flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > I need use inc from masm
Author
Thread Post new topic Reply to topic
n1kt0



Joined: 20 Jul 2008
Posts: 11
Location: Ukraine
n1kt0 20 Jul 2008, 20:05
I need use inc from masm
and I need to:
mov to eax volue from MAGE_OPTIONAL_HEADER->SizeOfCode
how I can do it?
Post 20 Jul 2008, 20:05
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1150
Location: Russian Federation
comrade 20 Jul 2008, 21:35
This might help you. I converted it myself long ago.

imagehdr.inc
Code:
struct IMAGE_DATA_DIRECTORY
       VirtualAddress    dd ?
      Size              dd ?
ends

struct IMAGE_OPTIONAL_HEADER32
        Magic                         dw ?
  MajorLinkerVersion            db ?
  MinorLinkerVersion            db ?
  SizeOfCode                    dd ?
  SizeOfInitializedData         dd ?
  SizeOfUninitializedData       dd ?
  AddressOfEntryPoint           dd ?
  BaseOfCode                    dd ?
  BaseOfData                    dd ?
  ImageBase                     dd ?
  SectionAlignment              dd ?
  FileAlignment                 dd ?
  MajorOperatingSystemVersion   dw ?
  MinorOperatingSystemVersion   dw ?
  MajorImageVersion             dw ?
  MinorImageVersion             dw ?
  MajorSubsystemVersion         dw ?
  MinorSubsystemVersion         dw ?
  Win32VersionValue             dd ?
  SizeOfImage                   dd ?
  SizeOfHeaders                 dd ?
  CheckSum                      dd ?
  Subsystem                     dw ?
  DllCharacteristics            dw ?
  SizeOfStackReserve            dd ?
  SizeOfStackCommit             dd ?
  SizeOfHeapReserve             dd ?
  SizeOfHeapCommit              dd ?
  LoaderFlags                   dd ?
  NumberOfRvaAndSizes           dd ?
  DataDirectory                 rb (sizeof.IMAGE_DATA_DIRECTORY*16)
ends

IMAGE_OPTIONAL_HEADER  equ  IMAGE_OPTIONAL_HEADER32

struct IMAGE_FILE_HEADER
        Machine               dw ?
  NumberOfSections      dw ?
  TimeDateStamp         dd ?
  PointerToSymbolTable  dd ?
  NumberOfSymbols       dd ?
  SizeOfOptionalHeader  dw ?
  Characteristics       dw ?
ends

struct IMAGE_NT_HEADERS
   Signature         dd ?
      FileHeader        IMAGE_FILE_HEADER
 OptionalHeader    IMAGE_OPTIONAL_HEADER32
ends

struct IMAGE_EXPORT_DIRECTORY
      Characteristics           dd ?
      TimeDateStamp             dd ?
      MajorVersion              dw ?
      MinorVersion              dw ?
      nName                     dd ?
      nBase                     dd ?
      NumberOfFunctions         dd ?
      NumberOfNames             dd ?
      AddressOfFunctions        dd ?
      AddressOfNames            dd ?
      AddressOfNameOrdinals     dd ?
ends

struct IMAGE_DOS_HEADER
       e_magic           dw ?
      e_cblp            dw ?
      e_cp              dw ?
      e_crlc            dw ?
      e_cparhdr         dw ?
      e_minalloc        dw ?
      e_maxalloc        dw ?
      e_ss              dw ?
      e_sp              dw ?
      e_csum            dw ?
      e_ip              dw ?
      e_cs              dw ?
      e_lfarlc          dw ?
      e_ovno            dw ?
      e_res             rw 04
     e_oemid           dw ?
      e_oeminfo         dw ?
      e_res2            rw 10
     e_lfanew          dd ?
ends

struct IMAGE_SECTION_HEADER
   Name                 rb 8
   label .PhysicalAddress dword
        VirtualSize          dd ?
   VirtualAddress       dd ?
   SizeOfRawData        dd ?
   PointerToRawData     dd ?
   PointerToRelocations dd ?
   PointerToLinenumbers dd ?
   NumberOfRelocations  dw ?
   NumberOfLinenumbers  dw ?
   Characteristics      dd ?
ends

struct IMAGE_IMPORT_DESCRIPTOR
     label .Characteristics dword
        OriginalFirstThunk   dd ?
   TimeDateStamp        dd ?
   ForwarderChain       dd ?
   Name                 dd ?
   FirstThunk           dd ?
ends

IMAGE_DIRECTORY_ENTRY_EXPORT      =  0
IMAGE_DIRECTORY_ENTRY_IMPORT    =  1
IMAGE_DIRECTORY_ENTRY_RESOURCE          =  2
IMAGE_DIRECTORY_ENTRY_EXCEPTION    =  3
IMAGE_DIRECTORY_ENTRY_SECURITY       =  4
IMAGE_DIRECTORY_ENTRY_BASERELOC    =  5
IMAGE_DIRECTORY_ENTRY_DEBUG          =  6
IMAGE_DIRECTORY_ENTRY_COPYRIGHT    =  7
IMAGE_DIRECTORY_ENTRY_GLOBALPTR    =  8
IMAGE_DIRECTORY_ENTRY_TLS         =  9
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG  = 10
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11
IMAGE_DIRECTORY_ENTRY_IAT         = 12
IMAGE_NUMBEROF_DIRECTORY_ENTRIES   = 16

IMAGE_DOS_SIGNATURE = 5A4Dh
IMAGE_OS2_SIGNATURE = 454Eh
IMAGE_OS2_SIGNATURE_LE = 454Ch
IMAGE_VXD_SIGNATURE = 454Ch
IMAGE_NT_SIGNATURE = 00004550h
IMAGE_SIZEOF_FILE_HEADER = 20
IMAGE_FILE_RELOCS_STRIPPED = 0001h
IMAGE_FILE_EXECUTABLE_IMAGE = 0002h
IMAGE_FILE_LINE_NUMS_STRIPPED = 0004h
IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0008h
IMAGE_FILE_AGGRESIVE_WS_TRIM = 0010h
IMAGE_FILE_LARGE_ADDRESS_AWARE = 0020h
IMAGE_FILE_BYTES_REVERSED_LO = 0080h
IMAGE_FILE_32BIT_MACHINE = 0100h
IMAGE_FILE_DEBUG_STRIPPED = 0200h
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0400h
IMAGE_FILE_NET_RUN_FROM_SWAP = 0800h
IMAGE_FILE_SYSTEM = 1000h
IMAGE_FILE_DLL = 2000h
IMAGE_FILE_UP_SYSTEM_ONLY = 4000h
IMAGE_FILE_BYTES_REVERSED_HI = 8000h
IMAGE_FILE_MACHINE_UNKNOWN = 0
IMAGE_FILE_MACHINE_I386 = 014ch
IMAGE_FILE_MACHINE_R3000 = 0162h
IMAGE_FILE_MACHINE_R4000 = 0166h
IMAGE_FILE_MACHINE_R10000 = 0168h
IMAGE_FILE_MACHINE_WCEMIPSV2 = 0169h
IMAGE_FILE_MACHINE_ALPHA = 0184h
IMAGE_FILE_MACHINE_POWERPC = 01F0h
IMAGE_FILE_MACHINE_SH3 = 01a2h
IMAGE_FILE_MACHINE_SH3E = 01a4h
IMAGE_FILE_MACHINE_SH4 = 01a6h
IMAGE_FILE_MACHINE_ARM = 01c0h
IMAGE_FILE_MACHINE_THUMB = 01c2h
IMAGE_FILE_MACHINE_IA64 = 0200h
IMAGE_FILE_MACHINE_MIPS16 = 0266h
IMAGE_FILE_MACHINE_MIPSFPU = 0366h
IMAGE_FILE_MACHINE_MIPSFPU16 = 0466h
IMAGE_FILE_MACHINE_ALPHA64 = 0284h
IMAGE_FILE_MACHINE_AXP64 = IMAGE_FILE_MACHINE_ALPHA64
IMAGE_SIZEOF_ROM_OPTIONAL_HEADER = 56
IMAGE_SIZEOF_STD_OPTIONAL_HEADER = 28
IMAGE_SIZEOF_NT_OPTIONAL32_HEADER = 224
IMAGE_SIZEOF_NT_OPTIONAL64_HEADER = 240
IMAGE_NT_OPTIONAL_HDR32_MAGIC = 10bh
IMAGE_NT_OPTIONAL_HDR64_MAGIC = 20bh
IMAGE_ROM_OPTIONAL_HDR_MAGIC = 107h
IMAGE_SUBSYSTEM_UNKNOWN = 0
IMAGE_SUBSYSTEM_NATIVE = 1
IMAGE_SUBSYSTEM_WINDOWS_GUI = 2
IMAGE_SUBSYSTEM_WINDOWS_CUI = 3
IMAGE_SUBSYSTEM_OS2_CUI = 5
IMAGE_SUBSYSTEM_POSIX_CUI = 7
IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8
IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 2000h
IMAGE_DIRECTORY_ENTRY_EXPORT = 0
IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14
IMAGE_SIZEOF_SHORT_NAME = 8
IMAGE_SCN_TYPE_NO_PAD = 00000008h
IMAGE_SCN_CNT_CODE = 00000020h
IMAGE_SCN_CNT_INITIALIZED_DATA = 00000040h
IMAGE_SCN_CNT_UNINITIALIZED_DATA = 00000080h
IMAGE_SCN_LNK_OTHER = 00000100h
IMAGE_SCN_LNK_INFO = 00000200h
IMAGE_SCN_LNK_REMOVE = 00000800h
IMAGE_SCN_LNK_COMDAT = 00001000h
IMAGE_SCN_NO_DEFER_SPEC_EXC = 00004000h
IMAGE_SCN_GPREL = 00008000h
IMAGE_SCN_MEM_FARDATA = 00008000h
IMAGE_SCN_MEM_PURGEABLE = 00020000h
IMAGE_SCN_MEM_16BIT = 00020000h
IMAGE_SCN_MEM_LOCKED = 00040000h
IMAGE_SCN_MEM_PRELOAD = 00080000h
IMAGE_SCN_ALIGN_1BYTES = 00100000h
IMAGE_SCN_ALIGN_2BYTES = 00200000h
IMAGE_SCN_ALIGN_4BYTES = 00300000h
IMAGE_SCN_ALIGN_8BYTES = 00400000h
IMAGE_SCN_ALIGN_16BYTES = 00500000h
IMAGE_SCN_ALIGN_32BYTES = 00600000h
IMAGE_SCN_ALIGN_64BYTES = 00700000h
IMAGE_SCN_ALIGN_128BYTES = 00800000h
IMAGE_SCN_ALIGN_256BYTES = 00900000h
IMAGE_SCN_ALIGN_512BYTES = 00A00000h
IMAGE_SCN_ALIGN_1024BYTES = 00B00000h
IMAGE_SCN_ALIGN_2048BYTES = 00C00000h
IMAGE_SCN_ALIGN_4096BYTES = 00D00000h
IMAGE_SCN_ALIGN_8192BYTES = 00E00000h
IMAGE_SCN_LNK_NRELOC_OVFL = 01000000h
IMAGE_SCN_MEM_DISCARDABLE = 02000000h
IMAGE_SCN_MEM_NOT_CACHED = 04000000h
IMAGE_SCN_MEM_NOT_PAGED = 08000000h
IMAGE_SCN_MEM_SHARED = 10000000h
IMAGE_SCN_MEM_EXECUTE = 20000000h
IMAGE_SCN_MEM_READ = 40000000h
IMAGE_SCN_MEM_WRITE = 80000000h
IMAGE_SCN_SCALE_INDEX = 00000001h
IMAGE_SIZEOF_SYMBOL = 18
IMAGE_SYM_UNDEFINED = 0
IMAGE_SYM_ABSOLUTE = -1
IMAGE_SYM_DEBUG = -2
IMAGE_SYM_TYPE_NULL = 0000h
IMAGE_SYM_TYPE_VOID = 0001h
IMAGE_SYM_TYPE_CHAR = 0002h
IMAGE_SYM_TYPE_SHORT = 0003h
IMAGE_SYM_TYPE_INT = 0004h
IMAGE_SYM_TYPE_LONG = 0005h
IMAGE_SYM_TYPE_FLOAT = 0006h
IMAGE_SYM_TYPE_DOUBLE = 0007h
IMAGE_SYM_TYPE_STRUCT = 0008h
IMAGE_SYM_TYPE_UNION = 0009h
IMAGE_SYM_TYPE_ENUM = 000Ah
IMAGE_SYM_TYPE_MOE = 000Bh
IMAGE_SYM_TYPE_BYTE = 000Ch
IMAGE_SYM_TYPE_WORD = 000Dh
IMAGE_SYM_TYPE_UINT = 000Eh
IMAGE_SYM_TYPE_DWORD = 000Fh
IMAGE_SYM_TYPE_PCODE = 8000h
IMAGE_SYM_DTYPE_NULL = 0
IMAGE_SYM_DTYPE_POINTER = 1
IMAGE_SYM_DTYPE_FUNCTION = 2
IMAGE_SYM_DTYPE_ARRAY = 3
IMAGE_SYM_CLASS_END_OF_FUNCTION = -1
IMAGE_SYM_CLASS_NULL = 0000h
IMAGE_SYM_CLASS_AUTOMATIC = 0001h
IMAGE_SYM_CLASS_EXTERNAL = 0002h
IMAGE_SYM_CLASS_STATIC = 0003h
IMAGE_SYM_CLASS_REGISTER = 0004h
IMAGE_SYM_CLASS_EXTERNAL_DEF = 0005h
IMAGE_SYM_CLASS_LABEL = 0006h
IMAGE_SYM_CLASS_UNDEFINED_LABEL = 0007h
IMAGE_SYM_CLASS_MEMBER_OF_STRUCT = 0008h
IMAGE_SYM_CLASS_ARGUMENT = 0009h
IMAGE_SYM_CLASS_STRUCT_TAG = 000Ah
IMAGE_SYM_CLASS_MEMBER_OF_UNION = 000Bh
IMAGE_SYM_CLASS_UNION_TAG = 000Ch
IMAGE_SYM_CLASS_TYPE_DEFINITION = 000Dh
IMAGE_SYM_CLASS_UNDEFINED_STATIC = 000Eh
IMAGE_SYM_CLASS_ENUM_TAG = 000Fh
IMAGE_SYM_CLASS_MEMBER_OF_ENUM = 0010h
IMAGE_SYM_CLASS_REGISTER_PARAM = 0011h
IMAGE_SYM_CLASS_BIT_FIELD = 0012h
IMAGE_SYM_CLASS_FAR_EXTERNAL = 0044h
IMAGE_SYM_CLASS_BLOCK = 0064h
IMAGE_SYM_CLASS_FUNCTION = 0065h
IMAGE_SYM_CLASS_END_OF_STRUCT = 0066h
IMAGE_SYM_CLASS_FILE = 0067h
IMAGE_SYM_CLASS_SECTION = 0068h
IMAGE_SYM_CLASS_WEAK_EXTERNAL = 0069h
IMAGE_SIZEOF_AUX_SYMBOL = 18
IMAGE_COMDAT_SELECT_NODUPLICATES = 1
IMAGE_COMDAT_SELECT_ANY = 2
IMAGE_COMDAT_SELECT_SAME_SIZE = 3
IMAGE_COMDAT_SELECT_EXACT_MATCH = 4
IMAGE_COMDAT_SELECT_ASSOCIATIVE = 5
IMAGE_COMDAT_SELECT_LARGEST = 6
IMAGE_COMDAT_SELECT_NEWEST = 7
IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY = 1
IMAGE_WEAK_EXTERN_SEARCH_LIBRARY = 2
IMAGE_WEAK_EXTERN_SEARCH_ALIAS = 3
IMAGE_SIZEOF_RELOCATION = 10
IMAGE_REL_I386_ABSOLUTE = 0000h
IMAGE_REL_I386_DIR16 = 0001h
IMAGE_REL_I386_REL16 = 0002h
IMAGE_REL_I386_DIR32 = 0006h
IMAGE_REL_I386_DIR32NB = 0007h
IMAGE_REL_I386_SEG12 = 0009h
IMAGE_REL_I386_SECTION = 000Ah
IMAGE_REL_I386_SECREL = 000Bh
IMAGE_REL_I386_REL32 = 0014h
IMAGE_SIZEOF_LINENUMBER = 6
IMAGE_SIZEOF_BASE_RELOCATION = 8
IMAGE_REL_BASED_ABSOLUTE = 0
IMAGE_REL_BASED_HIGH = 1
IMAGE_REL_BASED_LOW = 2
IMAGE_REL_BASED_HIGHLOW = 3
IMAGE_REL_BASED_HIGHADJ = 4
IMAGE_REL_BASED_MIPS_JMPADDR = 5
IMAGE_REL_BASED_SECTION = 6
IMAGE_REL_BASED_REL32 = 7
IMAGE_REL_BASED_MIPS_JMPADDR16 = 9
IMAGE_REL_BASED_IA64_IMM64 = 9
IMAGE_REL_BASED_DIR64 = 10
IMAGE_REL_BASED_HIGH3ADJ = 11
IMAGE_ARCHIVE_START_SIZE = 8
IMAGE_ARCHIVE_START equ <"!<arch>",10>
IMAGE_ARCHIVE_END equ <"`",10>
IMAGE_ARCHIVE_PAD = 10
IMAGE_ARCHIVE_LINKER_MEMBER equ <"/               ">
IMAGE_ARCHIVE_LONGNAMES_MEMBER equ <"//              ">
IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR = 60
IMAGE_ORDINAL_FLAG32 = 80000000h
IMAGE_RESOURCE_NAME_IS_STRING = 80000000h
IMAGE_RESOURCE_DATA_IS_DIRECTORY = 80000000h
IMAGE_DEBUG_TYPE_UNKNOWN = 0
IMAGE_DEBUG_TYPE_COFF = 1
IMAGE_DEBUG_TYPE_CODEVIEW = 2
IMAGE_DEBUG_TYPE_FPO = 3
IMAGE_DEBUG_TYPE_MISC = 4
IMAGE_DEBUG_TYPE_EXCEPTION = 5
IMAGE_DEBUG_TYPE_FIXUP = 6
IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7
IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8
IMAGE_DEBUG_TYPE_BORLAND = 9
IMAGE_DEBUG_TYPE_RESERVED10 = 10
IMAGE_DEBUG_MISC_EXENAME = 1
IMAGE_SEPARATE_DEBUG_SIGNATURE = 4944h
IMAGE_SEPARATE_DEBUG_FLAGS_MASK = 8000h
IMAGE_SEPARATE_DEBUG_MISMATCH = 8000h
Post 20 Jul 2008, 21:35
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
n1kt0



Joined: 20 Jul 2008
Posts: 11
Location: Ukraine
n1kt0 21 Jul 2008, 06:51
heh, thank you, but I need used more include.have you binary file,which converted masm_inc 2 fasm ?
Post 21 Jul 2008, 06:51
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1150
Location: Russian Federation
comrade 21 Jul 2008, 15:31
Nah, I converted this one manually. I was going to send it to madmatt so he can include it in his Win32 package, but it is very incomplete. Iirc, these particular structures come from winnt.h, which contains a lot more stuff than this.
Post 21 Jul 2008, 15:31
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
n1kt0



Joined: 20 Jul 2008
Posts: 11
Location: Ukraine
n1kt0 29 Jul 2008, 07:14
is your imagehdr.inc is not full. I need full include, I'm fully work in the PE structure. I'm need REALE FULL include.
I'm thinking about automatic kits for the converted c inlude to the fasm include
Post 29 Jul 2008, 07:14
View user's profile Send private message Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt 29 Jul 2008, 09:56
Hi n1kt0,
You can go to my website (click on the 'www' under my post), click on the esnips icon at the bottom of the webpage, download the file: 'fasmw16726.rar'. Look in the xinclude32/equates folder, what you are looking for will be in the kernel32.inc file. there are also other windows include/api files there too.
Post 29 Jul 2008, 09:56
View user's profile Send private message Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight 30 Jul 2008, 14:48
this is the one i created myself as you can see i have the MSDN structs side by side i used them for reference when creating the whole thing.
I think i have almost everything useful to the PE here.

Code:
;#define IMAGE_DOS_SIGNATURE                 0x5A4D      // MZ
;#define IMAGE_OS2_SIGNATURE                 0x454E      // NE
;#define IMAGE_OS2_SIGNATURE_LE              0x454C      // LE
;#define IMAGE_VXD_SIGNATURE                 0x454C      // LE
;#define IMAGE_NT_SIGNATURE                  0x00004550  // PE00
IMAGE_DOS_SIGNATURE    = 0x5A4D
IMAGE_OS2_SIGNATURE    = 0x454E
IMAGE_OS2_SIGNATURE_LE = 0x454C
IMAGE_VXD_SIGNATURE    = 0x454C
IMAGE_NT_SIGNATURE     = 0x00004550

;typedef struct _IMAGE_DOS_HEADER {      // DOS .EXE header
;    WORD   e_magic;                     // Magic number
;    WORD   e_cblp;                      // Bytes on last page of file
;    WORD   e_cp;                        // Pages in file
;    WORD   e_crlc;                      // Relocations
;    WORD   e_cparhdr;                   // Size of header in paragraphs
;    WORD   e_minalloc;                  // Minimum extra paragraphs needed
;    WORD   e_maxalloc;                  // Maximum extra paragraphs needed
;    WORD   e_ss;                        // Initial (relative) SS value
;    WORD   e_sp;                        // Initial SP value
;    WORD   e_csum;                      // Checksum
;    WORD   e_ip;                        // Initial IP value
;    WORD   e_cs;                        // Initial (relative) CS value
;    WORD   e_lfarlc;                    // File address of relocation table
;    WORD   e_ovno;                      // Overlay number
;    WORD   e_res[4];                    // Reserved words
;    WORD   e_oemid;                     // OEM identifier (for e_oeminfo)
;    WORD   e_oeminfo;                   // OEM information; e_oemid specific
;    WORD   e_res2[10];                  // Reserved words
;    LONG   e_lfanew;                    // File address of new exe header
;  } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

struct IMAGE_DOS_HEADER
  e_magic   dw ?
  e_cblp        dw ?
  e_cp          dw ?
  e_crlc        dw ?
  e_cparhdr     dw ?
  e_minalloc    dw ?
  e_maxalloc    dw ?
  e_ss          dw ?
  e_sp          dw ?
  e_csum        dw ?
  e_ip          dw ?
  e_cs          dw ?
  e_lfarlc      dw ?
  e_ovno        dw ?
  e_res         dw 4 dup (?)
  e_oemid       dw ?
  e_oeminfo     dw ?
  e_res2        dw 10 dup (?)
  e_lfanew     dd ?
ends

;typedef struct _IMAGE_FILE_HEADER {
;    WORD    Machine;
;    WORD    NumberOfSections;
;    DWORD   TimeDateStamp;
;    DWORD   PointerToSymbolTable;
;    DWORD   NumberOfSymbols;
;    WORD    SizeOfOptionalHeader;
;    WORD    Characteristics;
;} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

struct IMAGE_FILE_HEADER
  Machine            dw ?
  NumberOfSections      dw ?
  TimeDateStamp         dd ?
  PointerToSymbolTable  dd ?
  NumberOfSymbols       dd ?
  SizeOfOptionalHeader  dw ?
  Characteristics       dw ?
ends

;#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16
IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16

;typedef struct _IMAGE_DATA_DIRECTORY {
;    DWORD   VirtualAddress;
;    DWORD   Size;
;} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;

struct IMAGE_DATA_DIRECTORY
  VirtualAddress dd ?
  Size                  dd ?
ends

;typedef struct _IMAGE_OPTIONAL_HEADER {
;    //
;    // Standard fields.
;    //
;
;    WORD    Magic;
;    BYTE    MajorLinkerVersion;
;    BYTE    MinorLinkerVersion;
;    DWORD   SizeOfCode;
;    DWORD   SizeOfInitializedData;
;    DWORD   SizeOfUninitializedData;
;    DWORD   AddressOfEntryPoint;
;    DWORD   BaseOfCode;
;    DWORD   BaseOfData;
;
;    //
;    // NT additional fields.
;    //
;
;    DWORD   ImageBase;
;    DWORD   SectionAlignment;
;    DWORD   FileAlignment;
;    WORD    MajorOperatingSystemVersion;
;    WORD    MinorOperatingSystemVersion;
;    WORD    MajorImageVersion;
;    WORD    MinorImageVersion;
;    WORD    MajorSubsystemVersion;
;    WORD    MinorSubsystemVersion;
;    DWORD   Win32VersionValue;
;    DWORD   SizeOfImage;
;    DWORD   SizeOfHeaders;
;    DWORD   CheckSum;
;    WORD    Subsystem;
;    WORD    DllCharacteristics;
;    DWORD   SizeOfStackReserve;
;    DWORD   SizeOfStackCommit;
;    DWORD   SizeOfHeapReserve;
;    DWORD   SizeOfHeapCommit;
;    DWORD   LoaderFlags;
;    DWORD   NumberOfRvaAndSizes;
;    IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
;} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;

struct IMAGE_OPTIONAL_HEADER32
  ;Standard fields.
  Magic                dw ?
  MajorLinkerVersion            db ?
  MinorLinkerVersion            db ?
  SizeOfCode                    dd ?
  SizeOfInitializedData       dd ?
  SizeOfUninitializedData     dd ?
  AddressOfEntryPoint       dd ?
  BaseOfCode                    dd ?
  BaseOfData                    dd ?
  ;NT additional fields.
  ImageBase                 dd ?
  SectionAlignment              dd ?
  FileAlignment         dd ?
  MajorOperatingSystemVersion dw ?
  MinorOperatingSystemVersion dw ?
  MajorImageVersion         dw ?
  MinorImageVersion             dw ?
  MajorSubsystemVersion       dw ?
  MinorSubsystemVersion       dw ?
  Win32VersionValue         dd ?
  SizeOfImage                   dd ?
  SizeOfHeaders         dd ?
  CheckSum                      dd ?
  Subsystem                     dw ?
  DllCharacteristics            dw ?
  SizeOfStackReserve            dd ?
  SizeOfStackCommit             dd ?
  SizeOfHeapReserve             dd ?
  SizeOfHeapCommit              dd ?
  LoaderFlags                   dd ?
  NumberOfRvaAndSizes           dd ?
  DataDirectory         IMAGE_DATA_DIRECTORY; IMAGE_NUMBEROF_DIRECTORY_ENTRIES dup (?)
                              rb sizeof.IMAGE_DATA_DIRECTORY * (IMAGE_NUMBEROF_DIRECTORY_ENTRIES -1)
ends

;typedef struct _IMAGE_NT_HEADERS {
;    DWORD Signature;
;    IMAGE_FILE_HEADER FileHeader;
;    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
;} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;

struct IMAGE_NT_HEADERS32
  Signature         dd ?
  FileHeader    IMAGE_FILE_HEADER
  OptionalHeader IMAGE_OPTIONAL_HEADER32
ends

;#define IMAGE_SIZEOF_SHORT_NAME              8
IMAGE_SIZEOF_SHORT_NAME = 8

;typedef struct _IMAGE_SECTION_HEADER {
;    BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
;    union {
;            DWORD   PhysicalAddress;
;            DWORD   VirtualSize;
;    } Misc;
;    DWORD   VirtualAddress;
;    DWORD   SizeOfRawData;
;    DWORD   PointerToRawData;
;    DWORD   PointerToRelocations;
;    DWORD   PointerToLinenumbers;
;    WORD    NumberOfRelocations;
;    WORD    NumberOfLinenumbers;
;    DWORD   Characteristics;
;} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

struct IMAGE_SECTION_HEADER
  Name       db IMAGE_SIZEOF_SHORT_NAME dup (?)
  union
    PhysicalAddress        dd ?
    VirtualSize         dd ?
  ends
  VirtualAddress      dd ?
  SizeOfRawData         dd ?
  PointerToRawData      dd ?
  PointerToRelocations  dd ?
  PointerToLinenumbers  dd ?
  NumberOfRelocations   dw ?
  NumberOfLinenumbers   dw ?
  Characteristics       dd ?
ends

;typedef struct _IMAGE_IMPORT_DESCRIPTOR {
;    union {
;        DWORD   Characteristics;            // 0 for terminating null import descriptor
;        DWORD   OriginalFirstThunk;         // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
;    };
;    DWORD   TimeDateStamp;                  // 0 if not bound,
;                                            // -1 if bound, and real date\time stamp
;                                            //     in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
;                                            // O.W. date/time stamp of DLL bound to (Old BIND)
;
;    DWORD   ForwarderChain;                 // -1 if no forwarders
;    DWORD   Name;
;    DWORD   FirstThunk;                     // RVA to IAT (if bound this IAT has actual addresses)
;} IMAGE_IMPORT_DESCRIPTOR;
;typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR;

struct IMAGE_IMPORT_DESCRIPTOR
  union
    Characteristics   dd ?
    OriginalFirstThunk  dd ?
  ends
  TimeDateStamp       dd ?
  ForwarderChain        dd ?
  Name                  dd ?
  FirstThunk            dd ?
ends

;typedef struct _IMAGE_IMPORT_BY_NAME {
;    WORD    Hint;
;    BYTE    Name[1];
;} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;

struct IMAGE_IMPORT_BY_NAME
  Hint       dw ?
  Name          db 1 dup (?)
ends

;typedef struct _IMAGE_THUNK_DATA32 {
;    union {
;        DWORD ForwarderString;      // PBYTE
;        DWORD Function;             // PDWORD
;        DWORD Ordinal;
;        DWORD AddressOfData;        // PIMAGE_IMPORT_BY_NAME
;    } u1;
;} IMAGE_THUNK_DATA32;

struct IMAGE_THUNK_DATA32
  union
    ForwarderString     dd ?
    Function            dd ?
    Ordinal             dd ?
    AddressOfData       dd ?
  ends
ends

;#define IMAGE_ORDINAL_FLAG32 0x80000000
IMAGE_ORDINAL_FLAG32 = 0x80000000

IMAGE_SCN_TYPE_REG = 0x00000000      ;Reserved.
IMAGE_SCN_TYPE_DSECT = 0x00000001 ;Reserved.
IMAGE_SCN_TYPE_NOLOAD = 0x00000002        ;Reserved.
IMAGE_SCN_TYPE_GROUP = 0x00000004 ;Reserved.
IMAGE_SCN_TYPE_NO_PAD = 0x00000008        ;Reserved.
IMAGE_SCN_TYPE_COPY = 0x00000010  ;Reserved.
IMAGE_SCN_CNT_CODE = 0x00000020   ;Section contains executable code.
IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040       ;Section contains initialized data.
IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080    ;Section contains uninitialized data.
IMAGE_SCN_LNK_OTHER = 0x00000100       ;Reserved.
IMAGE_SCN_LNK_INFO = 0x00000200   ;Reserved.
IMAGE_SCN_TYPE_OVER = 0x00000400  ;Reserved.
IMAGE_SCN_LNK_COMDAT = 0x00001000 ;Section contains COMDAT data.
IMAGE_SCN_MEM_FARDATA = 0x00008000    ;Reserved.
IMAGE_SCN_MEM_PURGEABLE = 0x00020000      ;Reserved.
IMAGE_SCN_MEM_16BIT = 0x00020000  ;Reserved.
IMAGE_SCN_MEM_LOCKED = 0x00040000 ;Reserved.
IMAGE_SCN_MEM_PRELOAD = 0x00080000        ;Reserved.
IMAGE_SCN_ALIGN_1BYTES = 0x00100000       ;Align data on a 1-byte boundary.
IMAGE_SCN_ALIGN_2BYTES = 0x00200000        ;Align data on a 2-byte boundary.
IMAGE_SCN_ALIGN_4BYTES = 0x00300000        ;Align data on a 4-byte boundary.
IMAGE_SCN_ALIGN_8BYTES = 0x00400000        ;Align data on a 8-byte boundary.
IMAGE_SCN_ALIGN_16BYTES = 0x00500000       ;Align data on a 16-byte boundary.
IMAGE_SCN_ALIGN_32BYTES = 0x00600000      ;Align data on a 32-byte boundary.
IMAGE_SCN_ALIGN_64BYTES = 0x00700000      ;Align data on a 64-byte boundary.
IMAGE_SCN_ALIGN_128BYTES = 0x00800000     ;Align data on a 128-byte boundary.
IMAGE_SCN_ALIGN_256BYTES = 0x00900000    ;Align data on a 256-byte boundary.
IMAGE_SCN_ALIGN_512BYTES = 0x00A00000    ;Align data on a 512-byte boundary.
IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000   ;Align data on a 1024-byte boundary.
IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000  ;Align data on a 2048-byte boundary.
IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000  ;Align data on a 4096-byte boundary.
IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000  ;Align data on a 8192-byte boundary.
IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000  ;Section contains extended relocations.
IMAGE_SCN_MEM_DISCARDABLE = 0x02000000       ;Section can be discarded as needed.
IMAGE_SCN_MEM_NOT_CACHED = 0x04000000   ;Section cannot be cached.
IMAGE_SCN_MEM_NOT_PAGED = 0x08000000      ;Section cannot be paged.
IMAGE_SCN_MEM_SHARED = 0x10000000  ;Section can be shared in memory.
IMAGE_SCN_MEM_EXECUTE = 0x20000000 ;Section can be executed as code.
IMAGE_SCN_MEM_READ = 0x40000000    ;Section can be read.
IMAGE_SCN_MEM_WRITE = 0x80000000       ;Section can be written to.
Post 30 Jul 2008, 14:48
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.