Uploaded currently available files

2026-03-28 07:47:02 -05:00 · 2020-12-03 21:49:54 +01:00
parent 83b9faf43e
commit f2d85fd506
4 changed files with 193 additions and 0 deletions
--- a/patterns/elf.hexpat
+++ b/patterns/elf.hexpat
@@ -0,0 +1,49 @@
+#pragma MIME application/x-executable
+
+using Elf32_Addr  = u32;
+using Elf32_Half  = u16;
+using Elf32_Off   = u32;
+using Elf32_Sword = s32;
+using Elf32_Word  = u32;
+
+using Elf64_Addr  = u64;
+using Elf64_Half  = u16;
+using Elf64_Off   = u64;
+using Elf64_Sword = s32;
+using Elf64_Word  = u32;
+
+struct Elf32_Ehdr {
+  Elf32_Word	e_ident;
+  Elf32_Half	e_type;
+  Elf32_Half	e_machine;
+  Elf32_Word	e_version;
+  Elf32_Addr	e_entry;
+  Elf32_Off	    e_phoff;
+  Elf32_Off	    e_shoff;
+  Elf32_Word	e_flags;
+  Elf32_Half	e_ehsize;
+  Elf32_Half	e_phentsize;
+  Elf32_Half	e_phnum;
+  Elf32_Half	e_shentsize;
+  Elf32_Half	e_shnum;
+  Elf32_Half	e_shstrndx;
+};
+
+struct Elf64_Ehdr {
+  Elf64_Word    e_ident;
+  Elf64_Half    e_type;
+  Elf64_Half    e_machine;
+  Elf64_Word    e_version;
+  Elf64_Addr    e_entry;
+  Elf64_Off     e_phoff;
+  Elf64_Off     e_shoff;
+  Elf64_Word    e_flags;
+  Elf64_Half    e_ehsize;
+  Elf64_Half    e_phentsize;
+  Elf64_Half    e_phnum;
+  Elf64_Half    e_shentsize;
+  Elf64_Half    e_shnum;
+  Elf64_Half    e_shstrndx;
+};
+
+Elf64_Ehdr header @ 0x00;
--- a/patterns/pe.hexpat
+++ b/patterns/pe.hexpat
@@ -0,0 +1,112 @@
+#pragma MIME application/x-dosexec
+
+enum MachineType : u16 {
+	Unknown = 0x00,
+	AM33 = 0x1D3,
+	AMD64 = 0x8664,
+	ARM = 0x1C0,
+	ARM64 = 0xAA64,
+	ARMNT = 0x1C4,
+	EBC = 0xEBC,
+	I386 = 0x14C,
+	IA64 = 0x200,
+	M32R = 0x9041,
+	MIPS16 = 0x266,
+	MIPSFPU = 0x366,
+	MIPSFPU16 = 0x466,
+	POWERPC = 0x1F0,
+	POWERPCFP = 0x1F1,
+	R4000 = 0x166,
+	RISCV32 = 0x5032,
+	RISCV64 = 0x5064,
+	RISCV128 = 0x5128,
+	SH3 = 0x1A2,
+	SH3DSP = 0x1A3,
+	SH4 = 0x1A6,
+	SH5 = 0x1A8,
+	THUMB = 0x1C2,
+	WCEMIPSV2 = 0x169
+};
+
+bitfield Characteristics {
+	stripped : 1;
+	executableImage : 1;
+	lineNumsStripped : 1;
+	localSymsStripped : 1;
+	aggressiveWsTrim : 1;
+	largeAddressAware : 1;
+	reserved : 1;
+	bytesReversedLo : 1;
+	is32BitMachine : 1;
+	debugStripped : 1;
+	removableRunFromSwap : 1;
+	netRunFromSwap : 1;
+	system : 1;
+	dll : 1;
+	upSystemOnly : 1;
+	bytesReversedHi : 1;
+};
+
+struct OptionalHeader {
+	u16 magic;
+	u8 majorLinkerVersion;
+	u8 minorLinkerVersion;
+	u32 sizeOfCode;
+	u32 sizeOfInitializedData;
+	u32 sizeOfUninitializedData;
+	u32 addressOfEntryPoint;
+	u32 baseOfCode;
+	u32 baseOfData;
+	u32 imageBase;
+	u32 sectionAlignment;
+	u32 fileAlignment;
+	u16 majorOperatingSystemVersion;
+	u16 minorOperatingSystemVersion;
+	u16 majorImageVersion;
+	u16 minorImageVersion;
+	u16 majorSubsystemVersion;
+	u16 minorSubSystemVersion;
+	u32 win32VersionValue;
+	u32 sizeOfImage;
+	u32 sizeOfHeaders;
+	u32 checksum;
+	u16 subsystem;
+	u16 dllCharacteristics;
+	u32 sizeOfStackReserve;
+	u32 sizeOfStackCommit;
+	u32 sizeOfHeapReserve;
+	u32 sizeOfHeapCommit;
+	u32 loaderFlags;
+	u32 numberOfRvaAndSizes;
+};
+
+struct COFFHeader {
+	u32 signature;
+	MachineType machine;
+	u16 numberOfSections;
+	u32 timeDateStamp;
+	u32 pointerToSymbolTable;
+	u32 numberOfSymbolTable;
+	u16 sizeOfOptionalHeader;
+	Characteristics characteristics;
+	OptionalHeader optionalHeader;
+};
+
+struct DOSHeader {
+	u16 signature;
+	u8 header[0x3A];
+	COFFHeader *coffHeaderPointer : u32;
+};
+
+struct DOSStub {
+	u8 code[14];
+	s8 message[0x27];
+	u8 data[11];
+};
+
+struct PEHeader {
+	DOSHeader dosHeader;
+	DOSStub dosStub;
+};
+
+PEHeader peHeader @ 0x00;