Classes related to parsing the PE file format in memory. More...

Classes
class	CV_INFO
	Parser for CodeView debug information. More...

class	DOS_HEADER
	Parser for the Windows DOS header. More...

struct	Export

class	FILE_INFO
	A common base class for VS_VERSIONINFO types. More...

struct	IMAGE_BASE_RELOCATION

class	IMAGE_DEBUG_DIRECTORY

class	IMAGE_EXCEPTION_SECTION

class	IMAGE_EXPORT_DIRECTORY

class	IMAGE_FILE_HEADER
	Also known as the COFF_HEADER. More...

class	IMAGE_IMPORT_DESCRIPTOR

class	IMAGE_OPTIONAL_HEADER

class	IMAGE_RELOCATION_SECTION

class	IMAGE_RESOURCE_DATA_ENTRY

class	IMAGE_RESOURCE_DIRECTORY

class	IMAGE_RESOURCE_DIRECTORY_ENTRY

class	IMAGE_SECTION_HEADER

class	IMAGE_THUNK_DATA

class	IMPORT_NAME_TABLE

class	PE
	Parser for Windows Portable Executable (PE) headers. More...

class	PeException
	Thrown when failing to parse a PE. More...

class	RUNTIME_FUNCTION

class	StringFileInfo

class	StringTable

class	UnwindCode

class	UnwindInfo

class	VarFileInfo
	TODO: Implement this class. More...

class	VS_FIXEDFILEINFO

class	VS_VERSIONINFO

Enumerations
enum	FileType { VFT_APP = 0x00000001L , VFT_DLL = 0x00000002L , VFT_DRV = 0x00000003L , VFT_FONT = 0x00000004L , VFT_STATIC_LIB = 0x00000007L , VFT_UNKNOWN = 0x00000000L , VFT_VXD = 0x00000005L }

enum	ImageDebugType : uint32_t { IMAGE_DEBUG_TYPE_UNKNOWN = 0 , IMAGE_DEBUG_TYPE_COFF = 1 , IMAGE_DEBUG_TYPE_CODEVIEW = 2 , IMAGE_DEBUG_TYPE_FPO = 3 , IMAGE_DEBUG_TYPE_MISC = 4 , IMAGE_DEBUG_TYPE_EXCEPTION = 5 , IMAGE_DEBUG_TYPE_FIXUP = 6 , IMAGE_DEBUG_TYPE_BORLAND = 9 }

enum	ImageDirectoryType : uint16_t { IMAGE_DIRECTORY_ENTRY_EXPORT , IMAGE_DIRECTORY_ENTRY_IMPORT , IMAGE_DIRECTORY_ENTRY_RESOURCE , IMAGE_DIRECTORY_ENTRY_EXCEPTION , IMAGE_DIRECTORY_ENTRY_SECURITY , IMAGE_DIRECTORY_ENTRY_BASERELOC , IMAGE_DIRECTORY_ENTRY_DEBUG , IMAGE_DIRECTORY_ENTRY_COPYRIGHT , IMAGE_DIRECTORY_ENTRY_GLOBALPTR , IMAGE_DIRECTORY_ENTRY_TLS , IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG , IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT , IMAGE_DIRECTORY_ENTRY_IAT , IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT , IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR , IMAGE_DIRECTORY_ENTRY_MAX = IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR }

enum	ImageFileCharacteristics : uint16_t { IMAGE_FILE_RELOCS_STRIPPED = 0x0001 , IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002 , IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004 , IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008 , IMAGE_FILE_AGGRESIVE_WS_TRIM = 0x0010 , IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020 , IMAGE_FILE_16BIT_MACHINE = 0x0040 , IMAGE_FILE_BYTES_REVERSED_LO = 0x0080 , IMAGE_FILE_32BIT_MACHINE = 0x0100 , IMAGE_FILE_DEBUG_STRIPPED = 0x0200 , IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400 , IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800 , IMAGE_FILE_SYSTEM = 0x1000 , IMAGE_FILE_DLL = 0x2000 , IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000 , IMAGE_FILE_BYTES_REVERSED_HI = 0x8000 }
	Charactaristic flags for IMAGE_FILE_HEADER. More...

enum	MachineType : uint16_t { MACHINE_TYPE_X64 = 0x8664 , MACHINE_TYPE_X86 = 0x014c , MACHINE_TYPE_IA64 = 0x0200 }

enum	RelocationType { IMAGE_REL_BASED_ABSOLUTE = 0 , IMAGE_REL_BASED_HIGH , IMAGE_REL_BASED_LOW , IMAGE_REL_BASED_HIGHLOW , IMAGE_REL_BASED_HIGHADJ , IMAGE_REL_BASED_MACHINE_SPECIFIC_5 , IMAGE_REL_BASED_RESERVED , IMAGE_REL_BASED_MACHINE_SPECIFIC_7 , IMAGE_REL_BASED_MACHINE_SPECIFIC_8 , IMAGE_REL_BASED_MACHINE_SPECIFIC_9 , IMAGE_REL_BASED_DIR64 }

enum	SubsystemType { NATIVE = 1 , WINDOWS_GUI = 2 , WINDOWS_CUI = 3 , OS2_CUI = 5 , POSIX_CUI = 7 }

enum	UNWIND_FLAGS { UNW_FLAG_NHANDLER = 0x0 , UNW_FLAG_EHANDLER = 0x1 , UNW_FLAG_UHANDLER = 0x2 , UNW_FLAG_CHAININFO = 0x4 }

enum	UNWIND_OP { UWOP_PUSH_NONVOL = 0 , UWOP_ALLOC_LARGE = 1 , UWOP_ALLOC_SMALL = 2 , UWOP_SET_FPREG = 3 , UWOP_SAVE_NONVOL = 4 , UWOP_SAVE_NONVOL_FAR = 5 , UWOP_SAVE_XMM = 6 , UWOP_SAVE_XMM_FAR = 7 , UWOP_SAVE_XMM128 = 8 , UWOP_SAVE_XMM128_FAR = 9 , UWOP_PUSH_MACHFRAME = 10 }

enum	ExportType { EXPORT_TYPE_CODE , EXPORT_TYPE_DATA , EXPORT_TYPE_FORWARD }

Functions
const std::string &	to_string (ImageDirectoryType type)

std::ostream &	operator<< (std::ostream &os, ImageDirectoryType type)

const std::string &	to_string (MachineType type)

std::ostream &	operator<< (std::ostream &os, MachineType type)

const std::string &	to_string (RelocationType type)

std::ostream &	operator<< (std::ostream &, RelocationType type)

const std::string &	to_string (SubsystemType type)

std::ostream &	operator<< (std::ostream &os, SubsystemType type)

Detailed Description

Classes related to parsing the PE file format in memory.

Enumeration Type Documentation

◆ ExportType

enum introvirt::windows::pe::ExportType

Enumerator
EXPORT_TYPE_CODE
EXPORT_TYPE_DATA
EXPORT_TYPE_FORWARD

◆ FileType

enum introvirt::windows::pe::FileType

Enumerator
VFT_APP	The file contains an application.
VFT_DLL	The file contains a DLL.
VFT_DRV	The file contains a device driver. If dwFileType is VFT_DRV, dwFileSubtype contains a more specific description of the driver.
VFT_FONT	The file contains a font. If dwFileType is VFT_FONT, dwFileSubtype contains a more specific description of the font file.
VFT_STATIC_LIB	The file contains a static-link library.
VFT_UNKNOWN	The file type is unknown to the system.
VFT_VXD	The file contains a virtual device.

◆ ImageDebugType

enum introvirt::windows::pe::ImageDebugType : uint32_t

Enumerator
IMAGE_DEBUG_TYPE_UNKNOWN
IMAGE_DEBUG_TYPE_COFF
IMAGE_DEBUG_TYPE_CODEVIEW
IMAGE_DEBUG_TYPE_FPO
IMAGE_DEBUG_TYPE_MISC
IMAGE_DEBUG_TYPE_EXCEPTION
IMAGE_DEBUG_TYPE_FIXUP
IMAGE_DEBUG_TYPE_BORLAND

◆ ImageDirectoryType

enum introvirt::windows::pe::ImageDirectoryType : uint16_t

Enumerator
IMAGE_DIRECTORY_ENTRY_EXPORT
IMAGE_DIRECTORY_ENTRY_IMPORT
IMAGE_DIRECTORY_ENTRY_RESOURCE
IMAGE_DIRECTORY_ENTRY_EXCEPTION
IMAGE_DIRECTORY_ENTRY_SECURITY
IMAGE_DIRECTORY_ENTRY_BASERELOC
IMAGE_DIRECTORY_ENTRY_DEBUG
IMAGE_DIRECTORY_ENTRY_COPYRIGHT
IMAGE_DIRECTORY_ENTRY_GLOBALPTR
IMAGE_DIRECTORY_ENTRY_TLS
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
IMAGE_DIRECTORY_ENTRY_IAT
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
IMAGE_DIRECTORY_ENTRY_MAX

◆ ImageFileCharacteristics

enum introvirt::windows::pe::ImageFileCharacteristics : uint16_t

Charactaristic flags for IMAGE_FILE_HEADER.

See also: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680313%28v=vs.85%29.aspx

Enumerator
IMAGE_FILE_RELOCS_STRIPPED	Relocation info stripped from file. The file must be loaded at its preferred base address.
IMAGE_FILE_EXECUTABLE_IMAGE	The file is executable (there are no unresolved external references).
IMAGE_FILE_LINE_NUMS_STRIPPED	COFF line numbers were stripped from the file.
IMAGE_FILE_LOCAL_SYMS_STRIPPED	COFF symbol table entries were stripped from file.
IMAGE_FILE_AGGRESIVE_WS_TRIM	Aggressively trim the working set. This flag is obsolete.
IMAGE_FILE_LARGE_ADDRESS_AWARE	The application can handle addresses larger than 2 GB.
IMAGE_FILE_16BIT_MACHINE	16 bit word machine.
IMAGE_FILE_BYTES_REVERSED_LO	The bytes of the word are reversed. This flag is obsolete.
IMAGE_FILE_32BIT_MACHINE	The computer supports 32-bit words.
IMAGE_FILE_DEBUG_STRIPPED	Debugging information was removed and stored separately in another file.
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP	If the image is on removable media, copy it to and run it from the swap file.
IMAGE_FILE_NET_RUN_FROM_SWAP	If the image is on the network, copy it to and run it from the swap file.
IMAGE_FILE_SYSTEM	The image is a system file.
IMAGE_FILE_DLL	The image is a DLL file. While it is an executable file, it cannot be run directly.
IMAGE_FILE_UP_SYSTEM_ONLY	The file should be run only on a uniprocessor computer.
IMAGE_FILE_BYTES_REVERSED_HI	The bytes of the word are reversed. This flag is obsolete.

◆ MachineType

enum introvirt::windows::pe::MachineType : uint16_t

Enumerator
MACHINE_TYPE_X64	x64 Platform
MACHINE_TYPE_X86	x86 Platform
MACHINE_TYPE_IA64	Intel Itanium platform

◆ RelocationType

enum introvirt::windows::pe::RelocationType

Enumerator
IMAGE_REL_BASED_ABSOLUTE
IMAGE_REL_BASED_HIGH
IMAGE_REL_BASED_LOW
IMAGE_REL_BASED_HIGHLOW
IMAGE_REL_BASED_HIGHADJ
IMAGE_REL_BASED_MACHINE_SPECIFIC_5
IMAGE_REL_BASED_RESERVED
IMAGE_REL_BASED_MACHINE_SPECIFIC_7
IMAGE_REL_BASED_MACHINE_SPECIFIC_8
IMAGE_REL_BASED_MACHINE_SPECIFIC_9
IMAGE_REL_BASED_DIR64

◆ SubsystemType

enum introvirt::windows::pe::SubsystemType

Enumerator
NATIVE	Doesn't require a subsystem (such as a device driver)
WINDOWS_GUI	Runs in the Windows GUI subsystem
WINDOWS_CUI	Runs in the Windows character subsystem (a console app)
OS2_CUI	Runs in the OS/2 character subsystem (OS/2 1.x apps only)
POSIX_CUI	Runs in the Posix character subsystem.

◆ UNWIND_FLAGS

enum introvirt::windows::pe::UNWIND_FLAGS

Enumerator
UNW_FLAG_NHANDLER
UNW_FLAG_EHANDLER
UNW_FLAG_UHANDLER
UNW_FLAG_CHAININFO

◆ UNWIND_OP

enum introvirt::windows::pe::UNWIND_OP

Enumerator
UWOP_PUSH_NONVOL
UWOP_ALLOC_LARGE
UWOP_ALLOC_SMALL
UWOP_SET_FPREG
UWOP_SAVE_NONVOL
UWOP_SAVE_NONVOL_FAR
UWOP_SAVE_XMM
UWOP_SAVE_XMM_FAR
UWOP_SAVE_XMM128
UWOP_SAVE_XMM128_FAR
UWOP_PUSH_MACHFRAME

Function Documentation

◆ operator<<() [1/4]

std::ostream & introvirt::windows::pe::operator<<	(	std::ostream &	,
		RelocationType	type
	)

◆ operator<<() [2/4]

std::ostream & introvirt::windows::pe::operator<<	(	std::ostream &	os,
		ImageDirectoryType	type
	)

◆ operator<<() [3/4]

std::ostream & introvirt::windows::pe::operator<<	(	std::ostream &	os,
		MachineType	type
	)

◆ operator<<() [4/4]

std::ostream & introvirt::windows::pe::operator<<	(	std::ostream &	os,
		SubsystemType	type
	)

◆ to_string() [1/4]

const std::string & introvirt::windows::pe::to_string ( ImageDirectoryType type )

◆ to_string() [2/4]

const std::string & introvirt::windows::pe::to_string ( MachineType type )

◆ to_string() [3/4]

const std::string & introvirt::windows::pe::to_string ( RelocationType type )

◆ to_string() [4/4]

const std::string & introvirt::windows::pe::to_string ( SubsystemType type )

Classes

Enumerations

Functions