Package ghidra.app.util.bin.format.pe

Class OptionalHeader

java.lang.Object
ghidra.app.util.bin.format.pe.OptionalHeader
All Implemented Interfaces:
StructConverter
public class OptionalHeader extends Object implements StructConverter

 typedef struct _IMAGE_OPTIONAL_HEADER {
     WORD    Magic;									// MANDATORY
     BYTE    MajorLinkerVersion;
     BYTE    MinorLinkerVersion;
     DWORD   SizeOfCode;
     DWORD   SizeOfInitializedData;
     DWORD   SizeOfUninitializedData;
     DWORD   AddressOfEntryPoint;						// MANDATORY
     DWORD   BaseOfCode;
     DWORD   BaseOfData;
     DWORD   ImageBase;								// MANDATORY
     DWORD   SectionAlignment;						// MANDATORY
     DWORD   FileAlignment;							// MANDATORY
     WORD    MajorOperatingSystemVersion;				// MANDATORY
     WORD    MinorOperatingSystemVersion;
     WORD    MajorImageVersion;
     WORD    MinorImageVersion;
     WORD    MajorSubsystemVersion;
     WORD    MinorSubsystemVersion;
     DWORD   Win32VersionValue;
     DWORD   SizeOfImage;								// MANDATORY
     DWORD   SizeOfHeaders;							// MANDATORY
     DWORD   CheckSum;
     WORD    Subsystem;								// MANDATORY
     WORD    DllCharacteristics;
     DWORD   SizeOfStackReserve;
     DWORD   SizeOfStackCommit;
     DWORD   SizeOfHeapReserve;
     DWORD   SizeOfHeapCommit;
     DWORD   LoaderFlags;
     DWORD   NumberOfRvaAndSizes;						// USED
     IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
 };
 
 typedef struct _IMAGE_OPTIONAL_HEADER64 {
     WORD        Magic;
     BYTE        MajorLinkerVersion;
     BYTE        MinorLinkerVersion;
     DWORD       SizeOfCode;
     DWORD       SizeOfInitializedData;
     DWORD       SizeOfUninitializedData;
     DWORD       AddressOfEntryPoint;
     DWORD       BaseOfCode;
     ULONGLONG   ImageBase;
     DWORD       SectionAlignment;
     DWORD       FileAlignment;
     WORD        MajorOperatingSystemVersion;
     WORD        MinorOperatingSystemVersion;
     WORD        MajorImageVersion;
     WORD        MinorImageVersion;
     WORD        MajorSubsystemVersion;
     WORD        MinorSubsystemVersion;
     DWORD       Win32VersionValue;
     DWORD       SizeOfImage;
     DWORD       SizeOfHeaders;
     DWORD       CheckSum;
     WORD        Subsystem;
     WORD        DllCharacteristics;
     ULONGLONG   SizeOfStackReserve;
     ULONGLONG   SizeOfStackCommit;
     ULONGLONG   SizeOfHeapReserve;
     ULONGLONG   SizeOfHeapCommit;
     DWORD       LoaderFlags;
     DWORD       NumberOfRvaAndSizes;
     IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
 };

  • Field Details

    • IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

      public static final int IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
      ASLR with 64 bit address space.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

      public static final int IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
      The DLL can be relocated at load time.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

      public static final int IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
      Code integrity checks are forced.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_NX_COMPAT

      public static final int IMAGE_DLLCHARACTERISTICS_NX_COMPAT
      The image is compatible with data execution prevention (DEP)
      See Also:

    • IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

      public static final int IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
      The image is isolation aware, but should not be isolated.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_NO_SEH

      public static final int IMAGE_DLLCHARACTERISTICS_NO_SEH
      The image does not use structured exception handling (SEH).
      See Also:

    • IMAGE_DLLCHARACTERISTICS_NO_BIND

      public static final int IMAGE_DLLCHARACTERISTICS_NO_BIND
      Do not bind the image.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_APPCONTAINER

      public static final int IMAGE_DLLCHARACTERISTICS_APPCONTAINER
      Image should execute in an AppContainer.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

      public static final int IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
      A WDM driver.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_GUARD_CF

      public static final int IMAGE_DLLCHARACTERISTICS_GUARD_CF
      Image supports Control Flow Guard.
      See Also:

    • IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

      public static final int IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
      The image is terminal server aware.
      See Also:

    • IMAGE_NUMBEROF_DIRECTORY_ENTRIES

      public static final byte IMAGE_NUMBEROF_DIRECTORY_ENTRIES
      The count of data directories in the optional header.
      See Also:

    • IMAGE_DIRECTORY_ENTRY_EXPORT

      public static final byte IMAGE_DIRECTORY_ENTRY_EXPORT
      Export directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_IMPORT

      public static final byte IMAGE_DIRECTORY_ENTRY_IMPORT
      Import directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_RESOURCE

      public static final byte IMAGE_DIRECTORY_ENTRY_RESOURCE
      Resource directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_EXCEPTION

      public static final byte IMAGE_DIRECTORY_ENTRY_EXCEPTION
      Exception directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_SECURITY

      public static final byte IMAGE_DIRECTORY_ENTRY_SECURITY
      Security directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_BASERELOC

      public static final byte IMAGE_DIRECTORY_ENTRY_BASERELOC
      Base Relocation Table directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_DEBUG

      public static final byte IMAGE_DIRECTORY_ENTRY_DEBUG
      Debug directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_ARCHITECTURE

      public static final byte IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
      Architecture Specific Data directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_GLOBALPTR

      public static final byte IMAGE_DIRECTORY_ENTRY_GLOBALPTR
      Global Pointer directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_TLS

      public static final byte IMAGE_DIRECTORY_ENTRY_TLS
      TLS directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG

      public static final byte IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
      Load Configuration directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT

      public static final byte IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
      Bound Import directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_IAT

      public static final byte IMAGE_DIRECTORY_ENTRY_IAT
      Import Address Table directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT

      public static final byte IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
      Delay Load Import Descriptors directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

      public static final byte IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      COM Runtime Descriptor directory index
      See Also:

    • IMAGE_DIRECTORY_ENTRY_COMHEADER

      public static final byte IMAGE_DIRECTORY_ENTRY_COMHEADER
      New name for the COM Descriptor directory index
      See Also:

    • magic

      protected short magic

    • majorLinkerVersion

      protected byte majorLinkerVersion

    • minorLinkerVersion

      protected byte minorLinkerVersion

    • sizeOfCode

      protected int sizeOfCode

    • sizeOfInitializedData

      protected int sizeOfInitializedData

    • sizeOfUninitializedData

      protected int sizeOfUninitializedData

    • addressOfEntryPoint

      protected int addressOfEntryPoint

    • baseOfCode

      protected int baseOfCode

    • baseOfData

      protected int baseOfData

    • imageBase

      protected long imageBase

    • sectionAlignment

      protected int sectionAlignment

    • fileAlignment

      protected int fileAlignment

    • majorOperatingSystemVersion

      protected short majorOperatingSystemVersion

    • minorOperatingSystemVersion

      protected short minorOperatingSystemVersion

    • majorImageVersion

      protected short majorImageVersion

    • minorImageVersion

      protected short minorImageVersion

    • majorSubsystemVersion

      protected short majorSubsystemVersion

    • minorSubsystemVersion

      protected short minorSubsystemVersion

    • win32VersionValue

      protected int win32VersionValue

    • sizeOfImage

      protected int sizeOfImage

    • sizeOfHeaders

      protected int sizeOfHeaders

    • checkSum

      protected int checkSum

    • subsystem

      protected short subsystem

    • dllCharacteristics

      protected short dllCharacteristics

    • sizeOfStackReserve

      protected long sizeOfStackReserve

    • sizeOfStackCommit

      protected long sizeOfStackCommit

    • sizeOfHeapReserve

      protected long sizeOfHeapReserve

    • sizeOfHeapCommit

      protected long sizeOfHeapCommit

    • loaderFlags

      protected int loaderFlags

    • numberOfRvaAndSizes

      protected int numberOfRvaAndSizes

    • dataDirectory

      protected DataDirectory[] dataDirectory

    • ntHeader

      protected NTHeader ntHeader

    • reader

      protected BinaryReader reader

    • startIndex

      protected int startIndex

  • Method Details

    • parse

      protected void parse() throws IOException
      Throws:
      IOException

    • processDataDirectories

      public void processDataDirectories(MessageLog log, TaskMonitor monitor)
      This methods tells this optional header to process its data directories.
      Parameters:
      log - The log
      monitor - The monitor

    • is64bit

      public boolean is64bit()
      Returns true of this optional header is 64-bit..
      Returns:
      true of this optional header is 64-bit.

    • getMajorLinkerVersion

      public byte getMajorLinkerVersion()
      Returns the major version number of the linker that built this binary..
      Returns:
      the major version number of the linker that built this binary.

    • getMinorLinkerVersion

      public byte getMinorLinkerVersion()
      Returns the minor version number of the linker that built this binary..
      Returns:
      the minor version number of the linker that built this binary.

    • getSizeOfCode

      public long getSizeOfCode()
      Returns the combined total size of all sections with IMAGE_SCN_CNT_CODE attribute..
      Returns:
      the combined total size of all sections with IMAGE_SCN_CNT_CODE attribute.

    • setSizeOfCode

      public void setSizeOfCode(long size)
      Sets the combined total size of all sections with the IMAGE_SCN_CNT_CODE attribute.
      Parameters:
      size - The size to set

    • getSizeOfInitializedData

      public long getSizeOfInitializedData()
      Returns the combined size of all initialized data sections..
      Returns:
      the combined size of all initialized data sections.

    • setSizeOfInitializedData

      public void setSizeOfInitializedData(long size)
      Sets the combined size of all initialized data sections}
      Parameters:
      size - The size to set

    • getSizeOfUninitializedData

      public long getSizeOfUninitializedData()
      Returns the size of all sections with the uninitialized data attributes..
      Returns:
      the size of all sections with the uninitialized data attributes.

    • setSizeOfUninitializedData

      public void setSizeOfUninitializedData(long size)
      Sets the size of all sections with the uninitialized data attributes.}
      Parameters:
      size - The size to set

    • getAddressOfEntryPoint

      public long getAddressOfEntryPoint()
      Returns the RVA of the first code byte in the file that will be executed.
      Returns:
      the RVA of the first code byte in the file that will be executed

    • getBaseOfCode

      public long getBaseOfCode()
      Returns the RVA of the first byte of code when loaded in memory..
      Returns:
      the RVA of the first byte of code when loaded in memory.

    • getBaseOfData

      public long getBaseOfData()
      Returns the RVA of the first byte of data when loaded into memory..
      Returns:
      the RVA of the first byte of data when loaded into memory.

    • getImageBase

      public long getImageBase()
      Returns the preferred load address of this file in memory.
      Returns:
      the preferred load address of this file in memory

    • getSectionAlignment

      public int getSectionAlignment()
      Returns the section alignment.
      Returns:
      the section alignment

    • getFileAlignment

      public int getFileAlignment()
      Returns the file alignment.
      Returns:
      the file alignment

    • getMajorOperatingSystemVersion

      public short getMajorOperatingSystemVersion()
      Returns the major version number of the required operating system..
      Returns:
      the major version number of the required operating system.

    • getMinorOperatingSystemVersion

      public short getMinorOperatingSystemVersion()
      Returns the minor version number of the required operating system..
      Returns:
      the minor version number of the required operating system.

    • getMajorImageVersion

      public short getMajorImageVersion()
      Returns the major version number of the image..
      Returns:
      the major version number of the image.

    • getMinorImageVersion

      public short getMinorImageVersion()
      Returns the minor version number of the image..
      Returns:
      the minor version number of the image.

    • getMajorSubsystemVersion

      public short getMajorSubsystemVersion()
      Returns the major version number of the subsystem..
      Returns:
      the major version number of the subsystem.

    • getMinorSubsystemVersion

      public short getMinorSubsystemVersion()
      Returns the minor version number of the subsystem..
      Returns:
      the minor version number of the subsystem.

    • getWin32VersionValue

      public int getWin32VersionValue()
      Returns the reserved value, which must be 0.
      Returns:
      the reserved value, which must be 0

    • getSizeOfImage

      public long getSizeOfImage()
      Returns the RVA that would be assigned to the next section following the last section.
      Returns:
      the RVA that would be assigned to the next section following the last section

    • setSizeOfImage

      public void setSizeOfImage(long size)
      Sets the RVA that would be assigned to the next section following the last section
      Parameters:
      size - The size to set

    • getSizeOfHeaders

      public long getSizeOfHeaders()
      Returns the combined size of all headers.
      Returns:
      the combined size of all headers

    • setSizeOfHeaders

      public void setSizeOfHeaders(long size)
      Sets the combined size of all headers
      Parameters:
      size - The size to set

    • getChecksum

      public int getChecksum()
      Returns the image file checksum..
      Returns:
      the image file checksum.

    • getSubsystem

      public int getSubsystem()
      Returns the subsystem that is required to run this image..
      Returns:
      the subsystem that is required to run this image.

    • getDllCharacteristics

      public short getDllCharacteristics()
      Returns the flags that describe properties of and features of this binary..
      Returns:
      the flags that describe properties of and features of this binary.
      See Also:

    • getSizeOfStackReserve

      public long getSizeOfStackReserve()
      Returns the size of the stack reservation.
      Returns:
      the size of the stack reservation

    • getSizeOfStackCommit

      public long getSizeOfStackCommit()
      Returns the size of the stack to commit.
      Returns:
      the size of the stack to commit

    • getSizeOfHeapReserve

      public long getSizeOfHeapReserve()
      Returns the size of the heap reservation.
      Returns:
      the size of the heap reservation

    • getSizeOfHeapCommit

      public long getSizeOfHeapCommit()
      Returns the size of the heap to commit.
      Returns:
      the size of the heap to commit

    • getLoaderFlags

      public int getLoaderFlags()
      Returns the flags passed to the loader. Obsolete..
      Returns:
      the flags passed to the loader. Obsolete.

    • getNumberOfRvaAndSizes

      public long getNumberOfRvaAndSizes()
      Returns the number of data-directory entries in the remainder of the optional header..
      Returns:
      the number of data-directory entries in the remainder of the optional header.

    • getDataDirectories

      public DataDirectory[] getDataDirectories()
      Returns the array of data directories..
      Returns:
      the array of data directories.

    • toDataType

      public DataType toDataType() throws DuplicateNameException
      Description copied from interface: StructConverter
      Returns a structure datatype representing the contents of the implementor of this interface.

      For example, given: 

       class A {
     int foo;
     double bar;
 }

      The return value should be a structure data type with two data type components; an INT and a DOUBLE. The structure should contain field names and, if possible, field comments.

      Specified by:
      toDataType in interface StructConverter
      Returns:
      returns a structure datatype representing the implementor of this interface
      Throws:
      DuplicateNameException - when a datatype of the same name already exists
      See Also:

    • writeHeader

      public void writeHeader(RandomAccessFile raf, DataConverter dc) throws IOException
      Writes this optional header to the specified random access file.
      Parameters:
      raf - the random access file
      dc - the data converter
      Throws:
      IOException - if an IO-related error occurred

    • validateDataDirectories

      public void validateDataDirectories(Program program)

    • isCLI

      public boolean isCLI() throws IOException
      Returns true if the PE uses predominantly CLI code; otherwise, false..
      Returns:
      true if the PE uses predominantly CLI code; otherwise, false.
      Throws:
      IOException - if an IO-related error occurred