-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsection.h
More file actions
134 lines (129 loc) · 3.43 KB
/
section.h
File metadata and controls
134 lines (129 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#pragma once
#pragma pack(push, 8)
using SECTION_INHERIT = enum _SECTION_INHERIT : std::uint32_t
{
ViewShare = 1,
ViewUnmap = 2
};
using SECTION_INFORMATION_CLASS = enum _SECTION_INFORMATION_CLASS : std::uint32_t
{
SectionBasicInformation = 0,
SectionImageInformation = 1,
#if Q_NT_VERSION >= Q_NT_WIN7
SectionRelocationInformation = 2,
#endif
#if Q_NT_VERSION >= Q_NT_WIN10_RS1
SectionOriginalBaseInformation = 3,
#endif
#if Q_NT_VERSION >= Q_NT_WIN10_RS2
SectionInternalImageInformation = 4,
#endif
MaxSectionInfoClass
};
_Q_NT_BIT_TEMPLATE struct SECTION_BASIC_INFORMATION // @note: originally "_SECTIONBASICINFO"
{
private:
_Q_NT_BIT_TYPE
public:
BitnessType_t<void*> BaseAddress; // 0x0
std::uint32_t AllocationAttributes; // 0x4 / 0x8
LARGE_INTEGER MaximumSize; // 0x8 / 0xC
};
_Q_NT_BIT_ASSERT(SECTION_BASIC_INFORMATION, 0x10, 0x18);
_Q_NT_BIT_TEMPLATE struct SECTION_IMAGE_INFORMATION
{
private:
_Q_NT_BIT_TYPE
public:
BitnessType_t<void*> TransferAddress; // 0x00
std::uint32_t ZeroBits; // 0x04 / 0x08
BitnessType_t<std::size_t> MaximumStackSize; // 0x08 / 0x10
BitnessType_t<std::size_t> CommittedStackSize; // 0x0C / 0x18
std::uint32_t SubSystemType; // 0x10 / 0x20
union
{
std::uint32_t SubSystemVersion;
struct
{
std::uint16_t SubSystemMinorVersion;
std::uint16_t SubSystemMajorVersion;
};
}; // 0x14 / 0x24
#if Q_NT_VERSION >= Q_NT_WIN10
union
{
std::uint32_t OperatingSystemVersion;
struct
{
std::uint16_t MajorOperatingSystemVersion;
std::uint16_t MinorOperatingSystemVersion;
};
}; // 0x18 / 0x28
#else
std::uint32_t GpValue; // 0x18 / 0x28
#endif
std::uint16_t ImageCharacteristics; // 0x1C / 0x2C
std::uint16_t DllCharacteristics; // 0x1E / 0x2E
std::uint16_t Machine; // 0x20 / 0x30
bool ImageContainsCode; // 0x21 / 0x32
union
{
std::uint8_t ImageFlags;
struct
{
std::uint8_t ComPlusNativeReady : 1;
std::uint8_t ComPlusILOnly : 1;
std::uint8_t ImageDynamicallyRelocated : 1;
std::uint8_t ImageMappedFlat : 1;
std::uint8_t BaseBelow4gb : 1;
#if Q_NT_VERSION >= Q_NT_WIN10
std::uint8_t ComPlusPrefer32bit : 1;
std::uint8_t Reserved : 2;
#else
std::uint8_t Reserved : 3;
#endif
};
}; // 0x22 / 0x33
std::uint32_t LoaderFlags; // 0x24 / 0x34
std::uint32_t ImageFileSize; // 0x28 / 0x38
std::uint32_t CheckSum; // 0x2C / 0x3C
};
_Q_NT_BIT_ASSERT(SECTION_IMAGE_INFORMATION, 0x30, 0x40);
#if Q_NT_VERSION >= Q_NT_WIN10_RS2
_Q_NT_BIT_TEMPLATE struct SECTION_INTERNAL_IMAGE_INFORMATION
{
SECTION_IMAGE_INFORMATION<nBitness> SectionInformation; // 0x00
union
{
std::uint32_t ExtendedFlags;
struct
{
std::uint32_t ImageExportSuppressionEnabled : 1;
#if Q_NT_VERSION >= Q_NT_WIN10_20H1
std::uint32_t ImageCetShadowStacksReady : 1;
#if Q_NT_VERSION >= Q_NT_WIN10_21H1
std::uint32_t ImageXfgEnabled : 1;
std::uint32_t ImageCetShadowStacksStrictMode : 1;
std::uint32_t ImageCetSetContextIpValidationRelaxedMode : 1;
std::uint32_t ImageCetDynamicApisAllowInProc : 1;
std::uint32_t ImageCetDowngradeReserved1 : 1;
std::uint32_t ImageCetDowngradeReserved2 : 1;
#if Q_NT_VERSION >= Q_NT_WIN11_24H2
std::uint32_t ImageExportSuppressionInfoPresent : 1;
std::uint32_t ImageCfgEnabled : 1;
std::uint32_t Reserved : 22;
#else
std::uint32_t Reserved : 24;
#endif
#else
std::uint32_t Reserved : 30;
#endif
#else
std::uint32_t Reserved : 31;
#endif
};
}; // 0x30 / 0x40
};
_Q_NT_BIT_ASSERT(SECTION_INTERNAL_IMAGE_INFORMATION, 0x34, 0x48);
#endif
#pragma pack(pop)