Package ghidra.app.util.bin.format.pe

package ghidra.app.util.bin.format.pe
  • Class
    Description
    ArchitectureDataDirectory
     
    BaseRelocation
    A class to represent the IMAGE_BASE_RELOCATION data structure defined in winnt.h.
    BaseRelocationDataDirectory
    Points to the base relocation information.
    BoundImportDataDirectory
    Points to an array of IMAGE_BOUND_IMPORT_DESCRIPTORs.
    BoundImportDescriptor
    A class to represent the IMAGE_BOUND_IMPORT_DESCRIPTOR data structure defined in winnt.h.
    BoundImportForwarderRef
    A class to represent the IMAGE_BOUND_FORWARDER_REF data structure defined in winnt.h.
    COMDescriptorDataDirectory
    This value has been renamed to IMAGE_DIRECTORY_ENTRY_COMHEADER.
    Constants
    Constants used in the data structures of the PE.
    ControlFlowGuard
    ControlFlowGuard is a platform security feature that was created to combat memory corruption vulnerabilities.
    DataDirectory
    An abstract base class to represent the IMAGE_DATA_DIRECTORY data structure defined in winnt.h.
    DebugDataDirectory
    Points to an array of IMAGE_DEBUG_DIRECTORY structures.
    DefaultDataDirectory
     
    DelayImportDataDirectory
    Points to the delayload information.
    DelayImportDescriptor
    A class to represent the ImgDelayDescr data structure defined in DELAYIMP.H.
    DllCharacteristics
     
    ExceptionDataDirectory
     
    ExportDataDirectory
    A class to represent the IMAGE_EXPORT_DIRECTORY data structure defined in winnt.h.
    ExportInfo
    A class to hold the information extracted from a export data directory.
    FileHeader
    A class to represent the IMAGE_FILE_HEADER struct as defined in winnt.h.
    GlobalPointerDataDirectory
     
    ImageCor20Header
    typedef struct IMAGE_COR20_HEADER { // Header versioning DWORD cb; // Size of the structure WORD MajorRuntimeVersion; // Version of the CLR Runtime WORD MinorRuntimeVersion; // Version of the CLR Runtime // Symbol table and startup information IMAGE_DATA_DIRECTORY MetaData; // A Data Directory giving RVA and Size of MetaData DWORD Flags; union { DWORD EntryPointRVA; // Points to the .NET native EntryPoint method DWORD EntryPointToken; // Points to the .NET IL EntryPoint method }; // Binding information IMAGE_DATA_DIRECTORY Resources; // A Data Directory for Resources, which are referenced in the MetaData IMAGE_DATA_DIRECTORY StrongNameSignature; // A Data Directory for unique .NET assembly signatures // Regular fixup and binding information IMAGE_DATA_DIRECTORY CodeManagerTable; // Always 0 IMAGE_DATA_DIRECTORY VTableFixups; // Not well documented VTable used by languages who don't follow the common type system runtime model IMAGE_DATA_DIRECTORY ExportAddressTableJumps; // Always 0 in normal .NET assemblies, only present in native images // Precompiled image info (internal use only - set to zero) IMAGE_DATA_DIRECTORY ManagedNativeHeader; };
    ImageCor20Header.ImageCor20Flags
    Data type for ImageCor20Header.flags.
    ImageRuntimeFunctionEntries
    An interface for working with function table entries used for exception handling, which are found in the .pdata section.
    ImageRuntimeFunctionEntries_ARM
    typedef struct _IMAGE_ARM_RUNTIME_FUNCTION_ENTRY { DWORD BeginAddress; union { DWORD UnwindData; struct { DWORD Flag : 2; DWORD FunctionLength : 11; DWORD Ret : 2; DWORD H : 1; DWORD Reg : 3; DWORD R : 1; DWORD L : 1; DWORD C : 1; DWORD StackAdjust : 10; } DUMMYSTRUCTNAME; } DUMMYUNIONNAME; } IMAGE_ARM_RUNTIME_FUNCTION_ENTRY, * PIMAGE_ARM_RUNTIME_FUNCTION_ENTRY;
    ImageRuntimeFunctionEntries_X86
    typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY { DWORD BeginAddress; DWORD EndAddress; union { DWORD UnwindInfoAddress; DWORD UnwindData; } DUMMYUNIONNAME; } RUNTIME_FUNCTION, *PRUNTIME_FUNCTION, _IMAGE_RUNTIME_FUNCTION_ENTRY, *_PIMAGE_RUNTIME_FUNCTION_ENTRY; #define UNW_FLAG_NHANDLER 0x0 #define UNW_FLAG_EHANDLER 0x1 #define UNW_FLAG_UHANDLER 0x2 #define UNW_FLAG_CHAININFO 0x4 typedef struct _UNWIND_INFO { UCHAR Version : 3; UCHAR Flags : 5; UCHAR SizeOfProlog; UCHAR CountOfUnwindCodes; UCHAR FrameRegister : 4; UCHAR FrameOffset : 4; UNWIND_CODE UnwindCode[1]; // // The unwind codes are followed by an optional DWORD aligned field that // contains the exception handler address or the address of chained unwind // information.
    ImportAddressTableDataDirectory
     
    ImportByName
    A class to represent the IMAGE_IMPORT_BY_NAME data structure defined in winnt.h.
    ImportDataDirectory
    Points to the imports (an array of IMAGE_IMPORT_DESCRIPTOR structures).
    ImportDescriptor
    typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; // 0 for terminating null import descriptor DWORD OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA) }; DWORD TimeDateStamp; DWORD ForwarderChain; // -1 if no forwarders DWORD Name; DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses) }
    ImportInfo
     
    InvalidNTHeaderException
    An exception class to handle encountering invalid NT Headers.
    LoadConfigDataDirectory
     
    LoadConfigDirectory
    A class to represent the IMAGE_LOAD_CONFIG_DIRECTORY data structure which is defined in winnt.h.
    MachineConstants
    PE machine ID constants defined by standard header file 'ntimage.h'
    NTHeader
    A class to represent the IMAGE_NT_HEADERS32 and IMAGE_NT_HEADERS64 structs as defined in winnt.h.
    OffsetValidator
     
    OptionalHeader
     
    OptionalHeaderImpl
    typedef struct _IMAGE_OPTIONAL_HEADER { WORD Magic; // MANDATORY BYTE MajorLinkerVersion; BYTE MinorLinkerVersion; DWORD SizeOfCode; DWORD SizeOfInitializedData; DWORD SizeOfUninitializedData; DWORD AddressOfEntryPoint; // MANDATORY DWORD BaseOfCode; DWORD BaseOfData; DWORD ImageBase; // MANDATORY DWORD SectionAlignment; // MANDATORY DWORD FileAlignment; // MANDATORY WORD MajorOperatingSystemVersion; // MANDATORY WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSubsystemVersion; DWORD Win32VersionValue; DWORD SizeOfImage; // MANDATORY DWORD SizeOfHeaders; // MANDATORY DWORD CheckSum; WORD Subsystem; // MANDATORY WORD DllCharacteristics; DWORD SizeOfStackReserve; DWORD SizeOfStackCommit; DWORD SizeOfHeapReserve; DWORD SizeOfHeapCommit; DWORD LoaderFlags; DWORD NumberOfRvaAndSizes; // USED IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; };
    OptionalHeaderROM
    A class to represent the IMAGE_ROM_OPTIONAL_HEADER data structure.
    PeMarkupable
    Common interface for standardizing the markup of a PE structure.
    PeSubsystem
     
    PeUtils
     
    PEx64UnwindInfoDataType
     
    PortableExecutable
    A class to manage loading Portable Executables (PE).
    PortableExecutable.SectionLayout
    Indicates how sections of this PE are laid out in the underlying ByteProvider.
    ResourceDataDirectory
    Points to the root resource directory.
    RichHeader
    The "Rich" header contains encoded metadata about the tool chain used to generate the binary.
    RichTable
    Top level object model of the RichHeader.
    SectionFlags
     
    SectionHeader
    A class to the represent the IMAGE_SECTION_HEADER struct as defined in winnt.h.
    SecurityCertificate
    A class to represent the WIN_CERTIFICATE struct as defined in winbase.h.
    SecurityDataDirectory
     
    SeparateDebugHeader
    typedef struct _IMAGE_SEPARATE_DEBUG_HEADER { WORD Signature; WORD Flags; WORD Machine; WORD Characteristics; DWORD TimeDateStamp; DWORD CheckSum; DWORD ImageBase; DWORD SizeOfImage; DWORD NumberOfSections; DWORD ExportedNamesSize; DWORD DebugDirectorySize; DWORD SectionAlignment; DWORD Reserved[2]; } IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
    ThunkData
    A class to represent the IMAGE_THUNK_DATA32 struct as defined in winnt.h.
    TLSDataDirectory
    Points to the Thread Local Storage initialization section.
    TLSDirectory
    A class to represent the IMAGE_TLS_DIRECTORY32 and IMAGE_TLS_DIRECTORY64 data structures.