/* OpenIDA - Outil d'analyse de fichiers binaires * pe-int.h - prototypes pour les structures internes du format Portable Executable * * Copyright (C) 2008 Cyrille Bagard * * This file is part of OpenIDA. * * OpenIDA is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * OpenIDA is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Foobar. If not, see . */ #ifndef _FORMAT_PE_E_PE_INT_H #define _FORMAT_PE_E_PE_INT_H #include "../exe_format-int.h" /* ---------------------------- DESCRIPTION DU FORMAT PE ---------------------------- */ /* En-tête DOS */ typedef struct _image_dos_header { uint16_t e_magic; /* Numéro magique */ uint16_t e_cblp; /* Octets de la dernière page */ uint16_t e_cp; /* Pages dans le fichier */ uint16_t e_crlc; /* Relocalisations */ uint16_t e_cparhdr; /* Taille en paragraphes */ uint16_t e_minalloc; /* Nb min de paragraphes requis*/ uint16_t e_maxalloc; /* Nb max de paragraphes requis*/ uint16_t e_ss; /* Valeur (relative) SS init. */ uint16_t e_sp; /* Valeur SP initiale */ uint16_t e_csum; /* Empreinte */ uint16_t e_ip; /* Valeur IP initiale */ uint16_t e_cs; /* Valeur (relative) CS init. */ uint16_t e_lfarlc; /* Position de table de reloc. */ uint16_t e_ovno; /* Nombre d'overlay */ uint16_t e_res[4]; /* Mots réservés */ uint16_t e_oemid; /* Identifiant OEM */ uint16_t e_oeminfo; /* Infos OEM pour e_oemid */ uint16_t e_res2[10]; /* Mots réservés */ uint32_t e_lfanew; /* Décallage de bonne en-tête */ } image_dos_header; /* Archtecture supportées */ #define IMAGE_FILE_MACHINE_I386 0x014c /* x86 */ #define IMAGE_FILE_MACHINE_IA64 0x0200 /* Intel IPF */ #define IMAGE_FILE_MACHINE_AMD64 0x8664 /* x64 */ /* Caractéristiques de l'image */ #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 /* Pas de relocalisation */ #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 /* Fichier exécutable */ #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 /* Pas de ligne COFF */ #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 /* Pas de table de symboles COFF */ #define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 /* Aggressively trim the working set. This value is obsolete as of Windows 2000. */ #define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 /* Adressage > 2 Go */ #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 /* Octets inv. ; obsolète */ #define IMAGE_FILE_32BIT_MACHINE 0x0100 /* Machine 32 bits */ #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 /* Pas d'infos de débogage */ #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 /* ...support amovible */ #define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 /* Ficher issu du réseau */ #define IMAGE_FILE_SYSTEM 0x1000 /* Fichier système */ #define IMAGE_FILE_DLL 0x2000 /* Fichier DLL */ #define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 /* Mono-proc. seulement */ #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 /* Octets inv. ; obsolète */ /* Première en-tête du "vrai" format */ typedef struct _image_file_header { uint16_t machine; /* Type de machine visée */ uint16_t number_of_sections; /* Nombre de sections */ uint32_t time_date_stamp; /* Date de la liaison */ uint32_t pointer_to_symbol_table; /* Position de ladite table */ uint32_t number_of_symbols; /* Nombre de symboles */ uint16_t size_of_optional_header; /* Taille de l'en-tête n°2 */ uint16_t characteristics; /* Propriétés de l'image */ } image_file_header; /* Description du format Portable Executable */ struct _pe_format { int a; }; #endif /* _FORMAT_PE_E_PE_INT_H */