8 #define PE_MAGIC_PE 0x4550
9 #define PE_MAGIC_MZ 0x4d5a
10 #define PE_MAX_DLL_NAME 256
11 #define PE_MAX_FUNCTION_NAME 512
12 #define PE_MODE_UNSET 0
14 #define PE_MODE_X86_64 2
15 #define PE_MAX_SECTIONS 32
16 #define PE_SECTION_NAME_SIZE 8
17 #define PE_MAX_DIRECTORIES 16
22 IMAGE_DIRECTORY_ENTRY_EXPORT = 0,
23 IMAGE_DIRECTORY_ENTRY_IMPORT = 1,
24 IMAGE_DIRECTORY_ENTRY_RESOURCE = 2,
25 IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3,
26 IMAGE_DIRECTORY_ENTRY_SECURITY = 4,
27 IMAGE_DIRECTORY_ENTRY_BASERELOC = 5,
28 IMAGE_DIRECTORY_ENTRY_DEBUG = 6,
30 IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7,
31 IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8,
32 IMAGE_DIRECTORY_ENTRY_TLS = 9,
33 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10,
34 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11,
35 IMAGE_DIRECTORY_ENTRY_IAT = 12,
36 IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13,
37 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14,
38 IMAGE_DIRECTORY_RESERVED = 15
39 } ImageDirectoryEntry;
42 uint32_t Characteristics;
43 uint32_t TimeDateStamp;
44 uint16_t MajorVersion;
45 uint16_t MinorVersion;
48 uint32_t NumberOfFunctions;
49 uint32_t NumberOfNames;
50 uint32_t AddressOfFunctions;
51 uint32_t AddressOfNames;
52 uint32_t AddressOfNameOrdinals;
56 uint32_t StartAddressOfRawData;
57 uint32_t EndAddressOfRawData;
58 uint32_t AddressOfIndex;
59 uint32_t AddressOfCallBacks;
60 uint32_t SizeOfZeroFill;
61 uint32_t Characteristics;
65 uint64_t StartAddressOfRawData;
66 uint64_t EndAddressOfRawData;
67 uint64_t AddressOfIndex;
68 uint64_t AddressOfCallBacks;
69 uint32_t SizeOfZeroFill;
70 uint32_t Characteristics;
74 uint32_t VirtualAddress;
79 IMAGE_FILE_MACHINE_UNKNOWN = 0x0,
80 IMAGE_FILE_MACHINE_AM33 = 0x1d3,
81 IMAGE_FILE_MACHINE_AMD64 = 0x8664,
82 IMAGE_FILE_MACHINE_ARM = 0x1c0,
83 IMAGE_FILE_MACHINE_ARMV7 = 0x1c4,
84 IMAGE_FILE_MACHINE_CEE = 0xc0ee,
85 IMAGE_FILE_MACHINE_EBC = 0xebc,
86 IMAGE_FILE_MACHINE_I386 = 0x14c,
87 IMAGE_FILE_MACHINE_IA64 = 0x200,
88 IMAGE_FILE_MACHINE_M32R = 0x9041,
89 IMAGE_FILE_MACHINE_MIPS16 = 0x266,
90 IMAGE_FILE_MACHINE_MIPSFPU = 0x366,
91 IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466,
92 IMAGE_FILE_MACHINE_POWERPC = 0x1f0,
93 IMAGE_FILE_MACHINE_POWERPCFP = 0x1f1,
94 IMAGE_FILE_MACHINE_R4000 = 0x166,
95 IMAGE_FILE_MACHINE_SH3 = 0x1a2,
96 IMAGE_FILE_MACHINE_SH3DSP = 0x1a3,
97 IMAGE_FILE_MACHINE_SH4 = 0x1a6,
98 IMAGE_FILE_MACHINE_SH5 = 0x1a8,
99 IMAGE_FILE_MACHINE_THUMB = 0x1c2,
100 IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169
109 IMAGE_FILE_RELOCS_STRIPPED = 0x0001,
113 IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002,
117 IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004,
121 IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008,
125 IMAGE_FILE_AGGRESSIVE_WS_TRIM = 0x0010,
128 IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020,
131 IMAGE_FILE_RESERVED = 0x0040,
135 IMAGE_FILE_BYTES_REVERSED_LO = 0x0080,
138 IMAGE_FILE_32BIT_MACHINE = 0x0100,
141 IMAGE_FILE_DEBUG_STRIPPED = 0x0200,
145 IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400,
149 IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800,
152 IMAGE_FILE_SYSTEM = 0x1000,
157 IMAGE_FILE_DLL = 0x2000,
160 IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000,
164 IMAGE_FILE_BYTES_REVERSED_HI = 0x8000
165 } ImageCharacteristics;
170 uint16_t NumberOfSections;
171 uint32_t TimeDateStamp;
172 uint32_t PointerToSymbolTable;
173 uint32_t NumberOfSymbols;
174 uint16_t SizeOfOptionalHeader;
175 uint16_t Characteristics;
203 IMAGE_SUBSYSTEM_UNKNOWN = 0,
205 IMAGE_SUBSYSTEM_NATIVE = 1,
207 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
209 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
211 IMAGE_SUBSYSTEM_OS2_CUI = 5,
213 IMAGE_SUBSYSTEM_POSIX_CUI = 7,
215 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
217 IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
219 IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
221 IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
223 IMAGE_SUBSYSTEM_EFI_ROM = 13,
225 IMAGE_SUBSYSTEM_XBOX = 14,
227 IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16
237 IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040,
239 IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
241 IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100,
243 IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
246 IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
248 IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
251 IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
254 IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
255 } ImageDllCharacteristics;
265 uint8_t MajorLinkerVersion;
266 uint8_t MinorLinkerVersion;
268 uint32_t SizeOfInitializedData;
269 uint32_t SizeOfUninitializedData;
270 uint32_t AddressOfEntryPoint;
282 uint8_t MajorLinkerVersion;
283 uint8_t MinorLinkerVersion;
285 uint32_t SizeOfInitializedData;
286 uint32_t SizeOfUninitializedData;
287 uint32_t AddressOfEntryPoint;
291 uint32_t SectionAlignment;
292 uint32_t FileAlignment;
293 uint16_t MajorOperatingSystemVersion;
294 uint16_t MinorOperatingSystemVersion;
295 uint16_t MajorImageVersion;
296 uint16_t MinorImageVersion;
297 uint16_t MajorSubsystemVersion;
298 uint16_t MinorSubsystemVersion;
300 uint32_t SizeOfImage;
301 uint32_t SizeOfHeaders;
304 uint16_t DllCharacteristics;
305 uint32_t SizeOfStackReserve;
306 uint32_t SizeOfStackCommit;
307 uint32_t SizeOfHeapReserve;
308 uint32_t SizeOfHeapCommit;
309 uint32_t LoaderFlags;
310 uint32_t NumberOfRvaAndSizes;
317 uint8_t MajorLinkerVersion;
318 uint8_t MinorLinkerVersion;
320 uint32_t SizeOfInitializedData;
321 uint32_t SizeOfUninitializedData;
322 uint32_t AddressOfEntryPoint;
325 uint32_t SectionAlignment;
326 uint32_t FileAlignment;
327 uint16_t MajorOperatingSystemVersion;
328 uint16_t MinorOperatingSystemVersion;
329 uint16_t MajorImageVersion;
330 uint16_t MinorImageVersion;
331 uint16_t MajorSubsystemVersion;
332 uint16_t MinorSubsystemVersion;
334 uint32_t SizeOfImage;
335 uint32_t SizeOfHeaders;
338 uint16_t DllCharacteristics;
339 uint64_t SizeOfStackReserve;
340 uint64_t SizeOfStackCommit;
341 uint64_t SizeOfHeapReserve;
342 uint64_t SizeOfHeapCommit;
343 uint32_t LoaderFlags;
344 uint32_t NumberOfRvaAndSizes;
356 IMAGE_SCN_TYPE_NO_PAD = 0x00000008,
357 IMAGE_SCN_CNT_CODE = 0x00000020,
358 IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040,
359 IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080,
360 IMAGE_SCN_LNK_OTHER = 0x00000100,
361 IMAGE_SCN_LNK_INFO = 0x00000200,
362 IMAGE_SCN_LNK_REMOVE = 0x00000800,
363 IMAGE_SCN_LNK_COMDAT = 0x00001000,
364 IMAGE_SCN_NO_DEFER_SPEC_EXC = 0x00004000,
365 IMAGE_SCN_GPREL = 0x00008000,
366 IMAGE_SCN_MEM_PURGEABLE = 0x00020000,
367 IMAGE_SCN_MEM_LOCKED = 0x00040000,
368 IMAGE_SCN_MEM_PRELOAD = 0x00080000,
369 IMAGE_SCN_ALIGN_1BYTES = 0x00100000,
370 IMAGE_SCN_ALIGN_2BYTES = 0x00200000,
371 IMAGE_SCN_ALIGN_4BYTES = 0x00300000,
372 IMAGE_SCN_ALIGN_8BYTES = 0x00400000,
373 IMAGE_SCN_ALIGN_16BYTES = 0x00500000,
374 IMAGE_SCN_ALIGN_32BYTES = 0x00600000,
375 IMAGE_SCN_ALIGN_64BYTES = 0x00700000,
376 IMAGE_SCN_ALIGN_128BYTES = 0x00800000,
377 IMAGE_SCN_ALIGN_256BYTES = 0x00900000,
378 IMAGE_SCN_ALIGN_512BYTES = 0x00A00000,
379 IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000,
380 IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000,
381 IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000,
382 IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000,
383 IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000,
384 IMAGE_SCN_MEM_DISCARDABLE = 0x02000000,
385 IMAGE_SCN_MEM_NOT_CACHED = 0x04000000,
386 IMAGE_SCN_MEM_NOT_PAGED = 0x08000000,
387 IMAGE_SCN_MEM_SHARED = 0x10000000,
388 IMAGE_SCN_MEM_EXECUTE = 0x20000000,
389 IMAGE_SCN_MEM_READ = 0x40000000,
390 IMAGE_SCN_MEM_WRITE = -2147483648
391 } SectionCharacteristics;
394 uint8_t Name[PE_SECTION_NAME_SIZE];
396 uint32_t PhysicalAddress;
397 uint32_t VirtualSize;
399 uint32_t VirtualAddress;
400 uint32_t SizeOfRawData;
401 uint32_t PointerToRawData;
402 uint32_t PointerToRelocations;
403 uint32_t PointerToLinenumbers;
404 uint16_t NumberOfRelocations;
405 uint16_t NumberOfLinenumbers;
406 uint32_t Characteristics;
418 char magic_mz[2] = {0x5a, 0x4d};
419 char magic_pe[4] = {0x00, 0x00, 0x45, 0x50};
423 uint32_t pe_header_ptr = 0;
427 int mode = PE_MODE_UNSET;
428 struct Section sections[PE_MAX_SECTIONS];
430 bool Setup(
int input_mode);
431 bool ReadFile(
char *file_path);