-
Notifications
You must be signed in to change notification settings - Fork 0
/
MicroExe.h
118 lines (104 loc) · 4.98 KB
/
MicroExe.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#ifndef MICROEXE_H
#define MICROEXE_H
#include "Types.h"
#include "AlignPrefix1.h"
struct MICRO_EXE_HEADERS
{
// DOS Header
struct DOS_HEADER
{
uint16 Magic; // DOS .EXE magic number
uint16 Unused;
} DosHeader;
// PE Header
struct HEADER
{
uint32 Magic; // magic number [should be "PE\0\0"]
uint16 Machine; // machine type
uint16 NumberOfSections; // number of sections
uint32 TimeDateStamp; // timedate stamp
uint32 PointerToSymbolTable; // symbol table address
uint32 NumberOfSymbols; // number of symbols
uint16 SizeOfOptionalHeader; // size of optional header
uint16 Characteristics; // characteristics
} Header;
// Optional Header
struct OPTIONAL_HEADER
{
uint16 Magic; // magic number [should be 0x010B]
uint08 MajorLinkerVersion; // linker version [major]
uint08 MinorLinkerVersion; // linker version [minor]
uint32 SizeOfCode; // size of code
uint32 SizeOfInitializedData; // size of initialized data
uint32 SizeOfUninitializedData; // size of uninitialized data
uint32 AddressOfEntryPoint; // address of entry point
uint32 BaseOfCode; // address of code base
uint32 BaseOfData; // address of data base
// NT Additional Fields
uint32 ImageBase; // address of image base
uint32 Lfanew_SectionAlignment; // section alignment
// (DOS Header) file address of new .EXE header
uint32 FileAlignment; // file alignment
uint16 MajorOperatingSystemVersion; // operating system version [major]
uint16 MinorOperatingSystemVersion; // operating system version [minor]
// image version not normally used, thus the imported
// Dirtbox DLL name is placed here to save a few bytes.
int08 DirtboxDllName[4];
// uint16 MajorImageVersion; // image version [major]
// uint16 MinorImageVersion; // image version [minor]
uint16 MajorSubsystemVersion; // subsystem version [major]
uint16 MinorSubsystemVersion; // subsystem version [minor]
uint32 Win32VersionValue; // win32 version
uint32 SizeOfImage; // size of image
uint32 SizeOfHeaders; // size of headers
uint32 CheckSum; // checksum
uint16 Subsystem; // subsystem
uint16 DllCharacteristics; // dll characteristics
uint32 SizeOfStackReserve; // size of stack reserve
uint32 SizeOfStackCommit; // size of stack commit
uint32 SizeOfHeapReserve; // size of heap reserve
uint32 SizeOfHeapCommit; // size of heap commit
uint32 LoaderFlags; // loader flags
uint32 NumberOfRvaAndSizes; // data directories
struct IMAGE_DATA_DIRECTORY
{
uint32 VirtualAddress;
uint32 Size;
} DataDirectory[4];
} OptionalHeader;
struct SECTION_HEADER
{
int08 Name[8];
uint32 VirtualSize;
uint32 VirtualAddress;
uint32 SizeOfRawData;
uint32 PointerToRawData;
uint32 PointerToRelocations;
uint32 PointerToLinenumbers;
uint16 NumberOfRelocations;
uint16 NumberOfLinenumbers;
uint32 Characteristics;
} SectionHeader;
struct IMAGE_IMPORT_DESCRIPTOR
{
uint32 OriginalFirstThunk; // address of import lookup table
uint32 TimeDateStamp; // time date stamp
uint32 ForwarderChain; // forwarder chain, -1 if no forwarders
uint32 Name; // address of DLL name string
uint32 FirstThunk; // address of import address table
} ImageImportDescriptor[2];
uint32 ImportAddressTable[2];
uint08 Trampoline[16];
};
#include "AlignPosfix1.h"
const uint16 IMAGE_FILE_RELOCS_STRIPPED = 0x0001; // Relocation info stripped from file.
const uint16 IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002; // File is executable (i.e. no unresolved externel references).
const uint16 IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020; // App can handle >2gb addresses
const uint16 IMAGE_FILE_32BIT_MACHINE = 0x0100; // 32 bit word machine.
const uint16 IMAGE_FILE_MACHINE_I386 = 0x014c; // Intel 386.
const uint16 IMAGE_SUBSYSTEM_UNKNOWN = 0x0000;
const uint16 IMAGE_SUBSYSTEM_NATIVE = 0x0001;
const uint16 IMAGE_SUBSYSTEM_WINDOWS_GUI = 0x0002;
const uint16 IMAGE_SUBSYSTEM_WINDOWS_CUI = 0x0003;
const uint32 EXE_ALIGNMENT = 4;
#endif