home *** CD-ROM | disk | FTP | other *** search
/ Cracking 2 / Cracking II..iso / Priklady / Priklad 16 / PE.INC < prev    next >
Text File  |  2000-07-24  |  15KB  |  311 lines
  1.  
  2. IMAGE_REL_BASED_ABSOLUTE      EQU   0
  3. IMAGE_REL_BASED_HIGH          EQU   1
  4. IMAGE_REL_BASED_LOW           EQU   2
  5. IMAGE_REL_BASED_HIGHLOW       EQU   3
  6. IMAGE_REL_BASED_HIGHADJ       EQU   4
  7. IMAGE_REL_BASED_MIPS_JMPADDR  EQU   5
  8.  
  9. IMAGE_RELOCATION_DATA   RECORD      {
  10.     RD_RelocType        :4
  11.     RD_RelocOffset      :12
  12. }
  13.  
  14. IMAGE_BASE_RELOCATION   STRUC
  15.     BR_VirtualAddress   DD    ?
  16.     BR_SizeOfBlock      DD    ?
  17. ;   BR_TypeOffset       IMAGE_RELOCATION_DATA 1 DUP (?)   ; Array of zero or more relocations (type + RVAs)
  18. IMAGE_BASE_RELOCATION   ENDS
  19.  
  20. IMAGE_SIZEOF_BASE_RELOCATION  EQU   SIZE  IMAGE_BASE_RELOCATION   ; 8
  21.  
  22. IMAGE_IMPORT_BY_NAME    STRUC
  23.     IBN_Hint            DW    ?
  24.     IBN_Name            DB    1 DUP (?)   ; ASCIIZ function name (variable size)
  25. IMAGE_IMPORT_BY_NAME    ENDS
  26.  
  27. IMAGE_ORDINAL_FLAG      EQU   80000000h
  28.  
  29. IMAGE_THUNK_DATA        STRUC
  30.                         UNION
  31.     TD_AddressOfData    DD    IMAGE_IMPORT_BY_NAME PTR ?    ; Ptr to IMAGE_IMPORT_BY_NAME structure
  32.     TD_Ordinal          DD    ?                             ; Ordinal ORed with IMAGE_ORDINAL_FLAG
  33.     TD_Function         DD    BYTE PTR ?  ; CODE PTR        ; Ptr to function (i.e. Function address after program load)
  34.     TD_ForwarderString  DD    BYTE PTR ?                    ; Ptr to a forwarded API function.
  35.                         ENDS
  36. IMAGE_THUNK_DATA        ENDS
  37.  
  38. ; ──┤ Import format ├────────────────────────────────────────────────────────
  39.  
  40. IMAGE_IMPORT_DESCRIPTOR       STRUC
  41.                               UNION
  42.     ID_Characteristics        DD    ?                       ; 0 for terminating null import descriptor
  43.     ID_OriginalFirstThunk     DD    IMAGE_THUNK_DATA PTR ?  ; RVA to original unbound IAT
  44.                               ENDS
  45.     ID_TimeDateStamp          DD    ?     ; 0 if not bound,
  46.                                           ; -1 if bound, and real date\time stamp
  47.                                           ;     in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
  48.                                           ; O.W. date/time stamp of DLL bound to (Old BIND)
  49.     ID_ForwarderChain         DD    ?           ; -1 if no forwarders
  50.     ID_Name                   DD    BYTE PTR ?              ; RVA to name of imported DLL
  51.     ID_FirstThunk             DD    IMAGE_THUNK_DATA PTR ?  ; RVA to IAT (if bound this IAT has actual addresses)
  52. IMAGE_IMPORT_DESCRIPTOR       ENDS
  53.  
  54. IMAGE_SIZEOF_IMPORT_DESCRIPTOR      EQU   SIZE IMAGE_IMPORT_DESCRIPTOR
  55.  
  56. ; ──┤ Export format ├────────────────────────────────────────────────────────
  57.  
  58. IMAGE_EXPORT_DIRECTORY        STRUC
  59.     ED_Characteristics        DD    ?
  60.     ED_TimeDateStamp          DD    ?
  61.     ED_MajorVersion           DW    ?
  62.     ED_MinorVersion           DW    ?
  63.     ED_Name                   DD    BYTE PTR ?  ; Ptr to name of exported DLL
  64.                               UNION
  65.     ED_Base                   DD    ?
  66.     ED_BaseOrdinal            DD    ?
  67.                               ENDS
  68.     ED_NumberOfFunctions      DD    ?
  69.                               UNION
  70.     ED_NumberOfNames          DD    ?
  71.     ED_NumberOfOrdinals       DD    ?
  72.                               ENDS
  73.     ED_AddressOfFunctions     DD    DWORD PTR ? ; Ptr to array of function addresses
  74.     ED_AddressOfNames         DD    DWORD PTR ? ; Ptr to array of (function) name addresses
  75.                               UNION
  76.     ED_AddressOfNameOrdinals  DD    WORD PTR ?  ; Ptr to array of ordinals
  77.     ED_AddressOfOrdinals      DD    WORD PTR ?  ;
  78.                               ENDS
  79. IMAGE_EXPORT_DIRECTORY        ENDS
  80.  
  81. IMAGE_SIZEOF_EXPORT_DIRECTORY EQU   SIZE IMAGE_EXPORT_DIRECTORY
  82.  
  83. ; ──┤ SH_Characteristics valuez ├────────────────────────────────────────────
  84.  
  85. ;MAGE_SCN_TYPE_REG               EQU  00000000h ; Reserved
  86. ;MAGE_SCN_TYPE_REGULAR           EQU  00000000h ; Reserved
  87. ;MAGE_SCN_TYPE_DSECT             EQU  00000001h ; Reserved
  88. ;MAGE_SCN_TYPE_DUMMY             EQU  00000001h ; Reserved
  89. ;MAGE_SCN_TYPE_NOLOAD            EQU  00000002h ; Reserved
  90. ;MAGE_SCN_TYPE_NO_LOAD           EQU  00000002h ; Reserved
  91. ;MAGE_SCN_TYPE_GROUP             EQU  00000004h ; Reserved. Used for 16-bit offset code
  92. ;MAGE_SCN_TYPE_GROUPED           EQU  00000004h ; Reserved. Used for 16-bit offset code
  93. IMAGE_SCN_TYPE_NO_PAD            EQU  00000008h ; Reserved
  94. ;MAGE_SCN_TYPE_COPY              EQU  00000010h ; Reserved
  95. IMAGE_SCN_CNT_CODE               EQU  00000020h ; Section contains code.
  96. IMAGE_SCN_CNT_INITIALIZED_DATA   EQU  00000040h ; Section contains initialized data.
  97. IMAGE_SCN_CNT_UNINITIALIZED_DATA EQU  00000080h ; Section contains uninitialized data.
  98. IMAGE_SCN_LNK_OTHER              EQU  00000100h ; Reserved.
  99. IMAGE_SCN_LNK_INFO               EQU  00000200h ; Section contains comments or some other type of information.
  100. ;MAGE_SCN_TYPE_OVER              EQU  00000400h ; Reserved. Section contains an overlay.
  101. ;MAGE_SCN_LNK_OVERLAY            EQU  00000400h ; Reserved. Section contains an overlay.
  102. IMAGE_SCN_LNK_REMOVE             EQU  00000800h ; Section contents will not become part of image.
  103. IMAGE_SCN_LNK_COMDAT             EQU  00001000h ; Section contents comdat.
  104. ;                                EQU  00002000h ; Reserved.
  105. ;MAGE_SCN_MEM_PROTECTED          EQU  00004000h ; Obsolete.
  106. IMAGE_SCN_MEM_FARDATA            EQU  00008000h
  107. ;MAGE_SCN_MEM_SYSHEAP            EQU  00010000h ; Obsolete.
  108. IMAGE_SCN_MEM_PURGEABLE          EQU  00020000h
  109. IMAGE_SCN_MEM_16BIT              EQU  00020000h
  110. IMAGE_SCN_MEM_LOCKED             EQU  00040000h
  111. IMAGE_SCN_MEM_PRELOAD            EQU  00080000h
  112. IMAGE_SCN_ALIGN_1BYTES           EQU  00100000h
  113. IMAGE_SCN_ALIGN_2BYTES           EQU  00200000h
  114. IMAGE_SCN_ALIGN_4BYTES           EQU  00300000h
  115. IMAGE_SCN_ALIGN_8BYTES           EQU  00400000h
  116. IMAGE_SCN_ALIGN_16BYTES          EQU  00500000h ; Default alignment if no others are specified.
  117. IMAGE_SCN_ALIGN_32BYTES          EQU  00600000h
  118. IMAGE_SCN_ALIGN_64BYTES          EQU  00700000h
  119. ;                                EQU  00800000h ; Unused.
  120. IMAGE_SCN_LNK_NRELOC_OVFL        EQU  01000000h ; Section contains extended relocations.
  121. IMAGE_SCN_MEM_DISCARDABLE        EQU  02000000h ; Section can be discarded.
  122. IMAGE_SCN_MEM_NOT_CACHED         EQU  04000000h ; Section is not cachable.
  123. IMAGE_SCN_MEM_NOT_PAGED          EQU  08000000h ; Section is not pageable.
  124. IMAGE_SCN_MEM_SHARED             EQU  10000000h ; Section is shareable.
  125. IMAGE_SCN_MEM_EXECUTE            EQU  20000000h ; Section is executable.
  126. IMAGE_SCN_MEM_READ               EQU  40000000h ; Section is readable.
  127. IMAGE_SCN_MEM_WRITE              EQU  80000000h ; Section is writeable.
  128.  
  129. IMAGE_SIZEOF_SHORT_NAME          EQU  8
  130.  
  131. ; ──┤ Section header format ├────────────────────────────────────────────────
  132.  
  133. IMAGE_SECTION_HEADER          STRUC
  134.     SH_Name                   DB    IMAGE_SIZEOF_SHORT_NAME DUP (?)
  135.                               UNION
  136.     SH_PhysicalAddress        DD    BYTE PTR ?
  137.     SH_VirtualSize            DD    ?
  138.                               ENDS
  139.     SH_VirtualAddress         DD    BYTE PTR ?
  140.     SH_SizeOfRawData          DD    ?
  141.     SH_PointerToRawData       DD    BYTE PTR ?
  142.     SH_PointerToRelocations   DD    BYTE PTR ?
  143.     SH_PointerToLinenumbers   DD    BYTE PTR ?
  144.     SH_NumberOfRelocations    DW    ?
  145.     SH_NumberOfLinenumbers    DW    ?
  146.     SH_Characteristics        DD    ?
  147. IMAGE_SECTION_HEADER          ENDS
  148.  
  149. IMAGE_SIZEOF_SECTION_HEADER   EQU   SIZE IMAGE_SECTION_HEADER
  150.  
  151. ; ──┤ OH_DataDirectory index valuez ├────────────────────────────────────────
  152.  
  153. IMAGE_DIRECTORY_ENTRY_EXPORT        EQU   0     ; Export Directory
  154. IMAGE_DIRECTORY_ENTRY_IMPORT        EQU   1     ; Import Directory
  155. IMAGE_DIRECTORY_ENTRY_RESOURCE      EQU   2     ; Resource Directory
  156. IMAGE_DIRECTORY_ENTRY_EXCEPTION     EQU   3     ; Exception Directory
  157. IMAGE_DIRECTORY_ENTRY_SECURITY      EQU   4     ; Security Directory
  158. IMAGE_DIRECTORY_ENTRY_BASERELOC     EQU   5     ; Base Relocation Table
  159. IMAGE_DIRECTORY_ENTRY_DEBUG         EQU   6     ; Debug Directory
  160. IMAGE_DIRECTORY_ENTRY_COPYRIGHT     EQU   7     ; Description String
  161. IMAGE