ntimage.h source code [CoreCLR/pal/inc/rt/ntimage.h]

1	// Licensed to the .NET Foundation under one or more agreements.
2	// The .NET Foundation licenses this file to you under the MIT license.
3	// See the LICENSE file in the project root for more information.
4	//
5
6	//
7	// ===========================================================================
8	// File: ntimage.h
9	//
10	// ===========================================================================
11
12	//
13	//Abstract:
14	//
15	// This is the include file that describes all image structures.
16	//
17	//Author:
18	//
19	//
20	//
21	//Revision History:
22	//
23
24
25	#ifndef _NTIMAGE_
26	#define _NTIMAGE_
27
28	#if _MSC_VER > 1000
29	#pragma once
30	#endif
31
32	//
33	// Define the linker version number.
34
35	#define IMAGE_MAJOR_LINKER_VERSION 2
36
37	// begin_winnt
38
39
40	//
41	// Image Format
42	//
43
44
45	#ifndef _MAC
46
47	#include "pshpack4.h" // 4 byte packing is the default
48
49	#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
50	#define IMAGE_OS2_SIGNATURE 0x454E // NE
51	#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
52	#define IMAGE_VXD_SIGNATURE 0x454C // LE
53	#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
54
55	#include "pshpack2.h" // 16 bit headers are 2 byte packed
56
57	#else
58
59	#include "pshpack1.h"
60
61	#define IMAGE_DOS_SIGNATURE 0x4D5A // MZ
62	#define IMAGE_OS2_SIGNATURE 0x4E45 // NE
63	#define IMAGE_OS2_SIGNATURE_LE 0x4C45 // LE
64	#define IMAGE_NT_SIGNATURE 0x50450000 // PE00
65	#endif
66
67	typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
68	USHORT e_magic; // Magic number
69	USHORT e_cblp; // Bytes on last page of file
70	USHORT e_cp; // Pages in file
71	USHORT e_crlc; // Relocations
72	USHORT e_cparhdr; // Size of header in paragraphs
73	USHORT e_minalloc; // Minimum extra paragraphs needed
74	USHORT e_maxalloc; // Maximum extra paragraphs needed
75	USHORT e_ss; // Initial (relative) SS value
76	USHORT e_sp; // Initial SP value
77	USHORT e_csum; // Checksum
78	USHORT e_ip; // Initial IP value
79	USHORT e_cs; // Initial (relative) CS value
80	USHORT e_lfarlc; // File address of relocation table
81	USHORT e_ovno; // Overlay number
82	USHORT e_res[`4`]; // Reserved words
83	USHORT e_oemid; // OEM identifier (for e_oeminfo)
84	USHORT e_oeminfo; // OEM information; e_oemid specific
85	USHORT e_res2[`10`]; // Reserved words
86	LONG e_lfanew; // File address of new exe header
87	} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
88
89	typedef struct _IMAGE_OS2_HEADER { // OS/2 .EXE header
90	USHORT ne_magic; // Magic number
91	CHAR ne_ver; // Version number
92	CHAR ne_rev; // Revision number
93	USHORT ne_enttab; // Offset of Entry Table
94	USHORT ne_cbenttab; // Number of bytes in Entry Table
95	LONG ne_crc; // Checksum of whole file
96	USHORT ne_flags; // Flag word
97	USHORT ne_autodata; // Automatic data segment number
98	USHORT ne_heap; // Initial heap allocation
99	USHORT ne_stack; // Initial stack allocation
100	LONG ne_csip; // Initial CS:IP setting
101	LONG ne_sssp; // Initial SS:SP setting
102	USHORT ne_cseg; // Count of file segments
103	USHORT ne_cmod; // Entries in Module Reference Table
104	USHORT ne_cbnrestab; // Size of non-resident name table
105	USHORT ne_segtab; // Offset of Segment Table
106	USHORT ne_rsrctab; // Offset of Resource Table
107	USHORT ne_restab; // Offset of resident name table
108	USHORT ne_modtab; // Offset of Module Reference Table
109	USHORT ne_imptab; // Offset of Imported Names Table
110	LONG ne_nrestab; // Offset of Non-resident Names Table
111	USHORT ne_cmovent; // Count of movable entries
112	USHORT ne_align; // Segment alignment shift count
113	USHORT ne_cres; // Count of resource segments
114	UCHAR ne_exetyp; // Target Operating system
115	UCHAR ne_flagsothers; // Other .EXE flags
116	USHORT ne_pretthunks; // offset to return thunks
117	USHORT ne_psegrefbytes; // offset to segment ref. bytes
118	USHORT ne_swaparea; // Minimum code swap area size
119	USHORT ne_expver; // Expected Windows version number
120	} IMAGE_OS2_HEADER, *PIMAGE_OS2_HEADER;
121
122	typedef struct _IMAGE_VXD_HEADER { // Windows VXD header
123	USHORT e32_magic; // Magic number
124	UCHAR e32_border; // The byte ordering for the VXD
125	UCHAR e32_worder; // The word ordering for the VXD
126	ULONG e32_level; // The EXE format level for now = 0
127	USHORT e32_cpu; // The CPU type
128	USHORT e32_os; // The OS type
129	ULONG e32_ver; // Module version
130	ULONG e32_mflags; // Module flags
131	ULONG e32_mpages; // Module # pages
132	ULONG e32_startobj; // Object # for instruction pointer
133	ULONG e32_eip; // Extended instruction pointer
134	ULONG e32_stackobj; // Object # for stack pointer
135	ULONG e32_esp; // Extended stack pointer
136	ULONG e32_pagesize; // VXD page size
137	ULONG e32_lastpagesize; // Last page size in VXD
138	ULONG e32_fixupsize; // Fixup section size
139	ULONG e32_fixupsum; // Fixup section checksum
140	ULONG e32_ldrsize; // Loader section size
141	ULONG e32_ldrsum; // Loader section checksum
142	ULONG e32_objtab; // Object table offset
143	ULONG e32_objcnt; // Number of objects in module
144	ULONG e32_objmap; // Object page map offset
145	ULONG e32_itermap; // Object iterated data map offset
146	ULONG e32_rsrctab; // Offset of Resource Table
147	ULONG e32_rsrccnt; // Number of resource entries
148	ULONG e32_restab; // Offset of resident name table
149	ULONG e32_enttab; // Offset of Entry Table
150	ULONG e32_dirtab; // Offset of Module Directive Table
151	ULONG e32_dircnt; // Number of module directives
152	ULONG e32_fpagetab; // Offset of Fixup Page Table
153	ULONG e32_frectab; // Offset of Fixup Record Table
154	ULONG e32_impmod; // Offset of Import Module Name Table
155	ULONG e32_impmodcnt; // Number of entries in Import Module Name Table
156	ULONG e32_impproc; // Offset of Import Procedure Name Table
157	ULONG e32_pagesum; // Offset of Per-Page Checksum Table
158	ULONG e32_datapage; // Offset of Enumerated Data Pages
159	ULONG e32_preload; // Number of preload pages
160	ULONG e32_nrestab; // Offset of Non-resident Names Table
161	ULONG e32_cbnrestab; // Size of Non-resident Name Table
162	ULONG e32_nressum; // Non-resident Name Table Checksum
163	ULONG e32_autodata; // Object # for automatic data object
164	ULONG e32_debuginfo; // Offset of the debugging information
165	ULONG e32_debuglen; // The length of the debugging info. in bytes
166	ULONG e32_instpreload; // Number of instance pages in preload section of VXD file
167	ULONG e32_instdemand; // Number of instance pages in demand load section of VXD file
168	ULONG e32_heapsize; // Size of heap - for 16-bit apps
169	UCHAR e32_res3[`12`]; // Reserved words
170	ULONG e32_winresoff;
171	ULONG e32_winreslen;
172	USHORT e32_devid; // Device ID for VxD
173	USHORT e32_ddkver; // DDK version for VxD
174	} IMAGE_VXD_HEADER, *PIMAGE_VXD_HEADER;
175
176	#ifndef _MAC
177	#include "poppack.h" // Back to 4 byte packing
178	#endif
179
180	//
181	// File header format.
182	//
183
184	typedef struct _IMAGE_FILE_HEADER {
185	USHORT Machine;
186	USHORT NumberOfSections;
187	ULONG TimeDateStamp;
188	ULONG PointerToSymbolTable;
189	ULONG NumberOfSymbols;
190	USHORT SizeOfOptionalHeader;
191	USHORT Characteristics;
192	} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
193
194	#define IMAGE_SIZEOF_FILE_HEADER 20
195
196
197	#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
198	#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
199	#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
200	#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
201	#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 // Agressively trim working set
202	#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 // App can handle >2gb addresses
203	#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
204	#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
205	#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
206	#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
207	#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
208	#define IMAGE_FILE_SYSTEM 0x1000 // System File.
209	#define IMAGE_FILE_DLL 0x2000 // File is a DLL.
210	#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
211	#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
212
213	#define IMAGE_FILE_MACHINE_UNKNOWN 0
214	#define IMAGE_FILE_MACHINE_I386 0x014c // Intel 386.
215	#define IMAGE_FILE_MACHINE_R3000 0x0162 // MIPS little-endian, 0x160 big-endian
216	#define IMAGE_FILE_MACHINE_R4000 0x0166 // MIPS little-endian
217	#define IMAGE_FILE_MACHINE_R10000 0x0168 // MIPS little-endian
218	#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 // MIPS little-endian WCE v2
219	#define IMAGE_FILE_MACHINE_ALPHA 0x0184 // Alpha_AXP
220	#define IMAGE_FILE_MACHINE_SH3 0x01a2 // SH3 little-endian
221	#define IMAGE_FILE_MACHINE_SH3DSP 0x01a3
222	#define IMAGE_FILE_MACHINE_SH3E 0x01a4 // SH3E little-endian
223	#define IMAGE_FILE_MACHINE_SH4 0x01a6 // SH4 little-endian
224	#define IMAGE_FILE_MACHINE_SH5 0x01a8 // SH5
225	#define IMAGE_FILE_MACHINE_ARM 0x01c0 // ARM Little-Endian
226	#define IMAGE_FILE_MACHINE_THUMB 0x01c2
227	#define IMAGE_FILE_MACHINE_ARMNT 0x01c4 // ARM Thumb-2 Little-Endian
228	#define IMAGE_FILE_MACHINE_AM33 0x01d3
229	#define IMAGE_FILE_MACHINE_POWERPC 0x01F0 // IBM PowerPC Little-Endian
230	#define IMAGE_FILE_MACHINE_POWERPCFP 0x01f1
231	#define IMAGE_FILE_MACHINE_IA64 0x0200 // Intel 64
232	#define IMAGE_FILE_MACHINE_MIPS16 0x0266 // MIPS
233	#define IMAGE_FILE_MACHINE_ALPHA64 0x0284 // ALPHA64
234	#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 // MIPS
235	#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 // MIPS
236	#define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64
237	#define IMAGE_FILE_MACHINE_TRICORE 0x0520 // Infineon
238	#define IMAGE_FILE_MACHINE_CEF 0x0CEF
239	#define IMAGE_FILE_MACHINE_EBC 0x0EBC // EFI Byte Code
240	#define IMAGE_FILE_MACHINE_AMD64 0x8664 // AMD64 (K8)
241	#define IMAGE_FILE_MACHINE_M32R 0x9041 // M32R little-endian
242	#define IMAGE_FILE_MACHINE_CEE 0xC0EE
243
244	//
245	// Directory format.
246	//
247
248	typedef struct _IMAGE_DATA_DIRECTORY {
249	ULONG VirtualAddress;
250	ULONG Size;
251	} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
252
253	#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
254
255	//
256	// Optional header format.
257	//
258
259	typedef struct _IMAGE_OPTIONAL_HEADER {
260	//
261	// Standard fields.
262	//
263
264	USHORT Magic;
265	UCHAR MajorLinkerVersion;
266	UCHAR MinorLinkerVersion;
267	ULONG SizeOfCode;
268	ULONG SizeOfInitializedData;
269	ULONG SizeOfUninitializedData;
270	ULONG AddressOfEntryPoint;
271	ULONG BaseOfCode;
272	ULONG BaseOfData;
273
274	//
275	// NT additional fields.
276	//
277
278	ULONG ImageBase;
279	ULONG SectionAlignment;
280	ULONG FileAlignment;
281	USHORT MajorOperatingSystemVersion;
282	USHORT MinorOperatingSystemVersion;
283	USHORT MajorImageVersion;
284	USHORT MinorImageVersion;
285	USHORT MajorSubsystemVersion;
286	USHORT MinorSubsystemVersion;
287	ULONG Win32VersionValue;
288	ULONG SizeOfImage;
289	ULONG SizeOfHeaders;
290	ULONG CheckSum;
291	USHORT Subsystem;
292	USHORT DllCharacteristics;
293	ULONG SizeOfStackReserve;
294	ULONG SizeOfStackCommit;
295	ULONG SizeOfHeapReserve;
296	ULONG SizeOfHeapCommit;
297	ULONG LoaderFlags;
298	ULONG NumberOfRvaAndSizes;
299	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
300	} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
301
302	typedef struct _IMAGE_ROM_OPTIONAL_HEADER {
303	USHORT Magic;
304	UCHAR MajorLinkerVersion;
305	UCHAR MinorLinkerVersion;
306	ULONG SizeOfCode;
307	ULONG SizeOfInitializedData;
308	ULONG SizeOfUninitializedData;
309	ULONG AddressOfEntryPoint;
310	ULONG BaseOfCode;
311	ULONG BaseOfData;
312	ULONG BaseOfBss;
313	ULONG GprMask;
314	ULONG CprMask[`4`];
315	ULONG GpValue;
316	} IMAGE_ROM_OPTIONAL_HEADER, *PIMAGE_ROM_OPTIONAL_HEADER;
317
318	typedef struct _IMAGE_OPTIONAL_HEADER64 {
319	USHORT Magic;
320	UCHAR MajorLinkerVersion;
321	UCHAR MinorLinkerVersion;
322	ULONG SizeOfCode;
323	ULONG SizeOfInitializedData;
324	ULONG SizeOfUninitializedData;
325	ULONG AddressOfEntryPoint;
326	ULONG BaseOfCode;
327	ULONGLONG ImageBase;
328	ULONG SectionAlignment;
329	ULONG FileAlignment;
330	USHORT MajorOperatingSystemVersion;
331	USHORT MinorOperatingSystemVersion;
332	USHORT MajorImageVersion;
333	USHORT MinorImageVersion;
334	USHORT MajorSubsystemVersion;
335	USHORT MinorSubsystemVersion;
336	ULONG Win32VersionValue;
337	ULONG SizeOfImage;
338	ULONG SizeOfHeaders;
339	ULONG CheckSum;
340	USHORT Subsystem;
341	USHORT DllCharacteristics;
342	ULONGLONG SizeOfStackReserve;
343	ULONGLONG SizeOfStackCommit;
344	ULONGLONG SizeOfHeapReserve;
345	ULONGLONG SizeOfHeapCommit;
346	ULONG LoaderFlags;
347	ULONG NumberOfRvaAndSizes;
348	IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
349	} IMAGE_OPTIONAL_HEADER64, *PIMAGE_OPTIONAL_HEADER64;
350
351	#define IMAGE_SIZEOF_ROM_OPTIONAL_HEADER 56
352	#define IMAGE_SIZEOF_STD_OPTIONAL_HEADER 28
353	#define IMAGE_SIZEOF_NT_OPTIONAL32_HEADER 224
354	#define IMAGE_SIZEOF_NT_OPTIONAL64_HEADER 240
355
356	#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b
357	#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20b
358	#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107
359
360	#ifdef _WIN64
361	typedef IMAGE_OPTIONAL_HEADER64 IMAGE_OPTIONAL_HEADER;
362	typedef PIMAGE_OPTIONAL_HEADER64 PIMAGE_OPTIONAL_HEADER;
363	#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER IMAGE_SIZEOF_NT_OPTIONAL64_HEADER
364	#define IMAGE_NT_OPTIONAL_HDR_MAGIC IMAGE_NT_OPTIONAL_HDR64_MAGIC
365	#else
366	typedef IMAGE_OPTIONAL_HEADER32 IMAGE_OPTIONAL_HEADER;
367	typedef PIMAGE_OPTIONAL_HEADER32 PIMAGE_OPTIONAL_HEADER;
368	#define IMAGE_SIZEOF_NT_OPTIONAL_HEADER IMAGE_SIZEOF_NT_OPTIONAL32_HEADER
369	#define IMAGE_NT_OPTIONAL_HDR_MAGIC IMAGE_NT_OPTIONAL_HDR32_MAGIC
370	#endif
371
372	typedef struct _IMAGE_NT_HEADERS64 {
373	ULONG Signature;
374	IMAGE_FILE_HEADER FileHeader;
375	IMAGE_OPTIONAL_HEADER64 OptionalHeader;
376	} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;
377
378	typedef struct _IMAGE_NT_HEADERS {
379	ULONG Signature;
380	IMAGE_FILE_HEADER FileHeader;
381	IMAGE_OPTIONAL_HEADER32 OptionalHeader;
382	} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
383
384	typedef struct _IMAGE_ROM_HEADERS {
385	IMAGE_FILE_HEADER FileHeader;
386	IMAGE_ROM_OPTIONAL_HEADER OptionalHeader;
387	} IMAGE_ROM_HEADERS, *PIMAGE_ROM_HEADERS;
388
389	#ifdef _WIN64
390	typedef IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS;
391	typedef PIMAGE_NT_HEADERS64 PIMAGE_NT_HEADERS;
392	#else
393	typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS;
394	typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS;
395	#endif
396
397	// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is the same either way.
398
399	#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \
400	((ULONG_PTR)ntheader + \
401	FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \
402	VAL16(((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader) \
403	))
404
405	// Subsystem Values
406
407	#define IMAGE_SUBSYSTEM_UNKNOWN 0 // Unknown subsystem.
408	#define IMAGE_SUBSYSTEM_NATIVE 1 // Image doesn't require a subsystem.
409	#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 // Image runs in the Windows GUI subsystem.
410	#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 // Image runs in the Windows character subsystem.
411	// end_winnt
412	// reserved 4 // Old Windows CE subsystem.
413	// begin_winnt
414	#define IMAGE_SUBSYSTEM_OS2_CUI 5 // image runs in the OS/2 character subsystem.
415	#define IMAGE_SUBSYSTEM_POSIX_CUI 7 // image runs in the Posix character subsystem.
416	#define IMAGE_SUBSYSTEM_NATIVE_WINDOWS 8 // image is a native Win9x driver.
417	#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 // Image runs in the Windows CE subsystem.
418	#define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 //
419	#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 //
420	#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 //
421	#define IMAGE_SUBSYSTEM_EFI_ROM 13
422	#define IMAGE_SUBSYSTEM_XBOX 14
423
424	// DllCharacteristics Entries
425
426	// IMAGE_LIBRARY_PROCESS_INIT 0x0001 // Reserved.
427	// IMAGE_LIBRARY_PROCESS_TERM 0x0002 // Reserved.
428	// IMAGE_LIBRARY_THREAD_INIT 0x0004 // Reserved.
429	// IMAGE_LIBRARY_THREAD_TERM 0x0008 // Reserved.
430	#define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA 0x0020 // Image can handle a high entropy 64-bit virtual address space.
431	#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 // DLL can move
432	#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 // Image ix NX compatible
433	#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 // Image does not use SEH. No SE handler may reside in this image
434	#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 // Do not bind this image.
435	#define IMAGE_DLLCHARACTERISTICS_APPCONTAINER 0x1000 // Image should execute in an AppContainer
436	#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 // Driver uses WDM model
437	// 0x4000 // Reserved.
438	#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
439	// end_winnt
440	#define IMAGE_DLLCHARACTERISTICS_X86_THUNK 0x1000 // Image is a Wx86 Thunk DLL
441	// Note: The Borland linker sets IMAGE_LIBRARY_xxx flags in DllCharacteristics
442
443	// LoaderFlags Values
444
445	#define IMAGE_LOADER_FLAGS_COMPLUS 0x00000001 // COM+ image
446	#define IMAGE_LOADER_FLAGS_SYSTEM_GLOBAL 0x01000000 // Global subsections apply across TS sessions.
447
448	// begin_winnt
449
450	// Directory Entries
451
452	#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
453	#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
454	#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
455	#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
456	#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
457	#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
458	#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
459	// IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
460	#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
461	#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
462	#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
463	#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
464	#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
465	#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
466	#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
467	#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
468
469	#ifdef _MSC_VER
470	//
471	// Non-COFF Object file header
472	//
473
474	typedef struct ANON_OBJECT_HEADER {
475	USHORT Sig1; // Must be IMAGE_FILE_MACHINE_UNKNOWN
476	USHORT Sig2; // Must be 0xffff
477	USHORT Version; // >= 1 (implies the CLSID field is present)
478	USHORT Machine;
479	ULONG TimeDateStamp;
480	CLSID ClassID; // Used to invoke CoCreateInstance
481	ULONG SizeOfData; // Size of data that follows the header
482	} ANON_OBJECT_HEADER;
483	#endif
484
485	//
486	// Section header format.
487	//
488
489	#define IMAGE_SIZEOF_SHORT_NAME 8
490
491	typedef struct _IMAGE_SECTION_HEADER {
492	UCHAR Name[IMAGE_SIZEOF_SHORT_NAME];
493	union {
494	ULONG PhysicalAddress;
495	ULONG VirtualSize;
496	} Misc;
497	ULONG VirtualAddress;
498	ULONG SizeOfRawData;
499	ULONG PointerToRawData;
500	ULONG PointerToRelocations;
501	ULONG PointerToLinenumbers;
502	USHORT NumberOfRelocations;
503	USHORT NumberOfLinenumbers;
504	ULONG Characteristics;
505	} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
506
507	#define IMAGE_SIZEOF_SECTION_HEADER 40
508
509	//
510	// Section characteristics.
511	//
512	// IMAGE_SCN_TYPE_REG 0x00000000 // Reserved.
513	// IMAGE_SCN_TYPE_DSECT 0x00000001 // Reserved.
514	// IMAGE_SCN_TYPE_NOLOAD 0x00000002 // Reserved.
515	// IMAGE_SCN_TYPE_GROUP 0x00000004 // Reserved.
516	#define IMAGE_SCN_TYPE_NO_PAD 0x00000008 // Reserved.
517	// IMAGE_SCN_TYPE_COPY 0x00000010 // Reserved.
518
519	#define IMAGE_SCN_CNT_CODE 0x00000020 // Section contains code.
520	#define IMAGE_SCN_CNT_INITIALIZED_DATA 0x00000040 // Section contains initialized data.
521	#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 // Section contains uninitialized data.
522
523	#define IMAGE_SCN_LNK_OTHER 0x00000100 // Reserved.
524	#define IMAGE_SCN_LNK_INFO 0x00000200 // Section contains comments or some other type of information.
525	// IMAGE_SCN_TYPE_OVER 0x00000400 // Reserved.
526	#define IMAGE_SCN_LNK_REMOVE 0x00000800 // Section contents will not become part of image.
527	#define IMAGE_SCN_LNK_COMDAT 0x00001000 // Section contents comdat.
528	// 0x00002000 // Reserved.
529	// IMAGE_SCN_MEM_PROTECTED - Obsolete 0x00004000
530	#define IMAGE_SCN_NO_DEFER_SPEC_EXC 0x00004000 // Reset speculative exceptions handling bits in the TLB entries for this section.
531	#define IMAGE_SCN_GPREL 0x00008000 // Section content can be accessed relative to GP
532	#define IMAGE_SCN_MEM_FARDATA 0x00008000
533	// IMAGE_SCN_MEM_SYSHEAP - Obsolete 0x00010000
534	#define IMAGE_SCN_MEM_PURGEABLE 0x00020000
535	#define IMAGE_SCN_MEM_16BIT 0x00020000
536	#define IMAGE_SCN_MEM_LOCKED 0x00040000
537	#define IMAGE_SCN_MEM_PRELOAD 0x00080000
538
539	#define IMAGE_SCN_ALIGN_1BYTES 0x00100000 //
540	#define IMAGE_SCN_ALIGN_2BYTES 0x00200000 //
541	#define IMAGE_SCN_ALIGN_4BYTES 0x00300000 //
542	#define IMAGE_SCN_ALIGN_8BYTES 0x00400000 //
543	#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 // Default alignment if no others are specified.
544	#define IMAGE_SCN_ALIGN_32BYTES 0x00600000 //
545	#define IMAGE_SCN_ALIGN_64BYTES 0x00700000 //
546	#define IMAGE_SCN_ALIGN_128BYTES 0x00800000 //
547	#define IMAGE_SCN_ALIGN_256BYTES 0x00900000 //
548	#define IMAGE_SCN_ALIGN_512BYTES 0x00A00000 //
549	#define IMAGE_SCN_ALIGN_1024BYTES 0x00B00000 //
550	#define IMAGE_SCN_ALIGN_2048BYTES 0x00C00000 //
551	#define IMAGE_SCN_ALIGN_4096BYTES 0x00D00000 //
552	#define IMAGE_SCN_ALIGN_8192BYTES 0x00E00000 //
553	// Unused 0x00F00000
554	#define IMAGE_SCN_ALIGN_MASK 0x00F00000
555
556	#define IMAGE_SCN_LNK_NRELOC_OVFL 0x01000000 // Section contains extended relocations.
557	#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 // Section can be discarded.
558	#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 // Section is not cachable.
559	#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 // Section is not pageable.
560	#define IMAGE_SCN_MEM_SHARED 0x10000000 // Section is shareable.
561	#define IMAGE_SCN_MEM_EXECUTE 0x20000000 // Section is executable.
562	#define IMAGE_SCN_MEM_READ 0x40000000 // Section is readable.
563	#define IMAGE_SCN_MEM_WRITE 0x80000000 // Section is writeable.
564
565	//
566	// TLS Chaacteristic Flags
567	//
568	#define IMAGE_SCN_SCALE_INDEX 0x00000001 // Tls index is scaled
569
570	#ifndef _MAC
571	#include "pshpack2.h" // Symbols, relocs, and linenumbers are 2 byte packed
572	#endif
573
574	//
575	// Symbol format.
576	//
577
578	typedef struct _IMAGE_SYMBOL {
579	union {
580	UCHAR ShortName[`8`];
581	struct {
582	ULONG Short; // if 0, use LongName
583	ULONG Long; // offset into string table
584	} Name;
585	ULONG LongName[`2`]; // PUCHAR[2]
586	} N;
587	ULONG Value;
588	SHORT SectionNumber;
589	USHORT Type;
590	UCHAR StorageClass;
591	UCHAR NumberOfAuxSymbols;
592	} IMAGE_SYMBOL;
593	typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL;
594
595
596	#define IMAGE_SIZEOF_SYMBOL 18
597
598	//
599	// Section values.
600	//
601	// Symbols have a section number of the section in which they are
602	// defined. Otherwise, section numbers have the following meanings:
603	//
604
605	#define IMAGE_SYM_UNDEFINED (SHORT)0 // Symbol is undefined or is common.
606	#define IMAGE_SYM_ABSOLUTE (SHORT)-1 // Symbol is an absolute value.
607	#define IMAGE_SYM_DEBUG (SHORT)-2 // Symbol is a special debug item.
608	#define IMAGE_SYM_SECTION_MAX 0xFEFF // Values 0xFF00-0xFFFF are special
609
610	//
611	// Type (fundamental) values.
612	//
613
614	#define IMAGE_SYM_TYPE_NULL 0x0000 // no type.
615	#define IMAGE_SYM_TYPE_VOID 0x0001 //
616	#define IMAGE_SYM_TYPE_CHAR 0x0002 // type character.
617	#define IMAGE_SYM_TYPE_SHORT 0x0003 // type short integer.
618	#define IMAGE_SYM_TYPE_INT 0x0004 //
619	#define IMAGE_SYM_TYPE_LONG 0x0005 //
620	#define IMAGE_SYM_TYPE_FLOAT 0x0006 //
621	#define IMAGE_SYM_TYPE_DOUBLE 0x0007 //
622	#define IMAGE_SYM_TYPE_STRUCT 0x0008 //
623	#define IMAGE_SYM_TYPE_UNION 0x0009 //
624	#define IMAGE_SYM_TYPE_ENUM 0x000A // enumeration.
625	#define IMAGE_SYM_TYPE_MOE 0x000B // member of enumeration.
626	#define IMAGE_SYM_TYPE_UCHAR 0x000C //
627	#define IMAGE_SYM_TYPE_USHORT 0x000D //
628	#define IMAGE_SYM_TYPE_UINT 0x000E //
629	#define IMAGE_SYM_TYPE_ULONG 0x000F //
630	#define IMAGE_SYM_TYPE_PCODE 0x8000 //
631	//
632	// Type (derived) values.
633	//
634
635	#define IMAGE_SYM_DTYPE_NULL 0 // no derived type.
636	#define IMAGE_SYM_DTYPE_POINTER 1 // pointer.
637	#define IMAGE_SYM_DTYPE_FUNCTION 2 // function.
638	#define IMAGE_SYM_DTYPE_ARRAY 3 // array.
639
640	//
641	// Storage classes.
642	//
643	#define IMAGE_SYM_CLASS_END_OF_FUNCTION (UCHAR)-1
644	#define IMAGE_SYM_CLASS_NULL 0x0000
645	#define IMAGE_SYM_CLASS_AUTOMATIC 0x0001
646	#define IMAGE_SYM_CLASS_EXTERNAL 0x0002
647	#define IMAGE_SYM_CLASS_STATIC 0x0003
648	#define IMAGE_SYM_CLASS_REGISTER 0x0004
649	#define IMAGE_SYM_CLASS_EXTERNAL_DEF 0x0005
650	#define IMAGE_SYM_CLASS_LABEL 0x0006
651	#define IMAGE_SYM_CLASS_UNDEFINED_LABEL 0x0007
652	#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT 0x0008
653	#define IMAGE_SYM_CLASS_ARGUMENT 0x0009
654	#define IMAGE_SYM_CLASS_STRUCT_TAG 0x000A
655	#define IMAGE_SYM_CLASS_MEMBER_OF_UNION 0x000B
656	#define IMAGE_SYM_CLASS_UNION_TAG 0x000C
657	#define IMAGE_SYM_CLASS_TYPE_DEFINITION 0x000D
658	#define IMAGE_SYM_CLASS_UNDEFINED_STATIC 0x000E
659	#define IMAGE_SYM_CLASS_ENUM_TAG 0x000F
660	#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM 0x0010
661	#define IMAGE_SYM_CLASS_REGISTER_PARAM 0x0011
662	#define IMAGE_SYM_CLASS_BIT_FIELD 0x0012
663
664	#define IMAGE_SYM_CLASS_FAR_EXTERNAL 0x0044 //
665
666	#define IMAGE_SYM_CLASS_BLOCK 0x0064
667	#define IMAGE_SYM_CLASS_FUNCTION 0x0065
668	#define IMAGE_SYM_CLASS_END_OF_STRUCT 0x0066
669	#define IMAGE_SYM_CLASS_FILE 0x0067
670	// new
671	#define IMAGE_SYM_CLASS_SECTION 0x0068
672	#define IMAGE_SYM_CLASS_WEAK_EXTERNAL 0x0069
673
674	#define IMAGE_SYM_CLASS_CLR_TOKEN 0x006B
675
676	// type packing constants
677
678	#define N_BTMASK 0x000F
679	#define N_TMASK 0x0030
680	#define N_TMASK1 0x00C0
681	#define N_TMASK2 0x00F0
682	#define N_BTSHFT 4
683	#define N_TSHIFT 2
684	// MACROS
685
686	// Basic Type of x
687	#define BTYPE(x) ((x) & N_BTMASK)
688
689	// Is x a pointer?
690	#ifndef ISPTR
691	#define ISPTR(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT))
692	#endif
693
694	// Is x a function?
695	#ifndef ISFCN
696	#define ISFCN(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT))
697	#endif
698
699	// Is x an array?
700
701	#ifndef ISARY
702	#define ISARY(x) (((x) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT))
703	#endif
704
705	// Is x a structure, union, or enumeration TAG?
706	#ifndef ISTAG
707	#define ISTAG(x) ((x)==IMAGE_SYM_CLASS_STRUCT_TAG \|\| (x)==IMAGE_SYM_CLASS_UNION_TAG \|\| (x)==IMAGE_SYM_CLASS_ENUM_TAG)
708	#endif
709
710	#ifndef INCREF
711	#define INCREF(x) ((((x)&~N_BTMASK)<<N_TSHIFT)\|(IMAGE_SYM_DTYPE_POINTER<<N_BTSHFT)\|((x)&N_BTMASK))
712	#endif
713	#ifndef DECREF
714	#define DECREF(x) ((((x)>>N_TSHIFT)&~N_BTMASK)\|((x)&N_BTMASK))
715	#endif
716
717	//
718	// Auxiliary entry format.
719	//
720
721	typedef union _IMAGE_AUX_SYMBOL {
722	struct {
723	ULONG TagIndex; // struct, union, or enum tag index
724	union {
725	struct {
726	USHORT Linenumber; // declaration line number
727	USHORT Size; // size of struct, union, or enum
728	} LnSz;
729	ULONG TotalSize;
730	} Misc;
731	union {
732	struct { // if ISFCN, tag, or .bb
733	ULONG PointerToLinenumber;
734	ULONG PointerToNextFunction;
735	} Function;
736	struct { // if ISARY, up to 4 dimen.
737	USHORT Dimension[`4`];
738	} Array;
739	} FcnAry;
740	USHORT TvIndex; // tv index
741	} Sym;
742	struct {
743	UCHAR Name[IMAGE_SIZEOF_SYMBOL];
744	} File;
745	struct {
746	ULONG Length; // section length
747	USHORT NumberOfRelocations; // number of relocation entries
748	USHORT NumberOfLinenumbers; // number of line numbers
749	ULONG CheckSum; // checksum for communal
750	SHORT Number; // section number to associate with
751	UCHAR Selection; // communal selection type
752	} Section;
753	} IMAGE_AUX_SYMBOL;
754	typedef IMAGE_AUX_SYMBOL UNALIGNED *PIMAGE_AUX_SYMBOL;
755
756	#define IMAGE_SIZEOF_AUX_SYMBOL 18
757
758	typedef enum IMAGE_AUX_SYMBOL_TYPE {
759	IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF = `1`,
760	} IMAGE_AUX_SYMBOL_TYPE;
761
762	#include "pshpack2.h"
763
764	typedef struct IMAGE_AUX_SYMBOL_TOKEN_DEF {
765	UCHAR bAuxType; // IMAGE_AUX_SYMBOL_TYPE
766	UCHAR bReserved; // Must be 0
767	ULONG SymbolTableIndex;
768	UCHAR rgbReserved[`12`]; // Must be 0
769	} IMAGE_AUX_SYMBOL_TOKEN_DEF;
770
771	typedef IMAGE_AUX_SYMBOL_TOKEN_DEF UNALIGNED *PIMAGE_AUX_SYMBOL_TOKEN_DEF;
772
773	#include "poppack.h"
774
775	//
776	// Communal selection types.
777	//
778
779	#define IMAGE_COMDAT_SELECT_NODUPLICATES 1
780	#define IMAGE_COMDAT_SELECT_ANY 2
781	#define IMAGE_COMDAT_SELECT_SAME_SIZE 3
782	#define IMAGE_COMDAT_SELECT_EXACT_MATCH 4
783	#define IMAGE_COMDAT_SELECT_ASSOCIATIVE 5
784	#define IMAGE_COMDAT_SELECT_LARGEST 6
785	#define IMAGE_COMDAT_SELECT_NEWEST 7
786
787	#define IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY 1
788	#define IMAGE_WEAK_EXTERN_SEARCH_LIBRARY 2
789	#define IMAGE_WEAK_EXTERN_SEARCH_ALIAS 3
790
791	//
792	// Relocation format.
793	//
794
795	typedef struct _IMAGE_RELOCATION {
796	union {
797	ULONG VirtualAddress;
798	ULONG RelocCount; // Set to the real count when IMAGE_SCN_LNK_NRELOC_OVFL is set
799	};
800	ULONG SymbolTableIndex;
801	USHORT Type;
802	} IMAGE_RELOCATION;
803	typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION;
804
805	#define IMAGE_SIZEOF_RELOCATION 10
806
807	//
808	// I386 relocation types.
809	//
810	#define IMAGE_REL_I386_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
811	#define IMAGE_REL_I386_DIR16 0x0001 // Direct 16-bit reference to the symbols virtual address
812	#define IMAGE_REL_I386_REL16 0x0002 // PC-relative 16-bit reference to the symbols virtual address
813	#define IMAGE_REL_I386_DIR32 0x0006 // Direct 32-bit reference to the symbols virtual address
814	#define IMAGE_REL_I386_DIR32NB 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included
815	#define IMAGE_REL_I386_SEG12 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address
816	#define IMAGE_REL_I386_SECTION 0x000A
817	#define IMAGE_REL_I386_SECREL 0x000B
818	#define IMAGE_REL_I386_TOKEN 0x000C // clr token
819	#define IMAGE_REL_I386_SECREL7 0x000D // 7 bit offset from base of section containing target
820	#define IMAGE_REL_I386_REL32 0x0014 // PC-relative 32-bit reference to the symbols virtual address
821
822	//
823	// MIPS relocation types.
824	//
825	#define IMAGE_REL_MIPS_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
826	#define IMAGE_REL_MIPS_REFHALF 0x0001
827	#define IMAGE_REL_MIPS_REFWORD 0x0002
828	#define IMAGE_REL_MIPS_JMPADDR 0x0003
829	#define IMAGE_REL_MIPS_REFHI 0x0004
830	#define IMAGE_REL_MIPS_REFLO 0x0005
831	#define IMAGE_REL_MIPS_GPREL 0x0006
832	#define IMAGE_REL_MIPS_LITERAL 0x0007
833	#define IMAGE_REL_MIPS_SECTION 0x000A
834	#define IMAGE_REL_MIPS_SECREL 0x000B
835	#define IMAGE_REL_MIPS_SECRELLO 0x000C // Low 16-bit section relative referemce (used for >32k TLS)
836	#define IMAGE_REL_MIPS_SECRELHI 0x000D // High 16-bit section relative reference (used for >32k TLS)
837	#define IMAGE_REL_MIPS_TOKEN 0x000E // clr token
838	#define IMAGE_REL_MIPS_JMPADDR16 0x0010
839	#define IMAGE_REL_MIPS_REFWORDNB 0x0022
840	#define IMAGE_REL_MIPS_PAIR 0x0025
841
842	//
843	// Alpha Relocation types.
844	//
845	#define IMAGE_REL_ALPHA_ABSOLUTE 0x0000
846	#define IMAGE_REL_ALPHA_REFLONG 0x0001
847	#define IMAGE_REL_ALPHA_REFQUAD 0x0002
848	#define IMAGE_REL_ALPHA_GPREL32 0x0003
849	#define IMAGE_REL_ALPHA_LITERAL 0x0004
850	#define IMAGE_REL_ALPHA_LITUSE 0x0005
851	#define IMAGE_REL_ALPHA_GPDISP 0x0006
852	#define IMAGE_REL_ALPHA_BRADDR 0x0007
853	#define IMAGE_REL_ALPHA_HINT 0x0008
854	#define IMAGE_REL_ALPHA_INLINE_REFLONG 0x0009
855	#define IMAGE_REL_ALPHA_REFHI 0x000A
856	#define IMAGE_REL_ALPHA_REFLO 0x000B
857	#define IMAGE_REL_ALPHA_PAIR 0x000C
858	#define IMAGE_REL_ALPHA_MATCH 0x000D
859	#define IMAGE_REL_ALPHA_SECTION 0x000E
860	#define IMAGE_REL_ALPHA_SECREL 0x000F
861	#define IMAGE_REL_ALPHA_REFLONGNB 0x0010
862	#define IMAGE_REL_ALPHA_SECRELLO 0x0011 // Low 16-bit section relative reference
863	#define IMAGE_REL_ALPHA_SECRELHI 0x0012 // High 16-bit section relative reference
864	#define IMAGE_REL_ALPHA_REFQ3 0x0013 // High 16 bits of 48 bit reference
865	#define IMAGE_REL_ALPHA_REFQ2 0x0014 // Middle 16 bits of 48 bit reference
866	#define IMAGE_REL_ALPHA_REFQ1 0x0015 // Low 16 bits of 48 bit reference
867	#define IMAGE_REL_ALPHA_GPRELLO 0x0016 // Low 16-bit GP relative reference
868	#define IMAGE_REL_ALPHA_GPRELHI 0x0017 // High 16-bit GP relative reference
869
870	//
871	// IBM PowerPC relocation types.
872	//
873	#define IMAGE_REL_PPC_ABSOLUTE 0x0000 // NOP
874	#define IMAGE_REL_PPC_ADDR64 0x0001 // 64-bit address
875	#define IMAGE_REL_PPC_ADDR32 0x0002 // 32-bit address
876	#define IMAGE_REL_PPC_ADDR24 0x0003 // 26-bit address, shifted left 2 (branch absolute)
877	#define IMAGE_REL_PPC_ADDR16 0x0004 // 16-bit address
878	#define IMAGE_REL_PPC_ADDR14 0x0005 // 16-bit address, shifted left 2 (load doubleword)
879	#define IMAGE_REL_PPC_REL24 0x0006 // 26-bit PC-relative offset, shifted left 2 (branch relative)
880	#define IMAGE_REL_PPC_REL14 0x0007 // 16-bit PC-relative offset, shifted left 2 (br cond relative)
881	#define IMAGE_REL_PPC_TOCREL16 0x0008 // 16-bit offset from TOC base
882	#define IMAGE_REL_PPC_TOCREL14 0x0009 // 16-bit offset from TOC base, shifted left 2 (load doubleword)
883
884	#define IMAGE_REL_PPC_ADDR32NB 0x000A // 32-bit addr w/o image base
885	#define IMAGE_REL_PPC_SECREL 0x000B // va of containing section (as in an image sectionhdr)
886	#define IMAGE_REL_PPC_SECTION 0x000C // sectionheader number
887	#define IMAGE_REL_PPC_IFGLUE 0x000D // substitute TOC restore instruction iff symbol is glue code
888	#define IMAGE_REL_PPC_IMGLUE 0x000E // symbol is glue code; virtual address is TOC restore instruction
889	#define IMAGE_REL_PPC_SECREL16 0x000F // va of containing section (limited to 16 bits)
890	#define IMAGE_REL_PPC_REFHI 0x0010
891	#define IMAGE_REL_PPC_REFLO 0x0011
892	#define IMAGE_REL_PPC_PAIR 0x0012
893	#define IMAGE_REL_PPC_SECRELLO 0x0013 // Low 16-bit section relative reference (used for >32k TLS)
894	#define IMAGE_REL_PPC_SECRELHI 0x0014 // High 16-bit section relative reference (used for >32k TLS)
895	#define IMAGE_REL_PPC_GPREL 0x0015
896	#define IMAGE_REL_PPC_TOKEN 0x0016 // clr token
897
898	#define IMAGE_REL_PPC_TYPEMASK 0x00FF // mask to isolate above values in IMAGE_RELOCATION.Type
899
900	// Flag bits in IMAGE_RELOCATION.TYPE
901
902	#define IMAGE_REL_PPC_NEG 0x0100 // subtract reloc value rather than adding it
903	#define IMAGE_REL_PPC_BRTAKEN 0x0200 // fix branch prediction bit to predict branch taken
904	#define IMAGE_REL_PPC_BRNTAKEN 0x0400 // fix branch prediction bit to predict branch not taken
905	#define IMAGE_REL_PPC_TOCDEFN 0x0800 // toc slot defined in file (or, data in toc)
906
907	//
908	// Hitachi SH3 relocation types.
909	//
910	#define IMAGE_REL_SH3_ABSOLUTE 0x0000 // No relocation
911	#define IMAGE_REL_SH3_DIRECT16 0x0001 // 16 bit direct
912	#define IMAGE_REL_SH3_DIRECT32 0x0002 // 32 bit direct
913	#define IMAGE_REL_SH3_DIRECT8 0x0003 // 8 bit direct, -128..255
914	#define IMAGE_REL_SH3_DIRECT8_WORD 0x0004 // 8 bit direct .W (0 ext.)
915	#define IMAGE_REL_SH3_DIRECT8_LONG 0x0005 // 8 bit direct .L (0 ext.)
916	#define IMAGE_REL_SH3_DIRECT4 0x0006 // 4 bit direct (0 ext.)
917	#define IMAGE_REL_SH3_DIRECT4_WORD 0x0007 // 4 bit direct .W (0 ext.)
918	#define IMAGE_REL_SH3_DIRECT4_LONG 0x0008 // 4 bit direct .L (0 ext.)
919	#define IMAGE_REL_SH3_PCREL8_WORD 0x0009 // 8 bit PC relative .W
920	#define IMAGE_REL_SH3_PCREL8_LONG 0x000A // 8 bit PC relative .L
921	#define IMAGE_REL_SH3_PCREL12_WORD 0x000B // 12 LSB PC relative .W
922	#define IMAGE_REL_SH3_STARTOF_SECTION 0x000C // Start of EXE section
923	#define IMAGE_REL_SH3_SIZEOF_SECTION 0x000D // Size of EXE section
924	#define IMAGE_REL_SH3_SECTION 0x000E // Section table index
925	#define IMAGE_REL_SH3_SECREL 0x000F // Offset within section
926	#define IMAGE_REL_SH3_DIRECT32_NB 0x0010 // 32 bit direct not based
927	#define IMAGE_REL_SH3_GPREL4_LONG 0x0011 // GP-relative addressing
928	#define IMAGE_REL_SH3_TOKEN 0x0012 // clr token
929
930	#define IMAGE_REL_ARM_ABSOLUTE 0x0000 // No relocation required
931	#define IMAGE_REL_ARM_ADDR32 0x0001 // 32 bit address
932	#define IMAGE_REL_ARM_ADDR32NB 0x0002 // 32 bit address w/o image base
933	#define IMAGE_REL_ARM_BRANCH24 0x0003 // 24 bit offset << 2 & sign ext.
934	#define IMAGE_REL_ARM_BRANCH11 0x0004 // Thumb: 2 11 bit offsets
935	#define IMAGE_REL_ARM_TOKEN 0x0005 // clr token
936	#define IMAGE_REL_ARM_GPREL12 0x0006 // GP-relative addressing (ARM)
937	#define IMAGE_REL_ARM_GPREL7 0x0007 // GP-relative addressing (Thumb)
938	#define IMAGE_REL_ARM_BLX24 0x0008
939	#define IMAGE_REL_ARM_BLX11 0x0009
940	#define IMAGE_REL_ARM_SECTION 0x000E // Section table index
941	#define IMAGE_REL_ARM_SECREL 0x000F // Offset within section
942
943	//
944	// ARM64 relocation types
945	//
946	#define IMAGE_REL_ARM64_ABSOLUTE 0x0000
947	#define IMAGE_REL_ARM64_ADDR32 0x0001
948	#define IMAGE_REL_ARM64_ADDR32NB 0x0002
949	#define IMAGE_REL_ARM64_BRANCH26 0x0003
950	#define IMAGE_REL_ARM64_PAGEBASE_REL21 0x0004
951	#define IMAGE_REL_ARM64_REL21 0x0005
952	#define IMAGE_REL_ARM64_PAGEOFFSET_12A 0x0006
953	#define IMAGE_REL_ARM64_PAGEOFFSET_12L 0x0007
954	#define IMAGE_REL_ARM64_SECREL 0x0008
955	#define IMAGE_REL_ARM64_SECREL_LOW12A 0x0009
956	#define IMAGE_REL_ARM64_SECREL_HIGH12A 0x000A
957	#define IMAGE_REL_ARM64_SECREL_LOW12L 0x000B
958	#define IMAGE_REL_ARM64_TOKEN 0x000C
959	#define IMAGE_REL_ARM64_SECTION 0x000D
960	#define IMAGE_REL_ARM64_ADDR64 0x000E
961
962	#define IMAGE_REL_AM_ABSOLUTE 0x0000
963	#define IMAGE_REL_AM_ADDR32 0x0001
964	#define IMAGE_REL_AM_ADDR32NB 0x0002
965	#define IMAGE_REL_AM_CALL32 0x0003
966	#define IMAGE_REL_AM_FUNCINFO 0x0004
967	#define IMAGE_REL_AM_REL32_1 0x0005
968	#define IMAGE_REL_AM_REL32_2 0x0006
969	#define IMAGE_REL_AM_SECREL 0x0007
970	#define IMAGE_REL_AM_SECTION 0x0008
971	#define IMAGE_REL_AM_TOKEN 0x0009
972
973	//
974	// X86-64 relocations
975	//
976	#define IMAGE_REL_AMD64_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
977	#define IMAGE_REL_AMD64_ADDR64 0x0001 // 64-bit address (VA).
978	#define IMAGE_REL_AMD64_ADDR32 0x0002 // 32-bit address (VA).
979	#define IMAGE_REL_AMD64_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA).
980	#define IMAGE_REL_AMD64_REL32 0x0004 // 32-bit relative address from byte following reloc
981	#define IMAGE_REL_AMD64_REL32_1 0x0005 // 32-bit relative address from byte distance 1 from reloc
982	#define IMAGE_REL_AMD64_REL32_2 0x0006 // 32-bit relative address from byte distance 2 from reloc
983	#define IMAGE_REL_AMD64_REL32_3 0x0007 // 32-bit relative address from byte distance 3 from reloc
984	#define IMAGE_REL_AMD64_REL32_4 0x0008 // 32-bit relative address from byte distance 4 from reloc
985	#define IMAGE_REL_AMD64_REL32_5 0x0009 // 32-bit relative address from byte distance 5 from reloc
986	#define IMAGE_REL_AMD64_SECTION 0x000A // Section index
987	#define IMAGE_REL_AMD64_SECREL 0x000B // 32 bit offset from base of section containing target
988	#define IMAGE_REL_AMD64_SECREL7 0x000C // 7 bit unsigned offset from base of section containing target
989	#define IMAGE_REL_AMD64_TOKEN 0x000D // 32 bit metadata token
990
991	//
992	// IA64 relocation types.
993	//
994	#define IMAGE_REL_IA64_ABSOLUTE 0x0000
995	#define IMAGE_REL_IA64_IMM14 0x0001
996	#define IMAGE_REL_IA64_IMM22 0x0002
997	#define IMAGE_REL_IA64_IMM64 0x0003
998	#define IMAGE_REL_IA64_DIR32 0x0004
999	#define IMAGE_REL_IA64_DIR64 0x0005
1000	#define IMAGE_REL_IA64_PCREL21B 0x0006
1001	#define IMAGE_REL_IA64_PCREL21M 0x0007
1002	#define IMAGE_REL_IA64_PCREL21F 0x0008
1003	#define IMAGE_REL_IA64_GPREL22 0x0009
1004	#define IMAGE_REL_IA64_LTOFF22 0x000A
1005	#define IMAGE_REL_IA64_SECTION 0x000B
1006	#define IMAGE_REL_IA64_SECREL22 0x000C
1007	#define IMAGE_REL_IA64_SECREL64I 0x000D
1008	#define IMAGE_REL_IA64_SECREL32 0x000E
1009	//
1010	#define IMAGE_REL_IA64_DIR32NB 0x0010
1011	#define IMAGE_REL_IA64_SREL14 0x0011
1012	#define IMAGE_REL_IA64_SREL22 0x0012
1013	#define IMAGE_REL_IA64_SREL32 0x0013
1014	#define IMAGE_REL_IA64_UREL32 0x0014
1015	#define IMAGE_REL_IA64_PCREL60X 0x0015 // This is always a BRL and never converted
1016	#define IMAGE_REL_IA64_PCREL60B 0x0016 // If possible, convert to MBB bundle with NOP.B in slot 1
1017	#define IMAGE_REL_IA64_PCREL60F 0x0017 // If possible, convert to MFB bundle with NOP.F in slot 1
1018	#define IMAGE_REL_IA64_PCREL60I 0x0018 // If possible, convert to MIB bundle with NOP.I in slot 1
1019	#define IMAGE_REL_IA64_PCREL60M 0x0019 // If possible, convert to MMB bundle with NOP.M in slot 1
1020	#define IMAGE_REL_IA64_IMMGPREL64 0x001A
1021	#define IMAGE_REL_IA64_TOKEN 0x001B // clr token
1022	#define IMAGE_REL_IA64_GPREL32 0x001C
1023	#define IMAGE_REL_IA64_ADDEND 0x001F
1024
1025	//
1026	// CEF relocation types.
1027	//
1028	#define IMAGE_REL_CEF_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
1029	#define IMAGE_REL_CEF_ADDR32 0x0001 // 32-bit address (VA).
1030	#define IMAGE_REL_CEF_ADDR64 0x0002 // 64-bit address (VA).
1031	#define IMAGE_REL_CEF_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA).
1032	#define IMAGE_REL_CEF_SECTION 0x0004 // Section index
1033	#define IMAGE_REL_CEF_SECREL 0x0005 // 32 bit offset from base of section containing target
1034	#define IMAGE_REL_CEF_TOKEN 0x0006 // 32 bit metadata token
1035
1036	//
1037	// clr relocation types.
1038	//
1039	#define IMAGE_REL_CEE_ABSOLUTE 0x0000 // Reference is absolute, no relocation is necessary
1040	#define IMAGE_REL_CEE_ADDR32 0x0001 // 32-bit address (VA).
1041	#define IMAGE_REL_CEE_ADDR64 0x0002 // 64-bit address (VA).
1042	#define IMAGE_REL_CEE_ADDR32NB 0x0003 // 32-bit address w/o image base (RVA).
1043	#define IMAGE_REL_CEE_SECTION 0x0004 // Section index
1044	#define IMAGE_REL_CEE_SECREL 0x0005 // 32 bit offset from base of section containing target
1045	#define IMAGE_REL_CEE_TOKEN 0x0006 // 32 bit metadata token
1046
1047
1048	#define IMAGE_REL_M32R_ABSOLUTE 0x0000 // No relocation required
1049	#define IMAGE_REL_M32R_ADDR32 0x0001 // 32 bit address
1050	#define IMAGE_REL_M32R_ADDR32NB 0x0002 // 32 bit address w/o image base
1051	#define IMAGE_REL_M32R_ADDR24 0x0003 // 24 bit address
1052	#define IMAGE_REL_M32R_GPREL16 0x0004 // GP relative addressing
1053	#define IMAGE_REL_M32R_PCREL24 0x0005 // 24 bit offset << 2 & sign ext.
1054	#define IMAGE_REL_M32R_PCREL16 0x0006 // 16 bit offset << 2 & sign ext.
1055	#define IMAGE_REL_M32R_PCREL8 0x0007 // 8 bit offset << 2 & sign ext.
1056	#define IMAGE_REL_M32R_REFHALF 0x0008 // 16 MSBs
1057	#define IMAGE_REL_M32R_REFHI 0x0009 // 16 MSBs; adj for LSB sign ext.
1058	#define IMAGE_REL_M32R_REFLO 0x000A // 16 LSBs
1059	#define IMAGE_REL_M32R_PAIR 0x000B // Link HI and LO
1060	#define IMAGE_REL_M32R_SECTION 0x000C // Section table index
1061	#define IMAGE_REL_M32R_SECREL32 0x000D // 32 bit section relative reference
1062	#define IMAGE_REL_M32R_TOKEN 0x000E // clr token
1063
1064
1065	#define EXT_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */ \
1066	Value \|= (((ULONGLONG)((*(Address) >> InstPos) & (((ULONGLONG)1 << Size) - 1))) << ValPos) // Intel-IA64-Filler
1067
1068	#define INS_IMM64(Value, Address, Size, InstPos, ValPos) /* Intel-IA64-Filler */\
1069	(PULONG)Address = ((PULONG)Address & ~(((1 << Size) - 1) << InstPos)) \| /* Intel-IA64-Filler */\
1070	((ULONG)((((ULONGLONG)Value >> ValPos) & (((ULONGLONG)1 << Size) - 1))) << InstPos) // Intel-IA64-Filler
1071
1072	#define EMARCH_ENC_I17_IMM7B_INST_WORD_X 3 // Intel-IA64-Filler
1073	#define EMARCH_ENC_I17_IMM7B_SIZE_X 7 // Intel-IA64-Filler
1074	#define EMARCH_ENC_I17_IMM7B_INST_WORD_POS_X 4 // Intel-IA64-Filler
1075	#define EMARCH_ENC_I17_IMM7B_VAL_POS_X 0 // Intel-IA64-Filler
1076
1077	#define EMARCH_ENC_I17_IMM9D_INST_WORD_X 3 // Intel-IA64-Filler
1078	#define EMARCH_ENC_I17_IMM9D_SIZE_X 9 // Intel-IA64-Filler
1079	#define EMARCH_ENC_I17_IMM9D_INST_WORD_POS_X 18 // Intel-IA64-Filler
1080	#define EMARCH_ENC_I17_IMM9D_VAL_POS_X 7 // Intel-IA64-Filler
1081
1082	#define EMARCH_ENC_I17_IMM5C_INST_WORD_X 3 // Intel-IA64-Filler
1083	#define EMARCH_ENC_I17_IMM5C_SIZE_X 5 // Intel-IA64-Filler
1084	#define EMARCH_ENC_I17_IMM5C_INST_WORD_POS_X 13 // Intel-IA64-Filler
1085	#define EMARCH_ENC_I17_IMM5C_VAL_POS_X 16 // Intel-IA64-Filler
1086
1087	#define EMARCH_ENC_I17_IC_INST_WORD_X 3 // Intel-IA64-Filler
1088	#define EMARCH_ENC_I17_IC_SIZE_X 1 // Intel-IA64-Filler
1089	#define EMARCH_ENC_I17_IC_INST_WORD_POS_X 12 // Intel-IA64-Filler
1090	#define EMARCH_ENC_I17_IC_VAL_POS_X 21 // Intel-IA64-Filler
1091
1092	#define EMARCH_ENC_I17_IMM41a_INST_WORD_X 1 // Intel-IA64-Filler
1093	#define EMARCH_ENC_I17_IMM41a_SIZE_X 10 // Intel-IA64-Filler
1094	#define EMARCH_ENC_I17_IMM41a_INST_WORD_POS_X 14 // Intel-IA64-Filler
1095	#define EMARCH_ENC_I17_IMM41a_VAL_POS_X 22 // Intel-IA64-Filler
1096
1097	#define EMARCH_ENC_I17_IMM41b_INST_WORD_X 1 // Intel-IA64-Filler
1098	#define EMARCH_ENC_I17_IMM41b_SIZE_X 8 // Intel-IA64-Filler
1099	#define EMARCH_ENC_I17_IMM41b_INST_WORD_POS_X 24 // Intel-IA64-Filler
1100	#define EMARCH_ENC_I17_IMM41b_VAL_POS_X 32 // Intel-IA64-Filler
1101
1102	#define EMARCH_ENC_I17_IMM41c_INST_WORD_X 2 // Intel-IA64-Filler
1103	#define EMARCH_ENC_I17_IMM41c_SIZE_X 23 // Intel-IA64-Filler
1104	#define EMARCH_ENC_I17_IMM41c_INST_WORD_POS_X 0 // Intel-IA64-Filler
1105	#define EMARCH_ENC_I17_IMM41c_VAL_POS_X 40 // Intel-IA64-Filler
1106
1107	#define EMARCH_ENC_I17_SIGN_INST_WORD_X 3 // Intel-IA64-Filler
1108	#define EMARCH_ENC_I17_SIGN_SIZE_X 1 // Intel-IA64-Filler
1109	#define EMARCH_ENC_I17_SIGN_INST_WORD_POS_X 27 // Intel-IA64-Filler
1110	#define EMARCH_ENC_I17_SIGN_VAL_POS_X 63 // Intel-IA64-Filler
1111
1112
1113	//
1114	// Line number format.
1115	//
1116
1117	typedef struct _IMAGE_LINENUMBER {
1118	union {
1119	ULONG SymbolTableIndex; // Symbol table index of function name if Linenumber is 0.
1120	ULONG VirtualAddress; // Virtual address of line number.
1121	} Type;
1122	USHORT Linenumber; // Line number.
1123	} IMAGE_LINENUMBER;
1124	typedef IMAGE_LINENUMBER UNALIGNED *PIMAGE_LINENUMBER;
1125
1126	#define IMAGE_SIZEOF_LINENUMBER 6
1127
1128	#ifndef _MAC
1129	#include "poppack.h" // Back to 4 byte packing
1130	#endif
1131
1132	//
1133	// Based relocation format.
1134	//
1135
1136	typedef struct _IMAGE_BASE_RELOCATION {
1137	ULONG VirtualAddress;
1138	ULONG SizeOfBlock;
1139	// USHORT TypeOffset[1];
1140	} IMAGE_BASE_RELOCATION;
1141	typedef IMAGE_BASE_RELOCATION UNALIGNED * PIMAGE_BASE_RELOCATION;
1142
1143	#define IMAGE_SIZEOF_BASE_RELOCATION 8
1144
1145	//
1146	// Based relocation types.
1147	//
1148
1149	#define IMAGE_REL_BASED_ABSOLUTE 0
1150	#define IMAGE_REL_BASED_HIGH 1
1151	#define IMAGE_REL_BASED_LOW 2
1152	#define IMAGE_REL_BASED_HIGHLOW 3
1153	#define IMAGE_REL_BASED_HIGHADJ 4
1154	#define IMAGE_REL_BASED_MACHINE_SPECIFIC_5 5
1155	#define IMAGE_REL_BASED_RESERVED 6
1156	#define IMAGE_REL_BASED_MACHINE_SPECIFIC_7 7
1157	#define IMAGE_REL_BASED_MACHINE_SPECIFIC_8 8
1158	#define IMAGE_REL_BASED_MACHINE_SPECIFIC_9 9
1159	#define IMAGE_REL_BASED_DIR64 10
1160
1161	//
1162	// Platform-specific based relocation types.
1163	//
1164
1165	#define IMAGE_REL_BASED_IA64_IMM64 9
1166
1167	#define IMAGE_REL_BASED_MIPS_JMPADDR 5
1168	#define IMAGE_REL_BASED_MIPS_JMPADDR16 9
1169
1170	#define IMAGE_REL_BASED_ARM_MOV32 5
1171	#define IMAGE_REL_BASED_THUMB_MOV32 7
1172
1173	//
1174	// Archive format.
1175	//
1176
1177	#define IMAGE_ARCHIVE_START_SIZE 8
1178	#define IMAGE_ARCHIVE_START "!<arch>\n"
1179	#define IMAGE_ARCHIVE_END "`\n"
1180	#define IMAGE_ARCHIVE_PAD "\n"
1181	#define IMAGE_ARCHIVE_LINKER_MEMBER "/ "
1182	#define IMAGE_ARCHIVE_LONGNAMES_MEMBER "// "
1183
1184	typedef struct _IMAGE_ARCHIVE_MEMBER_HEADER {
1185	UCHAR Name[`16`]; // File member name - `/' terminated.
1186	UCHAR Date[`12`]; // File member date - decimal.
1187	UCHAR UserID[`6`]; // File member user id - decimal.
1188	UCHAR GroupID[`6`]; // File member group id - decimal.
1189	UCHAR Mode[`8`]; // File member mode - octal.
1190	UCHAR Size[`10`]; // File member size - decimal.
1191	UCHAR EndHeader[`2`]; // String to end header.
1192	} IMAGE_ARCHIVE_MEMBER_HEADER, *PIMAGE_ARCHIVE_MEMBER_HEADER;
1193
1194	#define IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR 60
1195
1196	//
1197	// DLL support.
1198	//
1199
1200	//
1201	// Export Format
1202	//
1203
1204	typedef struct _IMAGE_EXPORT_DIRECTORY {
1205	ULONG Characteristics;
1206	ULONG TimeDateStamp;
1207	USHORT MajorVersion;
1208	USHORT MinorVersion;
1209	ULONG Name;
1210	ULONG Base;
1211	ULONG NumberOfFunctions;
1212	ULONG NumberOfNames;
1213	ULONG AddressOfFunctions; // RVA from base of image
1214	ULONG AddressOfNames; // RVA from base of image
1215	ULONG AddressOfNameOrdinals; // RVA from base of image
1216	} IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
1217
1218	//
1219	// Import Format
1220	//
1221
1222	typedef struct _IMAGE_IMPORT_BY_NAME {
1223	USHORT Hint;
1224	UCHAR Name[`1`];
1225	} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;
1226
1227	#include "pshpack8.h" // Use align 8 for the 64-bit IAT.
1228
1229	typedef struct _IMAGE_THUNK_DATA64 {
1230	union {
1231	ULONGLONG ForwarderString; // PUCHAR
1232	ULONGLONG Function; // PULONG
1233	ULONGLONG Ordinal;
1234	ULONGLONG AddressOfData; // PIMAGE_IMPORT_BY_NAME
1235	} u1;
1236	} IMAGE_THUNK_DATA64;
1237	typedef IMAGE_THUNK_DATA64 * PIMAGE_THUNK_DATA64;
1238
1239	#include "poppack.h" // Back to 4 byte packing
1240
1241	typedef struct _IMAGE_THUNK_DATA32 {
1242	union {
1243	ULONG ForwarderString; // PUCHAR
1244	ULONG Function; // PULONG
1245	ULONG Ordinal;
1246	ULONG AddressOfData; // PIMAGE_IMPORT_BY_NAME
1247	} u1;
1248	} IMAGE_THUNK_DATA32;
1249	typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32;
1250
1251	#define IMAGE_ORDINAL_FLAG64 0x8000000000000000
1252	#define IMAGE_ORDINAL_FLAG32 0x80000000
1253	#define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffff)
1254	#define IMAGE_ORDINAL32(Ordinal) (Ordinal & 0xffff)
1255	#define IMAGE_SNAP_BY_ORDINAL64(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG64) != 0)
1256	#define IMAGE_SNAP_BY_ORDINAL32(Ordinal) ((Ordinal & IMAGE_ORDINAL_FLAG32) != 0)
1257
1258	//
1259	// Thread Local Storage
1260	//
1261
1262	#ifdef _MSC_VER
1263	typedef VOID
1264	(NTAPI *PIMAGE_TLS_CALLBACK) (
1265	PVOID DllHandle,
1266	ULONG Reason,
1267	PVOID Reserved
1268	);
1269	#endif
1270
1271	typedef struct _IMAGE_TLS_DIRECTORY64 {
1272	ULONGLONG StartAddressOfRawData;
1273	ULONGLONG EndAddressOfRawData;
1274	ULONGLONG AddressOfIndex; // PULONG
1275	ULONGLONG AddressOfCallBacks; // PIMAGE_TLS_CALLBACK ;*
1276	ULONG SizeOfZeroFill;
1277	ULONG Characteristics;
1278	} IMAGE_TLS_DIRECTORY64;
1279	typedef IMAGE_TLS_DIRECTORY64 * PIMAGE_TLS_DIRECTORY64;
1280
1281	typedef struct _IMAGE_TLS_DIRECTORY32 {
1282	ULONG StartAddressOfRawData;
1283	ULONG EndAddressOfRawData;
1284	ULONG AddressOfIndex; // PULONG
1285	ULONG AddressOfCallBacks; // PIMAGE_TLS_CALLBACK *
1286	ULONG SizeOfZeroFill;
1287	ULONG Characteristics;
1288	} IMAGE_TLS_DIRECTORY32;
1289	typedef IMAGE_TLS_DIRECTORY32 * PIMAGE_TLS_DIRECTORY32;
1290
1291	#ifdef _WIN64
1292	#define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG64
1293	#define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal)
1294	typedef IMAGE_THUNK_DATA64 IMAGE_THUNK_DATA;
1295	typedef PIMAGE_THUNK_DATA64 PIMAGE_THUNK_DATA;
1296	#define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL64(Ordinal)
1297	typedef IMAGE_TLS_DIRECTORY64 IMAGE_TLS_DIRECTORY;
1298	typedef PIMAGE_TLS_DIRECTORY64 PIMAGE_TLS_DIRECTORY;
1299	#else
1300	#define IMAGE_ORDINAL_FLAG IMAGE_ORDINAL_FLAG32
1301	#define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL32(Ordinal)
1302	typedef IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA;
1303	typedef PIMAGE_THUNK_DATA32 PIMAGE_THUNK_DATA;
1304	#define IMAGE_SNAP_BY_ORDINAL(Ordinal) IMAGE_SNAP_BY_ORDINAL32(Ordinal)
1305	typedef IMAGE_TLS_DIRECTORY32 IMAGE_TLS_DIRECTORY;
1306	typedef PIMAGE_TLS_DIRECTORY32 PIMAGE_TLS_DIRECTORY;
1307	#endif
1308
1309	typedef struct _IMAGE_IMPORT_DESCRIPTOR {
1310	union {
1311	ULONG Characteristics; // 0 for terminating null import descriptor
1312	ULONG OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA)
1313	} u;
1314	ULONG TimeDateStamp; // 0 if not bound,
1315	// -1 if bound, and real date\time stamp
1316	// in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
1317	// O.W. date/time stamp of DLL bound to (Old BIND)
1318
1319	ULONG ForwarderChain; // -1 if no forwarders
1320	ULONG Name;
1321	ULONG FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)
1322	} IMAGE_IMPORT_DESCRIPTOR;
1323	typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR;
1324
1325	//
1326	// New format import descriptors pointed to by DataDirectory[ IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT ]
1327	//
1328
1329	typedef struct _IMAGE_BOUND_IMPORT_DESCRIPTOR {
1330	ULONG TimeDateStamp;
1331	USHORT OffsetModuleName;
1332	USHORT NumberOfModuleForwarderRefs;
1333	// Array of zero or more IMAGE_BOUND_FORWARDER_REF follows
1334	} IMAGE_BOUND_IMPORT_DESCRIPTOR, *PIMAGE_BOUND_IMPORT_DESCRIPTOR;
1335
1336	typedef struct _IMAGE_BOUND_FORWARDER_REF {
1337	ULONG TimeDateStamp;
1338	USHORT OffsetModuleName;
1339	USHORT Reserved;
1340	} IMAGE_BOUND_FORWARDER_REF, *PIMAGE_BOUND_FORWARDER_REF;
1341
1342	//
1343	// Resource Format.
1344	//
1345
1346	//
1347	// Resource directory consists of two counts, following by a variable length
1348	// array of directory entries. The first count is the number of entries at
1349	// beginning of the array that have actual names associated with each entry.
1350	// The entries are in ascending order, case insensitive strings. The second
1351	// count is the number of entries that immediately follow the named entries.
1352	// This second count identifies the number of entries that have 16-bit integer
1353	// Ids as their name. These entries are also sorted in ascending order.
1354	//
1355	// This structure allows fast lookup by either name or number, but for any
1356	// given resource entry only one form of lookup is supported, not both.
1357	// This is consistant with the syntax of the .RC file and the .RES file.
1358	//
1359
1360	typedef struct _IMAGE_RESOURCE_DIRECTORY {
1361	ULONG Characteristics;
1362	ULONG TimeDateStamp;
1363	USHORT MajorVersion;
1364	USHORT MinorVersion;
1365	USHORT NumberOfNamedEntries;
1366	USHORT NumberOfIdEntries;
1367	// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[];
1368	} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
1369
1370	#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
1371	#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
1372	//
1373	// Each directory contains the 32-bit Name of the entry and an offset,
1374	// relative to the beginning of the resource directory of the data associated
1375	// with this directory entry. If the name of the entry is an actual text
1376	// string instead of an integer Id, then the high order bit of the name field
1377	// is set to one and the low order 31-bits are an offset, relative to the
1378	// beginning of the resource directory of the string, which is of type
1379	// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
1380	// low-order 16-bits are the integer Id that identify this resource directory
1381	// entry. If the directory entry is yet another resource directory (i.e. a
1382	// subdirectory), then the high order bit of the offset field will be
1383	// set to indicate this. Otherwise the high bit is clear and the offset
1384	// field points to a resource data entry.
1385	//
1386
1387	typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
1388	union {
1389	struct {
1390	ULONG NameOffset:`31`;
1391	ULONG NameIsString:`1`;
1392	};
1393	ULONG Name;
1394	USHORT Id;
1395	};
1396	union {
1397	ULONG OffsetToData;
1398	struct {
1399	ULONG OffsetToDirectory:`31`;
1400	ULONG DataIsDirectory:`1`;
1401	};
1402	};
1403	} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
1404
1405	//
1406	// For resource directory entries that have actual string names, the Name
1407	// field of the directory entry points to an object of the following type.
1408	// All of these string objects are stored together after the last resource
1409	// directory entry and before the first resource data object. This minimizes
1410	// the impact of these variable length objects on the alignment of the fixed
1411	// size directory entry objects.
1412	//
1413
1414	typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING {
1415	USHORT Length;
1416	CHAR NameString[ `1` ];
1417	} IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
1418
1419
1420	typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
1421	USHORT Length;
1422	WCHAR NameString[ `1` ];
1423	} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
1424
1425
1426	//
1427	// Each resource data entry describes a leaf node in the resource directory
1428	// tree. It contains an offset, relative to the beginning of the resource
1429	// directory of the data for the resource, a size field that gives the number
1430	// of bytes of data at that offset, a CodePage that should be used when
1431	// decoding code point values within the resource data. Typically for new
1432	// applications the code page would be the unicode code page.
1433	//
1434
1435	typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
1436	ULONG OffsetToData;
1437	ULONG Size;
1438	ULONG CodePage;
1439	ULONG Reserved;
1440	} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
1441
1442	//
1443	// Load Configuration Directory Entry
1444	//
1445
1446	typedef struct {
1447	ULONG Characteristics;
1448	ULONG TimeDateStamp;
1449	USHORT MajorVersion;
1450	USHORT MinorVersion;
1451	ULONG GlobalFlagsClear;
1452	ULONG GlobalFlagsSet;
1453	ULONG CriticalSectionDefaultTimeout;
1454	ULONG DeCommitFreeBlockThreshold;
1455	ULONG DeCommitTotalFreeThreshold;
1456	ULONG LockPrefixTable; // VA
1457	ULONG MaximumAllocationSize;
1458	ULONG VirtualMemoryThreshold;
1459	ULONG ProcessHeapFlags;
1460	ULONG ProcessAffinityMask;
1461	USHORT CSDVersion;
1462	USHORT Reserved1;
1463	ULONG EditList; // VA
1464	ULONG Reserved[ `1` ];
1465	} IMAGE_LOAD_CONFIG_DIRECTORY32, *PIMAGE_LOAD_CONFIG_DIRECTORY32;
1466
1467	typedef struct {
1468	ULONG Characteristics;
1469	ULONG TimeDateStamp;
1470	USHORT MajorVersion;
1471	USHORT MinorVersion;
1472	ULONG GlobalFlagsClear;
1473	ULONG GlobalFlagsSet;
1474	ULONG CriticalSectionDefaultTimeout;
1475	ULONGLONG DeCommitFreeBlockThreshold;
1476	ULONGLONG DeCommitTotalFreeThreshold;
1477	ULONGLONG LockPrefixTable; // VA
1478	ULONGLONG MaximumAllocationSize;
1479	ULONGLONG VirtualMemoryThreshold;
1480	ULONGLONG ProcessAffinityMask;
1481	ULONG ProcessHeapFlags;
1482	USHORT CSDVersion;
1483	USHORT Reserved1;
1484	ULONGLONG EditList; // VA
1485	ULONG Reserved[ `2` ];
1486	} IMAGE_LOAD_CONFIG_DIRECTORY64, *PIMAGE_LOAD_CONFIG_DIRECTORY64;
1487
1488	#ifdef _WIN64
1489	typedef IMAGE_LOAD_CONFIG_DIRECTORY64 IMAGE_LOAD_CONFIG_DIRECTORY;
1490	typedef PIMAGE_LOAD_CONFIG_DIRECTORY64 PIMAGE_LOAD_CONFIG_DIRECTORY;
1491	#else
1492	typedef IMAGE_LOAD_CONFIG_DIRECTORY32 IMAGE_LOAD_CONFIG_DIRECTORY;
1493	typedef PIMAGE_LOAD_CONFIG_DIRECTORY32 PIMAGE_LOAD_CONFIG_DIRECTORY;
1494	#endif
1495
1496	//
1497	// WIN CE Exception table format
1498	//
1499
1500	//
1501	// Function table entry format. Function table is pointed to by the
1502	// IMAGE_DIRECTORY_ENTRY_EXCEPTION directory entry.
1503	//
1504
1505	typedef struct _IMAGE_CE_RUNTIME_FUNCTION_ENTRY {
1506	ULONG FuncStart;
1507	ULONG PrologLen : `8`;
1508	ULONG FuncLen : `22`;
1509	ULONG ThirtyTwoBit : `1`;
1510	ULONG ExceptionFlag : `1`;
1511	} IMAGE_CE_RUNTIME_FUNCTION_ENTRY, * PIMAGE_CE_RUNTIME_FUNCTION_ENTRY;
1512
1513	typedef struct _IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY {
1514	ULONGLONG BeginAddress;
1515	ULONGLONG EndAddress;
1516	ULONGLONG ExceptionHandler;
1517	ULONGLONG HandlerData;
1518	ULONGLONG PrologEndAddress;
1519	} IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY, *PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY;
1520
1521	typedef struct _IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY {
1522	ULONG BeginAddress;
1523	ULONG EndAddress;
1524	ULONG ExceptionHandler;
1525	ULONG HandlerData;
1526	ULONG PrologEndAddress;
1527	} IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY, *PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY;
1528
1529	typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY {
1530	ULONG BeginAddress;
1531	ULONG EndAddress;
1532	ULONG UnwindInfoAddress;
1533	} _IMAGE_RUNTIME_FUNCTION_ENTRY, *_PIMAGE_RUNTIME_FUNCTION_ENTRY;
1534
1535	typedef _IMAGE_RUNTIME_FUNCTION_ENTRY IMAGE_IA64_RUNTIME_FUNCTION_ENTRY;
1536	typedef _PIMAGE_RUNTIME_FUNCTION_ENTRY PIMAGE_IA64_RUNTIME_FUNCTION_ENTRY;
1537
1538	#if defined(_AXP64_)
1539
1540	typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_AXP64_RUNTIME_FUNCTION_ENTRY;
1541	typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_AXP64_RUNTIME_FUNCTION_ENTRY;
1542	typedef IMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY;
1543	typedef PIMAGE_ALPHA64_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY;
1544
1545	#elif defined(_ALPHA_)
1546
1547	typedef IMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY;
1548	typedef PIMAGE_ALPHA_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY;
1549
1550	#else
1551
1552	typedef _IMAGE_RUNTIME_FUNCTION_ENTRY IMAGE_RUNTIME_FUNCTION_ENTRY;
1553	typedef _PIMAGE_RUNTIME_FUNCTION_ENTRY PIMAGE_RUNTIME_FUNCTION_ENTRY;
1554
1555	#endif
1556
1557	//
1558	// Debug Format
1559	//
1560
1561	typedef struct _IMAGE_DEBUG_DIRECTORY {
1562	ULONG Characteristics;
1563	ULONG TimeDateStamp;
1564	USHORT MajorVersion;
1565	USHORT MinorVersion;
1566	ULONG Type;
1567	ULONG SizeOfData;
1568	ULONG AddressOfRawData;
1569	ULONG PointerToRawData;
1570	} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
1571
1572	#define IMAGE_DEBUG_TYPE_UNKNOWN 0
1573	#define IMAGE_DEBUG_TYPE_COFF 1
1574	#define IMAGE_DEBUG_TYPE_CODEVIEW 2
1575	#define IMAGE_DEBUG_TYPE_FPO 3
1576	#define IMAGE_DEBUG_TYPE_MISC 4
1577	#define IMAGE_DEBUG_TYPE_EXCEPTION 5
1578	#define IMAGE_DEBUG_TYPE_FIXUP 6
1579	#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
1580	#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
1581	#define IMAGE_DEBUG_TYPE_BORLAND 9
1582	#define IMAGE_DEBUG_TYPE_RESERVED10 10
1583	#define IMAGE_DEBUG_TYPE_CLSID 11
1584
1585	// end_winnt
1586
1587	//
1588
1589	// begin_winnt
1590
1591	typedef struct _IMAGE_COFF_SYMBOLS_HEADER {
1592	ULONG NumberOfSymbols;
1593	ULONG LvaToFirstSymbol;
1594	ULONG NumberOfLinenumbers;
1595	ULONG LvaToFirstLinenumber;
1596	ULONG RvaToFirstByteOfCode;
1597	ULONG RvaToLastByteOfCode;
1598	ULONG RvaToFirstByteOfData;
1599	ULONG RvaToLastByteOfData;
1600	} IMAGE_COFF_SYMBOLS_HEADER, *PIMAGE_COFF_SYMBOLS_HEADER;
1601
1602	#define FRAME_FPO 0
1603	#define FRAME_TRAP 1
1604	#define FRAME_TSS 2
1605	#define FRAME_NONFPO 3
1606
1607	typedef struct _FPO_DATA {
1608	ULONG ulOffStart; // offset 1st byte of function code
1609	ULONG cbProcSize; // # bytes in function
1610	ULONG cdwLocals; // # bytes in locals/4
1611	USHORT cdwParams; // # bytes in params/4
1612	USHORT cbProlog : `8`; // # bytes in prolog
1613	USHORT cbRegs : `3`; // # regs saved
1614	USHORT fHasSEH : `1`; // TRUE if SEH in func
1615	USHORT fUseBP : `1`; // TRUE if EBP has been allocated
1616	USHORT reserved : `1`; // reserved for future use
1617	USHORT cbFrame : `2`; // frame type
1618	} FPO_DATA, *PFPO_DATA;
1619	#define SIZEOF_RFPO_DATA 16
1620
1621
1622	#define IMAGE_DEBUG_MISC_EXENAME 1
1623
1624	typedef struct _IMAGE_DEBUG_MISC {
1625	ULONG DataType; // type of misc data, see defines
1626	ULONG Length; // total length of record, rounded to four
1627	// byte multiple.
1628	BOOLEAN Unicode; // TRUE if data is unicode string
1629	UCHAR Reserved[ `3` ];
1630	UCHAR Data[ `1` ]; // Actual data
1631	} IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC;
1632
1633
1634	//
1635	// Function table extracted from MIPS/ALPHA/IA64 images. Does not contain
1636	// information needed only for runtime support. Just those fields for
1637	// each entry needed by a debugger.
1638	//
1639
1640	typedef struct _IMAGE_FUNCTION_ENTRY {
1641	ULONG StartingAddress;
1642	ULONG EndingAddress;
1643	ULONG EndOfPrologue;
1644	} IMAGE_FUNCTION_ENTRY, *PIMAGE_FUNCTION_ENTRY;
1645
1646	typedef struct _IMAGE_FUNCTION_ENTRY64 {
1647	ULONGLONG StartingAddress;
1648	ULONGLONG EndingAddress;
1649	union {
1650	ULONGLONG EndOfPrologue;
1651	ULONGLONG UnwindInfoAddress;
1652	} u;
1653	} IMAGE_FUNCTION_ENTRY64, *PIMAGE_FUNCTION_ENTRY64;
1654
1655	//
1656	// Debugging information can be stripped from an image file and placed
1657	// in a separate .DBG file, whose file name part is the same as the
1658	// image file name part (e.g. symbols for CMD.EXE could be stripped
1659	// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
1660	// flag in the Characteristics field of the file header. The beginning of
1661	// the .DBG file contains the following structure which captures certain
1662	// information from the image file. This allows a debug to proceed even if
1663	// the original image file is not accessable. This header is followed by
1664	// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
1665	// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
1666	// the image file contain file offsets relative to the beginning of the
1667	// .DBG file.
1668	//
1669	// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
1670	// is left in the image file, but not mapped. This allows a debugger to
1671	// compute the name of the .DBG file, from the name of the image in the
1672	// IMAGE_DEBUG_MISC structure.
1673	//
1674
1675	typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
1676	USHORT Signature;
1677	USHORT Flags;
1678	USHORT Machine;
1679	USHORT Characteristics;
1680	ULONG TimeDateStamp;
1681	ULONG CheckSum;
1682	ULONG ImageBase;
1683	ULONG SizeOfImage;
1684	ULONG NumberOfSections;
1685	ULONG ExportedNamesSize;
1686	ULONG DebugDirectorySize;
1687	ULONG SectionAlignment;
1688	ULONG Reserved[`2`];
1689	} IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
1690
1691	typedef struct _NON_PAGED_DEBUG_INFO {
1692	USHORT Signature;
1693	USHORT Flags;
1694	ULONG Size;
1695	USHORT Machine;
1696	USHORT Characteristics;
1697	ULONG TimeDateStamp;
1698	ULONG CheckSum;
1699	ULONG SizeOfImage;
1700	ULONGLONG ImageBase;
1701	//DebugDirectorySize
1702	//IMAGE_DEBUG_DIRECTORY
1703	} NON_PAGED_DEBUG_INFO, *PNON_PAGED_DEBUG_INFO;
1704
1705	#ifndef _MAC
1706	#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
1707	#define NON_PAGED_DEBUG_SIGNATURE 0x494E
1708	#else
1709	#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4449 // DI
1710	#define NON_PAGED_DEBUG_SIGNATURE 0x4E49 // NI
1711	#endif
1712
1713	#define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
1714	#define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
1715	// old checksum didn't match.
1716
1717	//
1718	// The .arch section is made up of headers, each describing an amask position/value
1719	// pointing to an array of IMAGE_ARCHITECTURE_ENTRY's. Each "array" (both the header
1720	// and entry arrays) are terminiated by a quadword of 0xffffffffL.
1721	//
1722	// NOTE: There may be quadwords of 0 sprinkled around and must be skipped.
1723	//
1724
1725	typedef struct _ImageArchitectureHeader {
1726	unsigned int AmaskValue: `1`; // 1 -> code section depends on mask bit
1727	// 0 -> new instruction depends on mask bit
1728	int :`7`; // MBZ
1729	unsigned int AmaskShift: `8`; // Amask bit in question for this fixup
1730	int :`16`; // MBZ
1731	ULONG FirstEntryRVA; // RVA into .arch section to array of ARCHITECTURE_ENTRY's
1732	} IMAGE_ARCHITECTURE_HEADER, *PIMAGE_ARCHITECTURE_HEADER;
1733
1734	typedef struct _ImageArchitectureEntry {
1735	ULONG FixupInstRVA; // RVA of instruction to fixup
1736	ULONG NewInst; // fixup instruction (see alphaops.h)
1737	} IMAGE_ARCHITECTURE_ENTRY, *PIMAGE_ARCHITECTURE_ENTRY;
1738
1739	#include "poppack.h" // Back to the initial value
1740
1741	// The following structure defines the new import object. Note the values of the first two fields,
1742	// which must be set as stated in order to differentiate old and new import members.
1743	// Following this structure, the linker emits two null-terminated strings used to recreate the
1744	// import at the time of use. The first string is the import's name, the second is the dll's name.
1745
1746	#define IMPORT_OBJECT_HDR_SIG2 0xffff
1747
1748	typedef struct IMPORT_OBJECT_HEADER {
1749	USHORT Sig1; // Must be IMAGE_FILE_MACHINE_UNKNOWN
1750	USHORT Sig2; // Must be IMPORT_OBJECT_HDR_SIG2.
1751	USHORT Version;
1752	USHORT Machine;
1753	ULONG TimeDateStamp; // Time/date stamp
1754	ULONG SizeOfData; // particularly useful for incremental links
1755
1756	union {
1757	USHORT Ordinal; // if grf & IMPORT_OBJECT_ORDINAL
1758	USHORT Hint;
1759	} u;
1760
1761	USHORT Type : `2`; // IMPORT_TYPE
1762	USHORT NameType : `3`; // IMPORT_NAME_TYPE
1763	USHORT Reserved : `11`; // Reserved. Must be zero.
1764	} IMPORT_OBJECT_HEADER;
1765
1766	typedef enum IMPORT_OBJECT_TYPE
1767	{
1768	IMPORT_OBJECT_CODE = `0`,
1769	IMPORT_OBJECT_DATA = `1`,
1770	IMPORT_OBJECT_CONST = `2`,
1771	} IMPORT_OBJECT_TYPE;
1772
1773	typedef enum IMPORT_OBJECT_NAME_TYPE
1774	{
1775	IMPORT_OBJECT_ORDINAL = `0`, // Import by ordinal
1776	IMPORT_OBJECT_NAME = `1`, // Import name == public symbol name.
1777	IMPORT_OBJECT_NAME_NO_PREFIX = `2`, // Import name == public symbol name skipping leading ?, @, or optionally _.
1778	IMPORT_OBJECT_NAME_UNDECORATE = `3`, // Import name == public symbol name skipping leading ?, @, or optionally _
1779	// and truncating at first @
1780	} IMPORT_OBJECT_NAME_TYPE;
1781
1782	// end_winnt
1783
1784	//
1785	// End Image Format
1786	//
1787
1788	// end_winnt
1789
1790	#endif // _NTIMAGE_
1791

Browse the source code of CoreCLR/pal/inc/rt/ntimage.h