From ac28d9d02975a8165d7495ee56a7cf0f99542cac Mon Sep 17 00:00:00 2001
From: Nik <werwolv98@gmail.com>
Date: Sun, 1 Jan 2023 23:51:12 +0100
Subject: [PATCH] patterns/coff: Added COFF pattern

---
 README.md                                |   1 +
 patterns/coff.hexpat                     | 209 +++++++++++++++++++++++
 tests/patterns/test_data/coff.hexpat.obj | Bin 0 -> 2652 bytes
 3 files changed, 210 insertions(+)
 create mode 100644 patterns/coff.hexpat
 create mode 100644 tests/patterns/test_data/coff.hexpat.obj

diff --git a/README.md b/README.md
index 251df51..d108bf2 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,7 @@ Hex patterns, include patterns and magic files for the use with the ImHex Hex Ed
 | WAD | | [`patterns/wad.hexpat`](patterns/wad.hexpat) | DOOM WAD Archive |
 | GIF | `image/gif` | [`patterns/gif.hexpat`](patterns/gif.hexpat) | GIF image files |
 | ZSTD | `application/zstd` | [`patterns/zstd.hexpat`](patterns/zstd.hexpat) | Zstandard compressed data format |
+| COFF | `application/x-coff` | [`patterns/coff.hexpat`](patterns/coff.hexpat) | Common Object File Format (COFF) executable |
 
 ### Scripts
 
diff --git a/patterns/coff.hexpat b/patterns/coff.hexpat
new file mode 100644
index 0000000..ac4a534
--- /dev/null
+++ b/patterns/coff.hexpat
@@ -0,0 +1,209 @@
+#pragma MIME application/x-coff
+
+#include <type/time.pat>
+#include <type/size.pat>
+
+enum Machine : u16 {
+    Unknown     = 0x0000,
+    AM33        = 0x01D3,
+    AMD64       = 0x8664,
+    ARM         = 0x01C0,
+    ARM64       = 0xAA64,
+    ARMNT       = 0x01C4,
+    EBC         = 0x0EBC,
+    I386        = 0x014C,
+    IA64        = 0x0200,
+    LOONGARCH32 = 0x6232,
+    LOONGARCH64 = 0x6264,
+    M32R        = 0x9041,
+    MIPS16      = 0x0226,
+    MIPSFPU     = 0x0366,
+    MIPSFPU16   = 0x0466,
+    POWERPC     = 0x01F0,
+    POWERPCFP   = 0x01F0,
+    R4000       = 0x0166,
+    RISCV32     = 0x5032,
+    RISCV64     = 0x5064,
+    RISCV128    = 0x5128,
+    SH3         = 0x01A2,
+    SH3DSP      = 0x01A3,
+    SH4         = 0x01A6,
+    SH5         = 0x01A8,
+    THUMB       = 0x01C2,
+    WCEMIPSV2   = 0x0169
+};
+
+bitfield Characteristics {
+    relocsStripped          : 1;
+    executableImage         : 1;
+    lineNumsStripped        : 1;
+    localSymsStripped       : 1;
+    aggressiveWsTrim        : 1;
+    largeAddressAware       : 1;
+    padding                 : 1;
+    bytesReversedLo         : 1;
+    _32BitMachine           : 1;
+    debugStripped           : 1;
+    removableRunFromSwap    : 1;
+    netRunFromSwap          : 1;
+    system                  : 1;
+    dll                     : 1;
+    upSystemOnly            : 1;
+    bytesReversedHi         : 1;
+} [[right_to_left]];
+
+enum Type : u16 {
+    Null    = 0,
+    Void    = 1,
+    Char    = 2,
+    Short   = 3,
+    Int     = 4,
+    Long    = 5,
+    Float   = 6,
+    Double  = 7,
+    Struct  = 8,
+    Union   = 9,
+    Enum    = 10,
+    MOE     = 11,
+    Byte    = 12,
+    Word    = 13,
+    UInt    = 14,
+    DWord   = 15
+};
+
+enum StorageClass : u8 {
+    EndOfFunction   = 0xFF,
+    Null            = 0,
+    Automatic       = 1,
+    External        = 2,
+    Static          = 3,
+    Register        = 4,
+    ExternalDef     = 5,
+    Label           = 6,
+    UndefinedLabel  = 7,
+    MemberOfStruct  = 8,
+    Argument        = 9,
+    StructTag       = 10,
+    MemberOfUnion   = 11,
+    UnionTag        = 12,
+    TypeDefinition  = 13,
+    UndefinedStatic = 14,
+    EnumTag         = 15,
+    MemberOfEnum    = 16,
+    RegisterParam   = 17,
+    BitField        = 18,
+    Block           = 100,
+    Function        = 101,
+    EndOfStruct     = 102,
+    File            = 103,
+    Section         = 104,
+    WeakExternal    = 105,
+    CLRToken        = 107
+};
+
+struct AuxSymbol {
+    u8 data[18];
+};
+
+u32 countedSymbols = 0;
+struct SymbolTable {
+    char name[8];
+    u32 value;
+    u16 sectionNumber;
+    Type type;
+    StorageClass storageClass;
+    u8 numberOfAuxSymbols;
+    
+    countedSymbols += 1 + numberOfAuxSymbols;
+    
+    AuxSymbol auxSymbols[numberOfAuxSymbols];
+    
+    if (countedSymbols >= parent.header.numberOfSymbols)
+        break;
+};
+
+struct String {
+    char value[];
+};
+
+struct StringTable {
+    u32 size;
+    String strings[while($ < addressof(size) + size)];
+};
+
+bitfield SectionFlags {
+    padding             : 3;
+    typeNoPad           : 1;
+    padding             : 1;
+    cntCode             : 1;
+    initializedData     : 1;
+    uninitializedData   : 1;
+    lnkOther            : 1;
+    lnkInfo             : 1;
+    padding             : 1;
+    lnkRemove           : 1;
+    lnkCOMDAT           : 1;
+    padding             : 2;
+    gprel               : 1;
+    padding             : 1;
+    memPurgeable        : 1;
+    memLocked           : 1;
+    memPreload          : 1;
+    alignment           : 4 [[format("format_alignment")]];
+    lnkNrelocOvfl       : 1;
+    memDiscardable      : 1;
+    memNotCached        : 1;
+    memNotPaged         : 1;
+    memShared           : 1;
+    memExecute          : 1;
+    memRead             : 1;
+    memWrite            : 1;
+} [[right_to_left]];
+
+fn format_alignment(u8 alignment) {
+    return 1 << alignment;
+};
+
+struct Relocations {
+    u32 virtualAddress;
+    u32 symbolTableIndex;
+    Type type;
+};
+
+struct Section {
+    char name[8];
+    type::Size<u32> virtualSize;
+    u32 virtualAddress;
+    type::Size<u32> sizeOfRawData;
+    u32 pointerToRawData;
+    u32 pointerToRelocations;
+    u32 pointerToLineNumbers;
+    u16 numberOfRelocations;
+    u16 numberOfLineNumbers;
+    SectionFlags characteristics;
+    
+    u8 rawData[sizeOfRawData] @ pointerToRawData [[sealed]];
+    Relocations relocations[numberOfRelocations] @ pointerToRelocations;
+};
+
+struct Header {
+    Machine machine;
+    u16 numberOfSections;
+    type::time32_t timeDateStamp;
+    u32 pointerToSymbolTable;
+    u32 numberOfSymbols;
+    u16 sizeOfOptionalHeader;
+    Characteristics characteristics;
+};
+
+
+struct COFF {
+    Header header;
+    
+    Section sectionTable[header.numberOfSections];
+    
+    SymbolTable symbolTable[header.numberOfSymbols] @ header.pointerToSymbolTable;
+    StringTable stringTable @ addressof(symbolTable) + sizeof(symbolTable);
+};
+
+COFF coff @ 0x00;
diff --git a/tests/patterns/test_data/coff.hexpat.obj b/tests/patterns/test_data/coff.hexpat.obj
new file mode 100644
index 0000000000000000000000000000000000000000..26ae2e97b2dac45a664f5e8cddc5a453d4b88da3
GIT binary patch
literal 2652
zcmb_eeQXp}5TE1vc~ER?(kM{aYSET*$KG}CxH}qCK3ZBWDWR1X*m&LU?zKzrc8}e?
zYb#=EqKGjuC<*dq_^PQj_79|>37RMxD@6tQNchwc1A&N=7EmD=oVR;duMLgS_>$R~
z_ulW#o0&H|?+NSE;9BP3v4Tv1Y%rTcP(@ykiSaI2QAn{QdU0;c28SRvM_UT(5;Gf9
z0Mf_c${~9}99N&fZI}S?c50$$as#J}9eQC{PRyjCFe4+;GdYz_H;vu58>eO>?noSq
zW<Ys1?#s8fX&z=o0gcko7=2&^peTwg8A95R6b4HUGFaqiIX2L)sBNs1)!1rT7uB#R
zNSrRRysEP?Ueh^Mk4D($s1y>|u+D}gxlM`a+KAwgIbDj05mi~uD$T1^mJ16WhHaMQ
zup)>K90EU-<ye{kj>E%H09|V>BYcU(tBR%sb*gAtF;yGUrLgq8B)3otm2gA~i7KQ)
zVUDH?0JqTIRt!CfK4s-Mb^RGT=RBP6Sry8?TC@B2gT+1FOJM!&^M_w8pZ;_uz(NDJ
z{mS0K^c5d@wsyK^_tsxt(6^PjRrH$eiI;M6w;lD)DFJxXz~!yG=9+ct!d?Gn=kb}J
zetFM&^lSI-^Y+M*Z)iF5YMB#Y(7<gvaQ57jJ!xC^+|W**+;ifUH3t^GIO+55^N-Ct
zHz(_kf+sNz4Wz6W`~T?f@7bSKJG8<#|Mpv*O`+JqvyDI3(ANhp?8@Jn4iGVLXFfO<
zyRz+GUSaT!hJDKq<!oU0A9a7PpIp-$jrJFXN&$8nIBH_`;TtE~26`Ru+@1IG3t#1a
zIQPff1I76}H|G2L-@WVrIBnp*-6gCT^tL_%-#xb_QWmVM(ciPaFP5D8q=ZSoSn&(S
zB?D8FvQF>a^V2M4cuQYr3O8vWyJ)a?pX%Gzu%p+On>BUH^<03P=x-%r$0muU@|YL8
zqJ*?DIYMSe(j#&Hd?fN8H3*`P|7f5k%BeyiENNj*=UW}E|Ex`o%9uwYE6K#tc<;dr
zD>^XaWiB*-X|={SNV1@`YjumBsm7H&{tkR7Du}F;cF+!&i>8sYQSx5|d07wruNrv;
z3zDioSf?3mL5vAf%<xJOnmJh(g$Kh&pU$XgaDo`r{_QG_8^_o2H{unUkE*ID^PT2u
zv-Xh6lm<09SXqJ8qcpH!rU6WbjBK3<q~Y8wu;dZZf^wim)C2J{6bNEX2#~r02d7Yb
zt1r>Vhis5)VBzNQDEZg;xSgl$E9X*nSqUjE3T1C#kQym_tqVy*>a<h##bNwZRAING
z3h_(oai|X0@&0zcl~V({AqN$;j#nZgPA)?dD0}@<%HA$8b6swO`#f}<I}PrkOHJ-V
z0}$se^%|UUd*a+2XWWT#pD|ARjP-8XjmB0kG_fAkwK9YhLGa>Aq)wc0y6IA{>3d2Z
zmH<e_nEi&nry-~8SUUZDNl6GRx@J0|x2hs1)Nw(vT9$NlyS<e0FlaYAOMLYbXWN~O
z%R_uZ&S0PjC$<poB{n1X5g(jPDQ(V|dWjEC#?25PoQ%h5avyE#@zIDker7)(r0jUf
zw8)C4OT6aiIaMUaRr%|x<_BCPIATXcRPiU4buQ#5l|T(kvP9shTyWE56GUKH(D3p>
zFB-?5e{x<-0c&0=STQ0gNEt|(Na;w!LmxvIz!!<zu?Zts28)f`5k;esOPVxtpHILw
zX6qU!F{eT92quAz^YQ|i0JS;8*rk)E68gy_q%b}{8HiZ`4<RS}qROt>$g_|p8moz9
z1M=6HV;ynH2DZL+J?k8&chHT~f7m=QBWrtT^;4gDGS94H4^<bG-FbF-Z^5zG`yaoA
z3yfCI<7MlRgs!!zmizYsA4BCqk<%SCy|LQT6(5NyAxBt1`vJ_6<R=u#JFA7*Ke{D9
zW5`OYg*>1}x8$c2(O|WZ$J6NMNP0FA1y)NUX2tz|kD70S<h@A5td?&4Cbmm4PLF8)
ZdxS!7k{?h+r`3{tG6WAW6=|Hq{tK={#1{Yn

literal 0
HcmV?d00001