first

author: JustSomePwner <crotchyalt@gmail.com> 2018-08-30 14:01:54 +0200
committer: JustSomePwner <crotchyalt@gmail.com> 2018-08-30 14:01:54 +0200
commit: 7ccb819f867493f8ec202ea3b39c94c198c64584 (patch)
tree: 94622e61af0ff359e3d6689cf274d74f60b2492a /injector/pe.h
parent: 564d979b79e8a5aaa5014eba0ecd36c61575934f (diff)
1 files changed, 309 insertions, 0 deletions
diff --git a/injector/pe.h b/injector/pe.h
new file mode 100644
index 0000000..f67e46d
--- /dev/null
+++ b/injector/pe.h
@@ -0,0 +1,309 @@
+#pragma once
+#include <cstdint>
+
+namespace nt {
+	using WORD = short;
+	using BYTE = unsigned char;
+	using DWORD = unsigned long;
+
+	typedef struct _IMAGE_DATA_DIRECTORY {
+		DWORD VirtualAddress;
+		DWORD Size;
+	} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
+
+	typedef struct _IMAGE_OPTIONAL_HEADER {
+		WORD                 Magic;
+		BYTE                 MajorLinkerVersion;
+		BYTE                 MinorLinkerVersion;
+		DWORD                SizeOfCode;
+		DWORD                SizeOfInitializedData;
+		DWORD                SizeOfUninitializedData;
+		DWORD                AddressOfEntryPoint;
+		DWORD                BaseOfCode;
+		DWORD                BaseOfData;
+		DWORD                ImageBase;
+		DWORD                SectionAlignment;
+		DWORD                FileAlignment;
+		WORD                 MajorOperatingSystemVersion;
+		WORD                 MinorOperatingSystemVersion;
+		WORD                 MajorImageVersion;
+		WORD                 MinorImageVersion;
+		WORD                 MajorSubsystemVersion;
+		WORD                 MinorSubsystemVersion;
+		DWORD                Win32VersionValue;
+		DWORD                SizeOfImage;
+		DWORD                SizeOfHeaders;
+		DWORD                CheckSum;
+		WORD                 Subsystem;
+		WORD                 DllCharacteristics;
+		DWORD                SizeOfStackReserve;
+		DWORD                SizeOfStackCommit;
+		DWORD                SizeOfHeapReserve;
+		DWORD                SizeOfHeapCommit;
+		DWORD                LoaderFlags;
+		DWORD                NumberOfRvaAndSizes;
+		IMAGE_DATA_DIRECTORY DataDirectory[ 16 ];
+	} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
+
+	typedef struct _IMAGE_FILE_HEADER {
+		WORD  Machine;
+		WORD  NumberOfSections;
+		DWORD TimeDateStamp;
+		DWORD PointerToSymbolTable;
+		DWORD NumberOfSymbols;
+		WORD  SizeOfOptionalHeader;
+		WORD  Characteristics;
+	} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
+
+	typedef struct _IMAGE_NT_HEADERS {
+		DWORD                 Signature;
+		IMAGE_FILE_HEADER     FileHeader;
+		IMAGE_OPTIONAL_HEADER OptionalHeader;
+	} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
+
+	typedef struct _IMAGE_EXPORT_DIRECTORY {
+		uint32_t Characteristics;
+		uint32_t TimeDateStamp;
+		uint16_t MajorVersion;
+		uint16_t MinorVersion;
+		uint32_t Name;
+		uint32_t Base;
+		uint32_t NumberOfFunctions;
+		uint32_t NumberOfNames;
+		uint32_t AddressOfFunctions;     // RVA from base of image
+		uint32_t AddressOfNames;     // RVA from base of image
+		uint32_t AddressOfNameOrdinals;  // RVA from base of image
+	} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
+
+	typedef struct _IMAGE_DOS_HEADER {
+		WORD e_magic;
+		WORD e_cblp;
+		WORD e_cp;
+		WORD e_crlc;
+		WORD e_cparhdr;
+		WORD e_minalloc;
+		WORD e_maxalloc;
+		WORD e_ss;
+		WORD e_sp;
+		WORD e_csum;
+		WORD e_ip;
+		WORD e_cs;
+		WORD e_lfarlc;
+		WORD e_ovno;
+		WORD e_res[ 4 ];
+		WORD e_oemid;
+		WORD e_oeminfo;
+		WORD e_res2[ 10 ];
+		long e_lfanew;
+	} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
+
+	typedef struct _LIST_ENTRY {
+		struct _LIST_ENTRY  *Flink;
+		struct _LIST_ENTRY  *Blink;
+	} LIST_ENTRY, *PLIST_ENTRY;
+
+	struct PEB_LDR_DATA {
+		uint32_t		Length;
+		uint8_t			Initialized;
+		uintptr_t		SsHandle;
+		LIST_ENTRY		InLoadOrderModuleList;
+		LIST_ENTRY		InMemoryOrderModuleList;
+		LIST_ENTRY		InInitializationOrderModuleList;
+		uintptr_t		EntryInProgress;
+		uint8_t			ShutdownInProgress;
+		uintptr_t		ShutdownThreadId;
+	};
+
+	struct UNICODE_STRING {
+		uint16_t	Length;
+		uint16_t	MaximumLength;
+		wchar_t		*Buffer;
+	};
+
+	struct STRING {
+		uint16_t	Length;
+		uint16_t	MaximumLength;
+		char		*Buffer;
+	};
+
+	struct CURDIR {
+		UNICODE_STRING	DosPath;
+		uintptr_t		Handle;
+	};
+
+	struct RTL_DRIVE_LETTER_CURDIR {
+		uint16_t	Flags;
+		uint16_t	Length;
+		uint32_t	TimeStamp;
+		STRING		DosPath;
+	};
+
+	struct RTL_USER_PROCESS_PARAMETERS {
+		uint32_t					MaximumLength;
+		uint32_t					Length;
+		uint32_t					Flags;
+		uint32_t					DebugFlags;
+		uintptr_t					ConsoleHandle;
+		uint32_t					ConsoleFlags;
+		uintptr_t					StandardInput;
+		uintptr_t					StandardOutput;
+		uintptr_t					StandardError;
+		CURDIR						CurrentDirectory;
+		UNICODE_STRING				DllPath;
+		UNICODE_STRING				ImagePathName;
+		UNICODE_STRING				CommandLine;
+		uintptr_t					Environment;
+		uint32_t					StartingX;
+		uint32_t					StartingY;
+		uint32_t					CountX;
+		uint32_t					CountY;
+		uint32_t					CountCharsX;
+		uint32_t					CountCharsY;
+		uint32_t					FillAttribute;
+		uint32_t					WindowFlags;
+		uint32_t					ShowWindowFlags;
+		UNICODE_STRING				WindowTitle;
+		UNICODE_STRING				DesktopInfo;
+		UNICODE_STRING				ShellInfo;
+		UNICODE_STRING				RuntimeData;
+		RTL_DRIVE_LETTER_CURDIR		CurrentDirectores[ 32 ];
+		uintptr_t					EnvironmentSize;
+		uintptr_t					EnvironmentVersion;
+		uintptr_t					PackageDependencyData;
+		uint32_t					ProcessGroupId;
+		uint32_t					LoaderThreads;
+	};
+
+	struct RTL_BALANCED_NODE {
+		RTL_BALANCED_NODE	*Children[ 2 ];
+		RTL_BALANCED_NODE	*Left;
+		RTL_BALANCED_NODE	*Right;
+		uintptr_t			ParentValue;
+	};
+
+	struct _PEB {
+		uint8_t							InheritedAddressSpace;
+		uint8_t							ReadImageFileExecOptions;
+		uint8_t							BeingDebugged;
+		uint8_t							BitField;
+		//uchar							Padding0[ 4 ];
+		uintptr_t						Mutant;
+		uintptr_t						ImageBaseAddress;
+		PEB_LDR_DATA					*Ldr;
+		RTL_USER_PROCESS_PARAMETERS		*ProcessParameters;
+		uintptr_t						SubSystemData;
+		uintptr_t						ProcessHeap;
+		uintptr_t						*FastPebLock;
+		uintptr_t						AtlThunkSListPtr;
+		uintptr_t						IFEOKey;
+		uint32_t						CrossProcessFlags;
+		uint8_t							Padding1[ 4 ];
+		uintptr_t						KernelCallbackTable;
+		uintptr_t						UserSharedInfoPtr;
+		uint32_t						SystemReserved[ 1 ];
+		uint32_t						AtlThunkSListPtr32;
+		uintptr_t						ApiSetMap;
+		uint32_t						TlsExpansionCounter;
+		uint8_t							Padding2[ 4 ];
+		uintptr_t						TlsBitmap;
+		uint32_t						TlsBitmapBits[ 2 ];
+		uintptr_t						ReadOnlySharedMemoryBase;
+		uintptr_t						SparePvoid0;
+		uintptr_t						ReadOnlyStaticServerData;
+		uintptr_t						AnsiCodePageData;
+		uintptr_t						OemCodePageData;
+		uintptr_t						UnicodeCaseTableData;
+		uint32_t						NumberOfProcessors;
+		uint32_t						NtGlobalFlag;
+		uint64_t						CriticalSectionTimeout;
+		uintptr_t						HeapSegmentReserve;
+		uintptr_t						HeapSegmentCommit;
+		uintptr_t						HeapDeCommitTotalFreeThreshold;
+		uintptr_t						HeapDeCommitFreeBlockThreshold;
+		uint32_t						NumberOfHeaps;
+		uint32_t						MaximumNumberOfHeaps;
+		uintptr_t						ProcessHeaps;
+		uintptr_t						GdiSharedHandleTable;
+		uintptr_t						ProcessStarterHelper;
+		uint32_t						GdiDCAttributeList;
+		uint8_t							Padding3[ 4 ];
+		uintptr_t						*LoaderLock;
+		uint32_t						OSMajorVersion;
+		uint32_t						OSMinorVersion;
+		uint16_t						OSBuildNumber;
+		uint16_t						OSCSDVersion;
+		uint32_t						OSPlatformId;
+		uint32_t						ImageSubsystem;
+		uint32_t						ImageSubsystemMajorVersion;
+		uint32_t						ImageSubsystemMinorVersion;
+		uint8_t							Padding4[ 4 ];
+		uintptr_t						ActiveProcessAffinityMask;
+#ifdef _WIN32
+		uint32_t						GdiHandleBuffer[ 34 ];
+#else
+		uint32_t						GdiHandleBuffer[ 60 ];
+#endif
+		uintptr_t						PostProcessInitRoutine;
+		uintptr_t						TlsExpansionBitmap;
+		uint32_t						TlsExpansionBitmapBits[ 32 ];
+		uint32_t						SessionId;
+		uint8_t							Padding5[ 4 ];
+		uint64_t						AppCompatFlags;
+		uint64_t						AppCompatFlagsUser;
+		uintptr_t						pShimData;
+		uintptr_t						AppCompatInfo;
+		UNICODE_STRING					CSDVersion;
+		uintptr_t						ActivationContextData;
+		uintptr_t						ProcessAssemblyStorageMap;
+		uintptr_t						SystemDefaultActivationContextData;
+		uintptr_t						SystemAssemblyStorageMap;
+		uintptr_t						MinimumStackCommit;
+		uintptr_t						FlsCallback;
+		LIST_ENTRY						FlsListHead;
+		uintptr_t						FlsBitmap;
+		uint32_t						FlsBitmapBits[ 4 ];
+		uint32_t						FlsHighIndex;
+		uintptr_t						WerRegistrationData;
+		uintptr_t						WerShipAssertPtr;
+		uintptr_t						pUnused;
+		uintptr_t						pImageHeaderHash;
+		uint32_t						TracingFlags;
+		uint8_t							Padding6[ 4 ];
+		uint64_t						CsrServerReadOnlySharedMemoryBase;
+		uintptr_t						TppWorkerpListLock;
+		LIST_ENTRY						TppWorkerpList;
+		uintptr_t						WaitOnAddressHashTable[ 128 ];
+	};
+
+	struct LDR_DATA_TABLE_ENTRY {
+		LIST_ENTRY				InLoadOrderLinks;
+		LIST_ENTRY				InMemoryOrderLinks;
+		LIST_ENTRY				InInitializationOrderLinks;
+		uintptr_t				DllBase;
+		uintptr_t				EntryPoint;
+		uint32_t				SizeOfImage;
+		UNICODE_STRING			FullDllName;
+		UNICODE_STRING			BaseDllName;
+		uint8_t					FlagGroup[ 4 ];
+		uint32_t				Flags;
+		uint16_t				ObsoleteLoadCount;
+		uint16_t				TlsIndex;
+		LIST_ENTRY				HashLinks;
+		uint32_t				TimeDateStamp;
+		uintptr_t				EntryPointActivationContext;
+		uintptr_t				Lock;
+		uintptr_t				DdagNode;
+		LIST_ENTRY				NodeModuleLink;
+		uintptr_t				LoadContext;
+		uintptr_t				ParentDllBase;
+		uintptr_t				SwitchBackContext;
+		RTL_BALANCED_NODE		BaseAddressIndexNode;
+		RTL_BALANCED_NODE		MappingInfoIndexNode;
+		uintptr_t				OriginalBase;
+		int64_t					LoadTime;
+		uint32_t				BaseNameHashValue;
+		uint32_t				LoadReason;
+		uint32_t				ImplicitPathOptions;
+		uint32_t				ReferenceCount;
+	};
+};
+\ No newline at end of file
author	JustSomePwner <crotchyalt@gmail.com>	2018-08-30 14:01:54 +0200
committer	JustSomePwner <crotchyalt@gmail.com>	2018-08-30 14:01:54 +0200
commit	7ccb819f867493f8ec202ea3b39c94c198c64584 (patch)
tree	94622e61af0ff359e3d6689cf274d74f60b2492a /injector/pe.h
parent	564d979b79e8a5aaa5014eba0ecd36c61575934f (diff)