windows.inc

The final version of UPX scrambler and PE sources in Delphi and flat assembler.

; Some additional system constants and types

; Win32 error codes

ERROR_SUCCESS		     = 0
ERROR_FILE_NOT_FOUND	     = 2
ERROR_ACCESS_DENIED	     = 5
ERROR_INVALID_DATA	     = 13
ERROR_INVALID_PARAMETER      = 87
ERROR_MOD_NOT_FOUND	     = 126
ERROR_INVALID_EXE_SIGNATURE  = 191
ERROR_BAD_EXE_FORMAT	     = 193
ERROR_NOACCESS		     = 998

; Executable files

IMAGE_DOS_SIGNATURE = 5A4Dh	 ; { MZ }
IMAGE_NT_SIGNATURE  = 00004550h  ; { PE00 }

IMAGE_SIZEOF_FILE_HEADER	= sizeof.IMAGE_FILE_HEADER
IMAGE_SIZEOF_NT_OPTIONAL_HEADER = sizeof.IMAGE_OPTIONAL_HEADER
IMAGE_SIZEOF_SECTION_HEADER	= sizeof.IMAGE_SECTION_HEADER
IMAGE_NT_OPTIONAL_HDR_MAGIC	= 010Bh

IMAGE_FILE_RELOCS_STRIPPED	    = 0001h ; { Relocation info stripped from file }
IMAGE_FILE_EXECUTABLE_IMAGE	    = 0002h ; { File is executable  (i.e. no unresolved externel references) }
IMAGE_FILE_LINE_NUMS_STRIPPED	    = 0004h ; { Line nunbers stripped from file }
IMAGE_FILE_LOCAL_SYMS_STRIPPED	    = 0008h ; { Local symbols stripped from file }
IMAGE_FILE_AGGRESIVE_WS_TRIM	    = 0010h ; { Agressively trim working set }
IMAGE_FILE_BYTES_REVERSED_LO	    = 0080h ; { Bytes of machine word are reversed }
IMAGE_FILE_32BIT_MACHINE	    = 0100h ; { 32 bit word machine }
IMAGE_FILE_DEBUG_STRIPPED	    = 0200h ; { Debugging info stripped from file in .DBG file }
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP  = 0400h ; { If Image is on removable media, copy and run from the swap file }
IMAGE_FILE_NET_RUN_FROM_SWAP	    = 0800h ; { If Image is on Net, copy and run from the swap file }
IMAGE_FILE_SYSTEM		    = 1000h ; { System File }
IMAGE_FILE_DLL			    = 2000h ; { File is a DLL }
IMAGE_FILE_UP_SYSTEM_ONLY	    = 4000h ; { File should only be run on a UP machine }
IMAGE_FILE_BYTES_REVERSED_HI	    = 8000h ; { Bytes of machine word are reversed }

IMAGE_FILE_MACHINE_UNKNOWN = 0000h
IMAGE_FILE_MACHINE_I386    = 014Ch ; { Intel 386+ }

IMAGE_SUBSYSTEM_UNKNOWN      = 0 ; { Unknown subsystem }
IMAGE_SUBSYSTEM_NATIVE	     = 1 ; { Image doesn't require a subsystem }
IMAGE_SUBSYSTEM_WINDOWS_GUI  = 2 ; { Image runs in the Windows GUI subsystem }
IMAGE_SUBSYSTEM_WINDOWS_CUI  = 3 ; { Image runs in the Windows character subsystem }

IMAGE_SIZEOF_SHORT_NAME = 8

IMAGE_SCN_CNT_CODE		  = 00000020h	     ; { Section contains code }
IMAGE_SCN_CNT_INITIALIZED_DATA	  = 00000040h	     ; { Section contains initialized data }
IMAGE_SCN_CNT_UNINITIALIZED_DATA  = 00000080h	     ; { Section contains uninitialized data }
IMAGE_SCN_LNK_INFO		  = 00000200h	     ; { Section contains comments or some other type of information }
IMAGE_SCN_LNK_REMOVE		  = 00000800h	     ; { Section contents will not become part of image }
IMAGE_SCN_LNK_COMDAT		  = 00001000h	     ; { Section contents comdat }
IMAGE_SCN_MEM_FARDATA		  = 00008000h
IMAGE_SCN_MEM_PURGEABLE 	  = 00020000h
IMAGE_SCN_MEM_16BIT		  = 00020000h
IMAGE_SCN_MEM_LOCKED		  = 00040000h
IMAGE_SCN_MEM_PRELOAD		  = 00080000h
IMAGE_SCN_ALIGN_1BYTES		  = 00100000h
IMAGE_SCN_ALIGN_2BYTES		  = 00200000h
IMAGE_SCN_ALIGN_4BYTES		  = 00300000h
IMAGE_SCN_ALIGN_8BYTES		  = 00400000h
IMAGE_SCN_ALIGN_16BYTES 	  = 00500000h	     ; { Default alignment if no others are specified }
IMAGE_SCN_ALIGN_32BYTES 	  = 00600000h
IMAGE_SCN_ALIGN_64BYTES 	  = 00700000h
IMAGE_SCN_LNK_NRELOC_OVFL	  = 01000000h	     ; { Section contains extended relocations }
IMAGE_SCN_MEM_DISCARDABLE	  = 02000000h	     ; { Section can be discarded }
IMAGE_SCN_MEM_NOT_CACHED	  = 04000000h	     ; { Section is not cachable }
IMAGE_SCN_MEM_NOT_PAGED 	  = 08000000h	     ; { Section is not pageable }
IMAGE_SCN_MEM_SHARED		  = 10000000h	     ; { Section is shareable }
IMAGE_SCN_MEM_EXECUTE		  = 20000000h	     ; { Section is executable }
IMAGE_SCN_MEM_READ		  = 40000000h	     ; { Section is readable }
IMAGE_SCN_MEM_WRITE		  = DWORD(80000000h) ; { Section is writeable }

struct IMAGE_EXPORT_DIRECTORY
  Characteristics	dd ?
  TimeDateStamp 	dd ?
  MajorVersion		dw ?
  MinorVersion		dw ?
  Name			dd ?
  Base			dd ?
  NumberOfFunctions	dd ?
  NumberOfNames 	dd ?
  AddressOfFunctions	dd ?
  AddressOfNames	dd ?
  AddressOfNameOrdinals dd ?
ends

struct IMAGE_FIXUPS_DIRECTORY
  PageRVA   dd ?
  BlockSize dd ?
ends

struct IMAGE_IMPORT_DIRECTORY_ENTRY
  ImportLookUp	 dd ?
  TimeDateStamp  dd ?
  ForwardChain	 dd ?
  NameRVA	 dd ?
  AddresTableRVA dd ?
ends

IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16

struct IMAGE_DATA_DIRECTORY
  VirtualAddress dd ?
  Size		 dd ?
ends

struct IMAGE_SECTION_HEADER
  Name		       db IMAGE_SIZEOF_SHORT_NAME dup (?)
  VirtualSize	       dd ?
  VirtualAddress       dd ?
  SizeOfRawData        dd ?
  PointerToRawData     dd ?
  PointerToRelocations dd ?
  PointerToLinenumbers dd ?
  NumberOfRelocations  dw ?
  NumberOfLinenumbers  dw ?
  Characteristics      dd ?
ends

struct IMAGE_DOS_HEADER
  e_magic    dw ?	    ; { Magic number                     } ; IMAGE_DOS_SIGNATURE
  e_cblp     dw ?	    ; { Bytes on last page of file       }
  e_cp	     dw ?	    ; { Pages in file                    }
  e_crlc     dw ?	    ; { Relocations                      }
  e_cparhdr  dw ?	    ; { Size of header in paragraphs     }
  e_minalloc dw ?	    ; { Minimum extra paragraphs needed  }
  e_maxalloc dw ?	    ; { Maximum extra paragraphs needed  }
  e_ss	     dw ?	    ; { Initial (relative) SS value      }
  e_sp	     dw ?	    ; { Initial SP value                 }
  e_csum     dw ?	    ; { Checksum                         }
  e_ip	     dw ?	    ; { Initial IP value                 }
  e_cs	     dw ?	    ; { Initial (relative) CS value      }
  e_lfarlc   dw ?	    ; { File address of relocation table }
  e_ovno     dw ?	    ; { Overlay number                   }
  e_res      dw 4 dup (?)   ; { Reserved words                   }
  e_oemid    dw ?	    ; { OEM identifier (for e_oeminfo)   }
  e_oeminfo  dw ?	    ; { OEM information; e_oemid specific}
  e_res2     dw 10 dup (?)  ; { Reserved words                   }
  _lfanew    dd ?	    ; { File address of new exe header   }
ends

struct IMAGE_FILE_HEADER
  Machine	       dw ?
  NumberOfSections     dw ?
  TimeDateStamp        dd ?
  PointerToSymbolTable dd ?
  NumberOfSymbols      dd ?
  SizeOfOptionalHeader dw ?
  Characteristics      dw ?
ends

struct IMAGE_OPTIONAL_HEADER
  ; { Standard fields }
  Magic 		      dw ?  ; IMAGE_NT_OPTIONAL_HDR_MAGIC
  MajorLinkerVersion	      db ?
  MinorLinkerVersion	      db ?
  SizeOfCode		      dd ?
  SizeOfInitializedData       dd ?
  SizeOfUninitializedData     dd ?
  AddressOfEntryPoint	      dd ?
  BaseOfCode		      dd ?
  BaseOfData		      dd ?
  ; { NT additional fields }
  ImageBase		      dd ?
  SectionAlignment	      dd ?
  FileAlignment 	      dd ?
  MajorOperatingSystemVersion dw ?
  MinorOperatingSystemVersion dw ?
  MajorImageVersion	      dw ?
  MinorImageVersion	      dw ?
  MajorSubsystemVersion       dw ?
  MinorSubsystemVersion       dw ?
  Win32VersionValue	      dd ?
  SizeOfImage		      dd ?
  SizeOfHeaders 	      dd ?
  CheckSum		      dd ?
  Subsystem		      dw ?
  DllCharacteristics	      dw ?
  SizeOfStackReserve	      dd ?
  SizeOfStackCommit	      dd ?
  SizeOfHeapReserve	      dd ?
  SizeOfHeapCommit	      dd ?
  LoaderFlags		      dd ?
  NumberOfRvaAndSizes	      dd ?
  DataDirectoryExport	      IMAGE_DATA_DIRECTORY  ;  { Export Directory }
  DataDirectoryImport	      IMAGE_DATA_DIRECTORY  ;  { Import Directory }
  DataDirectoryResource       IMAGE_DATA_DIRECTORY  ;  { Resource Directory }
  DataDirectoryException      IMAGE_DATA_DIRECTORY  ;  { Exception Directory }
  DataDirectorySecurity       IMAGE_DATA_DIRECTORY  ;  { Security Directory }
  DataDirectoryBaseReloc      IMAGE_DATA_DIRECTORY  ;  { Base Relocation Table }
  DataDirectoryDebug	      IMAGE_DATA_DIRECTORY  ;  { Debug Directory }
  DataDirectoryCopyright      IMAGE_DATA_DIRECTORY  ;  { Description String }
  DataDirectoryGlobalPtr      IMAGE_DATA_DIRECTORY  ;  { Machine Value (MIPS GP) }
  DataDirectoryTls	      IMAGE_DATA_DIRECTORY  ;  { TLS Directory }
  DataDirectoryLoadConfig     IMAGE_DATA_DIRECTORY  ;  { Load Configuration Directory }
  DataDirectoryBoundImport    IMAGE_DATA_DIRECTORY  ;  { Bound Import Directory in headers }
  DataDirectoryIAT	      IMAGE_DATA_DIRECTORY  ;  { Import Address Table }
  DataDirectoryReserved1      IMAGE_DATA_DIRECTORY
  DataDirectoryReserved2      IMAGE_DATA_DIRECTORY
  DataDirectoryReserved3      IMAGE_DATA_DIRECTORY
ends

struct IMAGE_NT_HEADERS
  Signature	 dd ? ; IMAGE_NT_SIGNATURE
  FileHeader	 IMAGE_FILE_HEADER
  OptionalHeader IMAGE_OPTIONAL_HEADER
ends

struct EXCEPTION_POINTERS
  ExceptionRecord dd ?
  ContextRecord   dd ?
ends

SIZE_OF_80387_REGISTERS = 80

struct FLOATING_SAVE_AREA
  ControlWord	dd ?
  StatusWord	dd ?
  TagWord	dd ?
  ErrorOffset	dd ?
  ErrorSelector dd ?
  DataOffset	dd ?
  DataSelector	dd ?
  RegisterArea	db SIZE_OF_80387_REGISTERS dup (?)
  Cr0NpxState	dd ?
ends

struct CONTEXT
  ; The flags values within this flag control the contents of
  ; a CONTEXT record.

  ; If the context record is used as an input parameter, then
  ; for each portion of the context record controlled by a flag
  ; whose value is set, it is assumed that that portion of the
  ; context record contains valid context. If the context record
  ; is being used to modify a threads context, then only that
  ; portion of the threads context will be modified.

  ; If the context record is used as an IN OUT parameter to capture
  ; the context of a thread, then only those portions of the thread's
  ; context corresponding to set flags will be returned.

  ;  The context record is never used as an OUT only parameter.

    ContextFlags dd ?

  ; This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
  ; set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
  ; included in CONTEXT_FULL.

    Dr0 dd ?
    Dr1 dd ?
    Dr2 dd ?
    Dr3 dd ?
    Dr6 dd ?
    Dr7 dd ?

  ; This section is specified/returned if the
  ; ContextFlags word contians the flag CONTEXT_FLOATING_POINT.

    FloatSave FLOATING_SAVE_AREA

  ; This section is specified/returned if the
  ; ContextFlags word contians the flag CONTEXT_SEGMENTS.

    SegGs dd ?
    SegFs dd ?
    SegEs dd ?
    SegDs dd ?

  ; This section is specified/returned if the
  ; ContextFlags word contians the flag CONTEXT_INTEGER.

    Edi dd ?
    Esi dd ?
    Ebx dd ?
    Edx dd ?
    Ecx dd ?
    Eax dd ?

  ; This section is specified/returned if the
  ; ContextFlags word contians the flag CONTEXT_CONTROL.

    Ebp    dd ?
    Eip    dd ?
    SegCs  dd ?
    EFlags dd ?
    Esp    dd ?
    SegSs  dd ?
ends