imports/ImHex-Patterns
1
0
Fork 0
mirror of https://github.com/WerWolv/ImHex-Patterns.git synced 2026-03-27 23:37:04 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
65f2b7821bc84398671dc3f34d36b093b15c21ae
ImHex-Patterns/patterns/pe.hexpat
Oded Shapira 65f2b7821b patterns: Fix typo in pe.hexpat (#39) 
Fixed a typo where it said numberOfRelactions to numberOfRelocations.
2022-08-04 23:49:26 +02:00

178 lines
3.4 KiB
Rust
Raw Blame History

#pragma MIME application/x-dosexec
enum MachineType : u16 {
Unknown = 0x00,
AM33 = 0x1D3,
AMD64 = 0x8664,
ARM = 0x1C0,
ARM64 = 0xAA64,
ARMNT = 0x1C4,
EBC = 0xEBC,
I386 = 0x14C,
IA64 = 0x200,
M32R = 0x9041,
MIPS16 = 0x266,
MIPSFPU = 0x366,
MIPSFPU16 = 0x466,
POWERPC = 0x1F0,
POWERPCFP = 0x1F1,
R4000 = 0x166,
RISCV32 = 0x5032,
RISCV64 = 0x5064,
RISCV128 = 0x5128,
SH3 = 0x1A2,
SH3DSP = 0x1A3,
SH4 = 0x1A6,
SH5 = 0x1A8,
THUMB = 0x1C2,
WCEMIPSV2 = 0x169
};
bitfield Characteristics {
stripped : 1;
executableImage : 1;
lineNumsStripped : 1;
localSymsStripped : 1;
aggressiveWsTrim : 1;
largeAddressAware : 1;
reserved : 1;
bytesReversedLo : 1;
is32BitMachine : 1;
debugStripped : 1;
removableRunFromSwap : 1;
netRunFromSwap : 1;
system : 1;
dll : 1;
upSystemOnly : 1;
bytesReversedHi : 1;
};
struct DataDirectory {
u32 virtualAddress;
u32 size;
};
struct OptionalHeader32 {
u16 magic;
u8 majorLinkerVersion;
u8 minorLinkerVersion;
u32 sizeOfCode;
u32 sizeOfInitializedData;
u32 sizeOfUninitializedData;
u32 addressOfEntryPoint;
u32 baseOfCode;
u32 baseOfData;
u32 imageBase;
u32 sectionAlignment;
u32 fileAlignment;
u16 majorOperatingSystemVersion;
u16 minorOperatingSystemVersion;
u16 majorImageVersion;
u16 minorImageVersion;
u16 majorSubsystemVersion;
u16 minorSubSystemVersion;
u32 win32VersionValue;
u32 sizeOfImage;
u32 sizeOfHeaders;
u32 checksum;
u16 subsystem;
u16 dllCharacteristics;
u32 sizeOfStackReserve;
u32 sizeOfStackCommit;
u32 sizeOfHeapReserve;
u32 sizeOfHeapCommit;
u32 loaderFlags;
u32 numberOfRvaAndSizes;
DataDirectory directories[numberOfRvaAndSizes];
};
struct OptionalHeader64 {
u16 magic;
u8 majorLinkerVersion;
u8 minorLinkerVersion;
u32 sizeOfCode;
u32 sizeOfInitializedData;
u32 sizeOfUninitializedData;
u32 addressOfEntryPoint;
u32 baseOfCode;
u64 imageBase;
u32 sectionAlignment;
u32 fileAlignment;
u16 majorOperatingSystemVersion;
u16 minorOperatingSystemVersion;
u16 majorImageVersion;
u16 minorImageVersion;
u16 majorSubsystemVersion;
u16 minorSubSystemVersion;
u32 win32VersionValue;
u32 sizeOfImage;
u32 sizeOfHeaders;
u32 checksum;
u16 subsystem;
u16 dllCharacteristics;
u64 sizeOfStackReserve;
u64 sizeOfStackCommit;
u64 sizeOfHeapReserve;
u64 sizeOfHeapCommit;
u32 loaderFlags;
u32 numberOfRvaAndSizes;
DataDirectory directories[numberOfRvaAndSizes];
};
struct COFFHeader {
u32 signature;
MachineType machine;
u16 numberOfSections;
u32 timeDateStamp;
u32 pointerToSymbolTable;
u32 numberOfSymbolTable;
u16 sizeOfOptionalHeader;
Characteristics characteristics;
if (machine == MachineType::AMD64) {
OptionalHeader64 optionalHeader;
} else {
OptionalHeader32 optionalHeader;
}
};
struct DOSHeader {
u16 signature;
u8 header[0x3A];
COFFHeader *coffHeaderPointer : u32;
};
struct DOSStub {
u8 code[14];
s8 message[0x27];
u8 data[11];
};
union SectionMisc {
u32 physicalAddress;
u32 virtualSize;
};
struct Section {
char name[8];
SectionMisc misc;
u32 virtualAddress;
u32 sizeOfRawData;
u32 ptrRawData;
u32 ptrRelocations;
u32 ptrLineNumbers;
u16 numberOfRelocations;
u16 numberOfLineNumbers;
u32 characteristics;
};
struct PEHeader {
DOSHeader dosHeader;
DOSStub dosStub;
};
PEHeader peHeader @ 0x00;
Section sectionsTable[peHeader.dosHeader.coffHeaderPointer.numberOfSections]
@ addressof(peHeader.dosHeader.coffHeaderPointer) + sizeof(peHeader.dosHeader.coffHeaderPointer);
Reference in New Issue View Git Blame Copy Permalink