forked from opsxcq/disassembler-borg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
exeload.h
199 lines (176 loc) · 4.59 KB
/
exeload.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
// exeload.h
//
#ifndef exeload_h
#define exeload_h
#include "common.h"
#define PE_EXE 1
#define MZ_EXE 2
#define OS2_EXE 3
#define COM_EXE 5
#define NE_EXE 6
#define SYS_EXE 7
#define LE_EXE 8
#define BIN_EXE 9
#pragma pack(push,pack_save,1)
struct mzheader
{ word sig;
word numbytes,numpages;
word numrelocs,headersize;
word minpara,maxpara;
word initialss,initialsp;
word csum;
dword csip;
word relocoffs;
word ovlnum;
};
struct neheader
{ word sig;
word linkerver;
word entryoffs,entrylen;
dword filecrc;
word contentflags;
word dsnum;
word heapsize,stacksize;
dword csip,sssp;
word numsegs,nummodules;
word nonresnamesize;
word offs_segments,offs_resources,offs_resnames,offs_module,offs_imports;
dword nonresnametable;
word movableentries;
word shiftcount;
word numresources;
byte targetos,os_info;
word fastloadoffs,fastloadlen;
word mincodeswapareasize,winver;
};
struct nesegtable
{ word sectoroffs;
word seglength;
word segflags;
word minalloc;
};
struct nesegtablereloc
{ byte reloctype,relocsort;
word segm_offs;
word index,indexoffs;
};
struct peheader
{ dword sigbytes; //+0
word cputype,objects;
dword timedatestamp;
unsigned long reserveda[2];
unsigned short int nt_hdr_size,flags;
// optional header
unsigned short int reserved; // +24
unsigned char lmajor,lminor;
unsigned long reserved1[3];
unsigned long entrypoint_rva; // +40
unsigned long reserved2[2];
unsigned long image_base; // +52
unsigned long objectalign;
unsigned long filealign;
unsigned short int osmajor,osminor;
unsigned short int usermajor,userminor;
unsigned short int subsysmajor,subsysminor;
unsigned long reserved3;
unsigned long imagesize; // +80
unsigned long headersize;
unsigned long filechecksum;
unsigned short int subsystem,dllflags;
unsigned long stackreserve,stackcommit; // +96
unsigned long heapreserve,heapcommit;
unsigned long reserved4;
unsigned long numintitems; // +116
unsigned long exporttable_rva,export_datasize; // +120
unsigned long importtable_rva,import_datasize; // +128
unsigned long resourcetable_rva,resource_datasize;
unsigned long exceptiontable_rva,exception_datasize;
unsigned long securitytable_rva,security_datasize;
unsigned long fixuptable_rva,fixup_datasize;
unsigned long debugtable_rva,debug_directory;
unsigned long imagedesc_rva,imagedesc_datasize;
unsigned long machspecific_rva,machspecific_datasize;
unsigned long tls_rva,tls_datasize;
};
struct peobjdata
{ char name[8];
unsigned long virt_size,rva;
unsigned long phys_size,phys_offset;
unsigned long reserved[3],obj_flags;
};
struct peimportdirentry
{ dword originalthunkrva;
dword timedatestamp;
dword forwarder;
dword namerva;
dword firstthunkrva;
};
struct peexportdirentry
{ dword characteristics;
dword timedatestamp;
word majver,minver;
dword namerva;
dword base;
dword numfunctions;
dword numnames;
dword funcaddrrva,nameaddrrva,ordsaddrrva;
};
struct perestable
{ dword flags;
dword timedatestamp;
word majver,minver;
word numnames,numids;
};
struct peleafnode
{ dword datarva;
dword size;
dword codepage;
dword reserved;
};
struct perestableentry
{ dword id;
dword offset;
};
struct perelocheader
{ dword rva;
dword len;
};
BOOL CALLBACK savemessbox(HWND hdwnd,UINT message,WPARAM wParam,LPARAM lParam);
//loads file and sets up objects using data.cpp
class fileloader
{ public:
int exetype;
HANDLE efile;
byte *fbuff;
private:
byte *rawdata;
// added build 14 bugfix
dword pdatarva;
// moved here 2.28 so we can access it later
// for changing oep, etc
peheader *peh;
public:
fileloader(void);
~fileloader(void);
int getexetype(void);
void setexetype(int etype);
dword fileoffset(lptr loc);
void patchfile(dword file_offs,dword num,byte *dat);
void patchoep(void);
void reloadfile(dword file_offs,dword num,byte *dat);
void readcomfile(dword fsize);
void readsysfile(dword fsize);
void readpefile(dword offs);
void readmzfile(dword fsize);
void readlefile(void);
void readnefile(dword offs);
void reados2file(void);
void readbinfile(dword fsize);
private:
void subdirsummary(byte *data,char *impname,dword image_base,dword rtype);
void leaf2summary(byte *data,char *name,dword image_base,dword rtype);
void leafnodesummary(byte *data,char *resname,dword image_base,dword rtype);
};
#pragma pack(pop,pack_save)
extern class fileloader floader;
#endif