Advertisement
Guest User

PE Mapper structures

a guest
Mar 27th, 2017
60
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 7.04 KB | None | 0 0
  1. class Definitions
  2.     {
  3.        
  4.         //Credits for headers: https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
  5.  
  6.  
  7.         //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8.         // _IMAGE_DOS_HEADER
  9.         //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10.         [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
  11.         public struct _IMAGE_DOS_HEADER
  12.         {
  13.             public UInt16 e_magic;                     // Magic number
  14.             public UInt16 e_cblp;                      // Bytes on last page of file
  15.             public UInt16 e_cp;                        // Pages in file
  16.             public UInt16 e_crlc;                      // Relocations
  17.             public UInt16 e_cparhdr;                   // Size of header in paragraphs
  18.             public UInt16 e_minalloc;                  // Minimum extra paragraphs needed
  19.             public UInt16 e_maxalloc;                  // Maximum extra paragraphs needed
  20.             public UInt16 e_ss;                        // Initial (relative) SS value
  21.             public UInt16 e_sp;                        // Initial SP value
  22.             public UInt16 e_csum;                      // Checksum
  23.             public UInt16 e_ip;                        // Initial IP value
  24.             public UInt16 e_cs;                        // Initial (relative) CS value
  25.             public UInt16 e_lfarlc;                    // File address of relocation table
  26.             public UInt16 e_ovno;                      // Overlay number
  27.             public UInt16 e_res_0;                     // Reserved words
  28.             public UInt16 e_res_1;
  29.             public UInt16 e_res_2;
  30.             public UInt16 e_res_3;
  31.             public UInt16 e_oemid;                     // OEM identifier (for e_oeminfo)
  32.             public UInt16 e_oeminfo;                   // OEM information; e_oemid specific
  33.             public UInt16 e_res2_0;                    // Reserved words
  34.             public UInt16 e_res2_1;
  35.             public UInt16 e_res2_2;
  36.             public UInt16 e_res2_3;
  37.             public UInt16 e_res2_4;
  38.             public UInt16 e_res2_5;
  39.             public UInt16 e_res2_6;
  40.             public UInt16 e_res2_7;
  41.             public UInt16 e_res2_8;
  42.             public UInt16 e_res2_9;
  43.             public UInt32 e_lfanew;                    // File address of new exe header
  44.         };
  45.  
  46.  
  47.  
  48.         //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  49.         // _IMAGE_FILE_HEADER
  50.         //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  51.         [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
  52.         public struct _IMAGE_FILE_HEADER
  53.         {
  54.             public UInt16 Machine;
  55.             public UInt16 NumberOfSections;
  56.             public UInt32 TimeDateStamp;
  57.             public UInt32 PointerToSymbolTable;
  58.             public UInt32 NumberOfSymbols;
  59.             public UInt16 SizeOfOptionalHeader;
  60.             public UInt16 Characteristics;
  61.         };
  62.         #region _IMAGE_FILE_HEADER Data Options
  63.         public enum Machine
  64.         {
  65.             //Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx
  66.             IMAGE_FILE_MACHINE_I386 = (UInt16)0x014c,
  67.             IMAGE_FILE_MACHINE_IA64 = (UInt16)0x0200,
  68.             IMAGE_FILE_MACHINE_AMD64 = (UInt16)0x8664
  69.         };
  70.  
  71.         public enum Characteristics
  72.         {
  73.             //Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx
  74.             IMAGE_FILE_RELOCS_STRIPPED = (UInt16)0x0001,
  75.             IMAGE_FILE_EXECUTABLE_IMAGE = (UInt16)0x0002,
  76.             IMAGE_FILE_LINE_NUMS_STRIPPED = (UInt16)0x0004,
  77.             IMAGE_FILE_LOCAL_SYMS_STRIPPED = (UInt16)0x0008,
  78.             IMAGE_FILE_AGGRESIVE_WS_TRIM = (UInt16)0x0010,
  79.             IMAGE_FILE_LARGE_ADDRESS_AWARE = (UInt16)0x0020,
  80.             IMAGE_FILE_BYTES_REVERSED_LO = (UInt16)0x0080,
  81.             IMAGE_FILE_32BIT_MACHINE = (UInt16)0x0100,
  82.             IMAGE_FILE_DEBUG_STRIPPED = (UInt16)0x0200,
  83.             IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = (UInt16)0x0400,
  84.             IMAGE_FILE_NET_RUN_FROM_SWAP = (UInt16)0x0800,
  85.             IMAGE_FILE_SYSTEM = (UInt16)0x1000,
  86.             IMAGE_FILE_DLL = (UInt16)0x2000,
  87.             IMAGE_FILE_UP_SYSTEM_ONLY = (UInt16)0x4000,
  88.             IMAGE_FILE_BYTES_REVERSED_HI = (UInt16)0x8000
  89.         };
  90.  
  91.         #endregion
  92.  
  93.  
  94.  
  95.         //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  96.         // _IMAGE_FILE_HEADER
  97.         //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  98.  
  99.         [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
  100.         public struct _IMAGE_OPTIONAL_HEADER
  101.         {
  102.             public UInt16 Magic;
  103.             public Byte MajorLinkerVersion;
  104.             public Byte MinorLinkerVersion;
  105.             public UInt32 SizeOfCode;
  106.             public UInt32 SizeOfInitializedData;
  107.             public UInt32 SizeOfUninitializedData;
  108.             public UInt32 AddressOfEntryPoint;
  109.             public UInt32 BaseOfCode;
  110.             public UInt32 BaseOfData;
  111.             public UInt32 ImageBase;
  112.             public UInt32 SectionAlignment;
  113.             public UInt32 FileAlignment;
  114.             public UInt16 MajorOperatingSystemVersion;
  115.             public UInt16 MinorOperatingSystemVersion;
  116.             public UInt16 MajorImageVersion;
  117.             public UInt16 MinorImageVersion;
  118.             public UInt16 MajorSubsystemVersion;
  119.             public UInt16 MinorSubsystemVersion;
  120.             public UInt32 Win32VersionValue;
  121.             public UInt32 SizeOfImage;
  122.             public UInt32 SizeOfHeaders;
  123.             public UInt32 CheckSum;
  124.             public UInt16 Subsystem;
  125.             public UInt16 DllCharacteristics;
  126.             public UInt32 SizeOfStackReserve;
  127.             public UInt32 SizeOfStackCommit;
  128.             public UInt32 SizeOfHeapReserve;
  129.             public UInt32 SizeOfHeapCommit;
  130.             public UInt32 LoaderFlags;
  131.             public UInt32 NumberOfRvaAndSizes;
  132.             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
  133.             IMAGE_DATA_DIRECTORY[] DataDirectory;
  134.         };
  135.         #region _IMAGE_OPTIONAL_HEADER Data options
  136.         public enum DataDirectory
  137.         {
  138.             //Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680305(v=vs.85).aspx
  139.             Export_table,
  140.             Import_table,
  141.             Resource_table,
  142.             Exception_table,
  143.             Certificate_table,
  144.             Base_relocation_table,
  145.             Debugging_information,
  146.             Architecture,
  147.             Global_pointer,
  148.             Thread_local_storage,
  149.             Load_configuration,
  150.             Bound_import,
  151.             Import_address_table,
  152.             Delay_import_descriptor,
  153.             CLR_header,
  154.             Reserved
  155.         };
  156.  
  157.         [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
  158.         public struct IMAGE_DATA_DIRECTORY
  159.         {
  160.             public UInt32 VirtualAddress;
  161.             public UInt32 Size;
  162.         };
  163.         #endregion
  164.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement