Browse Source

Обновлены хидеры PE

master
Тим 10 months ago
parent
commit
ee1cbd4cb3
1 changed files with 117 additions and 54 deletions
  1. 117
    54
      PEHeaders.h

+ 117
- 54
PEHeaders.h View File

@@ -1,19 +1,65 @@
#ifndef PEHEADERS_H
#define PEHEADERS_H

/* VirtualAddress -- RVA
* VA = ImageBase + VA
* rawSection -- Offset to section from start of file
* sectionRVA -- RVA from section
* RAW = RVA - sectionRVA + rawSection;
*/

#pragma pack(push, 1)

namespace PEHeaders {
struct File
{
unsigned short Machine;
unsigned short NumberOfSections;
unsigned int TimeDateStamp;
unsigned int PointerToSymbolTable;
unsigned int NumberOfSymbols;
unsigned short SizeOfOptionalHeader;
unsigned short Characteristics;
unsigned short Machine;
unsigned short NumberOfSections;
unsigned int TimeDateStamp;
unsigned int PointerToSymbolTable;
unsigned int NumberOfSymbols;
unsigned short SizeOfOptionalHeader;
unsigned short Characteristics;
};
namespace Tables{
struct Export{
unsigned int Characteristics;
unsigned int TimeDateStamp;
unsigned short MajorVersion;
unsigned short MinorVersion;
unsigned int Name;
unsigned int Base;
unsigned int NumberOfFunctions;
unsigned int NumberOfNames;
unsigned int AddressOfFunctions;
unsigned int AddressOfNames;
unsigned int AddressOfNameOrdinals;
};
namespace Import{
struct Base{
union {
unsigned int Characteristics;
unsigned int OriginalFirstThunk;
};
unsigned int TimeDateStamp;
unsigned int ForwarderChain;
unsigned int Name;
unsigned int FirstThunk;
};
struct Thunk32{
union {
unsigned int ForwarderString;
unsigned int Function;
unsigned int Ordinal;
unsigned int AddressOfData;
};
};
struct ImportByName{
unsigned short Hint;
unsigned char Name[1];
};
}
}
enum eImageData{
eID_export,
eID_import,
@@ -32,62 +78,79 @@ namespace PEHeaders {
eID_com_descriptor
};
struct ImageData{
unsigned int VirtualAddress;
unsigned int size;
unsigned int VirtualAddress;
unsigned int size;
};
struct Optional{
unsigned short Magic;
unsigned char MajorLinkerVersion;
unsigned char MinorLinkerVersion;
unsigned int SizeOfCode;
unsigned int SizeOfInitializedData;
unsigned int SizeOfUninitializedData;
unsigned int AddressOfEntryPoint;
unsigned int BaseOfCode;
unsigned int BaseOfData;
unsigned int ImageBase;
unsigned int SectionAlignment;
unsigned int FileAlignment;
unsigned short MajorOperatingSystemVersion;
unsigned short MinorOperatingSystemVersion;
unsigned short MajorImageVersion;
unsigned short MinorImageVersion;
unsigned short MajorSubsystemVersion;
unsigned short MinorSubsystemVersion;
unsigned int Win32VersionValue;
unsigned int SizeOfImage;
unsigned int SizeOfHeaders;
unsigned int CheckSum;
unsigned short Subsystem; // 2 -- GUI, 3 -- console
unsigned short DllCharacteristics;
unsigned int SizeOfStackReserve;
unsigned int SizeOfStackCommit;
unsigned int SizeOfHeapReserve;
unsigned int SizeOfHeapCommit;
unsigned int LoaderFlags;
unsigned int NumberOfRvaAndSizes; //const 16
ImageData DataDirectory[16]; // eImageData
unsigned short Magic;
unsigned char MajorLinkerVersion;
unsigned char MinorLinkerVersion;
unsigned int SizeOfCode;
unsigned int SizeOfInitializedData;
unsigned int SizeOfUninitializedData;
unsigned int AddressOfEntryPoint;
unsigned int BaseOfCode;
unsigned int BaseOfData;
unsigned int ImageBase;
unsigned int SectionAlignment;
unsigned int FileAlignment;
unsigned short MajorOperatingSystemVersion;
unsigned short MinorOperatingSystemVersion;
unsigned short MajorImageVersion;
unsigned short MinorImageVersion;
unsigned short MajorSubsystemVersion;
unsigned short MinorSubsystemVersion;
unsigned int Win32VersionValue;
unsigned int SizeOfImage;
unsigned int SizeOfHeaders;
unsigned int CheckSum;
unsigned short Subsystem;
unsigned short DllCharacteristics;
unsigned int SizeOfStackReserve;
unsigned int SizeOfStackCommit;
unsigned int SizeOfHeapReserve;
unsigned int SizeOfHeapCommit;
unsigned int LoaderFlags;
unsigned int NumberOfRvaAndSizes; //const 16
ImageData DataDirectory[16]; // eImageData
};
struct Section
{
unsigned char Name[8];
unsigned char Name[8];
union {
unsigned int PhysicalAddress;
unsigned int VirtualSize;
unsigned int PhysicalAddress;
unsigned int VirtualSize;
};
unsigned int VirtualAddress;
unsigned int SizeOfRawData;
unsigned int PointerToRawData;
unsigned int PointerToRelocations;
unsigned int PointerToLinenumbers;
unsigned short NumberOfRelocations;
unsigned short NumberOfLinenumbers;
unsigned int Characteristics;
unsigned int VirtualAddress;
unsigned int SizeOfRawData;
unsigned int PointerToRawData;
unsigned int PointerToRelocations;
unsigned int PointerToLinenumbers;
unsigned short NumberOfRelocations;
unsigned short NumberOfLinenumbers;
unsigned int Characteristics;
bool isRVAInSection(unsigned int rva, int /* from Optional */ SectionAlignment)
{
auto ALIGN = [](unsigned int x, unsigned int align){
return (x & (align-1))?(x & ~(align-1))+align:x;
};
unsigned int start = VirtualAddress;
unsigned int end = start + ALIGN(VirtualSize, SectionAlignment);

if(rva >= start && rva < end)
return true;
return false;
}
unsigned int RVA2Offset(unsigned int RVA, int /* from Optional */ SectionAlignment){
if (!isRVAInSection(RVA, SectionAlignment))
return 0;
return RVA - VirtualAddress + PointerToRawData;
}
};
struct Base{
unsigned int signature;
File file;
Optional optional;
unsigned int signature;
File file;
Optional optional;
};
}


Loading…
Cancel
Save