winedump: Print more information from the PE Load Config directory.
This commit is contained in:
Alexandre Julliard
parent
8d02e4e2e9
commit
51adaa33e3
5 changed files with 252 additions and 56 deletions
|
|
@ -839,15 +839,17 @@ static void test_pack_IMAGE_LINENUMBER(void)
|
|||
static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY(void)
|
||||
{
|
||||
/* IMAGE_LOAD_CONFIG_DIRECTORY */
|
||||
TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY, 112)
|
||||
/* size varies depending on Windows version */
|
||||
/* TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY, 112) */
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY, 8)
|
||||
}
|
||||
|
||||
static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY32(void)
|
||||
{
|
||||
/* IMAGE_LOAD_CONFIG_DIRECTORY32 */
|
||||
TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, 88)
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, 8)
|
||||
/* size varies depending on Windows version */
|
||||
/* TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, 72) */
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, 4)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, Size, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, Size, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, Size, 0)
|
||||
|
|
@ -875,45 +877,46 @@ static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY32(void)
|
|||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, DeCommitTotalFreeThreshold, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, DeCommitTotalFreeThreshold, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, DeCommitTotalFreeThreshold, 28)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, LockPrefixTable, 8)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, LockPrefixTable, 8)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, LockPrefixTable, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, LockPrefixTable, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, LockPrefixTable, 32)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, MaximumAllocationSize, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, MaximumAllocationSize, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, MaximumAllocationSize, 40)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, MaximumAllocationSize, 36)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, VirtualMemoryThreshold, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, VirtualMemoryThreshold, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, VirtualMemoryThreshold, 44)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, VirtualMemoryThreshold, 40)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessHeapFlags, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessHeapFlags, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessHeapFlags, 48)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessHeapFlags, 44)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessAffinityMask, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessAffinityMask, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessAffinityMask, 52)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, ProcessAffinityMask, 48)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 56)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, Reserved1, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, Reserved1, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, Reserved1, 58)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 8)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 8)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 64)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 52)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, DependentLoadFlags, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, DependentLoadFlags, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, DependentLoadFlags, 54)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 56)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, SecurityCookie, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, SecurityCookie, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, SecurityCookie, 72)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, SecurityCookie, 60)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerTable, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerTable, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerTable, 76)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerTable, 64)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerCount, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerCount, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerCount, 80)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerCount, 68)
|
||||
}
|
||||
|
||||
static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY64(void)
|
||||
{
|
||||
/* IMAGE_LOAD_CONFIG_DIRECTORY64 */
|
||||
TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, 112)
|
||||
/* size varies depending on Windows version */
|
||||
/* TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, 112) */
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, 8)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, Size, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, Size, 4)
|
||||
|
|
@ -960,9 +963,9 @@ static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY64(void)
|
|||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, CSDVersion, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, CSDVersion, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, CSDVersion, 76)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, Reserved1, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, Reserved1, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, Reserved1, 78)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, DependentLoadFlags, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, DependentLoadFlags, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, DependentLoadFlags, 78)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, EditList, 8)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, EditList, 8)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, EditList, 80)
|
||||
|
|
@ -4264,14 +4267,16 @@ static void test_pack_IMAGE_LINENUMBER(void)
|
|||
static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY(void)
|
||||
{
|
||||
/* IMAGE_LOAD_CONFIG_DIRECTORY */
|
||||
TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY, 72)
|
||||
/* size varies depending on Windows version */
|
||||
/* TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY, 72) */
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY, 4)
|
||||
}
|
||||
|
||||
static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY32(void)
|
||||
{
|
||||
/* IMAGE_LOAD_CONFIG_DIRECTORY32 */
|
||||
TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, 72)
|
||||
/* size varies depending on Windows version */
|
||||
/* TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, 72) */
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, 4)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, Size, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, Size, 4)
|
||||
|
|
@ -4318,9 +4323,9 @@ static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY32(void)
|
|||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, CSDVersion, 52)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, Reserved1, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, Reserved1, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, Reserved1, 54)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, DependentLoadFlags, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, DependentLoadFlags, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, DependentLoadFlags, 54)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 4)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY32, EditList, 56)
|
||||
|
|
@ -4338,7 +4343,8 @@ static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY32(void)
|
|||
static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY64(void)
|
||||
{
|
||||
/* IMAGE_LOAD_CONFIG_DIRECTORY64 */
|
||||
TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, 112)
|
||||
/* size varies depending on Windows version */
|
||||
/* TEST_TYPE_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, 112) */
|
||||
TEST_TYPE_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, 8)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, Size, 4)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, Size, 4)
|
||||
|
|
@ -4385,9 +4391,9 @@ static void test_pack_IMAGE_LOAD_CONFIG_DIRECTORY64(void)
|
|||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, CSDVersion, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, CSDVersion, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, CSDVersion, 76)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, Reserved1, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, Reserved1, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, Reserved1, 78)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, DependentLoadFlags, 2)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, DependentLoadFlags, 2)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, DependentLoadFlags, 78)
|
||||
TEST_FIELD_SIZE (IMAGE_LOAD_CONFIG_DIRECTORY64, EditList, 8)
|
||||
TEST_FIELD_ALIGN (IMAGE_LOAD_CONFIG_DIRECTORY64, EditList, 8)
|
||||
TEST_FIELD_OFFSET(IMAGE_LOAD_CONFIG_DIRECTORY64, EditList, 80)
|
||||
|
|
|
|||
|
|
@ -3603,50 +3603,116 @@ typedef struct _FPO_DATA {
|
|||
WORD cbFrame : 2;
|
||||
} FPO_DATA, *PFPO_DATA;
|
||||
|
||||
typedef struct _IMAGE_LOAD_CONFIG_CODE_INTEGRITY
|
||||
{
|
||||
WORD Flags;
|
||||
WORD Catalog;
|
||||
DWORD CatalogOffset;
|
||||
DWORD Reserved;
|
||||
} IMAGE_LOAD_CONFIG_CODE_INTEGRITY, *PIMAGE_LOAD_CONFIG_CODE_INTEGRITY;
|
||||
|
||||
typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64 {
|
||||
DWORD Size;
|
||||
DWORD Size; /* 000 */
|
||||
DWORD TimeDateStamp;
|
||||
WORD MajorVersion;
|
||||
WORD MinorVersion;
|
||||
DWORD GlobalFlagsClear;
|
||||
DWORD GlobalFlagsSet;
|
||||
DWORD GlobalFlagsSet; /* 010 */
|
||||
DWORD CriticalSectionDefaultTimeout;
|
||||
ULONGLONG DeCommitFreeBlockThreshold;
|
||||
ULONGLONG DeCommitTotalFreeThreshold;
|
||||
ULONGLONG DeCommitTotalFreeThreshold; /* 020 */
|
||||
ULONGLONG LockPrefixTable;
|
||||
ULONGLONG MaximumAllocationSize;
|
||||
ULONGLONG MaximumAllocationSize; /* 030 */
|
||||
ULONGLONG VirtualMemoryThreshold;
|
||||
ULONGLONG ProcessAffinityMask;
|
||||
ULONGLONG ProcessAffinityMask; /* 040 */
|
||||
DWORD ProcessHeapFlags;
|
||||
WORD CSDVersion;
|
||||
WORD Reserved1;
|
||||
ULONGLONG EditList;
|
||||
WORD DependentLoadFlags;
|
||||
ULONGLONG EditList; /* 050 */
|
||||
ULONGLONG SecurityCookie;
|
||||
ULONGLONG SEHandlerTable;
|
||||
ULONGLONG SEHandlerTable; /* 060 */
|
||||
ULONGLONG SEHandlerCount;
|
||||
ULONGLONG GuardCFCheckFunctionPointer; /* 070 */
|
||||
ULONGLONG GuardCFDispatchFunctionPointer;
|
||||
ULONGLONG GuardCFFunctionTable; /* 080 */
|
||||
ULONGLONG GuardCFFunctionCount;
|
||||
DWORD GuardFlags; /* 090 */
|
||||
IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity;
|
||||
ULONGLONG GuardAddressTakenIatEntryTable; /* 0a0 */
|
||||
ULONGLONG GuardAddressTakenIatEntryCount;
|
||||
ULONGLONG GuardLongJumpTargetTable; /* 0b0 */
|
||||
ULONGLONG GuardLongJumpTargetCount;
|
||||
ULONGLONG DynamicValueRelocTable; /* 0c0 */
|
||||
ULONGLONG CHPEMetadataPointer;
|
||||
ULONGLONG GuardRFFailureRoutine; /* 0d0 */
|
||||
ULONGLONG GuardRFFailureRoutineFunctionPointer;
|
||||
DWORD DynamicValueRelocTableOffset; /* 0e0 */
|
||||
WORD DynamicValueRelocTableSection;
|
||||
WORD Reserved2;
|
||||
ULONGLONG GuardRFVerifyStackPointerFunctionPointer;
|
||||
DWORD HotPatchTableOffset; /* 0f0 */
|
||||
DWORD Reserved3;
|
||||
ULONGLONG EnclaveConfigurationPointer;
|
||||
ULONGLONG VolatileMetadataPointer; /* 100 */
|
||||
ULONGLONG GuardEHContinuationTable;
|
||||
ULONGLONG GuardEHContinuationCount; /* 110 */
|
||||
ULONGLONG GuardXFGCheckFunctionPointer;
|
||||
ULONGLONG GuardXFGDispatchFunctionPointer; /* 120 */
|
||||
ULONGLONG GuardXFGTableDispatchFunctionPointer;
|
||||
ULONGLONG CastGuardOsDeterminedFailureMode; /* 130 */
|
||||
ULONGLONG GuardMemcpyFunctionPointer;
|
||||
} IMAGE_LOAD_CONFIG_DIRECTORY64, *PIMAGE_LOAD_CONFIG_DIRECTORY64;
|
||||
|
||||
typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32 {
|
||||
DWORD Size;
|
||||
DWORD Size; /* 000 */
|
||||
DWORD TimeDateStamp;
|
||||
WORD MajorVersion;
|
||||
WORD MinorVersion;
|
||||
DWORD GlobalFlagsClear;
|
||||
DWORD GlobalFlagsSet;
|
||||
DWORD GlobalFlagsSet; /* 010 */
|
||||
DWORD CriticalSectionDefaultTimeout;
|
||||
DWORD DeCommitFreeBlockThreshold;
|
||||
DWORD DeCommitTotalFreeThreshold;
|
||||
PVOID LockPrefixTable;
|
||||
DWORD LockPrefixTable; /* 020 */
|
||||
DWORD MaximumAllocationSize;
|
||||
DWORD VirtualMemoryThreshold;
|
||||
DWORD ProcessHeapFlags;
|
||||
DWORD ProcessAffinityMask;
|
||||
DWORD ProcessAffinityMask; /* 030 */
|
||||
WORD CSDVersion;
|
||||
WORD Reserved1;
|
||||
PVOID EditList;
|
||||
WORD DependentLoadFlags;
|
||||
DWORD EditList;
|
||||
DWORD SecurityCookie;
|
||||
DWORD SEHandlerTable;
|
||||
DWORD SEHandlerTable; /* 040 */
|
||||
DWORD SEHandlerCount;
|
||||
DWORD GuardCFCheckFunctionPointer;
|
||||
DWORD GuardCFDispatchFunctionPointer;
|
||||
DWORD GuardCFFunctionTable; /* 050 */
|
||||
DWORD GuardCFFunctionCount;
|
||||
DWORD GuardFlags;
|
||||
IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity;
|
||||
DWORD GuardAddressTakenIatEntryTable;
|
||||
DWORD GuardAddressTakenIatEntryCount;
|
||||
DWORD GuardLongJumpTargetTable; /* 070 */
|
||||
DWORD GuardLongJumpTargetCount;
|
||||
DWORD DynamicValueRelocTable;
|
||||
DWORD CHPEMetadataPointer;
|
||||
DWORD GuardRFFailureRoutine; /* 080 */
|
||||
DWORD GuardRFFailureRoutineFunctionPointer;
|
||||
DWORD DynamicValueRelocTableOffset;
|
||||
WORD DynamicValueRelocTableSection;
|
||||
WORD Reserved2;
|
||||
DWORD GuardRFVerifyStackPointerFunctionPointer; /* 090 */
|
||||
DWORD HotPatchTableOffset;
|
||||
DWORD Reserved3;
|
||||
DWORD EnclaveConfigurationPointer;
|
||||
DWORD VolatileMetadataPointer; /* 0a0 */
|
||||
DWORD GuardEHContinuationTable;
|
||||
DWORD GuardEHContinuationCount;
|
||||
DWORD GuardXFGCheckFunctionPointer;
|
||||
DWORD GuardXFGDispatchFunctionPointer; /* 0b0 */
|
||||
DWORD GuardXFGTableDispatchFunctionPointer;
|
||||
DWORD CastGuardOsDeterminedFailureMode;
|
||||
DWORD GuardMemcpyFunctionPointer;
|
||||
} IMAGE_LOAD_CONFIG_DIRECTORY32, *PIMAGE_LOAD_CONFIG_DIRECTORY32;
|
||||
|
||||
#ifdef _WIN64
|
||||
|
|
|
|||
|
|
@ -243,7 +243,7 @@ void lib_dump(void)
|
|||
|
||||
if (globals.do_dumpheader)
|
||||
{
|
||||
dump_file_header(fh);
|
||||
dump_file_header(fh, FALSE);
|
||||
if (fh->SizeOfOptionalHeader)
|
||||
{
|
||||
const IMAGE_OPTIONAL_HEADER32 *oh = (const IMAGE_OPTIONAL_HEADER32 *)((const char *)fh + sizeof(*fh));
|
||||
|
|
|
|||
|
|
@ -154,6 +154,28 @@ static const char *get_magic_type(WORD magic)
|
|||
return "???";
|
||||
}
|
||||
|
||||
static ULONGLONG get_hybrid_metadata(void)
|
||||
{
|
||||
unsigned int size;
|
||||
|
||||
if (PE_nt_headers->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
|
||||
{
|
||||
const IMAGE_LOAD_CONFIG_DIRECTORY64 *cfg = get_dir_and_size(IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &size);
|
||||
if (!cfg) return 0;
|
||||
size = min( size, cfg->Size );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, CHPEMetadataPointer )) return 0;
|
||||
return cfg->CHPEMetadataPointer;
|
||||
}
|
||||
else
|
||||
{
|
||||
const IMAGE_LOAD_CONFIG_DIRECTORY32 *cfg = get_dir_and_size(IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &size);
|
||||
if (!cfg) return 0;
|
||||
size = min( size, cfg->Size );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, CHPEMetadataPointer )) return 0;
|
||||
return cfg->CHPEMetadataPointer;
|
||||
}
|
||||
}
|
||||
|
||||
static inline void print_word(const char *title, WORD value)
|
||||
{
|
||||
printf(" %-34s 0x%-4X %u\n", title, value, value);
|
||||
|
|
@ -340,12 +362,22 @@ void dump_optional_header(const IMAGE_OPTIONAL_HEADER32 *optionalHeader, UINT he
|
|||
}
|
||||
}
|
||||
|
||||
void dump_file_header(const IMAGE_FILE_HEADER *fileHeader)
|
||||
void dump_file_header(const IMAGE_FILE_HEADER *fileHeader, BOOL is_hybrid)
|
||||
{
|
||||
const char *name = get_machine_str(fileHeader->Machine);
|
||||
|
||||
printf("File Header\n");
|
||||
|
||||
printf(" Machine: %04X (%s)\n",
|
||||
fileHeader->Machine, get_machine_str(fileHeader->Machine));
|
||||
if (is_hybrid)
|
||||
{
|
||||
switch (fileHeader->Machine)
|
||||
{
|
||||
case IMAGE_FILE_MACHINE_I386: name = "CHPE"; break;
|
||||
case IMAGE_FILE_MACHINE_AMD64: name = "ARM64EC"; break;
|
||||
case IMAGE_FILE_MACHINE_ARM64: name = "ARM64X"; break;
|
||||
}
|
||||
}
|
||||
printf(" Machine: %04X (%s)\n", fileHeader->Machine, name);
|
||||
printf(" Number of Sections: %d\n", fileHeader->NumberOfSections);
|
||||
printf(" TimeDateStamp: %08X (%s) offset %lu\n",
|
||||
(UINT)fileHeader->TimeDateStamp, get_time_str(fileHeader->TimeDateStamp),
|
||||
|
|
@ -377,7 +409,7 @@ void dump_file_header(const IMAGE_FILE_HEADER *fileHeader)
|
|||
|
||||
static void dump_pe_header(void)
|
||||
{
|
||||
dump_file_header(&PE_nt_headers->FileHeader);
|
||||
dump_file_header(&PE_nt_headers->FileHeader, get_hybrid_metadata() != 0);
|
||||
dump_optional_header((const IMAGE_OPTIONAL_HEADER32*)&PE_nt_headers->OptionalHeader, PE_nt_headers->FileHeader.SizeOfOptionalHeader);
|
||||
}
|
||||
|
||||
|
|
@ -1726,10 +1758,12 @@ static void dump_dir_imported_functions(void)
|
|||
|
||||
static void dump_dir_loadconfig(void)
|
||||
{
|
||||
const IMAGE_LOAD_CONFIG_DIRECTORY32 *loadcfg32 = get_dir(IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
|
||||
unsigned int size;
|
||||
const IMAGE_LOAD_CONFIG_DIRECTORY32 *loadcfg32 = get_dir_and_size(IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &size);
|
||||
const IMAGE_LOAD_CONFIG_DIRECTORY64 *loadcfg64 = (void*)loadcfg32;
|
||||
|
||||
if (!loadcfg32) return;
|
||||
size = min( size, loadcfg32->Size );
|
||||
|
||||
printf( "Loadconfig\n" );
|
||||
print_dword( "Size", loadcfg32->Size );
|
||||
|
|
@ -1749,10 +1783,55 @@ static void dump_dir_loadconfig(void)
|
|||
print_dword( "ProcessHeapFlags", loadcfg64->ProcessHeapFlags );
|
||||
print_longlong( "ProcessAffinityMask", loadcfg64->ProcessAffinityMask );
|
||||
print_word( "CSDVersion", loadcfg64->CSDVersion );
|
||||
print_word( "Reserved", loadcfg64->Reserved1 );
|
||||
print_word( "DependentLoadFlags", loadcfg64->DependentLoadFlags );
|
||||
print_longlong( "SecurityCookie", loadcfg64->SecurityCookie );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, SEHandlerTable )) return;
|
||||
print_longlong( "SEHandlerTable", loadcfg64->SEHandlerTable );
|
||||
print_longlong( "SEHandlerCount", loadcfg64->SEHandlerCount );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardCFCheckFunctionPointer )) return;
|
||||
print_longlong( "GuardCFCheckFunctionPointer", loadcfg64->GuardCFCheckFunctionPointer );
|
||||
print_longlong( "GuardCFDispatchFunctionPointer", loadcfg64->GuardCFDispatchFunctionPointer );
|
||||
print_longlong( "GuardCFFunctionTable", loadcfg64->GuardCFFunctionTable );
|
||||
print_longlong( "GuardCFFunctionCount", loadcfg64->GuardCFFunctionCount );
|
||||
print_dword( "GuardFlags", loadcfg64->GuardFlags );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, CodeIntegrity )) return;
|
||||
print_word( "CodeIntegrity.Flags", loadcfg64->CodeIntegrity.Flags );
|
||||
print_word( "CodeIntegrity.Catalog", loadcfg64->CodeIntegrity.Catalog );
|
||||
print_dword( "CodeIntegrity.CatalogOffset", loadcfg64->CodeIntegrity.CatalogOffset );
|
||||
print_dword( "CodeIntegrity.Reserved", loadcfg64->CodeIntegrity.Reserved );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardAddressTakenIatEntryTable )) return;
|
||||
print_longlong( "GuardAddressTakenIatEntryTable", loadcfg64->GuardAddressTakenIatEntryTable );
|
||||
print_longlong( "GuardAddressTakenIatEntryCount", loadcfg64->GuardAddressTakenIatEntryCount );
|
||||
print_longlong( "GuardLongJumpTargetTable", loadcfg64->GuardLongJumpTargetTable );
|
||||
print_longlong( "GuardLongJumpTargetCount", loadcfg64->GuardLongJumpTargetCount );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, DynamicValueRelocTable )) return;
|
||||
print_longlong( "DynamicValueRelocTable", loadcfg64->DynamicValueRelocTable );
|
||||
print_longlong( "CHPEMetadataPointer", loadcfg64->CHPEMetadataPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardRFFailureRoutine )) return;
|
||||
print_longlong( "GuardRFFailureRoutine", loadcfg64->GuardRFFailureRoutine );
|
||||
print_longlong( "GuardRFFailureRoutineFunctionPointer", loadcfg64->GuardRFFailureRoutineFunctionPointer );
|
||||
print_dword( "DynamicValueRelocTableOffset", loadcfg64->DynamicValueRelocTableOffset );
|
||||
print_word( "DynamicValueRelocTableSection",loadcfg64->DynamicValueRelocTableSection );
|
||||
print_word( "Reserved2", loadcfg64->Reserved2 );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardRFVerifyStackPointerFunctionPointer )) return;
|
||||
print_longlong( "GuardRFVerifyStackPointerFunctionPointer", loadcfg64->GuardRFVerifyStackPointerFunctionPointer );
|
||||
print_dword( "HotPatchTableOffset", loadcfg64->HotPatchTableOffset );
|
||||
print_dword( "Reserved3", loadcfg64->Reserved3 );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, EnclaveConfigurationPointer )) return;
|
||||
print_longlong( "EnclaveConfigurationPointer", loadcfg64->EnclaveConfigurationPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, VolatileMetadataPointer )) return;
|
||||
print_longlong( "VolatileMetadataPointer", loadcfg64->VolatileMetadataPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardEHContinuationTable )) return;
|
||||
print_longlong( "GuardEHContinuationTable", loadcfg64->GuardEHContinuationTable );
|
||||
print_longlong( "GuardEHContinuationCount", loadcfg64->GuardEHContinuationCount );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardXFGCheckFunctionPointer )) return;
|
||||
print_longlong( "GuardXFGCheckFunctionPointer", loadcfg64->GuardXFGCheckFunctionPointer );
|
||||
print_longlong( "GuardXFGDispatchFunctionPointer", loadcfg64->GuardXFGDispatchFunctionPointer );
|
||||
print_longlong( "GuardXFGTableDispatchFunctionPointer", loadcfg64->GuardXFGTableDispatchFunctionPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, CastGuardOsDeterminedFailureMode )) return;
|
||||
print_longlong( "CastGuardOsDeterminedFailureMode", loadcfg64->CastGuardOsDeterminedFailureMode );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY64, GuardMemcpyFunctionPointer )) return;
|
||||
print_longlong( "GuardMemcpyFunctionPointer", loadcfg64->GuardMemcpyFunctionPointer );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -1763,10 +1842,55 @@ static void dump_dir_loadconfig(void)
|
|||
print_dword( "ProcessHeapFlags", loadcfg32->ProcessHeapFlags );
|
||||
print_dword( "ProcessAffinityMask", loadcfg32->ProcessAffinityMask );
|
||||
print_word( "CSDVersion", loadcfg32->CSDVersion );
|
||||
print_word( "Reserved", loadcfg32->Reserved1 );
|
||||
print_word( "DependentLoadFlags", loadcfg32->DependentLoadFlags );
|
||||
print_dword( "SecurityCookie", loadcfg32->SecurityCookie );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, SEHandlerTable )) return;
|
||||
print_dword( "SEHandlerTable", loadcfg32->SEHandlerTable );
|
||||
print_dword( "SEHandlerCount", loadcfg32->SEHandlerCount );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardCFCheckFunctionPointer )) return;
|
||||
print_dword( "GuardCFCheckFunctionPointer", loadcfg32->GuardCFCheckFunctionPointer );
|
||||
print_dword( "GuardCFDispatchFunctionPointer", loadcfg32->GuardCFDispatchFunctionPointer );
|
||||
print_dword( "GuardCFFunctionTable", loadcfg32->GuardCFFunctionTable );
|
||||
print_dword( "GuardCFFunctionCount", loadcfg32->GuardCFFunctionCount );
|
||||
print_dword( "GuardFlags", loadcfg32->GuardFlags );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, CodeIntegrity )) return;
|
||||
print_word( "CodeIntegrity.Flags", loadcfg32->CodeIntegrity.Flags );
|
||||
print_word( "CodeIntegrity.Catalog", loadcfg32->CodeIntegrity.Catalog );
|
||||
print_dword( "CodeIntegrity.CatalogOffset", loadcfg32->CodeIntegrity.CatalogOffset );
|
||||
print_dword( "CodeIntegrity.Reserved", loadcfg32->CodeIntegrity.Reserved );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardAddressTakenIatEntryTable )) return;
|
||||
print_dword( "GuardAddressTakenIatEntryTable", loadcfg32->GuardAddressTakenIatEntryTable );
|
||||
print_dword( "GuardAddressTakenIatEntryCount", loadcfg32->GuardAddressTakenIatEntryCount );
|
||||
print_dword( "GuardLongJumpTargetTable", loadcfg32->GuardLongJumpTargetTable );
|
||||
print_dword( "GuardLongJumpTargetCount", loadcfg32->GuardLongJumpTargetCount );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, DynamicValueRelocTable )) return;
|
||||
print_dword( "DynamicValueRelocTable", loadcfg32->DynamicValueRelocTable );
|
||||
print_dword( "CHPEMetadataPointer", loadcfg32->CHPEMetadataPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardRFFailureRoutine )) return;
|
||||
print_dword( "GuardRFFailureRoutine", loadcfg32->GuardRFFailureRoutine );
|
||||
print_dword( "GuardRFFailureRoutineFunctionPointer", loadcfg32->GuardRFFailureRoutineFunctionPointer );
|
||||
print_dword( "DynamicValueRelocTableOffset", loadcfg32->DynamicValueRelocTableOffset );
|
||||
print_word( "DynamicValueRelocTableSection", loadcfg32->DynamicValueRelocTableSection );
|
||||
print_word( "Reserved2", loadcfg32->Reserved2 );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardRFVerifyStackPointerFunctionPointer )) return;
|
||||
print_dword( "GuardRFVerifyStackPointerFunctionPointer", loadcfg32->GuardRFVerifyStackPointerFunctionPointer );
|
||||
print_dword( "HotPatchTableOffset", loadcfg32->HotPatchTableOffset );
|
||||
print_dword( "Reserved3", loadcfg32->Reserved3 );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, EnclaveConfigurationPointer )) return;
|
||||
print_dword( "EnclaveConfigurationPointer", loadcfg32->EnclaveConfigurationPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, VolatileMetadataPointer )) return;
|
||||
print_dword( "VolatileMetadataPointer", loadcfg32->VolatileMetadataPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardEHContinuationTable )) return;
|
||||
print_dword( "GuardEHContinuationTable", loadcfg32->GuardEHContinuationTable );
|
||||
print_dword( "GuardEHContinuationCount", loadcfg32->GuardEHContinuationCount );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardXFGCheckFunctionPointer )) return;
|
||||
print_dword( "GuardXFGCheckFunctionPointer", loadcfg32->GuardXFGCheckFunctionPointer );
|
||||
print_dword( "GuardXFGDispatchFunctionPointer", loadcfg32->GuardXFGDispatchFunctionPointer );
|
||||
print_dword( "GuardXFGTableDispatchFunctionPointer", loadcfg32->GuardXFGTableDispatchFunctionPointer );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, CastGuardOsDeterminedFailureMode )) return;
|
||||
print_dword( "CastGuardOsDeterminedFailureMode", loadcfg32->CastGuardOsDeterminedFailureMode );
|
||||
if (size <= offsetof( IMAGE_LOAD_CONFIG_DIRECTORY32, GuardMemcpyFunctionPointer )) return;
|
||||
print_dword( "GuardMemcpyFunctionPointer", loadcfg32->GuardMemcpyFunctionPointer );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ const char* get_guid_str(const GUID* guid);
|
|||
const char* get_unicode_str( const WCHAR *str, int len );
|
||||
const char* get_symbol_str(const char* symname);
|
||||
void print_fake_dll(void);
|
||||
void dump_file_header(const IMAGE_FILE_HEADER *);
|
||||
void dump_file_header(const IMAGE_FILE_HEADER *, BOOL);
|
||||
void dump_optional_header(const IMAGE_OPTIONAL_HEADER32 *, UINT);
|
||||
void dump_section(const IMAGE_SECTION_HEADER *, const char* strtable);
|
||||
void dump_section_characteristics(DWORD characteristics, const char* sep);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue