--- mstools/h/ntimage.h 2018/08/09 18:21:10 1.1 +++ mstools/h/ntimage.h 2018/08/09 18:23:06 1.1.1.2 @@ -1,6 +1,6 @@ /*++ BUILD Version: 0004 // Increment this if a change has global effects -Copyright (c) 1989 Microsoft Corporation +Copyright (c) 1989-1993 Microsoft Corporation Module Name: @@ -125,6 +125,7 @@ typedef struct _IMAGE_FILE_HEADER { #define IMAGE_FILE_16BIT_MACHINE 0x0040 // 16 bit word machine. #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed. #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine. +#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file #define IMAGE_FILE_PATCH 0x0400 // Reserved. #define IMAGE_FILE_SYSTEM 0x1000 // System File. #define IMAGE_FILE_DLL 0x2000 // File is a DLL. @@ -135,6 +136,7 @@ typedef struct _IMAGE_FILE_HEADER { #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386. #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0540 big-endian #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian +#define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP // // Directory format. @@ -189,7 +191,7 @@ typedef struct _IMAGE_OPTIONAL_HEADER { ULONG SizeOfStackCommit; ULONG SizeOfHeapReserve; ULONG SizeOfHeapCommit; - ULONG AddressOfTlsIndex; + ULONG LoaderFlags; ULONG NumberOfRvaAndSizes; IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; } IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER; @@ -226,6 +228,14 @@ typedef struct _IMAGE_NT_HEADERS { #define IMAGE_LIBRARY_THREAD_INIT 4 // Dll has a thread initialization routine. #define IMAGE_LIBRARY_THREAD_TERM 8 // Dll has a thread termination routine. +// +// Loader Flags +// + +#define IMAGE_LOADER_FLAGS_BREAK_ON_LOAD 0x00000001 +#define IMAGE_LOADER_FLAGS_DEBUG_ON_LOAD 0x00000002 + + // Directory Entries #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory @@ -237,8 +247,8 @@ typedef struct _IMAGE_NT_HEADERS { #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP) -#define IMAGE_DIRECTORY_ENTRY_THREAD_SPACE 9 // Thread Local Storage -#define IMAGE_DIRECTORY_ENTRY_CALLBACKS 10 // Other interesting entrypoints +#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory +#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory // // Section header format. @@ -266,18 +276,29 @@ typedef struct _IMAGE_SECTION_HEADER { #define IMAGE_SCN_TYPE_REGULAR 0x00000000 // #define IMAGE_SCN_TYPE_DUMMY 0x00000001 // Reserved. -#define IMAGE_SCN_TYPE_NO_LOAD 0x00000002 // +#define IMAGE_SCN_TYPE_NO_LOAD 0x00000002 // Reserved. #define IMAGE_SCN_TYPE_GROUPED 0x00000004 // Used for 16-bit offset code. -#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Specifies if section should not be padded to next boundary. +#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved. #define IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved. + #define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code. #define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data. #define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data. + #define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved. #define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information. #define IMAGE_SCN_LNK_OVERLAY 0x00000400 // Section contains an overlay. #define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image. #define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat. + +#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 // +#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 // +#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 // +#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 // +#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified. +#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 // +#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 // + #define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded. #define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable. #define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable. @@ -418,7 +439,7 @@ typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_S #endif #ifndef INCREF -#define INCREF(x) ((((x)&~N_BTMASK)<>N_TSHIFT)&~N_BTMASK)|((x)&N_BTMASK)) @@ -548,6 +569,28 @@ typedef IMAGE_RELOCATION UNALIGNED *PIMA #define IMAGE_REL_MIPS_PAIR 045 // +// Alpha Relocation types. +// + +#define IMAGE_REL_ALPHA_ABSOLUTE 0x0 +#define IMAGE_REL_ALPHA_REFLONG 0x1 +#define IMAGE_REL_ALPHA_REFQUAD 0x2 +#define IMAGE_REL_ALPHA_GPREL32 0x3 +#define IMAGE_REL_ALPHA_LITERAL 0x4 +#define IMAGE_REL_ALPHA_LITUSE 0x5 +#define IMAGE_REL_ALPHA_GPDISP 0x6 +#define IMAGE_REL_ALPHA_BRADDR 0x7 +#define IMAGE_REL_ALPHA_HINT 0x8 +#define IMAGE_REL_ALPHA_INLINE_REFLONG 0x9 +#define IMAGE_REL_ALPHA_REFHI 0xA +#define IMAGE_REL_ALPHA_REFLO 0xB +#define IMAGE_REL_ALPHA_PAIR 0xC +#define IMAGE_REL_ALPHA_MATCH 0xD +#define IMAGE_REL_ALPHA_SECTION 0xE +#define IMAGE_REL_ALPHA_SECREL 0xF +#define IMAGE_REL_ALPHA_REFLONGNB 0x10 + +// // Based relocation format. // @@ -656,13 +699,33 @@ typedef struct _IMAGE_THUNK_DATA { typedef struct _IMAGE_IMPORT_DESCRIPTOR { ULONG Characteristics; ULONG TimeDateStamp; - USHORT MajorVersion; - USHORT MinorVersion; + ULONG ForwarderChain; ULONG Name; PIMAGE_THUNK_DATA FirstThunk; } IMAGE_IMPORT_DESCRIPTOR, *PIMAGE_IMPORT_DESCRIPTOR; // +// Thread Local Storage +// + +typedef VOID +(NTAPI *PIMAGE_TLS_CALLBACK) ( + PVOID DllHandle, + ULONG Reason, + PVOID Reserved + ); + +typedef struct _IMAGE_TLS_DIRECTORY { + ULONG StartAddressOfRawData; + ULONG EndAddressOfRawData; + PULONG AddressOfIndex; + PIMAGE_TLS_CALLBACK *AddressOfCallBacks; + ULONG SizeOfZeroFill; + ULONG Characteristics; +} IMAGE_TLS_DIRECTORY, *PIMAGE_TLS_DIRECTORY; + + +// // Resource Format. // @@ -751,6 +814,39 @@ typedef struct _IMAGE_RESOURCE_DATA_ENTR } IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY; // +// Load Configuration Directory Entry +// + +typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY { + ULONG Characteristics; + ULONG TimeDateStamp; + USHORT MajorVersion; + USHORT MinorVersion; + ULONG GlobalFlagsClear; + ULONG GlobalFlagsSet; + ULONG CriticalSectionDefaultTimeout; + ULONG DeCommitFreeBlockThreshold; + ULONG DeCommitTotalFreeThreshold; + ULONG Reserved[ 8 ]; +} IMAGE_LOAD_CONFIG_DIRECTORY, *PIMAGE_LOAD_CONFIG_DIRECTORY; + + +// +// Function table entry format for MIPS/ALPHA images. Function table is +// pointed to by the IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry. +// This definition duplicates ones in ntmips.h and ntalpha.h for use +// by portable image file mungers. +// + +typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY { + ULONG BeginAddress; + ULONG EndAddress; + PVOID ExceptionHandler; + PVOID HandlerData; + ULONG PrologEndAddress; +} IMAGE_RUNTIME_FUNCTION_ENTRY, *PIMAGE_RUNTIME_FUNCTION_ENTRY; + +// // Debug Format // @@ -765,11 +861,17 @@ typedef struct _IMAGE_DEBUG_DIRECTORY { ULONG PointerToRawData; } IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY; -#define IMAGE_DEBUG_TYPE_UNKNOWN 0 -#define IMAGE_DEBUG_TYPE_COFF 1 -#define IMAGE_DEBUG_TYPE_CODEVIEW 2 +#define IMAGE_DEBUG_TYPE_UNKNOWN 0 +#define IMAGE_DEBUG_TYPE_COFF 1 +#define IMAGE_DEBUG_TYPE_CODEVIEW 2 +#define IMAGE_DEBUG_TYPE_FPO 3 +#define IMAGE_DEBUG_TYPE_MISC 4 +#define IMAGE_DEBUG_TYPE_EXCEPTION 5 +#define IMAGE_DEBUG_TYPE_FIXUP 6 +#define IMAGE_DEBUG_TYPE_RESERVED6 7 +#define IMAGE_DEBUG_TYPE_RESERVED7 8 -typedef struct _IMAGE_DEBUG_INFO { +typedef struct _IMAGE_COFF_SYMBOLS_HEADER { ULONG NumberOfSymbols; ULONG LvaToFirstSymbol; ULONG NumberOfLinenumbers; @@ -778,7 +880,75 @@ typedef struct _IMAGE_DEBUG_INFO { ULONG RvaToLastByteOfCode; ULONG RvaToFirstByteOfData; ULONG RvaToLastByteOfData; -} IMAGE_DEBUG_INFO, *PIMAGE_DEBUG_INFO; +} IMAGE_COFF_SYMBOLS_HEADER, *PIMAGE_COFF_SYMBOLS_HEADER; + +#define FRAME_FPO 0 +#define FRAME_TRAP 1 +#define FRAME_TSS 2 + +typedef struct _FPO_DATA { + ULONG ulOffStart; // offset 1st byte of function code + ULONG cbProcSize; // # bytes in function + ULONG cdwLocals; // # bytes in locals/4 + USHORT cdwParams; // # bytes in params/4 + USHORT cbProlog : 8; // # bytes in prolog + USHORT cbRegs : 3; // # regs saved + USHORT fHasSEH : 1; // TRUE if SEH in func + USHORT fUseBP : 1; // TRUE if EBP has been allocated + USHORT reserved : 1; // reserved for future use + USHORT cbFrame : 2; // frame type +} FPO_DATA, *PFPO_DATA; +#define SIZEOF_RFPO_DATA 16 + + +#define IMAGE_DEBUG_MISC_EXENAME 1 + +typedef struct _IMAGE_DEBUG_MISC { + ULONG DataType; // type of misc data, see defines + ULONG Length; // total length of record, rounded to four + // byte multiple. + BOOLEAN Unicode; // TRUE if data is unicode string + UCHAR Reserved[ 3 ]; + UCHAR Data[ 1 ]; // Actual data +} IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC; + + +// +// Debugging information can be stripped from an image file and placed +// in a separate .DBG file, whose file name part is the same as the +// image file name part (e.g. symbols for CMD.EXE could be stripped +// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED +// flag in the Characteristics field of the file header. The beginning of +// the .DBG file contains the following structure which captures certain +// information from the image file. This allows a debug to proceed even if +// the original image file is not accessable. This header is followed by +// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more +// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in +// the image file contain file offsets relative to the beginning of the +// .DBG file. +// +// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure +// is left in the image file, but not mapped. This allows a debugger to +// compute the name of the .DBG file, from the name of the image in the +// IMAGE_DEBUG_MISC structure. +// + +typedef struct _IMAGE_SEPARATE_DEBUG_HEADER { + USHORT Signature; + USHORT Flags; + USHORT Machine; + USHORT Characteristics; + ULONG TimeDateStamp; + ULONG CheckSum; + ULONG ImageBase; + ULONG SizeOfImage; + ULONG NumberOfSections; + ULONG ExportedNamesSize; + ULONG DebugDirectorySize; + ULONG Reserved[ 3 ]; +} IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER; + +#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944 #ifndef RC_INVOKED #pragma pack () @@ -791,3 +961,4 @@ typedef struct _IMAGE_DEBUG_INFO { // end_winnt #endif // _NTIMAGE_ +