1 // Licensed to the .NET Foundation under one or more agreements.
2 // The .NET Foundation licenses this file to you under the MIT license.
5 // This file is a verbatim copy of the Windows OS header with PE file structure definitions.
9 // ===========================================================================
12 // ===========================================================================
17 // This is the include file that describes all image structures.
35 // Define the linker version number.
37 #define IMAGE_MAJOR_LINKER_VERSION 2
49 #include "pshpack4.h" // 4 byte packing is the default
51 #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
52 #define IMAGE_OS2_SIGNATURE 0x454E // NE
53 #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
54 #define IMAGE_VXD_SIGNATURE 0x454C // LE
55 #define IMAGE_NT_SIGNATURE 0x00004550 // PE00
57 #include "pshpack2.h" // 16 bit headers are 2 byte packed
63 #define IMAGE_DOS_SIGNATURE 0x4D5A // MZ
64 #define IMAGE_OS2_SIGNATURE 0x4E45 // NE
65 #define IMAGE_OS2_SIGNATURE_LE 0x4C45 // LE
66 #define IMAGE_NT_SIGNATURE 0x50450000 // PE00
69 typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
70 USHORT e_magic; // Magic number
71 USHORT e_cblp; // Bytes on last page of file
72 USHORT e_cp; // Pages in file
73 USHORT e_crlc; // Relocations
74 USHORT e_cparhdr; // Size of header in paragraphs
75 USHORT e_minalloc; // Minimum extra paragraphs needed
76 USHORT e_maxalloc; // Maximum extra paragraphs needed
77 USHORT e_ss; // Initial (relative) SS value
78 USHORT e_sp; // Initial SP value
79 USHORT e_csum; // Checksum
80 USHORT e_ip; // Initial IP value
81 USHORT e_cs; // Initial (relative) CS value
82 USHORT e_lfarlc; // File address of relocation table
83 USHORT e_ovno; // Overlay number
84 USHORT e_res[4]; // Reserved words
85 USHORT e_oemid; // OEM identifier (for e_oeminfo)
86 USHORT e_oeminfo; // OEM information; e_oemid specific
87 USHORT e_res2[10]; // Reserved words
88 LONG e_lfanew; // File address of new exe header
89 } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
91 typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header
92 USHORT ne_magic; // Magic number
93 CHAR ne_ver; // Version number
94 CHAR ne_rev; // Revision number
95 USHORT ne_enttab; // Offset of Entry Table
96 USHORT ne_cbenttab; // Number of bytes in Entry Table
97 LONG ne_crc; // Checksum of whole file
98 USHORT ne_flags; // Flag word
99 USHORT ne_autodata; // Automatic data segment number
100 USHORT ne_heap; // Initial heap allocation
101 USHORT ne_stack; // Initial stack allocation
102 LONG ne_csip; // Initial CS:IP setting
103 LONG ne_sssp; // Initial SS:SP setting
104 USHORT ne_cseg; // Count of file segments
105 USHORT ne_cmod; // Entries in Module Reference Table
106 USHORT ne_cbnrestab; // Size of non-resident name table
107 USHORT ne_segtab; // Offset of Segment Table
108 USHORT ne_rsrctab; // Offset of Resource Table
109 USHORT ne_restab; // Offset of resident name table
110 USHORT ne_modtab; // Offset of Module Reference Table
111 USHORT ne_imptab; // Offset of Imported Names Table
112 LONG ne_nrestab; // Offset of Non-resident Names Table
113 USHORT ne_cmovent; // Count of movable entries
114 USHORT ne_align; // Segment alignment shift count
115 USHORT ne_cres; // Count of resource segments
116 UCHAR ne_exetyp; // Target Operating system
117 UCHAR ne_flagsothers; // Other .EXE flags
118 USHORT ne_pretthunks; // offset to return thunks
119 USHORT ne_psegrefbytes; // offset to segment ref. bytes
120 USHORT ne_swaparea; // Minimum code swap area size
121 USHORT ne_expver; // Expected Windows version number
122 } IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;
124 typedef struct _IMAGE_VXD_HEADER { // Windows VXD header
125 USHORT e32_magic; // Magic number
126 UCHAR e32_border; // The byte ordering for the VXD
127 UCHAR e32_worder; // The word ordering for the VXD
128 ULONG e32_level; // The EXE format level for now = 0
129 USHORT e32_cpu; // The CPU type
130 USHORT e32_os; // The OS type
131 ULONG e32_ver; // Module version
132 ULONG e32_mflags; // Module flags
133 ULONG e32_mpages; // Module # pages
134 ULONG e32_startobj; // Object # for instruction pointer
135 ULONG e32_eip; // Extended instruction pointer
136 ULONG e32_stackobj; // Object # for stack pointer
137 ULONG e32_esp; // Extended stack pointer
138 ULONG e32_pagesize; // VXD page size
139 ULONG e32_lastpagesize; // Last page size in VXD
140 ULONG e32_fixupsize; // Fixup section size
141 ULONG e32_fixupsum; // Fixup section checksum
142 ULONG e32_ldrsize; // Loader section size
143 ULONG e32_ldrsum; // Loader section checksum
144 ULONG e32_objtab; // Object table offset
145 ULONG e32_objcnt; // Number of objects in module
146 ULONG e32_objmap; // Object page map offset
147 ULONG e32_itermap; // Object iterated data map offset
148 ULONG e32_rsrctab; // Offset of Resource Table
149 ULONG e32_rsrccnt; // Number of resource entries
150 ULONG e32_restab; // Offset of resident name table
151 ULONG e32_enttab; // Offset of Entry Table
152 ULONG e32_dirtab; // Offset of Module Directive Table
153 ULONG e32_dircnt; // Number of module directives
154 ULONG e32_fpagetab; // Offset of Fixup Page Table
155 ULONG e32_frectab; // Offset of Fixup Record Table
156 ULONG e32_impmod; // Offset of Import Module Name Table
157 ULONG e32_impmodcnt; // Number of entries in Import Module Name Table
158 ULONG e32_impproc; // Offset of Import Procedure Name Table
159 ULONG e32_pagesum; // Offset of Per-Page Checksum Table
160 ULONG e32_datapage; // Offset of Enumerated Data Pages
161 ULONG e32_preload; // Number of preload pages
162 ULONG e32_nrestab; // Offset of Non-resident Names Table
163 ULONG e32_cbnrestab; // Size of Non-resident Name Table
164 ULONG e32_nressum; // Non-resident Name Table Checksum
165 ULONG e32_autodata; // Object # for automatic data object
166 ULONG e32_debuginfo; // Offset of the debugging information
167 ULONG e32_debuglen; // The length of the debugging info. in bytes
168 ULONG e32_instpreload; // Number of instance pages in preload section of VXD file
169 ULONG e32_instdemand; // Number of instance pages in demand load section of VXD file
170 ULONG e32_heapsize; // Size of heap - for 16-bit apps
171 UCHAR e32_res3[12]; // Reserved words
174 USHORT e32_devid; // Device ID for VxD
175 USHORT e32_ddkver; // DDK version for VxD
176 } IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER;
179 #include "poppack.h" // Back to 4 byte packing
183 // File header format.
186 typedef struct _IMAGE_FILE_HEADER {
188 USHORT NumberOfSections;
190 ULONG PointerToSymbolTable;
191 ULONG NumberOfSymbols;
192 USHORT SizeOfOptionalHeader;
193 USHORT Characteristics;
194 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
196 #define IMAGE_SIZEOF_FILE_HEADER 20
199 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
200 #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
201 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
202 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
203 #define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set
204 #define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses
205 #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
206 #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
207 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
208 #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
209 #define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
210 #define IMAGE_FILE_SYSTEM 0x1000 // System File.
211 #define IMAGE_FILE_DLL 0x2000 // File is a DLL.
212 #define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
213 #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
215 #define IMAGE_FILE_MACHINE_UNKNOWN 0
216 #define IMAGE_FILE_MACHINE_I386 0x014c // Intel 386.
217 #define IMAGE_FILE_MACHINE_R3000 0x0162 // MIPS little-endian, 0x160 big-endian
218 #define IMAGE_FILE_MACHINE_R4000 0x0166 // MIPS little-endian
219 #define IMAGE_FILE_MACHINE_R10000 0x0168 // MIPS little-endian
220 #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 // MIPS little-endian WCE v2
221 #define IMAGE_FILE_MACHINE_ALPHA 0x0184 // Alpha_AXP
222 #define IMAGE_FILE_MACHINE_SH3 0x01a2 // SH3 little-endian
223 #define IMAGE_FILE_MACHINE_SH3DSP 0x01a3
224 #define IMAGE_FILE_MACHINE_SH3E 0x01a4 // SH3E little-endian
225 #define IMAGE_FILE_MACHINE_SH4 0x01a6 // SH4 little-endian
226 #define IMAGE_FILE_MACHINE_SH5 0x01a8 // SH5
227 #define IMAGE_FILE_MACHINE_ARM 0x01c0 // ARM Little-Endian
228 #define IMAGE_FILE_MACHINE_THUMB 0x01c2 // ARM Thumb/Thumb-2 Little-Endian
229 #define IMAGE_FILE_MACHINE_ARMNT 0x01c4 // ARM Thumb-2 Little-Endian
230 #define IMAGE_FILE_MACHINE_AM33 0x01d3
231 #define IMAGE_FILE_MACHINE_POWERPC 0x01F0 // IBM PowerPC Little-Endian
232 #define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1
233 #define IMAGE_FILE_MACHINE_IA64 0x0200 // Intel 64
234 #define IMAGE_FILE_MACHINE_MIPS16 0x0266 // MIPS
235 #define IMAGE_FILE_MACHINE_ALPHA64 0x0284 // ALPHA64
236 #define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 // MIPS
237 #define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 // MIPS
238 #define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64
239 #define IMAGE_FILE_MACHINE_TRICORE 0x0520 // Infineon
240 #define IMAGE_FILE_MACHINE_CEF 0x0CEF
241 #define IMAGE_FILE_MACHINE_EBC 0x0EBC // EFI Byte Code
242 #define IMAGE_FILE_MACHINE_AMD64 0x8664 // AMD64 (K8)
243 #define IMAGE_FILE_MACHINE_M32R 0x9041 // M32R little-endian
244 #define IMAGE_FILE_MACHINE_ARM64 0xAA64 // ARM64 Little-Endian
245 #define IMAGE_FILE_MACHINE_CEE 0xC0EE
246 #define IMAGE_FILE_MACHINE_LOONGARCH64 0x6264 // LOONGARCH64.
247 #define IMAGE_FILE_MACHINE_RISCV64 0x5064 // RISCV64
252 #ifndef IMAGE_DATA_DIRECTORY_DEFINED
254 #define IMAGE_DATA_DIRECTORY_DEFINED
255 typedef struct _IMAGE_DATA_DIRECTORY {
256 ULONG VirtualAddress;
258 } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
260 #endif // IMAGE_DATA_DIRECTORY_DEFINED
262 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
265 // Optional header format.
268 typedef struct _IMAGE_OPTIONAL_HEADER {
274 UCHAR MajorLinkerVersion;
275 UCHAR MinorLinkerVersion;
277 ULONG SizeOfInitializedData;
278 ULONG SizeOfUninitializedData;
279 ULONG AddressOfEntryPoint;
284 // NT additional fields.
288 ULONG SectionAlignment;
290 USHORT MajorOperatingSystemVersion;
291 USHORT MinorOperatingSystemVersion;
292 USHORT MajorImageVersion;
293 USHORT MinorImageVersion;
294 USHORT MajorSubsystemVersion;
295 USHORT MinorSubsystemVersion;
296 ULONG Win32VersionValue;
301 USHORT DllCharacteristics;
302 ULONG SizeOfStackReserve;
303 ULONG SizeOfStackCommit;
304 ULONG SizeOfHeapReserve;
305 ULONG SizeOfHeapCommit;
307 ULONG NumberOfRvaAndSizes;
308 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
309 } IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
311 typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
313 UCHAR MajorLinkerVersion;
314 UCHAR MinorLinkerVersion;
316 ULONG SizeOfInitializedData;
317 ULONG SizeOfUninitializedData;
318 ULONG AddressOfEntryPoint;
325 } IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
327 typedef struct _IMAGE_OPTIONAL_HEADER64 {
329 UCHAR MajorLinkerVersion;
330 UCHAR MinorLinkerVersion;
332 ULONG SizeOfInitializedData;
333 ULONG SizeOfUninitializedData;
334 ULONG AddressOfEntryPoint;
337 ULONG SectionAlignment;
339 USHORT MajorOperatingSystemVersion;
340 USHORT MinorOperatingSystemVersion;
341 USHORT MajorImageVersion;
342 USHORT MinorImageVersion;
343 USHORT MajorSubsystemVersion;
344 USHORT MinorSubsystemVersion;
345 ULONG Win32VersionValue;
350 USHORT DllCharacteristics;
351 ULONGLONG SizeOfStackReserve;
352 ULONGLONG SizeOfStackCommit;
353 ULONGLONG SizeOfHeapReserve;
354 ULONGLONG SizeOfHeapCommit;
356 ULONG NumberOfRvaAndSizes;
357 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
358 } IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;
360 #define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56
361 #define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28
362 #define IMAGE_SIZEOF_NT_OPTIONAL32_HEADER 224
363 #define IMAGE_SIZEOF_NT_OPTIONAL64_HEADER 240
365 #define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b
366 #define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b
367 #define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107
370 typedef IMAGE_OPTIONAL_HEADER64 IMAGE_OPTIONAL_HEADER;
371 typedef PIMAGE_OPTIONAL_HEADER64 PIMAGE_OPTIONAL_HEADER;
372 #define IMAGE_SIZEOF_NT_OPTIONAL_HEADER IMAGE_SIZEOF_NT_OPTIONAL64_HEADER
373 #define IMAGE_NT_OPTIONAL_HDR_MAGIC IMAGE_NT_OPTIONAL_HDR64_MAGIC
375 typedef IMAGE_OPTIONAL_HEADER32 IMAGE_OPTIONAL_HEADER;
376 typedef PIMAGE_OPTIONAL_HEADER32 PIMAGE_OPTIONAL_HEADER;
377 #define IMAGE_SIZEOF_NT_OPTIONAL_HEADER IMAGE_SIZEOF_NT_OPTIONAL32_HEADER
378 #define IMAGE_NT_OPTIONAL_HDR_MAGIC IMAGE_NT_OPTIONAL_HDR32_MAGIC
381 typedef struct _IMAGE_NT_HEADERS64 {
383 IMAGE_FILE_HEADER FileHeader;
384 IMAGE_OPTIONAL_HEADER64 OptionalHeader;
385 } IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
387 typedef struct _IMAGE_NT_HEADERS {
389 IMAGE_FILE_HEADER FileHeader;
390 IMAGE_OPTIONAL_HEADER32 OptionalHeader;
391 } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
393 typedef struct _IMAGE_ROM_HEADERS {
394 IMAGE_FILE_HEADER FileHeader;
395 IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
396 } IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;
399 typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS;
400 typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS;
402 typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS;
403 typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS;
406 // IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is the same either way.
408 #define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
409 ((ULONG_PTR)ntheader + \
410 offsetof( IMAGE_NT_HEADERS, OptionalHeader ) + \
411 VAL16(((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader) \
416 #define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem.
417 #define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem.
418 #define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem.
419 #define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem.
421 // reserved 4 // Old Windows CE subsystem.
423 #define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem.
424 #define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image runs in the Posix character subsystem.
425 #define IMAGE_SUBSYSTEM_NATIVE_WINDOWS 8 // image is a native Win9x driver.
426 #define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 // Image runs in the Windows CE subsystem.
427 #define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 //
428 #define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 //
429 #define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 //
430 #define IMAGE_SUBSYSTEM_EFI_ROM 13
431 #define IMAGE_SUBSYSTEM_XBOX 14
433 // DllCharacteristics Entries
435 // IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved.
436 // IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved.
437 // IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved.
438 // IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved.
439 #define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA 0x0020 // Image can handle a high entropy 64-bit virtual address space.
440 #define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 // DLL can move
441 #define IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 // Image ix NX compatible
442 #define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 // Image does not use SEH. No SE handler may reside in this image
443 #define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 // Do not bind this image.
444 #define IMAGE_DLLCHARACTERISTICS_APPCONTAINER 0x1000 // Image should execute in an AppContainer
445 #define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 // Driver uses WDM model
446 // 0x4000 // Reserved.
447 #define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
449 #define IMAGE_DLLCHARACTERISTICS_X86_THUNK 0x1000 // Image is a Wx86 Thunk DLL
450 // Note: The Borland linker sets IMAGE_LIBRARY_xxx flags in DllCharacteristics
452 // LoaderFlags Values
454 #define IMAGE_LOADER_FLAGS_COMPLUS 0x00000001 // COM+ image
455 #define IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL 0x01000000 // Global subsections apply across TS sessions.
461 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
462 #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
463 #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
464 #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
465 #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
466 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
467 #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
468 // IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
469 #define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
470 #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
471 #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
472 #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
473 #define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
474 #define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
475 #define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
476 #define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
479 // Section header format.
482 #define IMAGE_SIZEOF_SHORT_NAME 8
484 typedef struct _IMAGE_SECTION_HEADER {
485 UCHAR Name[IMAGE_SIZEOF_SHORT_NAME];
487 ULONG PhysicalAddress;
490 ULONG VirtualAddress;
492 ULONG PointerToRawData;
493 ULONG PointerToRelocations;
494 ULONG PointerToLinenumbers;
495 USHORT NumberOfRelocations;
496 USHORT NumberOfLinenumbers;
497 ULONG Characteristics;
498 } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
500 #define IMAGE_SIZEOF_SECTION_HEADER 40
503 // Section characteristics.
505 // IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
506 // IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
507 // IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
508 // IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
509 #define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
510 // IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
512 #define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
513 #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
514 #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
516 #define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
517 #define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
518 // IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
519 #define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
520 #define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
521 // 0x00002000 // Reserved.
522 // IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
523 #define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 // Reset speculative exceptions handling bits in the TLB entries for this section.
524 #define IMAGE_SCN_GPREL 0x00008000 // Section content can be accessed relative to GP
525 #define IMAGE_SCN_MEM_FARDATA 0x00008000
526 // IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
527 #define IMAGE_SCN_MEM_PURGEABLE 0x00020000
528 #define IMAGE_SCN_MEM_16BIT 0x00020000
529 #define IMAGE_SCN_MEM_LOCKED 0x00040000
530 #define IMAGE_SCN_MEM_PRELOAD 0x00080000
532 #define IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
533 #define IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
534 #define IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
535 #define IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
536 #define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
537 #define IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
538 #define IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
539 #define IMAGE_SCN_ALIGN_128BYTES 0x00800000 //
540 #define IMAGE_SCN_ALIGN_256BYTES 0x00900000 //
541 #define IMAGE_SCN_ALIGN_512BYTES 0x00A00000 //
542 #define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 //
543 #define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 //
544 #define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 //
545 #define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 //
547 #define IMAGE_SCN_ALIGN_MASK 0x00F00000
549 #define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
550 #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
551 #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
552 #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
553 #define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
554 #define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
555 #define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
556 #define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
559 // TLS Chaacteristic Flags
561 #define IMAGE_SCN_SCALE_INDEX 0x00000001 // Tls index is scaled
564 #include "pshpack2.h" // Symbols, relocs, and linenumbers are 2 byte packed
571 typedef struct _IMAGE_SYMBOL {
575 ULONG Short; // if 0, use LongName
576 ULONG Long; // offset into string table
578 ULONG LongName[2]; // PUCHAR[2]
584 UCHAR NumberOfAuxSymbols;
586 typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL;
589 #define IMAGE_SIZEOF_SYMBOL 18
594 // Symbols have a section number of the section in which they are
595 // defined. Otherwise, section numbers have the following meanings:
598 #define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common.
599 #define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value.
600 #define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item.
601 #define IMAGE_SYM_SECTION_MAX 0xFEFF // Values 0xFF00-0xFFFF are special
604 // Type (fundamental) values.
607 #define IMAGE_SYM_TYPE_NULL 0x0000 // no type.
608 #define IMAGE_SYM_TYPE_VOID 0x0001 //
609 #define IMAGE_SYM_TYPE_CHAR 0x0002 // type character.
610 #define IMAGE_SYM_TYPE_SHORT 0x0003 // type short integer.
611 #define IMAGE_SYM_TYPE_INT 0x0004 //
612 #define IMAGE_SYM_TYPE_LONG 0x0005 //
613 #define IMAGE_SYM_TYPE_FLOAT 0x0006 //
614 #define IMAGE_SYM_TYPE_DOUBLE 0x0007 //
615 #define IMAGE_SYM_TYPE_STRUCT 0x0008 //
616 #define IMAGE_SYM_TYPE_UNION 0x0009 //
617 #define IMAGE_SYM_TYPE_ENUM 0x000A // enumeration.
618 #define IMAGE_SYM_TYPE_MOE 0x000B // member of enumeration.
619 #define IMAGE_SYM_TYPE_UCHAR 0x000C //
620 #define IMAGE_SYM_TYPE_USHORT 0x000D //
621 #define IMAGE_SYM_TYPE_UINT 0x000E //
622 #define IMAGE_SYM_TYPE_ULONG 0x000F //
623 #define IMAGE_SYM_TYPE_PCODE 0x8000 //
625 // Type (derived) values.
628 #define IMAGE_SYM_DTYPE_NULL 0 // no derived type.
629 #define IMAGE_SYM_DTYPE_POINTER 1 // pointer.
630 #define IMAGE_SYM_DTYPE_FUNCTION 2 // function.
631 #define IMAGE_SYM_DTYPE_ARRAY 3 // array.
636 #define IMAGE_SYM_CLASS_END_OF_FUNCTION (UCHAR)-1
637 #define IMAGE_SYM_CLASS_NULL 0x0000
638 #define IMAGE_SYM_CLASS_AUTOMATIC 0x0001
639 #define IMAGE_SYM_CLASS_EXTERNAL 0x0002
640 #define IMAGE_SYM_CLASS_STATIC 0x0003
641 #define IMAGE_SYM_CLASS_REGISTER 0x0004
642 #define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005
643 #define IMAGE_SYM_CLASS_LABEL 0x0006
644 #define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007
645 #define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008
646 #define IMAGE_SYM_CLASS_ARGUMENT 0x0009
647 #define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A
648 #define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B
649 #define IMAGE_SYM_CLASS_UNION_TAG 0x000C
650 #define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D
651 #define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E
652 #define IMAGE_SYM_CLASS_ENUM_TAG 0x000F
653 #define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010
654 #define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011
655 #define IMAGE_SYM_CLASS_BIT_FIELD 0x0012
657 #define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 //
659 #define IMAGE_SYM_CLASS_BLOCK 0x0064
660 #define IMAGE_SYM_CLASS_FUNCTION 0x0065
661 #define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066
662 #define IMAGE_SYM_CLASS_FILE 0x0067
664 #define IMAGE_SYM_CLASS_SECTION 0x0068
665 #define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069
667 #define IMAGE_SYM_CLASS_CLR_TOKEN 0x006B
669 // type packing constants
671 #define N_BTMASK 0x000F
672 #define N_TMASK 0x0030
673 #define N_TMASK1 0x00C0
674 #define N_TMASK2 0x00F0
680 #define BTYPE(x) ((x) & N_BTMASK)
684 #define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT))
689 #define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT))
695 #define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT))
698 // Is x a structure, union, or enumeration TAG?
700 #define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG || (x)==IMAGE_SYM_CLASS_UNION_TAG || (x)==IMAGE_SYM_CLASS_ENUM_TAG)
704 #define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)|((x)&N_BTMASK))
707 #define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK))
711 // Auxiliary entry format.
714 typedef union _IMAGE_AUX_SYMBOL {
716 ULONG TagIndex; // struct, union, or enum tag index
719 USHORT Linenumber; // declaration line number
720 USHORT Size; // size of struct, union, or enum
725 struct { // if ISFCN, tag, or .bb
726 ULONG PointerToLinenumber;
727 ULONG PointerToNextFunction;
729 struct { // if ISARY, up to 4 dimen.
733 USHORT TvIndex; // tv index
736 UCHAR Name[IMAGE_SIZEOF_SYMBOL];
739 ULONG Length; // section length
740 USHORT NumberOfRelocations; // number of relocation entries
741 USHORT NumberOfLinenumbers; // number of line numbers
742 ULONG CheckSum; // checksum for communal
743 SHORT Number; // section number to associate with
744 UCHAR Selection; // communal selection type
747 typedef IMAGE_AUX_SYMBOL UNALIGNED *PIMAGE_AUX_SYMBOL;
749 #define IMAGE_SIZEOF_AUX_SYMBOL 18
751 typedef enum IMAGE_AUX_SYMBOL_TYPE {
752 IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF = 1,
753 } IMAGE_AUX_SYMBOL_TYPE;
755 #include "pshpack2.h"
757 typedef struct IMAGE_AUX_SYMBOL_TOKEN_DEF {
758 UCHAR bAuxType; // IMAGE_AUX_SYMBOL_TYPE
759 UCHAR bReserved; // Must be 0
760 ULONG SymbolTableIndex;
761 UCHAR rgbReserved[12]; // Must be 0
762 } IMAGE_AUX_SYMBOL_TOKEN_DEF;
764 typedef IMAGE_AUX_SYMBOL_TOKEN_DEF UNALIGNED *PIMAGE_AUX_SYMBOL_TOKEN_DEF;
769 // Communal selection types.
772 #define IMAGE_COMDAT_SELECT_NODUPLICATES 1
773 #define IMAGE_COMDAT_SELECT_ANY 2
774 #define IMAGE_COMDAT_SELECT_SAME_SIZE 3
775 #define IMAGE_COMDAT_SELECT_EXACT_MATCH 4
776 #define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5
777 #define IMAGE_COMDAT_SELECT_LARGEST 6
778 #define IMAGE_COMDAT_SELECT_NEWEST 7
780 #define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1
781 #define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2
782 #define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3
785 // Relocation format.
788 typedef struct _IMAGE_RELOCATION {
790 ULONG VirtualAddress;
791 ULONG RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set
793 ULONG SymbolTableIndex;
796 typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION;
798 #define IMAGE_SIZEOF_RELOCATION 10
801 // I386 relocation types.
803 #define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
804 #define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address
805 #define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address
806 #define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address
807 #define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included
808 #define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address
809 #define IMAGE_REL_I386_SECTION 0x000A
810 #define IMAGE_REL_I386_SECREL 0x000B
811 #define IMAGE_REL_I386_TOKEN 0x000C // clr token
812 #define IMAGE_REL_I386_SECREL7 0x000D // 7 bit offset from base of section containing target
813 #define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address
816 // MIPS relocation types.
818 #define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
819 #define IMAGE_REL_MIPS_REFHALF 0x0001
820 #define IMAGE_REL_MIPS_REFWORD 0x0002
821 #define IMAGE_REL_MIPS_JMPADDR 0x0003
822 #define IMAGE_REL_MIPS_REFHI 0x0004
823 #define IMAGE_REL_MIPS_REFLO 0x0005
824 #define IMAGE_REL_MIPS_GPREL 0x0006
825 #define IMAGE_REL_MIPS_LITERAL 0x0007
826 #define IMAGE_REL_MIPS_SECTION 0x000A
827 #define IMAGE_REL_MIPS_SECREL 0x000B
828 #define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS)
829 #define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS)
830 #define IMAGE_REL_MIPS_TOKEN 0x000E // clr token
831 #define IMAGE_REL_MIPS_JMPADDR16 0x0010
832 #define IMAGE_REL_MIPS_REFWORDNB 0x0022
833 #define IMAGE_REL_MIPS_PAIR 0x0025
836 // Alpha Relocation types.
838 #define IMAGE_REL_ALPHA_ABSOLUTE 0x0000
839 #define IMAGE_REL_ALPHA_REFLONG 0x0001
840 #define IMAGE_REL_ALPHA_REFQUAD 0x0002
841 #define IMAGE_REL_ALPHA_GPREL32 0x0003
842 #define IMAGE_REL_ALPHA_LITERAL 0x0004
843 #define IMAGE_REL_ALPHA_LITUSE 0x0005
844 #define IMAGE_REL_ALPHA_GPDISP 0x0006
845 #define IMAGE_REL_ALPHA_BRADDR 0x0007
846 #define IMAGE_REL_ALPHA_HINT 0x0008
847 #define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009
848 #define IMAGE_REL_ALPHA_REFHI 0x000A
849 #define IMAGE_REL_ALPHA_REFLO 0x000B
850 #define IMAGE_REL_ALPHA_PAIR 0x000C
851 #define IMAGE_REL_ALPHA_MATCH 0x000D
852 #define IMAGE_REL_ALPHA_SECTION 0x000E
853 #define IMAGE_REL_ALPHA_SECREL 0x000F
854 #define IMAGE_REL_ALPHA_REFLONGNB 0x0010
855 #define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference
856 #define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference
857 #define IMAGE_REL_ALPHA_REFQ3 0x0013 // High 16 bits of 48 bit reference
858 #define IMAGE_REL_ALPHA_REFQ2 0x0014 // Middle 16 bits of 48 bit reference
859 #define IMAGE_REL_ALPHA_REFQ1 0x0015 // Low 16 bits of 48 bit reference
860 #define IMAGE_REL_ALPHA_GPRELLO 0x0016 // Low 16-bit GP relative reference
861 #define IMAGE_REL_ALPHA_GPRELHI 0x0017 // High 16-bit GP relative reference
864 // IBM PowerPC relocation types.
866 #define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP
867 #define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address
868 #define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address
869 #define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute)
870 #define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address
871 #define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword)
872 #define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative)
873 #define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative)
874 #define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base
875 #define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword)
877 #define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base
878 #define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr)
879 #define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number
880 #define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code
881 #define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction
882 #define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits)
883 #define IMAGE_REL_PPC_REFHI 0x0010
884 #define IMAGE_REL_PPC_REFLO 0x0011
885 #define IMAGE_REL_PPC_PAIR 0x0012
886 #define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS)
887 #define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS)
888 #define IMAGE_REL_PPC_GPREL 0x0015
889 #define IMAGE_REL_PPC_TOKEN 0x0016 // clr token
891 #define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type
893 // Flag bits in IMAGE_RELOCATION.TYPE
895 #define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it
896 #define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken
897 #define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken
898 #define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc)
901 // Hitachi SH3 relocation types.
903 #define IMAGE_REL_SH3_ABSOLUTE 0x0000 // No relocation
904 #define IMAGE_REL_SH3_DIRECT16 0x0001 // 16 bit direct
905 #define IMAGE_REL_SH3_DIRECT32 0x0002 // 32 bit direct
906 #define IMAGE_REL_SH3_DIRECT8 0x0003 // 8 bit direct, -128..255
907 #define IMAGE_REL_SH3_DIRECT8_WORD 0x0004 // 8 bit direct .W (0 ext.)
908 #define IMAGE_REL_SH3_DIRECT8_LONG 0x0005 // 8 bit direct .L (0 ext.)
909 #define IMAGE_REL_SH3_DIRECT4 0x0006 // 4 bit direct (0 ext.)
910 #define IMAGE_REL_SH3_DIRECT4_WORD 0x0007 // 4 bit direct .W (0 ext.)
911 #define IMAGE_REL_SH3_DIRECT4_LONG 0x0008 // 4 bit direct .L (0 ext.)
912 #define IMAGE_REL_SH3_PCREL8_WORD 0x0009 // 8 bit PC relative .W
913 #define IMAGE_REL_SH3_PCREL8_LONG 0x000A // 8 bit PC relative .L
914 #define IMAGE_REL_SH3_PCREL12_WORD 0x000B // 12 LSB PC relative .W
915 #define IMAGE_REL_SH3_STARTOF_SECTION 0x000C // Start of EXE section
916 #define IMAGE_REL_SH3_SIZEOF_SECTION 0x000D // Size of EXE section
917 #define IMAGE_REL_SH3_SECTION 0x000E // Section table index
918 #define IMAGE_REL_SH3_SECREL 0x000F // Offset within section
919 #define IMAGE_REL_SH3_DIRECT32_NB 0x0010 // 32 bit direct not based
920 #define IMAGE_REL_SH3_GPREL4_LONG 0x0011 // GP-relative addressing
921 #define IMAGE_REL_SH3_TOKEN 0x0012 // clr token
923 #define IMAGE_REL_ARM_ABSOLUTE 0x0000 // No relocation required
924 #define IMAGE_REL_ARM_ADDR32 0x0001 // 32 bit address
925 #define IMAGE_REL_ARM_ADDR32NB 0x0002 // 32 bit address w/o image base
926 #define IMAGE_REL_ARM_BRANCH24 0x0003 // 24 bit offset << 2 & sign ext.
927 #define IMAGE_REL_ARM_BRANCH11 0x0004 // Thumb: 2 11 bit offsets
928 #define IMAGE_REL_ARM_TOKEN 0x0005 // clr token
929 #define IMAGE_REL_ARM_GPREL12 0x0006 // GP-relative addressing (ARM)
930 #define IMAGE_REL_ARM_GPREL7 0x0007 // GP-relative addressing (Thumb)
931 #define IMAGE_REL_ARM_BLX24 0x0008
932 #define IMAGE_REL_ARM_BLX11 0x0009
933 #define IMAGE_REL_ARM_SECTION 0x000E // Section table index
934 #define IMAGE_REL_ARM_SECREL 0x000F // Offset within section
937 // ARM64 relocation types
939 #define IMAGE_REL_ARM64_ABSOLUTE 0x0000
940 #define IMAGE_REL_ARM64_ADDR32 0x0001
941 #define IMAGE_REL_ARM64_ADDR32NB 0x0002
942 #define IMAGE_REL_ARM64_BRANCH26 0x0003
943 #define IMAGE_REL_ARM64_PAGEBASE_REL21 0x0004
944 #define IMAGE_REL_ARM64_REL21 0x0005
945 #define IMAGE_REL_ARM64_PAGEOFFSET_12A 0x0006
946 #define IMAGE_REL_ARM64_PAGEOFFSET_12L 0x0007
947 #define IMAGE_REL_ARM64_SECREL 0x0008
948 #define IMAGE_REL_ARM64_SECREL_LOW12A 0x0009
949 #define IMAGE_REL_ARM64_SECREL_HIGH12A 0x000A
950 #define IMAGE_REL_ARM64_SECREL_LOW12L 0x000B
951 #define IMAGE_REL_ARM64_TOKEN 0x000C
952 #define IMAGE_REL_ARM64_SECTION 0x000D
953 #define IMAGE_REL_ARM64_ADDR64 0x000E
955 #define IMAGE_REL_AM_ABSOLUTE 0x0000
956 #define IMAGE_REL_AM_ADDR32 0x0001
957 #define IMAGE_REL_AM_ADDR32NB 0x0002
958 #define IMAGE_REL_AM_CALL32 0x0003
959 #define IMAGE_REL_AM_FUNCINFO 0x0004
960 #define IMAGE_REL_AM_REL32_1 0x0005
961 #define IMAGE_REL_AM_REL32_2 0x0006
962 #define IMAGE_REL_AM_SECREL 0x0007
963 #define IMAGE_REL_AM_SECTION 0x0008
964 #define IMAGE_REL_AM_TOKEN 0x0009
967 // X86-64 relocations
969 #define IMAGE_REL_AMD64_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
970 #define IMAGE_REL_AMD64_ADDR64 0x0001 // 64-bit address (VA).
971 #define IMAGE_REL_AMD64_ADDR32 0x0002 // 32-bit address (VA).
972 #define IMAGE_REL_AMD64_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA).
973 #define IMAGE_REL_AMD64_REL32 0x0004 // 32-bit relative address from byte following reloc
974 #define IMAGE_REL_AMD64_REL32_1 0x0005 // 32-bit relative address from byte distance 1 from reloc
975 #define IMAGE_REL_AMD64_REL32_2 0x0006 // 32-bit relative address from byte distance 2 from reloc
976 #define IMAGE_REL_AMD64_REL32_3 0x0007 // 32-bit relative address from byte distance 3 from reloc
977 #define IMAGE_REL_AMD64_REL32_4 0x0008 // 32-bit relative address from byte distance 4 from reloc
978 #define IMAGE_REL_AMD64_REL32_5 0x0009 // 32-bit relative address from byte distance 5 from reloc
979 #define IMAGE_REL_AMD64_SECTION 0x000A // Section index
980 #define IMAGE_REL_AMD64_SECREL 0x000B // 32 bit offset from base of section containing target
981 #define IMAGE_REL_AMD64_SECREL7 0x000C // 7 bit unsigned offset from base of section containing target
982 #define IMAGE_REL_AMD64_TOKEN 0x000D // 32 bit metadata token
985 // IA64 relocation types.
987 #define IMAGE_REL_IA64_ABSOLUTE 0x0000
988 #define IMAGE_REL_IA64_IMM14 0x0001
989 #define IMAGE_REL_IA64_IMM22 0x0002
990 #define IMAGE_REL_IA64_IMM64 0x0003
991 #define IMAGE_REL_IA64_DIR32 0x0004
992 #define IMAGE_REL_IA64_DIR64 0x0005
993 #define IMAGE_REL_IA64_PCREL21B 0x0006
994 #define IMAGE_REL_IA64_PCREL21M 0x0007
995 #define IMAGE_REL_IA64_PCREL21F 0x0008
996 #define IMAGE_REL_IA64_GPREL22 0x0009
997 #define IMAGE_REL_IA64_LTOFF22 0x000A
998 #define IMAGE_REL_IA64_SECTION 0x000B
999 #define IMAGE_REL_IA64_SECREL22 0x000C
1000 #define IMAGE_REL_IA64_SECREL64I 0x000D
1001 #define IMAGE_REL_IA64_SECREL32 0x000E
1003 #define IMAGE_REL_IA64_DIR32NB 0x0010
1004 #define IMAGE_REL_IA64_SREL14 0x0011
1005 #define IMAGE_REL_IA64_SREL22 0x0012
1006 #define IMAGE_REL_IA64_SREL32 0x0013
1007 #define IMAGE_REL_IA64_UREL32 0x0014
1008 #define IMAGE_REL_IA64_PCREL60X 0x0015 // This is always a BRL and never converted
1009 #define IMAGE_REL_IA64_PCREL60B 0x0016 // If possible, convert to MBB bundle with NOP.B in slot 1
1010 #define IMAGE_REL_IA64_PCREL60F 0x0017 // If possible, convert to MFB bundle with NOP.F in slot 1
1011 #define IMAGE_REL_IA64_PCREL60I 0x0018 // If possible, convert to MIB bundle with NOP.I in slot 1
1012 #define IMAGE_REL_IA64_PCREL60M 0x0019 // If possible, convert to MMB bundle with NOP.M in slot 1
1013 #define IMAGE_REL_IA64_IMMGPREL64 0x001A
1014 #define IMAGE_REL_IA64_TOKEN 0x001B // clr token
1015 #define IMAGE_REL_IA64_GPREL32 0x001C
1016 #define IMAGE_REL_IA64_ADDEND 0x001F
1019 // LOONGARCH64 relocation types
1021 #define IMAGE_REL_LOONGARCH64_PC 0x0003
1022 #define IMAGE_REL_LOONGARCH64_JIR 0x0004
1025 // RISCV64 relocation types
1027 #define IMAGE_REL_RISCV64_PC 0x0003
1030 // CEF relocation types.
1032 #define IMAGE_REL_CEF_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
1033 #define IMAGE_REL_CEF_ADDR32 0x0001 // 32-bit address (VA).
1034 #define IMAGE_REL_CEF_ADDR64 0x0002 // 64-bit address (VA).
1035 #define IMAGE_REL_CEF_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA).
1036 #define IMAGE_REL_CEF_SECTION 0x0004 // Section index
1037 #define IMAGE_REL_CEF_SECREL 0x0005 // 32 bit offset from base of section containing target
1038 #define IMAGE_REL_CEF_TOKEN 0x0006 // 32 bit metadata token
1041 // clr relocation types.
1043 #define IMAGE_REL_CEE_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
1044 #define IMAGE_REL_CEE_ADDR32 0x0001 // 32-bit address (VA).
1045 #define IMAGE_REL_CEE_ADDR64 0x0002 // 64-bit address (VA).
1046 #define IMAGE_REL_CEE_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA).
1047 #define IMAGE_REL_CEE_SECTION 0x0004 // Section index
1048 #define IMAGE_REL_CEE_SECREL 0x0005 // 32 bit offset from base of section containing target
1049 #define IMAGE_REL_CEE_TOKEN 0x0006 // 32 bit metadata token
1052 #define IMAGE_REL_M32R_ABSOLUTE 0x0000 // No relocation required
1053 #define IMAGE_REL_M32R_ADDR32 0x0001 // 32 bit address
1054 #define IMAGE_REL_M32R_ADDR32NB 0x0002 // 32 bit address w/o image base
1055 #define IMAGE_REL_M32R_ADDR24 0x0003 // 24 bit address
1056 #define IMAGE_REL_M32R_GPREL16 0x0004 // GP relative addressing
1057 #define IMAGE_REL_M32R_PCREL24 0x0005 // 24 bit offset << 2 & sign ext.
1058 #define IMAGE_REL_M32R_PCREL16 0x0006 // 16 bit offset << 2 & sign ext.
1059 #define IMAGE_REL_M32R_PCREL8 0x0007 // 8 bit offset << 2 & sign ext.
1060 #define IMAGE_REL_M32R_REFHALF 0x0008 // 16 MSBs
1061 #define IMAGE_REL_M32R_REFHI 0x0009 // 16 MSBs; adj for LSB sign ext.
1062 #define IMAGE_REL_M32R_REFLO 0x000A // 16 LSBs
1063 #define IMAGE_REL_M32R_PAIR 0x000B // Link HI and LO
1064 #define IMAGE_REL_M32R_SECTION 0x000C // Section table index
1065 #define IMAGE_REL_M32R_SECREL32 0x000D // 32 bit section relative reference
1066 #define IMAGE_REL_M32R_TOKEN 0x000E // clr token
1069 #define EXT_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */ \
1070 Value |= (((ULONGLONG)((*(Address) >> InstPos) & (((ULONGLONG)1 << Size) - 1))) << ValPos) // Intel-IA64-Filler
1072 #define INS_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */\
1073 *(PULONG)Address = (*(PULONG)Address & ~(((1 << Size) - 1) << InstPos)) | /* Intel-IA64-Filler */\
1074 ((ULONG)((((ULONGLONG)Value >> ValPos) & (((ULONGLONG)1 << Size) - 1))) << InstPos) // Intel-IA64-Filler
1076 #define EMARCH_ENC_I17_IMM7B_INST_WORD_X 3 // Intel-IA64-Filler
1077 #define EMARCH_ENC_I17_IMM7B_SIZE_X 7 // Intel-IA64-Filler
1078 #define EMARCH_ENC_I17_IMM7B_INST_WORD_POS_X 4 // Intel-IA64-Filler
1079 #define EMARCH_ENC_I17_IMM7B_VAL_POS_X 0 // Intel-IA64-Filler
1081 #define EMARCH_ENC_I17_IMM9D_INST_WORD_X 3 // Intel-IA64-Filler
1082 #define EMARCH_ENC_I17_IMM9D_SIZE_X 9 // Intel-IA64-Filler
1083 #define EMARCH_ENC_I17_IMM9D_INST_WORD_POS_X 18 // Intel-IA64-Filler
1084 #define EMARCH_ENC_I17_IMM9D_VAL_POS_X 7 // Intel-IA64-Filler
1086 #define EMARCH_ENC_I17_IMM5C_INST_WORD_X 3 // Intel-IA64-Filler
1087 #define EMARCH_ENC_I17_IMM5C_SIZE_X 5 // Intel-IA64-Filler
1088 #define EMARCH_ENC_I17_IMM5C_INST_WORD_POS_X 13 // Intel-IA64-Filler
1089 #define EMARCH_ENC_I17_IMM5C_VAL_POS_X 16 // Intel-IA64-Filler
1091 #define EMARCH_ENC_I17_IC_INST_WORD_X 3 // Intel-IA64-Filler
1092 #define EMARCH_ENC_I17_IC_SIZE_X 1 // Intel-IA64-Filler
1093 #define EMARCH_ENC_I17_IC_INST_WORD_POS_X 12 // Intel-IA64-Filler
1094 #define EMARCH_ENC_I17_IC_VAL_POS_X 21 // Intel-IA64-Filler
1096 #define EMARCH_ENC_I17_IMM41a_INST_WORD_X 1 // Intel-IA64-Filler
1097 #define EMARCH_ENC_I17_IMM41a_SIZE_X 10 // Intel-IA64-Filler
1098 #define EMARCH_ENC_I17_IMM41a_INST_WORD_POS_X 14 // Intel-IA64-Filler
1099 #define EMARCH_ENC_I17_IMM41a_VAL_POS_X 22 // Intel-IA64-Filler
1101 #define EMARCH_ENC_I17_IMM41b_INST_WORD_X 1 // Intel-IA64-Filler
1102 #define EMARCH_ENC_I17_IMM41b_SIZE_X 8 // Intel-IA64-Filler
1103 #define EMARCH_ENC_I17_IMM41b_INST_WORD_POS_X 24 // Intel-IA64-Filler
1104 #define EMARCH_ENC_I17_IMM41b_VAL_POS_X 32 // Intel-IA64-Filler
1106 #define EMARCH_ENC_I17_IMM41c_INST_WORD_X 2 // Intel-IA64-Filler
1107 #define EMARCH_ENC_I17_IMM41c_SIZE_X 23 // Intel-IA64-Filler
1108 #define EMARCH_ENC_I17_IMM41c_INST_WORD_POS_X 0 // Intel-IA64-Filler
1109 #define EMARCH_ENC_I17_IMM41c_VAL_POS_X 40 // Intel-IA64-Filler
1111 #define EMARCH_ENC_I17_SIGN_INST_WORD_X 3 // Intel-IA64-Filler
1112 #define EMARCH_ENC_I17_SIGN_SIZE_X 1 // Intel-IA64-Filler
1113 #define EMARCH_ENC_I17_SIGN_INST_WORD_POS_X 27 // Intel-IA64-Filler
1114 #define EMARCH_ENC_I17_SIGN_VAL_POS_X 63 // Intel-IA64-Filler
1118 // Line number format.
1121 typedef struct _IMAGE_LINENUMBER {
1123 ULONG SymbolTableIndex; // Symbol table index of function name if Linenumber is 0.
1124 ULONG VirtualAddress; // Virtual address of line number.
1126 USHORT Linenumber; // Line number.
1128 typedef IMAGE_LINENUMBER UNALIGNED *PIMAGE_LINENUMBER;
1130 #define IMAGE_SIZEOF_LINENUMBER 6
1133 #include "poppack.h" // Back to 4 byte packing
1137 // Based relocation format.
1140 typedef struct _IMAGE_BASE_RELOCATION {
1141 ULONG VirtualAddress;
1143 // USHORT TypeOffset[1];
1144 } IMAGE_BASE_RELOCATION;
1145 typedef IMAGE_BASE_RELOCATION UNALIGNED * PIMAGE_BASE_RELOCATION;
1147 #define IMAGE_SIZEOF_BASE_RELOCATION 8
1150 // Based relocation types.
1153 #define IMAGE_REL_BASED_ABSOLUTE 0
1154 #define IMAGE_REL_BASED_HIGH 1
1155 #define IMAGE_REL_BASED_LOW 2
1156 #define IMAGE_REL_BASED_HIGHLOW 3
1157 #define IMAGE_REL_BASED_HIGHADJ 4
1158 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_5 5
1159 #define IMAGE_REL_BASED_RESERVED 6
1160 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_7 7
1161 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_8 8
1162 #define IMAGE_REL_BASED_MACHINE_SPECIFIC_9 9
1163 #define IMAGE_REL_BASED_DIR64 10
1166 // Platform-specific based relocation types.
1169 #define IMAGE_REL_BASED_IA64_IMM64 9
1171 #define IMAGE_REL_BASED_MIPS_JMPADDR 5
1172 #define IMAGE_REL_BASED_MIPS_JMPADDR16 9
1174 #define IMAGE_REL_BASED_ARM_MOV32 5
1175 #define IMAGE_REL_BASED_THUMB_MOV32 7
1181 #define IMAGE_ARCHIVE_START_SIZE 8
1182 #define IMAGE_ARCHIVE_START "!<arch>\n"
1183 #define IMAGE_ARCHIVE_END "`\n"
1184 #define IMAGE_ARCHIVE_PAD "\n"
1185 #define IMAGE_ARCHIVE_LINKER_MEMBER "/ "
1186 #define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// "
1188 typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER {
1189 UCHAR Name[16]; // File member name - `/' terminated.
1190 UCHAR Date[12]; // File member date - decimal.
1191 UCHAR UserID[6]; // File member user id - decimal.
1192 UCHAR GroupID[6]; // File member group id - decimal.
1193 UCHAR Mode[8]; // File member mode - octal.
1194 UCHAR Size[10]; // File member size - decimal.
1195 UCHAR EndHeader[2]; // String to end header.
1196 } IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER;
1198 #define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60
1208 typedef struct _IMAGE_EXPORT_DIRECTORY {
1209 ULONG Characteristics;
1210 ULONG TimeDateStamp;
1211 USHORT MajorVersion;
1212 USHORT MinorVersion;
1215 ULONG NumberOfFunctions;
1216 ULONG NumberOfNames;
1217 ULONG AddressOfFunctions; // RVA from base of image
1218 ULONG AddressOfNames; // RVA from base of image
1219 ULONG AddressOfNameOrdinals; // RVA from base of image
1220 } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
1226 typedef struct _IMAGE_IMPORT_BY_NAME {
1229 } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;
1231 #include "pshpack8.h" // Use align 8 for the 64-bit IAT.
1233 typedef struct _IMAGE_THUNK_DATA64 {
1235 ULONGLONG ForwarderString; // PUCHAR
1236 ULONGLONG Function; // PULONG
1238 ULONGLONG AddressOfData; // PIMAGE_IMPORT_BY_NAME
1240 } IMAGE_THUNK_DATA64;
1241 typedef IMAGE_THUNK_DATA64 * PIMAGE_THUNK_DATA64;
1243 #include "poppack.h" // Back to 4 byte packing
1245 typedef struct _IMAGE_THUNK_DATA32 {
1247 ULONG ForwarderString; // PUCHAR
1248 ULONG Function; // PULONG
1250 ULONG AddressOfData; // PIMAGE_IMPORT_BY_NAME
1252 } IMAGE_THUNK_DATA32;
1253 typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32;
1255 #define IMAGE_ORDINAL_FLAG64 0x8000000000000000
1256 #define IMAGE_ORDINAL_FLAG32 0x80000000
1257 #define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff)
1258 #define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff)
1259 #define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0)
1260 #define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0)
1263 // Thread Local Storage
1268 (NTAPI *PIMAGE_TLS_CALLBACK) (
1275 typedef struct _IMAGE_TLS_DIRECTORY64 {
1276 ULONGLONG StartAddressOfRawData;
1277 ULONGLONG EndAddressOfRawData;
1278 ULONGLONG AddressOfIndex; // PULONG
1279 ULONGLONG AddressOfCallBacks; // PIMAGE_TLS_CALLBACK *;
1280 ULONG SizeOfZeroFill;
1281 ULONG Characteristics;
1282 } IMAGE_TLS_DIRECTORY64;
1283 typedef IMAGE_TLS_DIRECTORY64 * PIMAGE_TLS_DIRECTORY64;
1285 typedef struct _IMAGE_TLS_DIRECTORY32 {
1286 ULONG StartAddressOfRawData;
1287 ULONG EndAddressOfRawData;
1288 ULONG AddressOfIndex; // PULONG
1289 ULONG AddressOfCallBacks; // PIMAGE_TLS_CALLBACK *
1290 ULONG SizeOfZeroFill;
1291 ULONG Characteristics;
1292 } IMAGE_TLS_DIRECTORY32;
1293 typedef IMAGE_TLS_DIRECTORY32 * PIMAGE_TLS_DIRECTORY32;
1296 #define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG64
1297 #define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal)
1298 typedef IMAGE_THUNK_DATA64 IMAGE_THUNK_DATA;
1299 typedef PIMAGE_THUNK_DATA64 PIMAGE_THUNK_DATA;
1300 #define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL64(Ordinal)
1301 typedef IMAGE_TLS_DIRECTORY64 IMAGE_TLS_DIRECTORY;
1302 typedef PIMAGE_TLS_DIRECTORY64 PIMAGE_TLS_DIRECTORY;
1304 #define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG32
1305 #define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL32(Ordinal)
1306 typedef IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA;
1307 typedef PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA;
1308 #define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL32(Ordinal)
1309 typedef IMAGE_TLS_DIRECTORY32 IMAGE_TLS_DIRECTORY;
1310 typedef PIMAGE_TLS_DIRECTORY32 PIMAGE_TLS_DIRECTORY;
1313 typedef struct _IMAGE_IMPORT_DESCRIPTOR {
1315 ULONG Characteristics; // 0 for terminating null import descriptor
1316 ULONG OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
1318 ULONG TimeDateStamp; // 0 if not bound,
1319 // -1 if bound, and real date\time stamp
1320 // in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
1321 // O.W. date/time stamp of DLL bound to (Old BIND)
1323 ULONG ForwarderChain; // -1 if no forwarders
1325 ULONG FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
1326 } IMAGE_IMPORT_DESCRIPTOR;
1327 typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR;
1330 // New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ]
1333 typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR {
1334 ULONG TimeDateStamp;
1335 USHORT OffsetModuleName;
1336 USHORT NumberOfModuleForwarderRefs;
1337 // Array of zero or more IMAGE_BOUND_FORWARDER_REF follows
1338 } IMAGE_BOUND_IMPORT_DESCRIPTOR, *PIMAGE_BOUND_IMPORT_DESCRIPTOR;
1340 typedef struct _IMAGE_BOUND_FORWARDER_REF {
1341 ULONG TimeDateStamp;
1342 USHORT OffsetModuleName;
1344 } IMAGE_BOUND_FORWARDER_REF, *PIMAGE_BOUND_FORWARDER_REF;
1351 // Resource directory consists of two counts, following by a variable length
1352 // array of directory entries. The first count is the number of entries at
1353 // beginning of the array that have actual names associated with each entry.
1354 // The entries are in ascending order, case insensitive strings. The second
1355 // count is the number of entries that immediately follow the named entries.
1356 // This second count identifies the number of entries that have 16-bit integer
1357 // Ids as their name. These entries are also sorted in ascending order.
1359 // This structure allows fast lookup by either name or number, but for any
1360 // given resource entry only one form of lookup is supported, not both.
1361 // This is consistant with the syntax of the .RC file and the .RES file.
1364 typedef struct _IMAGE_RESOURCE_DIRECTORY {
1365 ULONG Characteristics;
1366 ULONG TimeDateStamp;
1367 USHORT MajorVersion;
1368 USHORT MinorVersion;
1369 USHORT NumberOfNamedEntries;
1370 USHORT NumberOfIdEntries;
1371 // IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[];
1372 } IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
1374 #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
1375 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
1377 // Each directory contains the 32-bit Name of the entry and an offset,
1378 // relative to the beginning of the resource directory of the data associated
1379 // with this directory entry. If the name of the entry is an actual text
1380 // string instead of an integer Id, then the high order bit of the name field
1381 // is set to one and the low order 31-bits are an offset, relative to the
1382 // beginning of the resource directory of the string, which is of type
1383 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
1384 // low-order 16-bits are the integer Id that identify this resource directory
1385 // entry. If the directory entry is yet another resource directory (i.e. a
1386 // subdirectory), then the high order bit of the offset field will be
1387 // set to indicate this. Otherwise the high bit is clear and the offset
1388 // field points to a resource data entry.
1391 typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
1394 ULONG NameOffset:31;
1395 ULONG NameIsString:1;
1403 ULONG OffsetToDirectory:31;
1404 ULONG DataIsDirectory:1;
1407 } IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
1410 // For resource directory entries that have actual string names, the Name
1411 // field of the directory entry points to an object of the following type.
1412 // All of these string objects are stored together after the last resource
1413 // directory entry and before the first resource data object. This minimizes
1414 // the impact of these variable length objects on the alignment of the fixed
1415 // size directory entry objects.
1418 typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
1420 CHAR NameString[ 1 ];
1421 } IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
1424 typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
1426 WCHAR NameString[ 1 ];
1427 } IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
1431 // Each resource data entry describes a leaf node in the resource directory
1432 // tree. It contains an offset, relative to the beginning of the resource
1433 // directory of the data for the resource, a size field that gives the number
1434 // of bytes of data at that offset, a CodePage that should be used when
1435 // decoding code point values within the resource data. Typically for new
1436 // applications the code page would be the unicode code page.
1439 typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
1444 } IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
1447 // Load Configuration Directory Entry
1451 ULONG Characteristics;
1452 ULONG TimeDateStamp;
1453 USHORT MajorVersion;
1454 USHORT MinorVersion;
1455 ULONG GlobalFlagsClear;
1456 ULONG GlobalFlagsSet;
1457 ULONG CriticalSectionDefaultTimeout;
1458 ULONG DeCommitFreeBlockThreshold;
1459 ULONG DeCommitTotalFreeThreshold;
1460 ULONG LockPrefixTable; // VA
1461 ULONG MaximumAllocationSize;
1462 ULONG VirtualMemoryThreshold;
1463 ULONG ProcessHeapFlags;
1464 ULONG ProcessAffinityMask;
1467 ULONG EditList; // VA
1468 ULONG Reserved[ 1 ];
1469 } IMAGE_LOAD_CONFIG_DIRECTORY32, *PIMAGE_LOAD_CONFIG_DIRECTORY32;
1472 ULONG Characteristics;
1473 ULONG TimeDateStamp;
1474 USHORT MajorVersion;
1475 USHORT MinorVersion;
1476 ULONG GlobalFlagsClear;
1477 ULONG GlobalFlagsSet;
1478 ULONG CriticalSectionDefaultTimeout;
1479 ULONGLONG DeCommitFreeBlockThreshold;
1480 ULONGLONG DeCommitTotalFreeThreshold;
1481 ULONGLONG LockPrefixTable; // VA
1482 ULONGLONG MaximumAllocationSize;
1483 ULONGLONG VirtualMemoryThreshold;
1484 ULONGLONG ProcessAffinityMask;
1485 ULONG ProcessHeapFlags;
1488 ULONGLONG EditList; // VA
1489 ULONG Reserved[ 2 ];
1490 } IMAGE_LOAD_CONFIG_DIRECTORY64, *PIMAGE_LOAD_CONFIG_DIRECTORY64;
1493 typedef IMAGE_LOAD_CONFIG_DIRECTORY64 IMAGE_LOAD_CONFIG_DIRECTORY;
1494 typedef PIMAGE_LOAD_CONFIG_DIRECTORY64 PIMAGE_LOAD_CONFIG_DIRECTORY;
1496 typedef IMAGE_LOAD_CONFIG_DIRECTORY32 IMAGE_LOAD_CONFIG_DIRECTORY;
1497 typedef PIMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY;
1501 // WIN CE Exception table format
1505 // Function table entry format. Function table is pointed to by the
1506 // IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry.
1509 typedef struct _IMAGE_CE_RUNTIME_FUNCTION_ENTRY {
1511 ULONG PrologLen : 8;
1513 ULONG ThirtyTwoBit : 1;
1514 ULONG ExceptionFlag : 1;
1515 } IMAGE_CE_RUNTIME_FUNCTION_ENTRY, * PIMAGE_CE_RUNTIME_FUNCTION_ENTRY;
1517 typedef struct _IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY {
1518 ULONGLONG BeginAddress;
1519 ULONGLONG EndAddress;
1520 ULONGLONG ExceptionHandler;
1521 ULONGLONG HandlerData;
1522 ULONGLONG PrologEndAddress;
1523 } IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY, *PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY;
1525 typedef struct _IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY {
1528 ULONG ExceptionHandler;
1530 ULONG PrologEndAddress;
1531 } IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY, *PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY;
1533 typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY {
1536 ULONG UnwindInfoAddress;
1537 } _IMAGE_RUNTIME_FUNCTION_ENTRY, *_PIMAGE_RUNTIME_FUNCTION_ENTRY;
1539 typedef _IMAGE_RUNTIME_FUNCTION_ENTRY IMAGE_IA64_RUNTIME_FUNCTION_ENTRY;
1540 typedef _PIMAGE_RUNTIME_FUNCTION_ENTRY PIMAGE_IA64_RUNTIME_FUNCTION_ENTRY;
1542 #if defined(_AXP64_)
1544 typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_AXP64_RUNTIME_FUNCTION_ENTRY;
1545 typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_AXP64_RUNTIME_FUNCTION_ENTRY;
1546 typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY;
1547 typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY;
1549 #elif defined(_ALPHA_)
1551 typedef IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY;
1552 typedef PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY;
1556 typedef _IMAGE_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY;
1557 typedef _PIMAGE_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY;
1565 typedef struct _IMAGE_DEBUG_DIRECTORY {
1566 ULONG Characteristics;
1567 ULONG TimeDateStamp;
1568 USHORT MajorVersion;
1569 USHORT MinorVersion;
1572 ULONG AddressOfRawData;
1573 ULONG PointerToRawData;
1574 } IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
1576 #define IMAGE_DEBUG_TYPE_UNKNOWN 0
1577 #define IMAGE_DEBUG_TYPE_COFF 1
1578 #define IMAGE_DEBUG_TYPE_CODEVIEW 2
1579 #define IMAGE_DEBUG_TYPE_FPO 3
1580 #define IMAGE_DEBUG_TYPE_MISC 4
1581 #define IMAGE_DEBUG_TYPE_EXCEPTION 5
1582 #define IMAGE_DEBUG_TYPE_FIXUP 6
1583 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
1584 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
1585 #define IMAGE_DEBUG_TYPE_BORLAND 9
1586 #define IMAGE_DEBUG_TYPE_RESERVED10 10
1587 #define IMAGE_DEBUG_TYPE_CLSID 11
1595 typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
1596 ULONG NumberOfSymbols;
1597 ULONG LvaToFirstSymbol;
1598 ULONG NumberOfLinenumbers;
1599 ULONG LvaToFirstLinenumber;
1600 ULONG RvaToFirstByteOfCode;
1601 ULONG RvaToLastByteOfCode;
1602 ULONG RvaToFirstByteOfData;
1603 ULONG RvaToLastByteOfData;
1604 } IMAGE_COFF_SYMBOLS_HEADER, *PIMAGE_COFF_SYMBOLS_HEADER;
1607 #define FRAME_TRAP 1
1609 #define FRAME_NONFPO 3
1611 typedef struct _FPO_DATA {
1612 ULONG ulOffStart; // offset 1st byte of function code
1613 ULONG cbProcSize; // # bytes in function
1614 ULONG cdwLocals; // # bytes in locals/4
1615 USHORT cdwParams; // # bytes in params/4
1616 USHORT cbProlog : 8; // # bytes in prolog
1617 USHORT cbRegs : 3; // # regs saved
1618 USHORT fHasSEH : 1; // TRUE if SEH in func
1619 USHORT fUseBP : 1; // TRUE if EBP has been allocated
1620 USHORT reserved : 1; // reserved for future use
1621 USHORT cbFrame : 2; // frame type
1622 } FPO_DATA, *PFPO_DATA;
1623 #define SIZEOF_RFPO_DATA 16
1626 #define IMAGE_DEBUG_MISC_EXENAME 1
1628 typedef struct _IMAGE_DEBUG_MISC {
1629 ULONG DataType; // type of misc data, see defines
1630 ULONG Length; // total length of record, rounded to four
1632 BOOLEAN Unicode; // TRUE if data is unicode string
1633 UCHAR Reserved[ 3 ];
1634 UCHAR Data[ 1 ]; // Actual data
1635 } IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC;
1639 // Function table extracted from MIPS/ALPHA/IA64 images. Does not contain
1640 // information needed only for runtime support. Just those fields for
1641 // each entry needed by a debugger.
1644 typedef struct _IMAGE_FUNCTION_ENTRY {
1645 ULONG StartingAddress;
1646 ULONG EndingAddress;
1647 ULONG EndOfPrologue;
1648 } IMAGE_FUNCTION_ENTRY, *PIMAGE_FUNCTION_ENTRY;
1650 typedef struct _IMAGE_FUNCTION_ENTRY64 {
1651 ULONGLONG StartingAddress;
1652 ULONGLONG EndingAddress;
1654 ULONGLONG EndOfPrologue;
1655 ULONGLONG UnwindInfoAddress;
1657 } IMAGE_FUNCTION_ENTRY64, *PIMAGE_FUNCTION_ENTRY64;
1660 // Debugging information can be stripped from an image file and placed
1661 // in a separate .DBG file, whose file name part is the same as the
1662 // image file name part (e.g. symbols for CMD.EXE could be stripped
1663 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
1664 // flag in the Characteristics field of the file header. The beginning of
1665 // the .DBG file contains the following structure which captures certain
1666 // information from the image file. This allows a debug to proceed even if
1667 // the original image file is not accessable. This header is followed by
1668 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
1669 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
1670 // the image file contain file offsets relative to the beginning of the
1673 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
1674 // is left in the image file, but not mapped. This allows a debugger to
1675 // compute the name of the .DBG file, from the name of the image in the
1676 // IMAGE_DEBUG_MISC structure.
1679 typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
1683 USHORT Characteristics;
1684 ULONG TimeDateStamp;
1688 ULONG NumberOfSections;
1689 ULONG ExportedNamesSize;
1690 ULONG DebugDirectorySize;
1691 ULONG SectionAlignment;
1693 } IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
1695 typedef struct _NON_PAGED_DEBUG_INFO {
1700 USHORT Characteristics;
1701 ULONG TimeDateStamp;
1704 ULONGLONG ImageBase;
1705 //DebugDirectorySize
1706 //IMAGE_DEBUG_DIRECTORY
1707 } NON_PAGED_DEBUG_INFO, *PNON_PAGED_DEBUG_INFO;
1710 #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
1711 #define NON_PAGED_DEBUG_SIGNATURE 0x494E
1713 #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4449 // DI
1714 #define NON_PAGED_DEBUG_SIGNATURE 0x4E49 // NI
1717 #define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
1718 #define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
1719 // old checksum didn't match.
1722 // The .arch section is made up of headers, each describing an amask position/value
1723 // pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header
1724 // and entry arrays) are terminiated by a quadword of 0xffffffffL.
1726 // NOTE: There may be quadwords of 0 sprinkled around and must be skipped.
1729 typedef struct _ImageArchitectureHeader {
1730 unsigned int AmaskValue: 1; // 1 -> code section depends on mask bit
1731 // 0 -> new instruction depends on mask bit
1733 unsigned int AmaskShift: 8; // Amask bit in question for this fixup
1735 ULONG FirstEntryRVA; // RVA into .arch section to array of ARCHITECTURE_ENTRY's
1736 } IMAGE_ARCHITECTURE_HEADER, *PIMAGE_ARCHITECTURE_HEADER;
1738 typedef struct _ImageArchitectureEntry {
1739 ULONG FixupInstRVA; // RVA of instruction to fixup
1740 ULONG NewInst; // fixup instruction (see alphaops.h)
1741 } IMAGE_ARCHITECTURE_ENTRY, *PIMAGE_ARCHITECTURE_ENTRY;
1743 #include "poppack.h" // Back to the initial value
1745 // The following structure defines the new import object. Note the values of the first two fields,
1746 // which must be set as stated in order to differentiate old and new import members.
1747 // Following this structure, the linker emits two null-terminated strings used to recreate the
1748 // import at the time of use. The first string is the import's name, the second is the dll's name.
1750 #define IMPORT_OBJECT_HDR_SIG2 0xffff
1752 typedef struct IMPORT_OBJECT_HEADER {
1753 USHORT Sig1; // Must be IMAGE_FILE_MACHINE_UNKNOWN
1754 USHORT Sig2; // Must be IMPORT_OBJECT_HDR_SIG2.
1757 ULONG TimeDateStamp; // Time/date stamp
1758 ULONG SizeOfData; // particularly useful for incremental links
1761 USHORT Ordinal; // if grf & IMPORT_OBJECT_ORDINAL
1765 USHORT Type : 2; // IMPORT_TYPE
1766 USHORT NameType : 3; // IMPORT_NAME_TYPE
1767 USHORT Reserved : 11; // Reserved. Must be zero.
1768 } IMPORT_OBJECT_HEADER;
1770 typedef enum IMPORT_OBJECT_TYPE
1772 IMPORT_OBJECT_CODE = 0,
1773 IMPORT_OBJECT_DATA = 1,
1774 IMPORT_OBJECT_CONST = 2,
1775 } IMPORT_OBJECT_TYPE;
1777 typedef enum IMPORT_OBJECT_NAME_TYPE
1779 IMPORT_OBJECT_ORDINAL = 0, // Import by ordinal
1780 IMPORT_OBJECT_NAME = 1, // Import name == public symbol name.
1781 IMPORT_OBJECT_NAME_NO_PREFIX = 2, // Import name == public symbol name skipping leading ?, @, or optionally _.
1782 IMPORT_OBJECT_NAME_UNDECORATE = 3, // Import name == public symbol name skipping leading ?, @, or optionally _
1783 // and truncating at first @
1784 } IMPORT_OBJECT_NAME_TYPE;
projects / platform / upstream / dotnet / runtime.git / blob