-
Notifications
You must be signed in to change notification settings - Fork 12
/
mlPEHeaders.pas
114 lines (94 loc) · 3.06 KB
/
mlPEHeaders.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
{*******************************************************************************
* Created by Vladimir Georgiev, 2014 *
* *
* Description: *
* Constants and records for reading the PE image header *
* *
* Source: *
* http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile2.html *
* *
*******************************************************************************}
unit mlPEHeaders;
interface
uses
Classes,
Windows;
const
IMPORTED_NAME_OFFSET = $00000002;
IMAGE_ORDINAL_FLAG32 = $80000000;
IMAGE_ORDINAL_MASK32 = $7FFFFFFF;
type
PPointer = ^Pointer;
PSection = ^TSection;
TSection = packed record
Base: Pointer;
RVA,
Size,
Characteristics: LongWord;
end;
TSections = array of TSection;
PImageImportDescriptor = ^TImageImportDescriptor;
TImageImportDescriptor = packed record //(C++: IMAGE_IMPORT_DESCRIPTOR)
OriginalFirstThunk:DWORD;
TimeDateStamp:DWORD;
ForwarderChain:DWORD;
Name:DWORD;
FirstThunk:DWORD;
end;
PImageSectionHeaders = ^TImageSectionHeaders;
TImageSectionHeaders = array[0..(2147483647 div SIZEof(TImageSectionHeader)) - 1] of TImageSectionHeader;
PImageDOSHeader = ^TImageDOSHeader;
TImageDOSHeader = packed record
Signature,
PartPag,
PageCnt,
ReloCnt,
HdrSize,
MinMem,
MaxMem,
ReloSS,
ExeSP,
ChkSum,
ExeIP,
ReloCS,
Tabloff,
Overlay: WORD;
Reserved: packed array[0..3] of WORD;
OEMID,
OEMInfo: WORD;
Reserved2: packed array[0..9] of WORD;
LFAoffset: LONGWORD;
end;
TDLLEntryProc = function(hinstDLL: HMODULE; dwReason: LONGWORD; lpvReserved: POINTER): boolean; STDCALL;
TNameOrID = (niName, niID);
TExternalLibrarySource = (lsHardDisk, lsStream); // lsHardDrive is loaded with the standard APIs, and lsMemStream with the Mem versions
TExternalLibrary = record
LibrarySource: TExternalLibrarySource;
LibraryName : String;
LibraryHandle: HINST;
end;
TExternalLibrarys = array of TExternalLibrary;
PDLLfunctionImport = ^TDLLfunctionImport;
TDLLfunctionImport = record
NameOrID: TNameOrID;
Name: string;
ID: integer;
end;
PDLLImport = ^TDLLImport;
TDLLImport = record
LibraryName: String;
LibraryHandle: HINST;
Entries: Array of TDLLfunctionImport;
end;
TImports = array of TDLLImport;
PDLLfunctionExport = ^TDLLfunctionExport;
TDLLfunctionExport = record
Name: string;
Index: integer;
functionPointer: POINTER;
end;
TExports = array of TDLLfunctionExport;
PLongWordArray = ^TLongWordArray;
TLongWordArray = array[0..(2147483647 div SizeOf(LONGWORD)) - 1] of LONGWORD;
implementation
end.