
struct coff_reloc {
union {
unsigned long r_vaddr __attribute__((packed));
/* set to real count when STYP_RELOC_OVFL is set NT */
unsigned long r_count __attribute__((packed));
}u;
unsigned long r_symndx __attribute__((packed));
unsigned short r_type;
};
typedef struct coff_reloc COFF_RELOC, *PCOFF_RELOC;
#define COFF_RELOC_SIZE (10)
/*
// NT I386 relocation types in r_type.
*/
#define REL_I386_ABSOLUTE 0x0000 /* Reference is absolute, no relocation is necessary */
#define REL_I386_DIR16 0x0001 /* Direct 16-bit reference to the symbols virtual address */
#define REL_I386_REL16 0x0002 /* PC-relative 16-bit reference to the symbols virtual address */
#define REL_I386_DIR32 0x0006 /* Direct 32-bit reference to the symbols virtual address */
#define REL_I386_DIR32NB 0x0007 /* Direct 32-bit reference to the symbols virtual address, base not included */
#define REL_I386_SEG12 0x0009 /* Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address */
#define REL_I386_SECTION 0x000A
#define REL_I386_SECREL 0x000B
#define REL_I386_REL32 0x0014 /* PC-relative 32-bit reference to the symbols virtual address */
/*
// NT MIPS relocation types.
*/
#define REL_MIPS_ABSOLUTE 0x0000 /* Reference is absolute, no relocation is necessary */
#define REL_MIPS_REFHALF 0x0001
#define REL_MIPS_REFWORD 0x0002
#define REL_MIPS_JMPADDR 0x0003
#define REL_MIPS_REFHI 0x0004
#define REL_MIPS_REFLO 0x0005
#define REL_MIPS_GPREL 0x0006
#define REL_MIPS_LITERAL 0x0007
#define REL_MIPS_SECTION 0x000A
#define REL_MIPS_SECREL 0x000B
#define REL_MIPS_SECRELLO 0x000C /* Low 16-bit section relative referemce (used for >32k TLS) */
#define REL_MIPS_SECRELHI 0x000D /* High 16-bit section relative reference (used for >32k TLS) */
#define REL_MIPS_REFWORDNB 0x0022
#define REL_MIPS_PAIR 0x0025
/*
// NT Alpha Relocation types.
*/
#define REL_ALPHA_ABSOLUTE 0x0000
#define REL_ALPHA_REFLONG 0x0001
#define REL_ALPHA_REFQUAD 0x0002
#define REL_ALPHA_GPREL32 0x0003
#define REL_ALPHA_LITERAL 0x0004
#define REL_ALPHA_LITUSE 0x0005
#define REL_ALPHA_GPDISP 0x0006
#define REL_ALPHA_BRADDR 0x0007
#define REL_ALPHA_HINT 0x0008
#define REL_ALPHA_INLINE_REFLONG 0x0009
#define REL_ALPHA_REFHI 0x000A
#define REL_ALPHA_REFLO 0x000B
#define REL_ALPHA_PAIR 0x000C
#define REL_ALPHA_MATCH 0x000D
#define REL_ALPHA_SECTION 0x000E
#define REL_ALPHA_SECREL 0x000F
#define REL_ALPHA_REFLONGNB 0x0010
#define REL_ALPHA_SECRELLO 0x0011 /* Low 16-bit section relative reference */
#define REL_ALPHA_SECRELHI 0x0012 /* High 16-bit section relative reference */
/*
// NT IBM PowerPC relocation types.
*/
#define REL_PPC_ABSOLUTE 0x0000 /* NOP */
#define REL_PPC_ADDR64 0x0001 /* 64-bit address */
#define REL_PPC_ADDR32 0x0002 /* 32-bit address */
#define REL_PPC_ADDR24 0x0003 /* 26-bit address, shifted left 2 (branch absolute) */
#define REL_PPC_ADDR16 0x0004 /* 16-bit address */
#define REL_PPC_ADDR14 0x0005 /* 16-bit address, shifted left 2 (load doubleword) */
#define REL_PPC_REL24 0x0006 /* 26-bit PC-relative offset, shifted left 2 (branch relative) */
#define REL_PPC_REL14 0x0007 /* 16-bit PC-relative offset, shifted left 2 (br cond relative) */
#define REL_PPC_TOCREL16 0x0008 /* 16-bit offset from TOC base */
#define REL_PPC_TOCREL14 0x0009 /* 16-bit offset from TOC base, shifted left 2 (load doubleword) */
#define REL_PPC_ADDR32NB 0x000A /* 32-bit addr w/o image base */
#define REL_PPC_SECREL 0x000B /* va of containing section (as in an image sectionhdr) */
#define REL_PPC_SECTION 0x000C /* sectionheader number */
#define REL_PPC_IFGLUE 0x000D /* substitute TOC restore instruction iff symbol is glue code */
#define REL_PPC_IMGLUE 0x000E /* symbol is glue code; virtual address is TOC restore instruction */
#define REL_PPC_SECREL16 0x000F /* va of containing section (limited to 16 bits) */
#define REL_PPC_REFHI 0x0010
#define REL_PPC_REFLO 0x0011
#define REL_PPC_PAIR 0x0012
#define REL_PPC_TYPEMASK 0x00FF /* mask to isolate above values in IMAGE_RELOCATION.Type */
/* Flag bits in IMAGE_RELOCATION.TYPE */
#define REL_PPC_NEG 0x0100 /* subtract reloc value rather than adding it */
#define REL_PPC_BRTAKEN 0x0200 /* fix branch prediction bit to predict branch taken */
#define REL_PPC_BRNTAKEN 0x0400 /* fix branch prediction bit to predict branch not taken */
#define REL_PPC_TOCDEFN 0x0800 /* toc slot defined in file (or, data in toc) */
/*
// NT Based relocation format.
*/
typedef struct {
unsigned long RVA;
unsigned long size;
} PE_FIXUP, *PPE_FIXUP;
/*
// NT Based relocation types.
*/
#define REL_BASED_ABSOLUTE 0
#define REL_BASED_HIGH 1
#define REL_BASED_LOW 2
#define REL_BASED_HIGHLOW 3
#define REL_BASED_HIGHADJ 4
#define REL_BASED_MIPS_JMPADDR 5
#define DEFAULT_UNIX_ALIGNMENT 4
#define DEFAULT_NT_ALIGNMENT 16
/*
// NT Communal selection types.
*/
#define COMDAT_SELECT_NODUPLICATES 1
#define COMDAT_SELECT_ANY 2
#define COMDAT_SELECT_SAME_SIZE 3
#define COMDAT_SELECT_EXACT_MATCH 4
#define COMDAT_SELECT_ASSOCIATIVE 5
#define COMDAT_SELECT_LARGEST 6
#define COMDAT_SELECT_NEWEST 7
#define WEAK_EXTERN_SEARCH_NOLIBRARY 1
#define WEAK_EXTERN_SEARCH_LIBRARY 2
#define WEAK_EXTERN_SEARCH_ALIAS 3
/*
// NT DLL support.
*/
/*
// Export Format
*/
typedef struct {
unsigned long Flags;
unsigned long TimeDate;
unsigned short MajorVersion;
unsigned short MinorVersion;
unsigned long DllNameRVA;
unsigned long OrdinalBase;
unsigned long NumFuncs;
unsigned long NumNames;
unsigned long AddressTableRVA;
unsigned long NameTableRVA;
unsigned long OrdinalTableRVA;
} PE_EXPORT_DIR, *PPE_EXPORT_DIR;
/*
// Import Format
*/
typedef struct {
unsigned long ILT_RVA; /* RVA of the Import Lookup Table */
unsigned long timedate;
unsigned long ForwarderChain; /* ??? */
unsigned long DllNameRVA; /* Address of asciiz dll name */
unsigned long IAT_RVA; /* RVA of the Import Address Table */
} PE_IMPORT_DIR, *PPE_IMPORT_DIR;
typedef struct {
unsigned short hint;
char name[1];
} PE_HINT_NAME, *PPE_HINT_NAME;
typedef struct {
union {
unsigned char* ForwarderString;
unsigned long* Function;
unsigned long Ordinal;
PPE_HINT_NAME AddressOfData;
} u1;
} PE_THUNK_DATA, *PPE_THUNK_DATA;
#define IMAGE_ORDINAL_FLAG 0x80000000
#define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0)
#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
typedef struct _IMAGE_IMPORT_DESCRIPTOR {
union {
unsigned long Characteristics; /* 0 for terminating null import descriptor */
PPE_THUNK_DATA OriginalFirstThunk; /* RVA to original unbound IAT */
} u;
unsigned long TimeDateStamp; /* 0 if not bound, */
/* -1 if bound, and real date\time stamp */
/* in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND) */
/* O.W. date/time stamp of DLL bound to (Old BIND) */
long ForwarderChain; /* -1 if no forwarders */
unsigned long Name;
PPE_THUNK_DATA FirstThunk; /* RVA to IAT (if bound this IAT has actual addresses) */
} IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR;
/*
New format import descriptors pointed to by
DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ]
*/
typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR {
unsigned long TimeDateStamp;
unsigned short OffsetModuleName;
unsigned short NumberOfModuleForwarderRefs;
/* Array of zero or more IMAGE_BOUND_FORWARDER_REF follows */
} IMAGE_BOUND_IMPORT_DESCRIPTOR, *PIMAGE_BOUND_IMPORT_DESCRIPTOR;
typedef struct _IMAGE_BOUND_FORWARDER_REF {
unsigned long TimeDateStamp;
unsigned short OffsetModuleName;
unsigned short Reserved;
} IMAGE_BOUND_FORWARDER_REF, *PIMAGE_BOUND_FORWARDER_REF;
/*
// Thread Local Storage
*/
typedef void (*PIMAGE_TLS_CALLBACK) ();
typedef struct _IMAGE_TLS_DIRECTORY {
unsigned long StartAddressOfRawData;
unsigned long EndAddressOfRawData;
unsigned long* AddressOfIndex;
PIMAGE_TLS_CALLBACK *AddressOfCallBacks;
unsigned long SizeOfZeroFill;
unsigned long Characteristics;
} IMAGE_TLS_DIRECTORY, *PIMAGE_TLS_DIRECTORY;
/*
// Resource Format.
*/
/*
// Resource directory consists of two counts, following by a variable length
// array of directory entries. The first count is the number of entries at
// beginning of the array that have actual names associated with each entry.
// The entries are in ascending order, case insensitive strings. The second
// count is the number of entries that immediately follow the named entries.
// This second count identifies the number of entries that have 16-bit integer
// Ids as their name. These entries are also sorted in ascending order.
//
// This structure allows fast lookup by either name or number, but for any
// given resource entry only one form of lookup is supported, not both.
// This is consistant with the syntax of the .RC file and the .RES file.
*/
typedef struct _IMAGE_RESOURCE_DIRECTORY {
unsigned long Characteristics;
unsigned long TimeDateStamp;
unsigned short MajorVersion;
unsigned short MinorVersion;
unsigned short NumberOfNamedEntries;
unsigned short NumberOfIdEntries;
/* IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; */
} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
/*
// Each directory contains the 32-bit Name of the entry and an offset,
// relative to the beginning of the resource directory of the data associated
// with this directory entry. If the name of the entry is an actual text
// string instead of an integer Id, then the high order bit of the name field
// is set to one and the low order 31-bits are an offset, relative to the
// beginning of the resource directory of the string, which is of type
// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
// low-order 16-bits are the integer Id that identify this resource directory
// entry. If the directory entry is yet another resource directory (i.e. a
// subdirectory), then the high order bit of the offset field will be
// set to indicate this. Otherwise the high bit is clear and the offset
// field points to a resource data entry.
*/
typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
union {
struct {
unsigned long NameOffset:31;
unsigned long NameIsString:1;
} s;
unsigned long Name;
unsigned short Id;
} u1;
union {
unsigned long OffsetToData;
struct {
unsigned long OffsetToDirectory:31;
unsigned long DataIsDirectory:1;
} s;
} u2;
} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
/*
// For resource directory entries that have actual string names, the Name
// field of the directory entry points to an object of the following type.
// All of these string objects are stored together after the last resource
// directory entry and before the first resource data object. This minimizes
// the impact of these variable length objects on the alignment of the fixed
// size directory entry objects.
*/
typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
unsigned short Length;
char NameString[ 1 ];
} IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
unsigned short Length;
unsigned short NameString[ 1 ];
} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
/*
// Each resource data entry describes a leaf node in the resource directory
// tree. It contains an offset, relative to the beginning of the resource
// directory of the data for the resource, a size field that gives the number
// of bytes of data at that offset, a CodePage that should be used when
// decoding code point values within the resource data. Typically for new
// applications the code page would be the unicode code page.
*/
typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
unsigned long OffsetToData;
unsigned long Size;
unsigned long CodePage;
unsigned long Reserved;
} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
/*
// Load Configuration Directory Entry
*/
typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY {
unsigned long Characteristics;
unsigned long TimeDateStamp;
unsigned short MajorVersion;
unsigned short MinorVersion;
unsigned long GlobalFlagsClear;
unsigned long GlobalFlagsSet;
unsigned long CriticalSectionDefaultTimeout;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -