+ 117
- 54

PEHeaders.h
View File
@@ -1,19 +1,65 @@ | |||

#ifndef PEHEADERS_H | |||

#define PEHEADERS_H | |||

/* VirtualAddress -- RVA | |||

* VA = ImageBase + VA | |||

* rawSection -- Offset to section from start of file | |||

* sectionRVA -- RVA from section | |||

* RAW = RVA - sectionRVA + rawSection; | |||

*/ | |||

#pragma pack(push, 1) | |||

namespace PEHeaders { | |||

struct File | |||

{ | |||

unsigned short Machine; | |||

unsigned short NumberOfSections; | |||

unsigned int TimeDateStamp; | |||

unsigned int PointerToSymbolTable; | |||

unsigned int NumberOfSymbols; | |||

unsigned short SizeOfOptionalHeader; | |||

unsigned short Characteristics; | |||

unsigned short Machine; | |||

unsigned short NumberOfSections; | |||

unsigned int TimeDateStamp; | |||

unsigned int PointerToSymbolTable; | |||

unsigned int NumberOfSymbols; | |||

unsigned short SizeOfOptionalHeader; | |||

unsigned short Characteristics; | |||

}; | |||

namespace Tables{ | |||

struct Export{ | |||

unsigned int Characteristics; | |||

unsigned int TimeDateStamp; | |||

unsigned short MajorVersion; | |||

unsigned short MinorVersion; | |||

unsigned int Name; | |||

unsigned int Base; | |||

unsigned int NumberOfFunctions; | |||

unsigned int NumberOfNames; | |||

unsigned int AddressOfFunctions; | |||

unsigned int AddressOfNames; | |||

unsigned int AddressOfNameOrdinals; | |||

}; | |||

namespace Import{ | |||

struct Base{ | |||

union { | |||

unsigned int Characteristics; | |||

unsigned int OriginalFirstThunk; | |||

}; | |||

unsigned int TimeDateStamp; | |||

unsigned int ForwarderChain; | |||

unsigned int Name; | |||

unsigned int FirstThunk; | |||

}; | |||

struct Thunk32{ | |||

union { | |||

unsigned int ForwarderString; | |||

unsigned int Function; | |||

unsigned int Ordinal; | |||

unsigned int AddressOfData; | |||

}; | |||

}; | |||

struct ImportByName{ | |||

unsigned short Hint; | |||

unsigned char Name[1]; | |||

}; | |||

} | |||

} | |||

enum eImageData{ | |||

eID_export, | |||

eID_import, | |||

@@ -32,62 +78,79 @@ namespace PEHeaders { | |||

eID_com_descriptor | |||

}; | |||

struct ImageData{ | |||

unsigned int VirtualAddress; | |||

unsigned int size; | |||

unsigned int VirtualAddress; | |||

unsigned int size; | |||

}; | |||

struct Optional{ | |||

unsigned short Magic; | |||

unsigned char MajorLinkerVersion; | |||

unsigned char MinorLinkerVersion; | |||

unsigned int SizeOfCode; | |||

unsigned int SizeOfInitializedData; | |||

unsigned int SizeOfUninitializedData; | |||

unsigned int AddressOfEntryPoint; | |||

unsigned int BaseOfCode; | |||

unsigned int BaseOfData; | |||

unsigned int ImageBase; | |||

unsigned int SectionAlignment; | |||

unsigned int FileAlignment; | |||

unsigned short MajorOperatingSystemVersion; | |||

unsigned short MinorOperatingSystemVersion; | |||

unsigned short MajorImageVersion; | |||

unsigned short MinorImageVersion; | |||

unsigned short MajorSubsystemVersion; | |||

unsigned short MinorSubsystemVersion; | |||

unsigned int Win32VersionValue; | |||

unsigned int SizeOfImage; | |||

unsigned int SizeOfHeaders; | |||

unsigned int CheckSum; | |||

unsigned short Subsystem; // 2 -- GUI, 3 -- console | |||

unsigned short DllCharacteristics; | |||

unsigned int SizeOfStackReserve; | |||

unsigned int SizeOfStackCommit; | |||

unsigned int SizeOfHeapReserve; | |||

unsigned int SizeOfHeapCommit; | |||

unsigned int LoaderFlags; | |||

unsigned int NumberOfRvaAndSizes; //const 16 | |||

ImageData DataDirectory[16]; // eImageData | |||

unsigned short Magic; | |||

unsigned char MajorLinkerVersion; | |||

unsigned char MinorLinkerVersion; | |||

unsigned int SizeOfCode; | |||

unsigned int SizeOfInitializedData; | |||

unsigned int SizeOfUninitializedData; | |||

unsigned int AddressOfEntryPoint; | |||

unsigned int BaseOfCode; | |||

unsigned int BaseOfData; | |||

unsigned int ImageBase; | |||

unsigned int SectionAlignment; | |||

unsigned int FileAlignment; | |||

unsigned short MajorOperatingSystemVersion; | |||

unsigned short MinorOperatingSystemVersion; | |||

unsigned short MajorImageVersion; | |||

unsigned short MinorImageVersion; | |||

unsigned short MajorSubsystemVersion; | |||

unsigned short MinorSubsystemVersion; | |||

unsigned int Win32VersionValue; | |||

unsigned int SizeOfImage; | |||

unsigned int SizeOfHeaders; | |||

unsigned int CheckSum; | |||

unsigned short Subsystem; | |||

unsigned short DllCharacteristics; | |||

unsigned int SizeOfStackReserve; | |||

unsigned int SizeOfStackCommit; | |||

unsigned int SizeOfHeapReserve; | |||

unsigned int SizeOfHeapCommit; | |||

unsigned int LoaderFlags; | |||

unsigned int NumberOfRvaAndSizes; //const 16 | |||

ImageData DataDirectory[16]; // eImageData | |||

}; | |||

struct Section | |||

{ | |||

unsigned char Name[8]; | |||

unsigned char Name[8]; | |||

union { | |||

unsigned int PhysicalAddress; | |||

unsigned int VirtualSize; | |||

unsigned int PhysicalAddress; | |||

unsigned int VirtualSize; | |||

}; | |||

unsigned int VirtualAddress; | |||

unsigned int SizeOfRawData; | |||

unsigned int PointerToRawData; | |||

unsigned int PointerToRelocations; | |||

unsigned int PointerToLinenumbers; | |||

unsigned short NumberOfRelocations; | |||

unsigned short NumberOfLinenumbers; | |||

unsigned int Characteristics; | |||

unsigned int VirtualAddress; | |||

unsigned int SizeOfRawData; | |||

unsigned int PointerToRawData; | |||

unsigned int PointerToRelocations; | |||

unsigned int PointerToLinenumbers; | |||

unsigned short NumberOfRelocations; | |||

unsigned short NumberOfLinenumbers; | |||

unsigned int Characteristics; | |||

bool isRVAInSection(unsigned int rva, int /* from Optional */ SectionAlignment) | |||

{ | |||

auto ALIGN = [](unsigned int x, unsigned int align){ | |||

return (x & (align-1))?(x & ~(align-1))+align:x; | |||

}; | |||

unsigned int start = VirtualAddress; | |||

unsigned int end = start + ALIGN(VirtualSize, SectionAlignment); | |||

if(rva >= start && rva < end) | |||

return true; | |||

return false; | |||

} | |||

unsigned int RVA2Offset(unsigned int RVA, int /* from Optional */ SectionAlignment){ | |||

if (!isRVAInSection(RVA, SectionAlignment)) | |||

return 0; | |||

return RVA - VirtualAddress + PointerToRawData; | |||

} | |||

}; | |||

struct Base{ | |||

unsigned int signature; | |||

File file; | |||

Optional optional; | |||

unsigned int signature; | |||

File file; | |||

Optional optional; | |||

}; | |||

} | |||

Loading…