summaryrefslogtreecommitdiffstats
path: root/public/sdk/inc/ntimage.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--public/sdk/inc/ntimage.h1160
1 files changed, 1160 insertions, 0 deletions
diff --git a/public/sdk/inc/ntimage.h b/public/sdk/inc/ntimage.h
new file mode 100644
index 000000000..00fe8da29
--- /dev/null
+++ b/public/sdk/inc/ntimage.h
@@ -0,0 +1,1160 @@
+/*++ BUILD Version: 0004 // Increment this if a change has global effects
+
+Copyright (c) 1989-1993 Microsoft Corporation
+
+Module Name:
+
+ ntimage.h
+
+Abstract:
+
+ This is the include file that describes all image structures.
+
+Author:
+
+ Mike O'Leary (mikeol) 21-Mar-1991
+
+Revision History:
+
+--*/
+
+#ifndef _NTIMAGE_
+#define _NTIMAGE_
+
+//
+// Define the linker version number. This is temporary to aid
+// in debugging with people trying to load images built with
+// an older linker. This is not required in the final product.
+//
+
+#define IMAGE_MAJOR_LINKER_VERSION 2
+
+// begin_winnt
+
+
+//
+// Image Format
+//
+
+#include "pshpack4.h" // 4 byte packing is the default
+
+#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
+#define IMAGE_OS2_SIGNATURE 0x454E // NE
+#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
+#define IMAGE_VXD_SIGNATURE 0x454C // LE
+#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
+
+#include "pshpack2.h" // 16 bit headers are 2 byte packed
+
+typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
+ USHORT e_magic; // Magic number
+ USHORT e_cblp; // Bytes on last page of file
+ USHORT e_cp; // Pages in file
+ USHORT e_crlc; // Relocations
+ USHORT e_cparhdr; // Size of header in paragraphs
+ USHORT e_minalloc; // Minimum extra paragraphs needed
+ USHORT e_maxalloc; // Maximum extra paragraphs needed
+ USHORT e_ss; // Initial (relative) SS value
+ USHORT e_sp; // Initial SP value
+ USHORT e_csum; // Checksum
+ USHORT e_ip; // Initial IP value
+ USHORT e_cs; // Initial (relative) CS value
+ USHORT e_lfarlc; // File address of relocation table
+ USHORT e_ovno; // Overlay number
+ USHORT e_res[4]; // Reserved words
+ USHORT e_oemid; // OEM identifier (for e_oeminfo)
+ USHORT e_oeminfo; // OEM information; e_oemid specific
+ USHORT e_res2[10]; // Reserved words
+ LONG e_lfanew; // File address of new exe header
+ } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
+
+typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header
+ USHORT ne_magic; // Magic number
+ CHAR ne_ver; // Version number
+ CHAR ne_rev; // Revision number
+ USHORT ne_enttab; // Offset of Entry Table
+ USHORT ne_cbenttab; // Number of bytes in Entry Table
+ LONG ne_crc; // Checksum of whole file
+ USHORT ne_flags; // Flag word
+ USHORT ne_autodata; // Automatic data segment number
+ USHORT ne_heap; // Initial heap allocation
+ USHORT ne_stack; // Initial stack allocation
+ LONG ne_csip; // Initial CS:IP setting
+ LONG ne_sssp; // Initial SS:SP setting
+ USHORT ne_cseg; // Count of file segments
+ USHORT ne_cmod; // Entries in Module Reference Table
+ USHORT ne_cbnrestab; // Size of non-resident name table
+ USHORT ne_segtab; // Offset of Segment Table
+ USHORT ne_rsrctab; // Offset of Resource Table
+ USHORT ne_restab; // Offset of resident name table
+ USHORT ne_modtab; // Offset of Module Reference Table
+ USHORT ne_imptab; // Offset of Imported Names Table
+ LONG ne_nrestab; // Offset of Non-resident Names Table
+ USHORT ne_cmovent; // Count of movable entries
+ USHORT ne_align; // Segment alignment shift count
+ USHORT ne_cres; // Count of resource segments
+ UCHAR ne_exetyp; // Target Operating system
+ UCHAR ne_flagsothers; // Other .EXE flags
+ USHORT ne_pretthunks; // offset to return thunks
+ USHORT ne_psegrefbytes; // offset to segment ref. bytes
+ USHORT ne_swaparea; // Minimum code swap area size
+ USHORT ne_expver; // Expected Windows version number
+ } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;
+
+typedef struct _IMAGE_VXD_HEADER { // Windows VXD header
+ USHORT e32_magic; // Magic number
+ UCHAR e32_border; // The byte ordering for the VXD
+ UCHAR e32_worder; // The word ordering for the VXD
+ ULONG e32_level; // The EXE format level for now = 0
+ USHORT e32_cpu; // The CPU type
+ USHORT e32_os; // The OS type
+ ULONG e32_ver; // Module version
+ ULONG e32_mflags; // Module flags
+ ULONG e32_mpages; // Module # pages
+ ULONG e32_startobj; // Object # for instruction pointer
+ ULONG e32_eip; // Extended instruction pointer
+ ULONG e32_stackobj; // Object # for stack pointer
+ ULONG e32_esp; // Extended stack pointer
+ ULONG e32_pagesize; // VXD page size
+ ULONG e32_lastpagesize; // Last page size in VXD
+ ULONG e32_fixupsize; // Fixup section size
+ ULONG e32_fixupsum; // Fixup section checksum
+ ULONG e32_ldrsize; // Loader section size
+ ULONG e32_ldrsum; // Loader section checksum
+ ULONG e32_objtab; // Object table offset
+ ULONG e32_objcnt; // Number of objects in module
+ ULONG e32_objmap; // Object page map offset
+ ULONG e32_itermap; // Object iterated data map offset
+ ULONG e32_rsrctab; // Offset of Resource Table
+ ULONG e32_rsrccnt; // Number of resource entries
+ ULONG e32_restab; // Offset of resident name table
+ ULONG e32_enttab; // Offset of Entry Table
+ ULONG e32_dirtab; // Offset of Module Directive Table
+ ULONG e32_dircnt; // Number of module directives
+ ULONG e32_fpagetab; // Offset of Fixup Page Table
+ ULONG e32_frectab; // Offset of Fixup Record Table
+ ULONG e32_impmod; // Offset of Import Module Name Table
+ ULONG e32_impmodcnt; // Number of entries in Import Module Name Table
+ ULONG e32_impproc; // Offset of Import Procedure Name Table
+ ULONG e32_pagesum; // Offset of Per-Page Checksum Table
+ ULONG e32_datapage; // Offset of Enumerated Data Pages
+ ULONG e32_preload; // Number of preload pages
+ ULONG e32_nrestab; // Offset of Non-resident Names Table
+ ULONG e32_cbnrestab; // Size of Non-resident Name Table
+ ULONG e32_nressum; // Non-resident Name Table Checksum
+ ULONG e32_autodata; // Object # for automatic data object
+ ULONG e32_debuginfo; // Offset of the debugging information
+ ULONG e32_debuglen; // The length of the debugging info. in bytes
+ ULONG e32_instpreload; // Number of instance pages in preload section of VXD file
+ ULONG e32_instdemand; // Number of instance pages in demand load section of VXD file
+ ULONG e32_heapsize; // Size of heap - for 16-bit apps
+ UCHAR e32_res3[12]; // Reserved words
+ ULONG e32_winresoff;
+ ULONG e32_winreslen;
+ USHORT e32_devid; // Device ID for VxD
+ USHORT e32_ddkver; // DDK version for VxD
+ } IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER;
+
+#include "poppack.h" // Back to 4 byte packing
+
+//
+// File header format.
+//
+
+typedef struct _IMAGE_FILE_HEADER {
+ USHORT Machine;
+ USHORT NumberOfSections;
+ ULONG TimeDateStamp;
+ ULONG PointerToSymbolTable;
+ ULONG NumberOfSymbols;
+ USHORT SizeOfOptionalHeader;
+ USHORT Characteristics;
+} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
+
+#define IMAGE_SIZEOF_FILE_HEADER 20
+
+#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
+#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
+#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
+#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
+#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set
+#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
+#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
+#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
+#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
+#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
+#define IMAGE_FILE_SYSTEM 0x1000 // System File.
+#define IMAGE_FILE_DLL 0x2000 // File is a DLL.
+#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
+#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
+
+#define IMAGE_FILE_MACHINE_UNKNOWN 0
+#define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386.
+#define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian
+#define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian
+#define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian
+#define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP
+#define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian
+
+//
+// Directory format.
+//
+
+typedef struct _IMAGE_DATA_DIRECTORY {
+ ULONG VirtualAddress;
+ ULONG Size;
+} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
+
+#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
+
+//
+// Optional header format.
+//
+
+typedef struct _IMAGE_OPTIONAL_HEADER {
+ //
+ // Standard fields.
+ //
+
+ USHORT Magic;
+ UCHAR MajorLinkerVersion;
+ UCHAR MinorLinkerVersion;
+ ULONG SizeOfCode;
+ ULONG SizeOfInitializedData;
+ ULONG SizeOfUninitializedData;
+ ULONG AddressOfEntryPoint;
+ ULONG BaseOfCode;
+ ULONG BaseOfData;
+
+ //
+ // NT additional fields.
+ //
+
+ ULONG ImageBase;
+ ULONG SectionAlignment;
+ ULONG FileAlignment;
+ USHORT MajorOperatingSystemVersion;
+ USHORT MinorOperatingSystemVersion;
+ USHORT MajorImageVersion;
+ USHORT MinorImageVersion;
+ USHORT MajorSubsystemVersion;
+ USHORT MinorSubsystemVersion;
+ ULONG Win32VersionValue;
+ ULONG SizeOfImage;
+ ULONG SizeOfHeaders;
+ ULONG CheckSum;
+ USHORT Subsystem;
+ USHORT DllCharacteristics;
+ ULONG SizeOfStackReserve;
+ ULONG SizeOfStackCommit;
+ ULONG SizeOfHeapReserve;
+ ULONG SizeOfHeapCommit;
+ ULONG LoaderFlags;
+ ULONG NumberOfRvaAndSizes;
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
+} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
+
+typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
+ USHORT Magic;
+ UCHAR MajorLinkerVersion;
+ UCHAR MinorLinkerVersion;
+ ULONG SizeOfCode;
+ ULONG SizeOfInitializedData;
+ ULONG SizeOfUninitializedData;
+ ULONG AddressOfEntryPoint;
+ ULONG BaseOfCode;
+ ULONG BaseOfData;
+ ULONG BaseOfBss;
+ ULONG GprMask;
+ ULONG CprMask[4];
+ ULONG GpValue;
+} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
+
+#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56
+#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28
+#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER 224
+
+#define IMAGE_NT_OPTIONAL_HDR_MAGIC 0x10b
+#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107
+
+typedef struct _IMAGE_NT_HEADERS {
+ ULONG Signature;
+ IMAGE_FILE_HEADER FileHeader;
+ IMAGE_OPTIONAL_HEADER OptionalHeader;
+} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
+
+typedef struct _IMAGE_ROM_HEADERS {
+ IMAGE_FILE_HEADER FileHeader;
+ IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
+} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;
+
+#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
+ ((ULONG)ntheader + \
+ FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \
+ ((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \
+ ))
+
+
+// Subsystem Values
+
+#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem.
+#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem.
+#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem.
+#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem.
+#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem.
+#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image run in the Posix character subsystem.
+#define IMAGE_SUBSYSTEM_RESERVED8 8 // image run in the 8 subsystem.
+
+// end_winnt
+
+#define IMAGE_DLLCHARACTERISTICS_X86_THUNK 0x0001 // Image is a Wx86 Thunk DLL
+
+// begin_winnt
+
+// Directory Entries
+
+#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
+#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
+#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
+#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
+#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
+#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
+#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
+#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String
+#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP)
+#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
+#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
+#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
+#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
+
+//
+// Section header format.
+//
+
+#define IMAGE_SIZEOF_SHORT_NAME 8
+
+typedef struct _IMAGE_SECTION_HEADER {
+ UCHAR Name[IMAGE_SIZEOF_SHORT_NAME];
+ union {
+ ULONG PhysicalAddress;
+ ULONG VirtualSize;
+ } Misc;
+ ULONG VirtualAddress;
+ ULONG SizeOfRawData;
+ ULONG PointerToRawData;
+ ULONG PointerToRelocations;
+ ULONG PointerToLinenumbers;
+ USHORT NumberOfRelocations;
+ USHORT NumberOfLinenumbers;
+ ULONG Characteristics;
+} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
+
+#define IMAGE_SIZEOF_SECTION_HEADER 40
+
+//
+// Section characteristics.
+//
+
+// IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
+// IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
+// IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
+// IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
+#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
+// IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
+
+#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
+#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
+
+#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
+#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
+// IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
+#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
+#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
+// 0x00002000 // Reserved.
+
+// IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
+#define IMAGE_SCN_MEM_FARDATA 0x00008000
+// IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
+#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
+#define IMAGE_SCN_MEM_16BIT 0x00020000
+#define IMAGE_SCN_MEM_LOCKED 0x00040000
+#define IMAGE_SCN_MEM_PRELOAD 0x00080000
+
+#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
+#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
+#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
+#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
+#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
+#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
+#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
+// Unused 0x00800000
+
+#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
+#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
+#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
+#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
+#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
+#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
+#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
+#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
+
+
+//
+// TLS Chaacteristic Flags
+//
+#define IMAGE_SCN_SCALE_INDEX 0x00000001 // Tls index is scaled
+
+#include "pshpack2.h" // Symbols, relocs, and linenumbers are 2 byte packed
+
+//
+// Symbol format.
+//
+
+typedef struct _IMAGE_SYMBOL {
+ union {
+ UCHAR ShortName[8];
+ struct {
+ ULONG Short; // if 0, use LongName
+ ULONG Long; // offset into string table
+ } Name;
+ PUCHAR LongName[2];
+ } N;
+ ULONG Value;
+ SHORT SectionNumber;
+ USHORT Type;
+ UCHAR StorageClass;
+ UCHAR NumberOfAuxSymbols;
+} IMAGE_SYMBOL;
+typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL;
+
+
+#define IMAGE_SIZEOF_SYMBOL 18
+
+//
+// Section values.
+//
+// Symbols have a section number of the section in which they are
+// defined. Otherwise, section numbers have the following meanings:
+//
+
+#define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common.
+#define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value.
+#define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item.
+
+//
+// Type (fundamental) values.
+//
+
+#define IMAGE_SYM_TYPE_NULL 0x0000 // no type.
+#define IMAGE_SYM_TYPE_VOID 0x0001 //
+#define IMAGE_SYM_TYPE_CHAR 0x0002 // type character.
+#define IMAGE_SYM_TYPE_SHORT 0x0003 // type short integer.
+#define IMAGE_SYM_TYPE_INT 0x0004 //
+#define IMAGE_SYM_TYPE_LONG 0x0005 //
+#define IMAGE_SYM_TYPE_FLOAT 0x0006 //
+#define IMAGE_SYM_TYPE_DOUBLE 0x0007 //
+#define IMAGE_SYM_TYPE_STRUCT 0x0008 //
+#define IMAGE_SYM_TYPE_UNION 0x0009 //
+#define IMAGE_SYM_TYPE_ENUM 0x000A // enumeration.
+#define IMAGE_SYM_TYPE_MOE 0x000B // member of enumeration.
+#define IMAGE_SYM_TYPE_UCHAR 0x000C //
+#define IMAGE_SYM_TYPE_USHORT 0x000D //
+#define IMAGE_SYM_TYPE_UINT 0x000E //
+#define IMAGE_SYM_TYPE_ULONG 0x000F //
+#define IMAGE_SYM_TYPE_PCODE 0x8000 //
+
+//
+// Type (derived) values.
+//
+
+#define IMAGE_SYM_DTYPE_NULL 0 // no derived type.
+#define IMAGE_SYM_DTYPE_POINTER 1 // pointer.
+#define IMAGE_SYM_DTYPE_FUNCTION 2 // function.
+#define IMAGE_SYM_DTYPE_ARRAY 3 // array.
+
+//
+// Storage classes.
+//
+
+#define IMAGE_SYM_CLASS_END_OF_FUNCTION (UCHAR)-1
+#define IMAGE_SYM_CLASS_NULL 0x0000
+#define IMAGE_SYM_CLASS_AUTOMATIC 0x0001
+#define IMAGE_SYM_CLASS_EXTERNAL 0x0002
+#define IMAGE_SYM_CLASS_STATIC 0x0003
+#define IMAGE_SYM_CLASS_REGISTER 0x0004
+#define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005
+#define IMAGE_SYM_CLASS_LABEL 0x0006
+#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007
+#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008
+#define IMAGE_SYM_CLASS_ARGUMENT 0x0009
+#define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A
+#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B
+#define IMAGE_SYM_CLASS_UNION_TAG 0x000C
+#define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D
+#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E
+#define IMAGE_SYM_CLASS_ENUM_TAG 0x000F
+#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010
+#define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011
+#define IMAGE_SYM_CLASS_BIT_FIELD 0x0012
+
+#define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 //
+
+#define IMAGE_SYM_CLASS_BLOCK 0x0064
+#define IMAGE_SYM_CLASS_FUNCTION 0x0065
+#define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066
+#define IMAGE_SYM_CLASS_FILE 0x0067
+// new
+#define IMAGE_SYM_CLASS_SECTION 0x0068
+#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069
+
+// type packing constants
+
+#define N_BTMASK 0x000F
+#define N_TMASK 0x0030
+#define N_TMASK1 0x00C0
+#define N_TMASK2 0x00F0
+#define N_BTSHFT 4
+#define N_TSHIFT 2
+
+// MACROS
+
+// Basic Type of x
+#define BTYPE(x) ((x) & N_BTMASK)
+
+// Is x a pointer?
+#ifndef ISPTR
+#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT))
+#endif
+
+// Is x a function?
+#ifndef ISFCN
+#define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT))
+#endif
+
+// Is x an array?
+
+#ifndef ISARY
+#define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT))
+#endif
+
+// Is x a structure, union, or enumeration TAG?
+#ifndef ISTAG
+#define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG || (x)==IMAGE_SYM_CLASS_UNION_TAG || (x)==IMAGE_SYM_CLASS_ENUM_TAG)
+#endif
+
+#ifndef INCREF
+#define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)|((x)&N_BTMASK))
+#endif
+#ifndef DECREF
+#define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK))
+#endif
+
+//
+// Auxiliary entry format.
+//
+
+typedef union _IMAGE_AUX_SYMBOL {
+ struct {
+ ULONG TagIndex; // struct, union, or enum tag index
+ union {
+ struct {
+ USHORT Linenumber; // declaration line number
+ USHORT Size; // size of struct, union, or enum
+ } LnSz;
+ ULONG TotalSize;
+ } Misc;
+ union {
+ struct { // if ISFCN, tag, or .bb
+ ULONG PointerToLinenumber;
+ ULONG PointerToNextFunction;
+ } Function;
+ struct { // if ISARY, up to 4 dimen.
+ USHORT Dimension[4];
+ } Array;
+ } FcnAry;
+ USHORT TvIndex; // tv index
+ } Sym;
+ struct {
+ UCHAR Name[IMAGE_SIZEOF_SYMBOL];
+ } File;
+ struct {
+ ULONG Length; // section length
+ USHORT NumberOfRelocations; // number of relocation entries
+ USHORT NumberOfLinenumbers; // number of line numbers
+ ULONG CheckSum; // checksum for communal
+ SHORT Number; // section number to associate with
+ UCHAR Selection; // communal selection type
+ } Section;
+} IMAGE_AUX_SYMBOL;
+typedef IMAGE_AUX_SYMBOL UNALIGNED *PIMAGE_AUX_SYMBOL;
+
+#define IMAGE_SIZEOF_AUX_SYMBOL 18
+
+//
+// Communal selection types.
+//
+
+#define IMAGE_COMDAT_SELECT_NODUPLICATES 1
+#define IMAGE_COMDAT_SELECT_ANY 2
+#define IMAGE_COMDAT_SELECT_SAME_SIZE 3
+#define IMAGE_COMDAT_SELECT_EXACT_MATCH 4
+#define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5
+#define IMAGE_COMDAT_SELECT_LARGEST 6
+#define IMAGE_COMDAT_SELECT_NEWEST 7
+
+#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1
+#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2
+#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3
+
+//
+// Relocation format.
+//
+
+typedef struct _IMAGE_RELOCATION {
+ union {
+ ULONG VirtualAddress;
+ ULONG RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set
+ };
+ ULONG SymbolTableIndex;
+ USHORT Type;
+} IMAGE_RELOCATION;
+typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION;
+
+#define IMAGE_SIZEOF_RELOCATION 10
+
+//
+// I386 relocation types.
+//
+
+#define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
+#define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address
+#define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address
+#define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address
+#define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included
+#define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address
+#define IMAGE_REL_I386_SECTION 0x000A
+#define IMAGE_REL_I386_SECREL 0x000B
+#define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address
+
+//
+// MIPS relocation types.
+//
+
+#define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
+#define IMAGE_REL_MIPS_REFHALF 0x0001
+#define IMAGE_REL_MIPS_REFWORD 0x0002
+#define IMAGE_REL_MIPS_JMPADDR 0x0003
+#define IMAGE_REL_MIPS_REFHI 0x0004
+#define IMAGE_REL_MIPS_REFLO 0x0005
+#define IMAGE_REL_MIPS_GPREL 0x0006
+#define IMAGE_REL_MIPS_LITERAL 0x0007
+#define IMAGE_REL_MIPS_SECTION 0x000A
+#define IMAGE_REL_MIPS_SECREL 0x000B
+#define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS)
+#define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS)
+#define IMAGE_REL_MIPS_REFWORDNB 0x0022
+#define IMAGE_REL_MIPS_PAIR 0x0025
+
+//
+// Alpha Relocation types.
+//
+
+#define IMAGE_REL_ALPHA_ABSOLUTE 0x0000
+#define IMAGE_REL_ALPHA_REFLONG 0x0001
+#define IMAGE_REL_ALPHA_REFQUAD 0x0002
+#define IMAGE_REL_ALPHA_GPREL32 0x0003
+#define IMAGE_REL_ALPHA_LITERAL 0x0004
+#define IMAGE_REL_ALPHA_LITUSE 0x0005
+#define IMAGE_REL_ALPHA_GPDISP 0x0006
+#define IMAGE_REL_ALPHA_BRADDR 0x0007
+#define IMAGE_REL_ALPHA_HINT 0x0008
+#define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009
+#define IMAGE_REL_ALPHA_REFHI 0x000A
+#define IMAGE_REL_ALPHA_REFLO 0x000B
+#define IMAGE_REL_ALPHA_PAIR 0x000C
+#define IMAGE_REL_ALPHA_MATCH 0x000D
+#define IMAGE_REL_ALPHA_SECTION 0x000E
+#define IMAGE_REL_ALPHA_SECREL 0x000F
+#define IMAGE_REL_ALPHA_REFLONGNB 0x0010
+#define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference
+#define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference
+
+//
+// IBM PowerPC relocation types.
+//
+
+#define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP
+#define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address
+#define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address
+#define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute)
+#define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address
+#define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword)
+#define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative)
+#define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative)
+#define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base
+#define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword)
+
+#define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base
+#define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr)
+#define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number
+#define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code
+#define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction
+#define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits)
+#define IMAGE_REL_PPC_REFHI 0x0010
+#define IMAGE_REL_PPC_REFLO 0x0011
+#define IMAGE_REL_PPC_PAIR 0x0012
+#define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS)
+#define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS)
+
+#define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type
+
+// Flag bits in IMAGE_RELOCATION.TYPE
+
+#define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it
+#define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken
+#define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken
+#define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc)
+
+//
+// Line number format.
+//
+
+typedef struct _IMAGE_LINENUMBER {
+ union {
+ ULONG SymbolTableIndex; // Symbol table index of function name if Linenumber is 0.
+ ULONG VirtualAddress; // Virtual address of line number.
+ } Type;
+ USHORT Linenumber; // Line number.
+} IMAGE_LINENUMBER;
+typedef IMAGE_LINENUMBER UNALIGNED *PIMAGE_LINENUMBER;
+
+#define IMAGE_SIZEOF_LINENUMBER 6
+
+#include "poppack.h" // Back to 4 byte packing
+
+//
+// Based relocation format.
+//
+
+typedef struct _IMAGE_BASE_RELOCATION {
+ ULONG VirtualAddress;
+ ULONG SizeOfBlock;
+// USHORT TypeOffset[1];
+} IMAGE_BASE_RELOCATION;
+typedef IMAGE_BASE_RELOCATION UNALIGNED * PIMAGE_BASE_RELOCATION;
+
+#define IMAGE_SIZEOF_BASE_RELOCATION 8
+
+//
+// Based relocation types.
+//
+
+#define IMAGE_REL_BASED_ABSOLUTE 0
+#define IMAGE_REL_BASED_HIGH 1
+#define IMAGE_REL_BASED_LOW 2
+#define IMAGE_REL_BASED_HIGHLOW 3
+#define IMAGE_REL_BASED_HIGHADJ 4
+#define IMAGE_REL_BASED_MIPS_JMPADDR 5
+#define IMAGE_REL_BASED_SECTION 6
+#define IMAGE_REL_BASED_REL32 7
+
+//
+// Archive format.
+//
+
+#define IMAGE_ARCHIVE_START_SIZE 8
+#define IMAGE_ARCHIVE_START "!<arch>\n"
+#define IMAGE_ARCHIVE_END "`\n"
+#define IMAGE_ARCHIVE_PAD "\n"
+#define IMAGE_ARCHIVE_LINKER_MEMBER "/ "
+#define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// "
+
+typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER {
+ UCHAR Name[16]; // File member name - `/' terminated.
+ UCHAR Date[12]; // File member date - decimal.
+ UCHAR UserID[6]; // File member user id - decimal.
+ UCHAR GroupID[6]; // File member group id - decimal.
+ UCHAR Mode[8]; // File member mode - octal.
+ UCHAR Size[10]; // File member size - decimal.
+ UCHAR EndHeader[2]; // String to end header.
+} IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER;
+
+#define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60
+
+//
+// DLL support.
+//
+
+//
+// Export Format
+//
+
+typedef struct _IMAGE_EXPORT_DIRECTORY {
+ ULONG Characteristics;
+ ULONG TimeDateStamp;
+ USHORT MajorVersion;
+ USHORT MinorVersion;
+ ULONG Name;
+ ULONG Base;
+ ULONG NumberOfFunctions;
+ ULONG NumberOfNames;
+ PULONG *AddressOfFunctions;
+ PULONG *AddressOfNames;
+ PUSHORT *AddressOfNameOrdinals;
+} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
+
+//
+// Import Format
+//
+
+typedef struct _IMAGE_IMPORT_BY_NAME {
+ USHORT Hint;
+ UCHAR Name[1];
+} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;
+
+typedef struct _IMAGE_THUNK_DATA {
+ union {
+ PUCHAR ForwarderString;
+ PULONG Function;
+ ULONG Ordinal;
+ PIMAGE_IMPORT_BY_NAME AddressOfData;
+ } u1;
+} IMAGE_THUNK_DATA;
+typedef IMAGE_THUNK_DATA * PIMAGE_THUNK_DATA;
+
+#define IMAGE_ORDINAL_FLAG 0x80000000
+#define IMAGE_SNAP_BY_ORDINAL(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG) != 0)
+#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
+
+typedef struct _IMAGE_IMPORT_DESCRIPTOR {
+ union {
+ ULONG Characteristics; // 0 for terminating null import descriptor
+ PIMAGE_THUNK_DATA OriginalFirstThunk; // RVA to original unbound IAT
+ };
+ ULONG TimeDateStamp; // 0 if not bound,
+ // -1 if bound, and real date\time stamp
+ // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
+ // O.W. date/time stamp of DLL bound to (Old BIND)
+
+ ULONG ForwarderChain; // -1 if no forwarders
+ ULONG Name;
+ PIMAGE_THUNK_DATA FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
+} IMAGE_IMPORT_DESCRIPTOR;
+typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR;
+
+//
+// New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ]
+//
+
+typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR {
+ ULONG TimeDateStamp;
+ USHORT OffsetModuleName;
+ USHORT NumberOfModuleForwarderRefs;
+// Array of zero or more IMAGE_BOUND_FORWARDER_REF follows
+} IMAGE_BOUND_IMPORT_DESCRIPTOR, *PIMAGE_BOUND_IMPORT_DESCRIPTOR;
+
+typedef struct _IMAGE_BOUND_FORWARDER_REF {
+ ULONG TimeDateStamp;
+ USHORT OffsetModuleName;
+ USHORT Reserved;
+} IMAGE_BOUND_FORWARDER_REF, *PIMAGE_BOUND_FORWARDER_REF;
+
+
+//
+// Thread Local Storage
+//
+
+typedef VOID
+(NTAPI *PIMAGE_TLS_CALLBACK) (
+ PVOID DllHandle,
+ ULONG Reason,
+ PVOID Reserved
+ );
+
+typedef struct _IMAGE_TLS_DIRECTORY {
+ ULONG StartAddressOfRawData;
+ ULONG EndAddressOfRawData;
+ PULONG AddressOfIndex;
+ PIMAGE_TLS_CALLBACK *AddressOfCallBacks;
+ ULONG SizeOfZeroFill;
+ ULONG Characteristics;
+} IMAGE_TLS_DIRECTORY, *PIMAGE_TLS_DIRECTORY;
+
+
+//
+// Resource Format.
+//
+
+//
+// Resource directory consists of two counts, following by a variable length
+// array of directory entries. The first count is the number of entries at
+// beginning of the array that have actual names associated with each entry.
+// The entries are in ascending order, case insensitive strings. The second
+// count is the number of entries that immediately follow the named entries.
+// This second count identifies the number of entries that have 16-bit integer
+// Ids as their name. These entries are also sorted in ascending order.
+//
+// This structure allows fast lookup by either name or number, but for any
+// given resource entry only one form of lookup is supported, not both.
+// This is consistant with the syntax of the .RC file and the .RES file.
+//
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY {
+ ULONG Characteristics;
+ ULONG TimeDateStamp;
+ USHORT MajorVersion;
+ USHORT MinorVersion;
+ USHORT NumberOfNamedEntries;
+ USHORT NumberOfIdEntries;
+// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[];
+} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
+
+#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
+#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
+
+//
+// Each directory contains the 32-bit Name of the entry and an offset,
+// relative to the beginning of the resource directory of the data associated
+// with this directory entry. If the name of the entry is an actual text
+// string instead of an integer Id, then the high order bit of the name field
+// is set to one and the low order 31-bits are an offset, relative to the
+// beginning of the resource directory of the string, which is of type
+// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
+// low-order 16-bits are the integer Id that identify this resource directory
+// entry. If the directory entry is yet another resource directory (i.e. a
+// subdirectory), then the high order bit of the offset field will be
+// set to indicate this. Otherwise the high bit is clear and the offset
+// field points to a resource data entry.
+//
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
+ union {
+ struct {
+ ULONG NameOffset:31;
+ ULONG NameIsString:1;
+ };
+ ULONG Name;
+ USHORT Id;
+ };
+ union {
+ ULONG OffsetToData;
+ struct {
+ ULONG OffsetToDirectory:31;
+ ULONG DataIsDirectory:1;
+ };
+ };
+} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
+
+//
+// For resource directory entries that have actual string names, the Name
+// field of the directory entry points to an object of the following type.
+// All of these string objects are stored together after the last resource
+// directory entry and before the first resource data object. This minimizes
+// the impact of these variable length objects on the alignment of the fixed
+// size directory entry objects.
+//
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
+ USHORT Length;
+ CHAR NameString[ 1 ];
+} IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
+
+
+typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
+ USHORT Length;
+ WCHAR NameString[ 1 ];
+} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
+
+
+//
+// Each resource data entry describes a leaf node in the resource directory
+// tree. It contains an offset, relative to the beginning of the resource
+// directory of the data for the resource, a size field that gives the number
+// of bytes of data at that offset, a CodePage that should be used when
+// decoding code point values within the resource data. Typically for new
+// applications the code page would be the unicode code page.
+//
+
+typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
+ ULONG OffsetToData;
+ ULONG Size;
+ ULONG CodePage;
+ ULONG Reserved;
+} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
+
+//
+// Load Configuration Directory Entry
+//
+
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY {
+ ULONG Characteristics;
+ ULONG TimeDateStamp;
+ USHORT MajorVersion;
+ USHORT MinorVersion;
+ ULONG GlobalFlagsClear;
+ ULONG GlobalFlagsSet;
+ ULONG CriticalSectionDefaultTimeout;
+ ULONG DeCommitFreeBlockThreshold;
+ ULONG DeCommitTotalFreeThreshold;
+ PVOID LockPrefixTable;
+ ULONG MaximumAllocationSize;
+ ULONG VirtualMemoryThreshold;
+ ULONG ProcessHeapFlags;
+ ULONG ProcessAffinityMask;
+ ULONG Reserved[ 3 ];
+} IMAGE_LOAD_CONFIG_DIRECTORY, *PIMAGE_LOAD_CONFIG_DIRECTORY;
+
+
+//
+// Function table entry format for MIPS/ALPHA images. Function table is
+// pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry.
+// This definition duplicates ones in ntmips.h and ntalpha.h for use
+// by portable image file mungers.
+//
+
+typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY {
+ ULONG BeginAddress;
+ ULONG EndAddress;
+ PVOID ExceptionHandler;
+ PVOID HandlerData;
+ ULONG PrologEndAddress;
+} IMAGE_RUNTIME_FUNCTION_ENTRY, *PIMAGE_RUNTIME_FUNCTION_ENTRY;
+
+//
+// Debug Format
+//
+
+typedef struct _IMAGE_DEBUG_DIRECTORY {
+ ULONG Characteristics;
+ ULONG TimeDateStamp;
+ USHORT MajorVersion;
+ USHORT MinorVersion;
+ ULONG Type;
+ ULONG SizeOfData;
+ ULONG AddressOfRawData;
+ ULONG PointerToRawData;
+} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
+
+#define IMAGE_DEBUG_TYPE_UNKNOWN 0
+#define IMAGE_DEBUG_TYPE_COFF 1
+#define IMAGE_DEBUG_TYPE_CODEVIEW 2
+#define IMAGE_DEBUG_TYPE_FPO 3
+#define IMAGE_DEBUG_TYPE_MISC 4
+#define IMAGE_DEBUG_TYPE_EXCEPTION 5
+#define IMAGE_DEBUG_TYPE_FIXUP 6
+#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
+#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
+
+// end_winnt
+
+// IMAGE_DEBUG_TYPE values > 0x7FFFFFFF are reserved for Lego
+
+// begin_winnt
+
+typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
+ ULONG NumberOfSymbols;
+ ULONG LvaToFirstSymbol;
+ ULONG NumberOfLinenumbers;
+ ULONG LvaToFirstLinenumber;
+ ULONG RvaToFirstByteOfCode;
+ ULONG RvaToLastByteOfCode;
+ ULONG RvaToFirstByteOfData;
+ ULONG RvaToLastByteOfData;
+} IMAGE_COFF_SYMBOLS_HEADER, *PIMAGE_COFF_SYMBOLS_HEADER;
+
+#define FRAME_FPO 0
+#define FRAME_TRAP 1
+#define FRAME_TSS 2
+#define FRAME_NONFPO 3
+
+typedef struct _FPO_DATA {
+ ULONG ulOffStart; // offset 1st byte of function code
+ ULONG cbProcSize; // # bytes in function
+ ULONG cdwLocals; // # bytes in locals/4
+ USHORT cdwParams; // # bytes in params/4
+ USHORT cbProlog : 8; // # bytes in prolog
+ USHORT cbRegs : 3; // # regs saved
+ USHORT fHasSEH : 1; // TRUE if SEH in func
+ USHORT fUseBP : 1; // TRUE if EBP has been allocated
+ USHORT reserved : 1; // reserved for future use
+ USHORT cbFrame : 2; // frame type
+} FPO_DATA, *PFPO_DATA;
+#define SIZEOF_RFPO_DATA 16
+
+
+#define IMAGE_DEBUG_MISC_EXENAME 1
+
+typedef struct _IMAGE_DEBUG_MISC {
+ ULONG DataType; // type of misc data, see defines
+ ULONG Length; // total length of record, rounded to four
+ // byte multiple.
+ BOOLEAN Unicode; // TRUE if data is unicode string
+ UCHAR Reserved[ 3 ];
+ UCHAR Data[ 1 ]; // Actual data
+} IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC;
+
+
+//
+// Function table extracted from MIPS/ALPHA images. Does not contain
+// information needed only for runtime support. Just those fields for
+// each entry needed by a debugger.
+//
+
+typedef struct _IMAGE_FUNCTION_ENTRY {
+ ULONG StartingAddress;
+ ULONG EndingAddress;
+ ULONG EndOfPrologue;
+} IMAGE_FUNCTION_ENTRY, *PIMAGE_FUNCTION_ENTRY;
+
+//
+// Debugging information can be stripped from an image file and placed
+// in a separate .DBG file, whose file name part is the same as the
+// image file name part (e.g. symbols for CMD.EXE could be stripped
+// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
+// flag in the Characteristics field of the file header. The beginning of
+// the .DBG file contains the following structure which captures certain
+// information from the image file. This allows a debug to proceed even if
+// the original image file is not accessable. This header is followed by
+// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
+// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
+// the image file contain file offsets relative to the beginning of the
+// .DBG file.
+//
+// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
+// is left in the image file, but not mapped. This allows a debugger to
+// compute the name of the .DBG file, from the name of the image in the
+// IMAGE_DEBUG_MISC structure.
+//
+
+typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
+ USHORT Signature;
+ USHORT Flags;
+ USHORT Machine;
+ USHORT Characteristics;
+ ULONG TimeDateStamp;
+ ULONG CheckSum;
+ ULONG ImageBase;
+ ULONG SizeOfImage;
+ ULONG NumberOfSections;
+ ULONG ExportedNamesSize;
+ ULONG DebugDirectorySize;
+ ULONG SectionAlignment;
+ ULONG Reserved[2];
+} IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
+
+#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
+
+#define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
+#define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
+ // old checksum didn't match.
+
+#include "poppack.h" // Return to the default
+
+//
+// End Image Format
+//
+
+// end_winnt
+
+#endif // _NTIMAGE_
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 04:52:38 +0200