PE格式
程序员文章站
2022-06-17 14:52:43
...
struct IMAGE_DOS_HEADER{
WORD MZSignature,
WORD UsedBytesInThrLastPage,
WORD FileSizeInPages,
WORD NumberOfRelocationItems,
WORD HeaderSizeInParagraphs,
WORD MinimumExtraParagraphs,
WORD MaximumExtraParagraphs,
WORD InitialRelativeSS,
WORD InitialISP,
WORD Checksum,
WORD InitialIP,
WORD InitialRelativeCS,
WORD AddressOfRelocationTable,
WORD OverlayNumber,
WORD Reserved[4],
WORD OEMid,
WORD OEMinfo,
WORD Reserved2[10],
LONG AddressOfNewExeHeader
};
struct IMAGE_DOS_STUB DosStub{
UCHAR Data[64];
struct RICH_HEADER_ENTRY Entry[9]{
struct RICH_HEADER_ENTRY Entry[0~8]{
DWORD IdVersion;
DWORD Count;
};
DWORD EndMarker;
DWORD XorKey;
};
};
struct IMAGE_NT_HEADERS NtHeader{
DWORD Signature;
struct IMAGE_FILE_HEADER FileHeader{
enum IMAGE_MACHINE Machine;//machine_bits
WORD NumberOfSections;
time_t TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymnols;
WORD SizeOfOptionalHeader;
struct FILE_CHARATERISTICS Characteristics{
WORD IMAGE_FILE_RELOCS_STRIPPED;
WORD IMAGE_FILE_EXECUTABLE_IMAGE;
WORD IMAGE_FILE_LINE_NUMS_STRIPPED;
WORD IMAGE_FILE_LOCAL_SYMS_STRIPPED;
WORD IMAGE_FILE_AGGRESIVE)WS_TRIM;
WORD IMAGE_FILE_LARGE_ADDRESS_AWARE;
WORD IMAGE_FILE_BYTES_REVERSED_LO;
WORD IMAGE_FILE_32BIT_MACHINE;
WORD IMAGE_FILE_DEBUG_STRIPPED;
WORD IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP;
WORD IMAGE_FILE_NET_RUN_FROM_SWAP;
WORD IMAGE_FILE_SYSTEM;
WORD IMAGE_FILE_DLL;
WORD IMAGE_FILE_UP_SYSTEM_ONLY;
WORD IMAGE_FILE_BYTES_REVERSED_HI;
};
};
struct IMAGE_OPTIONAL_HEADER64 OptionalHeader{
enum OPTIONAL_MAGIC Magic;//bits
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfInitializeData;
DWORD SizeOfUninitializeData;
DWORD AddressOfEntrypoint;
DWORD BaseOfCode;
ULONGLONG ImageBase;
DWORD SectionAlignment;
WORD FileAlignment;
WORD MajoroperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
enum IMAGE_SUBSYSTEM Subsystem;//care
struct DLL_CHARACTERISTICS DllCharacteristics{
ULONGLONG SizeOfStackReserve;
ULONGLONG SizeOfStackCommit;
ULONGLONG SizeOfHeapReserve;
ULONGLONG SizeOfHeapCommit;
DWORD LoadFlags;
DWORD NumberOfRvaAndSizes;
};
struct IMAGE_DATA_DIRECTORY_ARRAY DataDirArray{
struct IMAGE_DATA_DIRECTORY Export{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY Import{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY Resource{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY Exception{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY Security{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY BaseRelocationTable{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY DebugDirectory{
DWORD VirtualAddress;
DWORD Size;
};struct IMAGE_DATA_DIRECTORY CopyrightOrArchitectureSpecificData{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY GlobalPtr{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY TLSDirectory{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY LoadConfigurationDirectory{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY BoundImportDirectory{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY ImportAddressTable{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY DelayLoadImportDescriptors{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY COMRuntimedescriptors{
DWORD VirtualAddress;
DWORD Size;
};
struct IMAGE_DATA_DIRECTORY Reserved{
DWORD VirtualAddress;
DWORD Size;
};
};
};
};
struct IMAGE_SECTION_HEADER SectionHeaders[1]{
struct IMAGE_SECTION_HEADER SectionHeaders[0]{
BYTE Name[8];//.text
union Misc{
DWORD PhysicalAddress;
DWORD VirtualSize;
};
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
};
};