home *** CD-ROM | disk | FTP | other *** search
/ Reverse Code Engineering RCE CD +sandman 2000 / ReverseCodeEngineeringRceCdsandman2000.iso / RCE / Stone / windows / imghdr.inc < prev    next >
Encoding:
Text File  |  2000-05-25  |  9.3 KB  |  191 lines
  1. ;
  2. ;  Image Format - Adopted from winnt.h
  3. ;  TASM assembly conversion by NetWalker
  4.  
  5. IMAGE_DOS_SIGNATURE     EQU     05A4Dh        ;  MZ
  6. IMAGE_OS2_SIGNATURE     EQU     0454Eh        ;  NE
  7. IMAGE_OS2_SIGNATURE_LE  EQU     0454Ch        ;  LE
  8. IMAGE_VXD_SIGNATURE     EQU     0454Ch        ;  LE
  9. IMAGE_NT_SIGNATURE      EQU     000004550h    ;  PE00
  10.  
  11. IMAGE_SIZEOF_FILE_HEADER                EQU     20
  12. IMAGE_FILE_RELOCS_STRIPPED              EQU     00001h    ;  Relocation info stripped from file.
  13. IMAGE_FILE_EXECUTABLE_IMAGE             EQU     00002h    ;  File is executable  (i.e. no unresolved externel references).
  14. IMAGE_FILE_LINE_NUMS_STRIPPED           EQU     00004h    ;  Line nunbers stripped from file.
  15. IMAGE_FILE_LOCAL_SYMS_STRIPPED          EQU     00008h    ;  Local symbols stripped from file.
  16. IMAGE_FILE_AGGRESIVE_WS_TRIM            EQU     00010h    ;  Agressively trim working set
  17. IMAGE_FILE_BYTES_REVERSED_LO            EQU     00080h    ;  Bytes of machine word are reversed.
  18. IMAGE_FILE_32BIT_MACHINE                EQU     00100h    ;  32 bit word machine.
  19. IMAGE_FILE_DEBUG_STRIPPED               EQU     00200h    ;  Debugging info stripped from file in .DBG file
  20. IMAGE_FILE_REMOVABLE_RUN_FROM_SW        EQU     00400h    ;  If Image is on removable media, copy and run from the swap file.
  21. IMAGE_FILE_NET_RUN_FROM_SWAP            EQU     00800h    ;  If Image is on Net, copy and run from the swap file.
  22. IMAGE_FILE_SYSTEM               EQU     01000h    ;  System File.
  23. IMAGE_FILE_DLL                  EQU     02000h    ;  File is a DLL.
  24. IMAGE_FILE_UP_SYSTEM_ONLY               EQU     04000h    ;  File should only be run on a UP machine
  25. IMAGE_FILE_BYTES_REVERSED_HI            EQU     08000h    ;  Bytes of machine word are reversed.
  26. IMAGE_FILE_MACHINE_UNKNOWN              EQU     0
  27. IMAGE_FILE_MACHINE_I386                 EQU     014ch    ;  Intel 386.
  28. IMAGE_FILE_MACHINE_R3000                EQU     0162h    ;  MIPS little-endian, 0x160 big-endian
  29. IMAGE_FILE_MACHINE_R4000                EQU     0166h    ;  MIPS little-endian
  30. IMAGE_FILE_MACHINE_R10000               EQU     0168h    ;  MIPS little-endian
  31. IMAGE_FILE_MACHINE_ALPHA                EQU     0184h    ;  Alpha_AXP
  32. IMAGE_FILE_MACHINE_POWERPC              EQU     01F0h    ;  IBM PowerPC Little-Endian
  33.  
  34. ;
  35. ;  Directory format.
  36. ;
  37.  
  38. IMAGE_DATA_DIRECTORY                   STRUC       
  39. VirtualAddress      DD      ?
  40. Size                DD      ?
  41. IMAGE_DATA_DIRECTORY                   ENDS
  42.  
  43. IMAGE_NUMBEROF_DIRECTORY_ENTRIES        EQU     16
  44.  
  45.  
  46. ;*****************************************************
  47. ;****              Image NT Header                ****
  48. ;*****************************************************
  49.  
  50.  
  51. IMAGE_NT_HEADERS   STRUC   
  52.  
  53. ;-----------------PE Signature
  54. Signature                   DD      ?    ; 4
  55. ;-----------------PE File Header
  56. Machine                     DW      ?    ; 6
  57. NumberOfSections            DW      ?    ; 8
  58. TimeDateStamp               DD      ?    ; 12
  59. PointerToSymbolTable        DD      ?    ; 16
  60. NumberOfSymbols             DD      ?    ; 20
  61. SizeOfOptionalHeader        DW      ?    ; 22
  62. Characteristics             DW      ?    ; 24
  63. ;-----------------Optional header -  Standard fields.
  64. Magic                       DW      ?
  65. MajorLinkerVersion          DB      ?
  66. MinorLinkerVersion          DB      ?
  67. SizeOfCode                  DD      ?
  68. SizeOfInitializedData           DD      ?
  69. SizeOfUninitializedData         DD      ?
  70. AddressOfEntryPoint         DD      ?
  71. BaseOfCode                  DD      ?
  72. BaseOfData                  DD      ?
  73. ;-----------------Optional header -  NT additional fields.
  74. ImageBase                   DD      ?
  75. SectionAlignment            DD      ?
  76. FileAlignment               DD      ?
  77. MajorOperatingSystemVersion     DW      ?
  78. MinorOperatingSystemVersion     DW      ?
  79. MajorImageVersion           DW      ?
  80. MinorImageVersion           DW      ?
  81. MajorSubsystemVersion           DW      ?
  82. MinorSubsystemVersion           DW      ?
  83. Win32VersionValue           DD      ?
  84. SizeOfImage                 DD      ?
  85. SizeOfHeaders               DD      ?
  86. CheckSum                    DD      ?
  87. Subsystem                   DW      ?
  88. DllCharacteristics          DW      ?
  89. SizeOfStackReserve          DD      ?
  90. SizeOfStackCommit           DD      ?
  91. SizeOfHeapReserve           DD      ?
  92. SizeOfHeapCommit            DD      ?
  93. LoaderFlags                 DD      ?
  94. NumberOfRvaAndSizes         DD      ?
  95. DataDirectory       IMAGE_DATA_DIRECTORY             16 DUP ( <> )
  96. IMAGE_NT_HEADERS   ENDS
  97.  
  98. ;
  99. ;  Subsystem Values
  100. ;
  101.  
  102. IMAGE_SUBSYSTEM_UNKNOWN                 EQU     0    ;  Unknown subsystem.
  103. IMAGE_SUBSYSTEM_NATIVE                  EQU     1    ;  Image doesn't require a subsystem.
  104. IMAGE_SUBSYSTEM_WINDOWS_GUI             EQU     2    ;  Image runs in the Windows GUI subsystem.
  105. IMAGE_SUBSYSTEM_WINDOWS_CUI             EQU     3    ;  Image runs in the Windows character subsystem.
  106. IMAGE_SUBSYSTEM_OS2_CUI                 EQU     5    ;  image runs in the OS/2 character subsystem.
  107. IMAGE_SUBSYSTEM_POSIX_CUI               EQU     7    ;  image run  in the Posix character subsystem.
  108. IMAGE_SUBSYSTEM_RESERVED8               EQU     8    ;  image run  in the 8 subsystem.
  109.  
  110. ;
  111. ;  Directory Entries
  112. ;
  113.  
  114. IMAGE_DIRECTORY_ENTRY_EXPORT            EQU     0    ;  Export Directory
  115. IMAGE_DIRECTORY_ENTRY_IMPORT            EQU     1    ;  Import Directory
  116. IMAGE_DIRECTORY_ENTRY_RESOURCE          EQU     2    ;  Resource Directory
  117. IMAGE_DIRECTORY_ENTRY_EXCEPTION        EQU     3    ;  Exception Directory
  118. IMAGE_DIRECTORY_ENTRY_SECURITY          EQU     4    ;  Security Directory
  119. IMAGE_DIRECTORY_ENTRY_BASERELOC         EQU     5    ;  Base Relocation Table
  120. IMAGE_DIRECTORY_ENTRY_DEBUG             EQU     6    ;  Debug Directory
  121. IMAGE_DIRECTORY_ENTRY_COPYRIGHT         EQU     7    ;  Description String
  122. IMAGE_DIRECTORY_ENTRY_GLOBALPTR         EQU     8    ;  Machine Value (MIPS GP)
  123. IMAGE_DIRECTORY_ENTRY_TLS               EQU     9    ;  TLS Directory
  124. IMAGE_DIRECTORY_ENTRY_LOAD_CONFI        EQU     10    ;  Load Configuration Directory
  125. IMAGE_DIRECTORY_ENTRY_BOUND_IMPO        EQU     11    ;  Bound Import Directory in headers
  126. IMAGE_DIRECTORY_ENTRY_IAT               EQU     12    ;  Import Address Table
  127.  
  128. ;*****************************************************
  129. ;****         Image Section Entry Format          ****
  130. ;*****************************************************
  131.  
  132. IMAGE_SIZEOF_SHORT_NAME                 EQU     8
  133.  
  134. IMAGE_SECTION_HEADER                   STRUC   
  135. Name                    DB      8 DUP ( ? )
  136. SVirtualSize            DD    ?
  137. SVirtualAddress          DD      ?    ; "S" included to diferentiate from NT_IMAGE_HEADER field
  138. SizeOfRawData           DD      ?
  139. PointerToRawData        DD      ?
  140. PointerToRelocations    DD      ?
  141. PointerToLinenumbers    DD      ?
  142. NumberOfRelocations     DW      ?
  143. NumberOfLinenumbers     DW      ?
  144. SFlags                 DD      ?    ; "S" included to diferentiate from NT_IMAGE_HEADER field
  145. IMAGE_SECTION_HEADER                   ENDS
  146.  
  147. IMAGE_SIZEOF_SECTION_HEADER             EQU     40
  148.  
  149. ;
  150. ;  Section characteristics.
  151. ;
  152. ;     IMAGE_SCN_TYPE_REG                       0x00000000      ; Reserved.
  153. ;     IMAGE_SCN_TYPE_DSECT                     0x00000001      ; Reserved.
  154. ;     IMAGE_SCN_TYPE_NOLOAD                    0x00000002      ; Reserved.
  155. ;     IMAGE_SCN_TYPE_GROUP                     0x00000004      ; Reserved.
  156. IMAGE_SCN_TYPE_NO_PAD                   EQU     000000008h    ;  Reserved.
  157. ;     IMAGE_SCN_TYPE_COPY                      0x00000010      ; Reserved.
  158. IMAGE_SCN_CNT_CODE              EQU     000000020h    ;  Section contains code.
  159. IMAGE_SCN_CNT_INITIALIZED_DATA          EQU     000000040h    ;  Section contains initialized data.
  160. IMAGE_SCN_CNT_UNINITIALIZED_DATA        EQU     000000080h    ;  Section contains uninitialized data.
  161. IMAGE_SCN_LNK_OTHER             EQU     000000100h    ;  Reserved.
  162. IMAGE_SCN_LNK_INFO              EQU     000000200h    ;  Section contains comments or some other type of information.
  163. ;       IMAGE_SCN_TYPE_OVER                      0x00000400      ; Reserved.
  164. IMAGE_SCN_LNK_REMOVE                  EQU     000000800h    ;  Section contents will not become part of image.
  165. IMAGE_SCN_LNK_COMDAT                  EQU     000001000h    ;  Section contents comdat.
  166. ;                                                0x00002000      ; Reserved.
  167. ;       IMAGE_SCN_MEM_PROTECTED - Obsolete       0x00004000
  168. IMAGE_SCN_MEM_FARDATA                   EQU     000008000h
  169. ;       IMAGE_SCN_MEM_SYSHEAP  - Obsolete        0x00010000
  170. IMAGE_SCN_MEM_PURGEABLE                 EQU     000020000h
  171. IMAGE_SCN_MEM_16BIT             EQU     000020000h
  172. IMAGE_SCN_MEM_LOCKED                  EQU     000040000h
  173. IMAGE_SCN_MEM_PRELOAD                   EQU     000080000h
  174. IMAGE_SCN_ALIGN_1BYTES                  EQU     000100000h
  175. IMAGE_SCN_ALIGN_2BYTES                  EQU     000200000h
  176. IMAGE_SCN_ALIGN_4BYTES                  EQU     000300000h
  177. IMAGE_SCN_ALIGN_8BYTES                  EQU     000400000h
  178. IMAGE_SCN_ALIGN_16BYTES                 EQU     000500000h    ;  Default alignment if no others are specified.
  179. IMAGE_SCN_ALIGN_32BYTES                 EQU     000600000h
  180. IMAGE_SCN_ALIGN_64BYTES                 EQU     000700000h
  181. ;  Unused                                        0x00800000
  182. IMAGE_SCN_LNK_NRELOC_OVFL               EQU     001000000h    ;  Section contains extended relocations.
  183. IMAGE_SCN_MEM_DISCARDABLE               EQU     002000000h    ;  Section can be discarded.
  184. IMAGE_SCN_MEM_NOT_CACHED                EQU     004000000h    ;  Section is not cachable.
  185. IMAGE_SCN_MEM_NOT_PAGED                 EQU     008000000h    ;  Section is not pageable.
  186. IMAGE_SCN_MEM_SHARED                  EQU     010000000h    ;  Section is shareable.
  187. IMAGE_SCN_MEM_EXECUTE                   EQU     020000000h    ;  Section is executable.
  188. IMAGE_SCN_MEM_READ              EQU     040000000h    ;  Section is readable.
  189. IMAGE_SCN_MEM_WRITE             EQU     080000000h    ;  Section is writeable.
  190.  
  191.