ref: ce1852b585349f8244fb132b199004f22d2a99fb
dir: /src/pefile.h/
/* This file is part of REWise. * * REWise is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * REWise is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <https://www.gnu.org/licenses/>. */ #ifndef H_REWISE_PEFILE #define H_REWISE_PEFILE #include <stdint.h> // https://github.com/lumbytyci/PExplorer/blob/master/src/pefile.h // https://chuongdong.com/reverse%20engineering/2020/08/15/PE-Parser/ // https://learn.microsoft.com/en-us/windows/win32/debug/pe-format // https://wiki.osdev.org/MZ // https://wiki.osdev.org/PE typedef struct { uint16_t signature; // Should be 'MZ' uint16_t extra; uint16_t pages; uint16_t relocationItems; uint16_t headerSize; uint16_t minimumAllocation; uint16_t maximumAllocation; uint16_t initialSs; uint16_t initialSp; uint16_t checksum; uint16_t initialIp; uint16_t initialCs; uint16_t relocationTable; uint16_t overlay; uint16_t overlayInformation; } MsDosHeader; typedef struct { uint32_t signature; uint16_t machine; uint16_t numberOfSections; uint32_t timeDateStamp; uint32_t pointerToSymbolTable; uint32_t numberOfSymbols; uint16_t optionalHeaderSize; uint16_t characteristics; } PeFileHeader; typedef struct { char name[8]; uint32_t virtualSize; uint32_t virtualAddress; uint32_t rawDataSize; uint32_t rawDataLocation; uint32_t relocationsLocation; uint32_t lineNumbersLocation; uint16_t numberOfRelocations; uint16_t numberOfLineNumbers; uint32_t characteristics; } PeImageSectionHeader; long pefileGetOverlayOffset(const char * filePath); #endif