Jump to content
Nytro

PE Headers structures (Fasm)

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

by E0N

	struct IMAGE_DOS_HEADER
		   e_magic dw ?        ; Magic number
		   e_cblp dw ?	       ; Bytes on last page of file
		   e_cp dw ?	       ; Pages in file
		   e_crlc dw ?	       ; Relocations
		   e_cparhdr dw ?      ; Size of header in paragraphs
		   e_minalloc dw ?     ; Minimum extra paragraphs needed
		   e_maxalloc dw ?     ; Maximum extra paragraphs needed
		   e_ss dw ?	       ; Initial (relative) SS value
		   e_sp dw ?	       ; Initial SP value
		   e_csum dw ?	       ; Checksum
		   e_ip dw ?	       ; Initial IP value
		   e_cs dw ?	       ; Initial (relative) CS value
		   e_lfarlc dw ?       ; File address of relocation table
		   e_ovno dw ?	       ; Overlay number
		   e_res0 dw ?	       ; Reserved words
		   e_res1 dw ?
		   e_res2 dw ?
		   e_res3 dw ?
		   e_oemid dw ?        ; OEM identifier (for e_oeminfo)
		   e_oeminfo dw ?      ; OEM information; e_oemid specific
		   e_res20 dw ?        ; Reserved words
		   e_res21 dw ?
		   e_res22 dw ?
		   e_res23 dw ?
		   e_res24 dw ?
		   e_res25 dw ?
		   e_res26 dw ?
		   e_res27 dw ?
		   e_res28 dw ?
		   e_res29 dw ?
		   e_lfanew dd ?       ; File address of new exe header
	ends

	struct IMAGE_FILE_HEADER
		   Machine dw ?
		   NumberOfSections dw ?
		   TimeDateStamp dd ?
		   PointerToSymbolTable dd ?
		   NumberOfSymbols dd ?
		   SizeOfOptionalHeader dw ?
		   characteristics dw ?
	ends
	struct IMAGE_DATA_DIRECTORY
		   VirtualAddress dd ?
		   Size dd ?
	ends
	struct IMAGE_OPTIONAL_HEADER
		   ; Standard fields.
		   Magic dw ?
		   MajorLinkerVersion db ?
		   MinorLinkerVersion db ?
		   SizeOfCode dd ?
		   SizeOfInitializedData dd ?
		   SizeOfUnitializedData dd ?
		   AddressOfEntryPoint dd ?
		   BaseOfCode dd ?
		   BaseOfData dd ?
		   ; NT additional fields.
		   ImageBase dd ?
		   SectionAlignment dd ?
		   FileAlignment dd ?
		   MajorOperatingSystemVersion dw ?
		   MinorOperatingSystemVersion dw ?
		   MajorImageVersion dw ?
		   MinorImageVersion dw ?
		   MajorSubsystemVersion dw ?
		   MinorSubsystemVersion dw ?
		   W32VersionValue dd ?
		   SizeOfImage dd ?
		   SizeOfHeaders dd ?
		   CheckSum dd ?
		   SubSystem dw ?
		   DllCharacteristics dw ?
		   SizeOfStackReserve dd ?
		   SizeOfStackCommit dd ?
		   SizeOfHeapReserve dd ?
		   SizeOfHeapCommit dd ?
		   LoaderFlags dd ?
		   NumberOfRvaAndSizes dd ?
		   DataDirectory1  IMAGE_DATA_DIRECTORY ?
		   DataDirectory2  IMAGE_DATA_DIRECTORY ?
		   DataDirectory3  IMAGE_DATA_DIRECTORY ?
		   DataDirectory4  IMAGE_DATA_DIRECTORY ?
		   DataDirectory5  IMAGE_DATA_DIRECTORY ?
		   DataDirectory6  IMAGE_DATA_DIRECTORY ?
		   DataDirectory7  IMAGE_DATA_DIRECTORY ?
		   DataDirectory8  IMAGE_DATA_DIRECTORY ?
		   DataDirectory9  IMAGE_DATA_DIRECTORY ?
		   DataDirectory10 IMAGE_DATA_DIRECTORY ?
		   DataDirectory11 IMAGE_DATA_DIRECTORY ?
		   DataDirectory12 IMAGE_DATA_DIRECTORY ?
		   DataDirectory13 IMAGE_DATA_DIRECTORY ?
		   DataDirectory14 IMAGE_DATA_DIRECTORY ?
		   DataDirectory15 IMAGE_DATA_DIRECTORY ?
		   DataDirectory16 IMAGE_DATA_DIRECTORY ?
	ends
	struct IMAGE_NT_HEADERS
	       Signature dd ?
	       FileHeader IMAGE_FILE_HEADER ?
	       OptionalHeader IMAGE_OPTIONAL_HEADER ?
	ends

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...