1
0
mirror of https://github.com/mastercodeon314/KsDumper-11.git synced 2024-11-30 17:24:32 +01:00
KsDumper-11/DriverInterface/PE/NativePEStructs.cs
mastercodeon314 785233a68f v1.3 update.
Updated to KDU v1.3.4
Added new Provider Selector
Updated DarkControls
Many bug fixes
2023-10-06 18:53:56 -06:00

282 lines
9.6 KiB
C#

using System;
using System.Runtime.InteropServices;
namespace KsDumper11.PE
{
public static class NativePEStructs
{
public const uint IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10b;
public const uint IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20b;
public const uint IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16;
public const uint IMAGE_DIRECTORY_ENTRY_EXPORT = 0;
public const uint IMAGE_DIRECTORY_ENTRY_IMPORT = 1;
public const uint IMAGE_DIRECTORY_ENTRY_RESOURCE = 2;
public const uint IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3;
public const uint IMAGE_DIRECTORY_ENTRY_SECURITY = 4;
public const uint IMAGE_DIRECTORY_ENTRY_BASERELOC = 5;
public const uint IMAGE_DIRECTORY_ENTRY_DEBUG = 6;
public const uint IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7;
public const uint IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8;
public const uint IMAGE_DIRECTORY_ENTRY_TLS = 9;
public const uint IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10;
public const uint IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11;
public const uint IMAGE_DIRECTORY_ENTRY_IAT = 12;
public const uint IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13;
public const uint IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14;
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_DOS_HEADER
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 2)]
public char[] e_magic;
public ushort e_cblp;
public ushort e_cp;
public ushort e_crlc;
public ushort e_cparhdr;
public ushort e_minalloc;
public ushort e_maxalloc;
public ushort e_ss;
public ushort e_sp;
public ushort e_csum;
public ushort e_ip;
public ushort e_cs;
public ushort e_lfarlc;
public ushort e_ovno;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public ushort[] e_res1;
public ushort e_oemid;
public ushort e_oeminfo;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public ushort[] e_res2;
public int e_lfanew;
private string _e_magic
{
get { return new string(e_magic); }
}
public bool IsValid
{
get { return _e_magic == "MZ"; }
}
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_NT_HEADERS32
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public char[] Signature;
public IMAGE_FILE_HEADER FileHeader;
public IMAGE_OPTIONAL_HEADER32 OptionalHeader;
private string _Signature
{
get { return new string(Signature); }
}
public bool IsValid
{
get { return _Signature == "PE\0\0" && OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC; }
}
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_NT_HEADERS64
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public char[] Signature;
public IMAGE_FILE_HEADER FileHeader;
public IMAGE_OPTIONAL_HEADER64 OptionalHeader;
private string _Signature
{
get { return new string(Signature); }
}
public bool IsValid
{
get { return _Signature == "PE\0\0" && OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC; }
}
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_FILE_HEADER
{
internal ushort Machine;
internal ushort NumberOfSections;
internal uint TimeDateStamp;
internal uint PointerToSymbolTable;
internal uint NumberOfSymbols;
internal ushort SizeOfOptionalHeader;
internal ushort Characteristics;
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_OPTIONAL_HEADER32
{
internal ushort Magic;
internal byte MajorLinkerVersion;
internal byte MinorLinkerVersion;
internal uint SizeOfCode;
internal uint SizeOfInitializedData;
internal uint SizeOfUninitializedData;
internal uint AddressOfEntryPoint;
internal uint BaseOfCode;
internal uint BaseOfData;
internal uint ImageBase;
internal uint SectionAlignment;
internal uint FileAlignment;
internal ushort MajorOperatingSystemVersion;
internal ushort MinorOperatingSystemVersion;
internal ushort MajorImageVersion;
internal ushort MinorImageVersion;
internal ushort MajorSubsystemVersion;
internal ushort MinorSubsystemVersion;
internal uint Win32VersionValue;
internal uint SizeOfImage;
internal uint SizeOfHeaders;
internal uint CheckSum;
internal ushort Subsystem;
internal ushort DllCharacteristics;
internal uint SizeOfStackReserve;
internal uint SizeOfStackCommit;
internal uint SizeOfHeapReserve;
internal uint SizeOfHeapCommit;
internal uint LoaderFlags;
internal uint NumberOfRvaAndSizes;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
internal IMAGE_DATA_DIRECTORY[] DataDirectory;
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_OPTIONAL_HEADER64
{
internal ushort Magic;
internal byte MajorLinkerVersion;
internal byte MinorLinkerVersion;
internal uint SizeOfCode;
internal uint SizeOfInitializedData;
internal uint SizeOfUninitializedData;
internal uint AddressOfEntryPoint;
internal uint BaseOfCode;
internal ulong ImageBase;
internal uint SectionAlignment;
internal uint FileAlignment;
internal ushort MajorOperatingSystemVersion;
internal ushort MinorOperatingSystemVersion;
internal ushort MajorImageVersion;
internal ushort MinorImageVersion;
internal ushort MajorSubsystemVersion;
internal ushort MinorSubsystemVersion;
internal uint Win32VersionValue;
internal uint SizeOfImage;
internal uint SizeOfHeaders;
internal uint CheckSum;
internal ushort Subsystem;
internal ushort DllCharacteristics;
internal ulong SizeOfStackReserve;
internal ulong SizeOfStackCommit;
internal ulong SizeOfHeapReserve;
internal ulong SizeOfHeapCommit;
internal uint LoaderFlags;
internal uint NumberOfRvaAndSizes;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
internal IMAGE_DATA_DIRECTORY[] DataDirectory;
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_DATA_DIRECTORY
{
internal uint VirtualAddress;
internal uint Size;
}
[StructLayout(LayoutKind.Sequential)]
public struct IMAGE_SECTION_HEADER
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public char[] Name;
public uint VirtualSize;
public uint VirtualAddress;
public uint SizeOfRawData;
public uint PointerToRawData;
public uint PointerToRelocations;
public uint PointerToLinenumbers;
public ushort NumberOfRelocations;
public ushort NumberOfLinenumbers;
public DataSectionFlags Characteristics;
public string SectionName
{
get { return new string(Name); }
}
}
[Flags]
public enum DataSectionFlags : uint
{
TypeReg = 0x00000000,
TypeDsect = 0x00000001,
TypeNoLoad = 0x00000002,
TypeGroup = 0x00000004,
TypeNoPadded = 0x00000008,
TypeCopy = 0x00000010,
ContentCode = 0x00000020,
ContentInitializedData = 0x00000040,
ContentUninitializedData = 0x00000080,
LinkOther = 0x00000100,
LinkInfo = 0x00000200,
TypeOver = 0x00000400,
LinkRemove = 0x00000800,
LinkComDat = 0x00001000,
NoDeferSpecExceptions = 0x00004000,
RelativeGP = 0x00008000,
MemPurgeable = 0x00020000,
Memory16Bit = 0x00020000,
MemoryLocked = 0x00040000,
MemoryPreload = 0x00080000,
Align1Bytes = 0x00100000,
Align2Bytes = 0x00200000,
Align4Bytes = 0x00300000,
Align8Bytes = 0x00400000,
Align16Bytes = 0x00500000,
Align32Bytes = 0x00600000,
Align64Bytes = 0x00700000,
Align128Bytes = 0x00800000,
Align256Bytes = 0x00900000,
Align512Bytes = 0x00A00000,
Align1024Bytes = 0x00B00000,
Align2048Bytes = 0x00C00000,
Align4096Bytes = 0x00D00000,
Align8192Bytes = 0x00E00000,
LinkExtendedRelocationOverflow = 0x01000000,
MemoryDiscardable = 0x02000000,
MemoryNotCached = 0x04000000,
MemoryNotPaged = 0x08000000,
MemoryShared = 0x10000000,
MemoryExecute = 0x20000000,
MemoryRead = 0x40000000,
MemoryWrite = 0x80000000
}
}
}