; ; Image Format - Adopted from winnt.h ; TASM assembly conversion by NetWalker IMAGE_NT_SIGNATURE EQU 000004550h ; PE IMAGE_SIZEOF_SHORT_NAME EQU 8 IMAGE_SIZEOF_SECTION_HEADER EQU 40 ; ; Directory format. ; ; ; Directory Entries (RVA,SIZE) ; IMAGE_DIRECTORY_ENTRY_EXPORT EQU 0 ; Export Directory IMAGE_DIRECTORY_ENTRY_IMPORT EQU 8 ; Import Directory IMAGE_DIRECTORY_ENTRY_RESOURCE EQU 10h ; Resource Directory IMAGE_DIRECTORY_ENTRY_EXCEPTION EQU 18h ; Exception Directory IMAGE_DIRECTORY_ENTRY_SECURITY EQU 20h ; Security Directory IMAGE_DIRECTORY_ENTRY_BASERELOC EQU 28h ; Base Relocation Table IMAGE_DIRECTORY_ENTRY_DEBUG EQU 30h ; Debug Directory IMAGE_DIRECTORY_ENTRY_COPYRIGHT EQU 38h ; Description String IMAGE_DIRECTORY_ENTRY_GLOBALPTR EQU 40h ; Machine Value (MIPS GP) IMAGE_DIRECTORY_ENTRY_TLS EQU 48h ; TLS Directory IMAGE_DIRECTORY_ENTRY_LOAD_CONFI EQU 50h ; Load Configuration Directory IMAGE_DIRECTORY_ENTRY_BOUND_IMPO EQU 58h ; Bound Import Directory in headers IMAGE_DIRECTORY_ENTRY_IAT EQU 60h ; Import Address Table ;***************************************************** ;**** Image NT Header **** ;***************************************************** PEheader: ;-----------------PE Signature Signature DD ? ; ;-----------------PE File Header Machine DW ? ; 4 NumberOfSections DW ? ; 6 TimeDateStamp DD ? ; 8 PointerToSymbolTable DD ? ; 12 NumberOfSymbols DD ? ; 16 SizeOfOptionalHeader DW ? ; 20 Characteristics DW ? ; 22 ;-----------------Optional header - Standard fields. Magic DW ? ; 24 MajorLinkerVersion DB ? ; 26 MinorLinkerVersion DB ? ; 27 SizeOfCode DD ? ; 28 SizeOfInitializedData DD ? ; 32 SizeOfUninitializedData DD ? ; 36 AddressOfEntryPoint DD ? ; 40 BaseOfCode DD ? ; 44 BaseOfData DD ? ; 48 ;-----------------Optional header - NT additional fields. ImageBase DD ? ; 52 SectionAlignment DD ? ; 56 FileAlignment DD ? ; 60 MajorOperatingSystemVersion DW ? ; 64 MinorOperatingSystemVersion DW ? ; 66 MajorImageVersion DW ? ; 68 MinorImageVersion DW ? ; 70 MajorSubsystemVersion DW ? ; 72 MinorSubsystemVersion DW ? ; 74 Win32VersionValue DD ? ; 76 SizeOfImage DD ? ; 80 SizeOfHeaders DD ? ; 84 CheckSum DD ? ; 88 Subsystem DW ? ; 92 DllCharacteristics DW ? ; 94 SizeOfStackReserve DD ? ; 96 SizeOfStackCommit DD ? ; 100 SizeOfHeapReserve DD ? ; 104 SizeOfHeapCommit DD ? ; 108 LoaderFlags DD ? ; 112 NumberOfRvaAndSizes DD ? ; 116 DataDirectories DD 16*4 dup (0); 120 obj&stuff db 4000h dup (0) ;***************************************************** ;**** Image Section Entry Format **** ;***************************************************** ;IMAGE_SECTION_HEADER STRUC ; SectionName DB 8 DUP (0) ; SVirtualSize DD ? ;08 ; SVirtualAddress DD ? ;0ch ; SizeOfRawData DD ? ;10h raw size ; PointerToRawData DD ? ;14h raw offset ; PointerToRelocations DD 0 ; PointerToLinenumbers DD 0 ; NumberOfRelocations DW 0 ; NumberOfLinenumbers DW 0 ; SFlags DD ? ;IMAGE_SECTION_HEADER ENDS ; ; Section characteristics. ; ; IMAGE_SCN_TYPE_REG 0x00000000 ; Reserved. ; IMAGE_SCN_TYPE_DSECT 0x00000001 ; Reserved. ; IMAGE_SCN_TYPE_NOLOAD 0x00000002 ; Reserved. ; IMAGE_SCN_TYPE_GROUP 0x00000004 ; Reserved. IMAGE_SCN_TYPE_NO_PAD EQU 000000008h ; Reserved. ; IMAGE_SCN_TYPE_COPY 0x00000010 ; Reserved. IMAGE_SCN_CNT_CODE EQU 000000020h ; Section contains code. IMAGE_SCN_CNT_INITIALIZED_DATA EQU 000000040h ; Section contains initialized data. IMAGE_SCN_CNT_UNINITIALIZED_DATA EQU 000000080h ; Section contains uninitialized data. IMAGE_SCN_LNK_OTHER EQU 000000100h ; Reserved. IMAGE_SCN_LNK_INFO EQU 000000200h ; Section contains comments or some other type of information. ; IMAGE_SCN_TYPE_OVER 0x00000400 ; Reserved. IMAGE_SCN_LNK_REMOVE EQU 000000800h ; Section contents will not become part of image. IMAGE_SCN_LNK_COMDAT EQU 000001000h ; Section contents comdat. ; 0x00002000 ; Reserved. ; IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000 IMAGE_SCN_MEM_FARDATA EQU 000008000h ; IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000 IMAGE_SCN_MEM_PURGEABLE EQU 000020000h IMAGE_SCN_MEM_16BIT EQU 000020000h IMAGE_SCN_MEM_LOCKED EQU 000040000h IMAGE_SCN_MEM_PRELOAD EQU 000080000h IMAGE_SCN_ALIGN_1BYTES EQU 000100000h IMAGE_SCN_ALIGN_2BYTES EQU 000200000h IMAGE_SCN_ALIGN_4BYTES EQU 000300000h IMAGE_SCN_ALIGN_8BYTES EQU 000400000h IMAGE_SCN_ALIGN_16BYTES EQU 000500000h ; Default alignment if no others are specified. IMAGE_SCN_ALIGN_32BYTES EQU 000600000h IMAGE_SCN_ALIGN_64BYTES EQU 000700000h ; Unused 0x00800000 IMAGE_SCN_LNK_NRELOC_OVFL EQU 001000000h ; Section contains extended relocations. IMAGE_SCN_MEM_DISCARDABLE EQU 002000000h ; Section can be discarded. IMAGE_SCN_MEM_NOT_CACHED EQU 004000000h ; Section is not cachable. IMAGE_SCN_MEM_NOT_PAGED EQU 008000000h ; Section is not pageable. IMAGE_SCN_MEM_SHARED EQU 010000000h ; Section is shareable. IMAGE_SCN_MEM_EXECUTE EQU 020000000h ; Section is executable. IMAGE_SCN_MEM_READ EQU 040000000h ; Section is readable. IMAGE_SCN_MEM_WRITE EQU 080000000h ; Section is writeable.