2 * Portable Executable binary format structures
4 * Copyright (c) 2016 Alexander Graf
8 * SPDX-License-Identifier: GPL-2.0+
14 typedef struct _IMAGE_DOS_HEADER {
15 uint16_t e_magic; /* 00: MZ Header signature */
16 uint16_t e_cblp; /* 02: Bytes on last page of file */
17 uint16_t e_cp; /* 04: Pages in file */
18 uint16_t e_crlc; /* 06: Relocations */
19 uint16_t e_cparhdr; /* 08: Size of header in paragraphs */
20 uint16_t e_minalloc; /* 0a: Minimum extra paragraphs needed */
21 uint16_t e_maxalloc; /* 0c: Maximum extra paragraphs needed */
22 uint16_t e_ss; /* 0e: Initial (relative) SS value */
23 uint16_t e_sp; /* 10: Initial SP value */
24 uint16_t e_csum; /* 12: Checksum */
25 uint16_t e_ip; /* 14: Initial IP value */
26 uint16_t e_cs; /* 16: Initial (relative) CS value */
27 uint16_t e_lfarlc; /* 18: File address of relocation table */
28 uint16_t e_ovno; /* 1a: Overlay number */
29 uint16_t e_res[4]; /* 1c: Reserved words */
30 uint16_t e_oemid; /* 24: OEM identifier (for e_oeminfo) */
31 uint16_t e_oeminfo; /* 26: OEM information; e_oemid specific */
32 uint16_t e_res2[10]; /* 28: Reserved words */
33 uint32_t e_lfanew; /* 3c: Offset to extended header */
34 } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
36 #define IMAGE_DOS_SIGNATURE 0x5A4D /* MZ */
37 #define IMAGE_NT_SIGNATURE 0x00004550 /* PE00 */
39 #define IMAGE_FILE_MACHINE_ARM 0x01c0
40 #define IMAGE_FILE_MACHINE_THUMB 0x01c2
41 #define IMAGE_FILE_MACHINE_ARMNT 0x01c4
42 #define IMAGE_FILE_MACHINE_AMD64 0x8664
43 #define IMAGE_FILE_MACHINE_ARM64 0xaa64
44 #define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b
45 #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b
46 #define IMAGE_SUBSYSTEM_EFI_APPLICATION 10
48 typedef struct _IMAGE_FILE_HEADER {
50 uint16_t NumberOfSections;
51 uint32_t TimeDateStamp;
52 uint32_t PointerToSymbolTable;
53 uint32_t NumberOfSymbols;
54 uint16_t SizeOfOptionalHeader;
55 uint16_t Characteristics;
56 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
58 typedef struct _IMAGE_DATA_DIRECTORY {
59 uint32_t VirtualAddress;
61 } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
63 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
65 typedef struct _IMAGE_OPTIONAL_HEADER64 {
66 uint16_t Magic; /* 0x20b */
67 uint8_t MajorLinkerVersion;
68 uint8_t MinorLinkerVersion;
70 uint32_t SizeOfInitializedData;
71 uint32_t SizeOfUninitializedData;
72 uint32_t AddressOfEntryPoint;
75 uint32_t SectionAlignment;
76 uint32_t FileAlignment;
77 uint16_t MajorOperatingSystemVersion;
78 uint16_t MinorOperatingSystemVersion;
79 uint16_t MajorImageVersion;
80 uint16_t MinorImageVersion;
81 uint16_t MajorSubsystemVersion;
82 uint16_t MinorSubsystemVersion;
83 uint32_t Win32VersionValue;
85 uint32_t SizeOfHeaders;
88 uint16_t DllCharacteristics;
89 uint64_t SizeOfStackReserve;
90 uint64_t SizeOfStackCommit;
91 uint64_t SizeOfHeapReserve;
92 uint64_t SizeOfHeapCommit;
94 uint32_t NumberOfRvaAndSizes;
95 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
96 } IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;
98 typedef struct _IMAGE_NT_HEADERS64 {
100 IMAGE_FILE_HEADER FileHeader;
101 IMAGE_OPTIONAL_HEADER64 OptionalHeader;
102 } IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
104 typedef struct _IMAGE_OPTIONAL_HEADER {
106 /* Standard fields */
108 uint16_t Magic; /* 0x10b or 0x107 */ /* 0x00 */
109 uint8_t MajorLinkerVersion;
110 uint8_t MinorLinkerVersion;
112 uint32_t SizeOfInitializedData;
113 uint32_t SizeOfUninitializedData;
114 uint32_t AddressOfEntryPoint; /* 0x10 */
118 /* NT additional fields */
121 uint32_t SectionAlignment; /* 0x20 */
122 uint32_t FileAlignment;
123 uint16_t MajorOperatingSystemVersion;
124 uint16_t MinorOperatingSystemVersion;
125 uint16_t MajorImageVersion;
126 uint16_t MinorImageVersion;
127 uint16_t MajorSubsystemVersion; /* 0x30 */
128 uint16_t MinorSubsystemVersion;
129 uint32_t Win32VersionValue;
130 uint32_t SizeOfImage;
131 uint32_t SizeOfHeaders;
132 uint32_t CheckSum; /* 0x40 */
134 uint16_t DllCharacteristics;
135 uint32_t SizeOfStackReserve;
136 uint32_t SizeOfStackCommit;
137 uint32_t SizeOfHeapReserve; /* 0x50 */
138 uint32_t SizeOfHeapCommit;
139 uint32_t LoaderFlags;
140 uint32_t NumberOfRvaAndSizes;
141 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; /* 0x60 */
143 } IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
145 typedef struct _IMAGE_NT_HEADERS {
146 uint32_t Signature; /* "PE"\0\0 */ /* 0x00 */
147 IMAGE_FILE_HEADER FileHeader; /* 0x04 */
148 IMAGE_OPTIONAL_HEADER32 OptionalHeader; /* 0x18 */
149 } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
151 #define IMAGE_SIZEOF_SHORT_NAME 8
153 typedef struct _IMAGE_SECTION_HEADER {
154 uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
156 uint32_t PhysicalAddress;
157 uint32_t VirtualSize;
159 uint32_t VirtualAddress;
160 uint32_t SizeOfRawData;
161 uint32_t PointerToRawData;
162 uint32_t PointerToRelocations;
163 uint32_t PointerToLinenumbers;
164 uint16_t NumberOfRelocations;
165 uint16_t NumberOfLinenumbers;
166 uint32_t Characteristics;
167 } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
169 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5
171 typedef struct _IMAGE_BASE_RELOCATION
173 uint32_t VirtualAddress;
174 uint32_t SizeOfBlock;
175 /* WORD TypeOffset[1]; */
176 } IMAGE_BASE_RELOCATION,*PIMAGE_BASE_RELOCATION;
178 typedef struct _IMAGE_RELOCATION
181 uint32_t VirtualAddress;
184 uint32_t SymbolTableIndex;
186 } IMAGE_RELOCATION, *PIMAGE_RELOCATION;
188 #define IMAGE_SIZEOF_RELOCATION 10
190 /* generic relocation types */
191 #define IMAGE_REL_BASED_ABSOLUTE 0
192 #define IMAGE_REL_BASED_HIGH 1
193 #define IMAGE_REL_BASED_LOW 2
194 #define IMAGE_REL_BASED_HIGHLOW 3
195 #define IMAGE_REL_BASED_HIGHADJ 4
196 #define IMAGE_REL_BASED_MIPS_JMPADDR 5
197 #define IMAGE_REL_BASED_ARM_MOV32A 5 /* yes, 5 too */
198 #define IMAGE_REL_BASED_ARM_MOV32 5 /* yes, 5 too */
199 #define IMAGE_REL_BASED_SECTION 6
200 #define IMAGE_REL_BASED_REL 7
201 #define IMAGE_REL_BASED_ARM_MOV32T 7 /* yes, 7 too */
202 #define IMAGE_REL_BASED_THUMB_MOV32 7 /* yes, 7 too */
203 #define IMAGE_REL_BASED_MIPS_JMPADDR16 9
204 #define IMAGE_REL_BASED_IA64_IMM64 9 /* yes, 9 too */
205 #define IMAGE_REL_BASED_DIR64 10
206 #define IMAGE_REL_BASED_HIGH3ADJ 11
208 /* ARM relocation types */
209 #define IMAGE_REL_ARM_ABSOLUTE 0x0000
210 #define IMAGE_REL_ARM_ADDR 0x0001
211 #define IMAGE_REL_ARM_ADDR32NB 0x0002
212 #define IMAGE_REL_ARM_BRANCH24 0x0003
213 #define IMAGE_REL_ARM_BRANCH11 0x0004
214 #define IMAGE_REL_ARM_TOKEN 0x0005
215 #define IMAGE_REL_ARM_GPREL12 0x0006
216 #define IMAGE_REL_ARM_GPREL7 0x0007
217 #define IMAGE_REL_ARM_BLX24 0x0008
218 #define IMAGE_REL_ARM_BLX11 0x0009
219 #define IMAGE_REL_ARM_SECTION 0x000E
220 #define IMAGE_REL_ARM_SECREL 0x000F
221 #define IMAGE_REL_ARM_MOV32A 0x0010
222 #define IMAGE_REL_ARM_MOV32T 0x0011
223 #define IMAGE_REL_ARM_BRANCH20T 0x0012
224 #define IMAGE_REL_ARM_BRANCH24T 0x0014
225 #define IMAGE_REL_ARM_BLX23T 0x0015
227 /* ARM64 relocation types */
228 #define IMAGE_REL_ARM64_ABSOLUTE 0x0000
229 #define IMAGE_REL_ARM64_ADDR32 0x0001
230 #define IMAGE_REL_ARM64_ADDR32NB 0x0002
231 #define IMAGE_REL_ARM64_BRANCH26 0x0003
232 #define IMAGE_REL_ARM64_PAGEBASE_REL21 0x0004
233 #define IMAGE_REL_ARM64_REL21 0x0005
234 #define IMAGE_REL_ARM64_PAGEOFFSET_12A 0x0006
235 #define IMAGE_REL_ARM64_PAGEOFFSET_12L 0x0007
236 #define IMAGE_REL_ARM64_SECREL 0x0008
237 #define IMAGE_REL_ARM64_SECREL_LOW12A 0x0009
238 #define IMAGE_REL_ARM64_SECREL_HIGH12A 0x000A
239 #define IMAGE_REL_ARM64_SECREL_LOW12L 0x000B
240 #define IMAGE_REL_ARM64_TOKEN 0x000C
241 #define IMAGE_REL_ARM64_SECTION 0x000D
242 #define IMAGE_REL_ARM64_ADDR64 0x000E
244 /* AMD64 relocation types */
245 #define IMAGE_REL_AMD64_ABSOLUTE 0x0000
246 #define IMAGE_REL_AMD64_ADDR64 0x0001
247 #define IMAGE_REL_AMD64_ADDR32 0x0002
248 #define IMAGE_REL_AMD64_ADDR32NB 0x0003
249 #define IMAGE_REL_AMD64_REL32 0x0004
250 #define IMAGE_REL_AMD64_REL32_1 0x0005
251 #define IMAGE_REL_AMD64_REL32_2 0x0006
252 #define IMAGE_REL_AMD64_REL32_3 0x0007
253 #define IMAGE_REL_AMD64_REL32_4 0x0008
254 #define IMAGE_REL_AMD64_REL32_5 0x0009
255 #define IMAGE_REL_AMD64_SECTION 0x000A
256 #define IMAGE_REL_AMD64_SECREL 0x000B
257 #define IMAGE_REL_AMD64_SECREL7 0x000C
258 #define IMAGE_REL_AMD64_TOKEN 0x000D
259 #define IMAGE_REL_AMD64_SREL32 0x000E
260 #define IMAGE_REL_AMD64_PAIR 0x000F
261 #define IMAGE_REL_AMD64_SSPAN32 0x0010