summaryrefslogtreecommitdiffstats
path: root/include/iprt/formats/pecoff.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/iprt/formats/pecoff.h2487
1 files changed, 2487 insertions, 0 deletions
diff --git a/include/iprt/formats/pecoff.h b/include/iprt/formats/pecoff.h
new file mode 100644
index 00000000..3342b54f
--- /dev/null
+++ b/include/iprt/formats/pecoff.h
@@ -0,0 +1,2487 @@
+/* $Id: pecoff.h $ */
+/** @file
+ * IPRT - Windows NT PE & COFF Structures and Constants.
+ */
+
+/*
+ * Copyright (C) 2006-2020 Oracle Corporation
+ *
+ * This file is part of VirtualBox Open Source Edition (OSE), as
+ * available from http://www.virtualbox.org. This file is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU
+ * General Public License (GPL) as published by the Free Software
+ * Foundation, in version 2 as it comes in the "COPYING" file of the
+ * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
+ * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
+ *
+ * The contents of this file may alternatively be used under the terms
+ * of the Common Development and Distribution License Version 1.0
+ * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
+ * VirtualBox OSE distribution, in which case the provisions of the
+ * CDDL are applicable instead of those of the GPL.
+ *
+ * You may elect to license modified versions of this file under the
+ * terms and conditions of either the GPL or the CDDL or both.
+ */
+
+#ifndef IPRT_INCLUDED_formats_pecoff_h
+#define IPRT_INCLUDED_formats_pecoff_h
+#ifndef RT_WITHOUT_PRAGMA_ONCE
+# pragma once
+#endif
+
+#include <iprt/types.h>
+#include <iprt/assertcompile.h>
+
+
+/** @defgroup grp_rt_formats_pecoff PE & Microsoft COFF structures and definitions
+ * @ingroup grp_rt_formats
+ * @{
+ */
+
+
+/**
+ * PE & COFF file header.
+ *
+ * This starts COFF files, while in PE files it's preceeded by the PE signature
+ * (see IMAGE_NT_HEADERS32, IMAGE_NT_HEADERS64).
+ */
+typedef struct _IMAGE_FILE_HEADER
+{
+ uint16_t Machine; /**< 0x00 */
+ uint16_t NumberOfSections; /**< 0x02 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint32_t PointerToSymbolTable; /**< 0x08 */
+ uint32_t NumberOfSymbols; /**< 0x0c */
+ uint16_t SizeOfOptionalHeader; /**< 0x10 */
+ uint16_t Characteristics; /**< 0x12 */
+} IMAGE_FILE_HEADER; /* size: 0x14 */
+AssertCompileSize(IMAGE_FILE_HEADER, 0x14);
+typedef IMAGE_FILE_HEADER *PIMAGE_FILE_HEADER;
+typedef IMAGE_FILE_HEADER const *PCIMAGE_FILE_HEADER;
+
+
+/** @name PE & COFF machine types.
+ * Used by IMAGE_FILE_HEADER::Machine and IMAGE_SEPARATE_DEBUG_HEADER::Machine.
+ * @{ */
+/** X86 compatible CPU, 32-bit instructions. */
+#define IMAGE_FILE_MACHINE_I386 UINT16_C(0x014c)
+/** AMD64 compatible CPU, 64-bit instructions. */
+#define IMAGE_FILE_MACHINE_AMD64 UINT16_C(0x8664)
+
+/** Unknown target CPU. */
+#define IMAGE_FILE_MACHINE_UNKNOWN UINT16_C(0x0000)
+/** Basic-16 (whatever that is). */
+#define IMAGE_FILE_MACHINE_BASIC_16 UINT16_C(0x0142)
+/** Basic-16 (whatever that is) w/ transfer vector(s?) (TV). */
+#define IMAGE_FILE_MACHINE_BASIC_16_TV UINT16_C(0x0143)
+/** Intel iAPX 16 (8086?). */
+#define IMAGE_FILE_MACHINE_IAPX16 UINT16_C(0x0144)
+/** Intel iAPX 16 (8086?) w/ transfer vector(s?) (TV). */
+#define IMAGE_FILE_MACHINE_IAPX16_TV UINT16_C(0x0145)
+/** Intel iAPX 20 (80286?). */
+#define IMAGE_FILE_MACHINE_IAPX20 UINT16_C(0x0144)
+/** Intel iAPX 20 (80286?) w/ transfer vector(s?) (TV). */
+#define IMAGE_FILE_MACHINE_IAPX20_TV UINT16_C(0x0145)
+/** X86 compatible CPU, 8086. */
+#define IMAGE_FILE_MACHINE_I8086 UINT16_C(0x0148)
+/** X86 compatible CPU, 8086 w/ transfer vector(s?) (TV). */
+#define IMAGE_FILE_MACHINE_I8086_TV UINT16_C(0x0149)
+/** X86 compatible CPU, 80286 small model program. */
+#define IMAGE_FILE_MACHINE_I286_SMALL UINT16_C(0x014a)
+/** Motorola 68000. */
+#define IMAGE_FILE_MACHINE_MC68 UINT16_C(0x0150)
+/** Motorola 68000 w/ writable text sections. */
+#define IMAGE_FILE_MACHINE_MC68_WR UINT16_C(0x0150)
+/** Motorola 68000 w/ transfer vector(s?). */
+#define IMAGE_FILE_MACHINE_MC68_TV UINT16_C(0x0151)
+/** Motorola 68000 w/ demand paged text.
+ * @note shared with 80286 large model program. */
+#define IMAGE_FILE_MACHINE_MC68_PG UINT16_C(0x0152)
+/** X86 compatible CPU, 80286 large model program.
+ * @note shared with MC68000 w/ demand paged text */
+#define IMAGE_FILE_MACHINE_I286_LARGE UINT16_C(0x0152)
+/** IBM 370 (writable text). */
+#define IMAGE_FILE_MACHINE_U370_WR UINT16_C(0x0158)
+/** Amdahl 470/580 (writable text). */
+#define IMAGE_FILE_MACHINE_AMDAHL_470_WR UINT16_C(0x0159)
+/** Amdahl 470/580 (read only text). */
+#define IMAGE_FILE_MACHINE_AMDAHL_470_RO UINT16_C(0x015c)
+/** IBM 370 (read only text). */
+#define IMAGE_FILE_MACHINE_U370_RO UINT16_C(0x015d)
+/** MIPS R4000 CPU, little endian. */
+#define IMAGE_FILE_MACHINE_R4000 UINT16_C(0x0166)
+/** MIPS CPU, little endian, Windows CE (?) v2 designation. */
+#define IMAGE_FILE_MACHINE_WCEMIPSV2 UINT16_C(0x0169)
+/** VAX-11/750 and VAX-11/780 (writable text). */
+#define IMAGE_FILE_MACHINE_VAX_WR UINT16_C(0x0178)
+/** VAX-11/750 and VAX-11/780 (read-only text). */
+#define IMAGE_FILE_MACHINE_VAX_RO UINT16_C(0x017d)
+/** Hitachi SH3 CPU. */
+#define IMAGE_FILE_MACHINE_SH3 UINT16_C(0x01a2)
+/** Hitachi SH3 DSP. */
+#define IMAGE_FILE_MACHINE_SH3DSP UINT16_C(0x01a3)
+/** Hitachi SH4 CPU. */
+#define IMAGE_FILE_MACHINE_SH4 UINT16_C(0x01a6)
+/** Hitachi SH5 CPU. */
+#define IMAGE_FILE_MACHINE_SH5 UINT16_C(0x01a8)
+/** Little endian ARM CPU. */
+#define IMAGE_FILE_MACHINE_ARM UINT16_C(0x01c0)
+/** ARM or Thumb stuff. */
+#define IMAGE_FILE_MACHINE_THUMB UINT16_C(0x01c2)
+/** ARMv7 or higher CPU, Thumb mode. */
+#define IMAGE_FILE_MACHINE_ARMNT UINT16_C(0x01c4)
+/** Matshushita AM33 CPU. */
+#define IMAGE_FILE_MACHINE_AM33 UINT16_C(0x01d3)
+/** Power PC CPU, little endian. */
+#define IMAGE_FILE_MACHINE_POWERPC UINT16_C(0x01f0)
+/** Power PC CPU with FPU, also little endian? */
+#define IMAGE_FILE_MACHINE_POWERPCFP UINT16_C(0x01f1)
+/** "Itanic" CPU. */
+#define IMAGE_FILE_MACHINE_IA64 UINT16_C(0x0200)
+/** MIPS CPU, compact 16-bit instructions only? */
+#define IMAGE_FILE_MACHINE_MIPS16 UINT16_C(0x0266)
+/** MIPS CPU with FPU, full 32-bit instructions only? */
+#define IMAGE_FILE_MACHINE_MIPSFPU UINT16_C(0x0366)
+/** MIPS CPU with FPU, compact 16-bit instructions? */
+#define IMAGE_FILE_MACHINE_MIPSFPU16 UINT16_C(0x0466)
+/** EFI byte code. */
+#define IMAGE_FILE_MACHINE_EBC UINT16_C(0x0ebc)
+/** Mitsubishi M32R CPU, little endian. */
+#define IMAGE_FILE_MACHINE_M32R UINT16_C(0x9041)
+/** ARMv8 CPU, 64-bit mode. */
+#define IMAGE_FILE_MACHINE_ARM64 UINT16_C(0xaa64)
+/** @} */
+
+/** @name File header characteristics (IMAGE_FILE_HEADER::Characteristics)
+ * @{ */
+#define IMAGE_FILE_RELOCS_STRIPPED UINT16_C(0x0001)
+#define IMAGE_FILE_EXECUTABLE_IMAGE UINT16_C(0x0002)
+#define IMAGE_FILE_LINE_NUMS_STRIPPED UINT16_C(0x0004)
+#define IMAGE_FILE_LOCAL_SYMS_STRIPPED UINT16_C(0x0008)
+#define IMAGE_FILE_AGGRESIVE_WS_TRIM UINT16_C(0x0010)
+#define IMAGE_FILE_LARGE_ADDRESS_AWARE UINT16_C(0x0020)
+#define IMAGE_FILE_16BIT_MACHINE UINT16_C(0x0040)
+#define IMAGE_FILE_BYTES_REVERSED_LO UINT16_C(0x0080)
+#define IMAGE_FILE_32BIT_MACHINE UINT16_C(0x0100)
+#define IMAGE_FILE_DEBUG_STRIPPED UINT16_C(0x0200)
+#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP UINT16_C(0x0400)
+#define IMAGE_FILE_NET_RUN_FROM_SWAP UINT16_C(0x0800)
+#define IMAGE_FILE_SYSTEM UINT16_C(0x1000) /**< (COFF/IAPX*: Used to indicate 80186 instructions) */
+#define IMAGE_FILE_DLL UINT16_C(0x2000) /**< (COFF/IAPX*: Used to indicate 80286 instructions) */
+#define IMAGE_FILE_UP_SYSTEM_ONLY UINT16_C(0x4000)
+#define IMAGE_FILE_BYTES_REVERSED_HI UINT16_C(0x8000)
+/** @} */
+
+
+/**
+ * PE data directory.
+ *
+ * This is used to locate data in the loaded image so the dynamic linker or
+ * others can make use of it. However, in the case of
+ * IMAGE_DIRECTORY_ENTRY_SECURITY it is referring to raw file offsets.
+ */
+typedef struct _IMAGE_DATA_DIRECTORY
+{
+ uint32_t VirtualAddress;
+ uint32_t Size;
+} IMAGE_DATA_DIRECTORY;
+AssertCompileSize(IMAGE_DATA_DIRECTORY, 0x8);
+typedef IMAGE_DATA_DIRECTORY *PIMAGE_DATA_DIRECTORY;
+typedef IMAGE_DATA_DIRECTORY const *PCIMAGE_DATA_DIRECTORY;
+
+/** The standard number of data directories in the optional header.
+ * I.e. the dimensions of IMAGE_OPTIONAL_HEADER32::DataDirectory and
+ * IMAGE_OPTIONAL_HEADER64::DataDirectory.
+ */
+#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 0x10
+
+
+/**
+ * PE optional header, 32-bit version.
+ */
+typedef struct _IMAGE_OPTIONAL_HEADER32
+{
+ uint16_t Magic; /**< 0x00 */
+ uint8_t MajorLinkerVersion; /**< 0x02 */
+ uint8_t MinorLinkerVersion; /**< 0x03 */
+ uint32_t SizeOfCode; /**< 0x04 */
+ uint32_t SizeOfInitializedData; /**< 0x08 */
+ uint32_t SizeOfUninitializedData; /**< 0x0c */
+ uint32_t AddressOfEntryPoint; /**< 0x10 */
+ uint32_t BaseOfCode; /**< 0x14 */
+ uint32_t BaseOfData; /**< 0x18 */
+ uint32_t ImageBase; /**< 0x1c */
+ uint32_t SectionAlignment; /**< 0x20 */
+ uint32_t FileAlignment; /**< 0x24 */
+ uint16_t MajorOperatingSystemVersion; /**< 0x28 */
+ uint16_t MinorOperatingSystemVersion; /**< 0x2a */
+ uint16_t MajorImageVersion; /**< 0x2c */
+ uint16_t MinorImageVersion; /**< 0x2e */
+ uint16_t MajorSubsystemVersion; /**< 0x30 */
+ uint16_t MinorSubsystemVersion; /**< 0x32 */
+ uint32_t Win32VersionValue; /**< 0x34 */
+ uint32_t SizeOfImage; /**< 0x38 */
+ uint32_t SizeOfHeaders; /**< 0x3c */
+ uint32_t CheckSum; /**< 0x40 */
+ uint16_t Subsystem; /**< 0x44 */
+ uint16_t DllCharacteristics; /**< 0x46 */
+ uint32_t SizeOfStackReserve; /**< 0x48 */
+ uint32_t SizeOfStackCommit; /**< 0x4c */
+ uint32_t SizeOfHeapReserve; /**< 0x50 */
+ uint32_t SizeOfHeapCommit; /**< 0x54 */
+ uint32_t LoaderFlags; /**< 0x58 */
+ uint32_t NumberOfRvaAndSizes; /**< 0x5c */
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; /**< 0x60; 0x10*8 = 0x80 */
+} IMAGE_OPTIONAL_HEADER32; /* size: 0xe0 */
+AssertCompileSize(IMAGE_OPTIONAL_HEADER32, 0xe0);
+typedef IMAGE_OPTIONAL_HEADER32 *PIMAGE_OPTIONAL_HEADER32;
+typedef IMAGE_OPTIONAL_HEADER32 const *PCIMAGE_OPTIONAL_HEADER32;
+
+/**
+ * PE optional header, 64-bit version.
+ */
+typedef struct _IMAGE_OPTIONAL_HEADER64
+{
+ uint16_t Magic; /**< 0x00 */
+ uint8_t MajorLinkerVersion; /**< 0x02 */
+ uint8_t MinorLinkerVersion; /**< 0x03 */
+ uint32_t SizeOfCode; /**< 0x04 */
+ uint32_t SizeOfInitializedData; /**< 0x08 */
+ uint32_t SizeOfUninitializedData; /**< 0x0c */
+ uint32_t AddressOfEntryPoint; /**< 0x10 */
+ uint32_t BaseOfCode; /**< 0x14 */
+ uint64_t ImageBase; /**< 0x18 */
+ uint32_t SectionAlignment; /**< 0x20 */
+ uint32_t FileAlignment; /**< 0x24 */
+ uint16_t MajorOperatingSystemVersion; /**< 0x28 */
+ uint16_t MinorOperatingSystemVersion; /**< 0x2a */
+ uint16_t MajorImageVersion; /**< 0x2c */
+ uint16_t MinorImageVersion; /**< 0x2e */
+ uint16_t MajorSubsystemVersion; /**< 0x30 */
+ uint16_t MinorSubsystemVersion; /**< 0x32 */
+ uint32_t Win32VersionValue; /**< 0x34 */
+ uint32_t SizeOfImage; /**< 0x38 */
+ uint32_t SizeOfHeaders; /**< 0x3c */
+ uint32_t CheckSum; /**< 0x40 */
+ uint16_t Subsystem; /**< 0x44 */
+ uint16_t DllCharacteristics; /**< 0x46 */
+ uint64_t SizeOfStackReserve; /**< 0x48 */
+ uint64_t SizeOfStackCommit; /**< 0x50 */
+ uint64_t SizeOfHeapReserve; /**< 0x58 */
+ uint64_t SizeOfHeapCommit; /**< 0x60 */
+ uint32_t LoaderFlags; /**< 0x68 */
+ uint32_t NumberOfRvaAndSizes; /**< 0x6c */
+ IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; /**< 0x70; 0x10*8 = 0x80 */
+} IMAGE_OPTIONAL_HEADER64; /* size: 0xf0 */
+AssertCompileSize(IMAGE_OPTIONAL_HEADER64, 0xf0);
+typedef IMAGE_OPTIONAL_HEADER64 *PIMAGE_OPTIONAL_HEADER64;
+typedef IMAGE_OPTIONAL_HEADER64 const *PCIMAGE_OPTIONAL_HEADER64;
+
+/** @name Optional header magic values.
+ * @{ */
+#define IMAGE_NT_OPTIONAL_HDR32_MAGIC UINT16_C(0x010b)
+#define IMAGE_NT_OPTIONAL_HDR64_MAGIC UINT16_C(0x020b)
+/** @} */
+
+/** @name IMAGE_SUBSYSTEM_XXX - Optional header subsystems.
+ * IMAGE_OPTIONAL_HEADER32::Subsystem, IMAGE_OPTIONAL_HEADER64::Subsystem
+ * @{ */
+#define IMAGE_SUBSYSTEM_UNKNOWN UINT16_C(0x0000)
+#define IMAGE_SUBSYSTEM_NATIVE UINT16_C(0x0001)
+#define IMAGE_SUBSYSTEM_WINDOWS_GUI UINT16_C(0x0002)
+#define IMAGE_SUBSYSTEM_WINDOWS_CUI UINT16_C(0x0003)
+#define IMAGE_SUBSYSTEM_OS2_GUI UINT16_C(0x0004)
+#define IMAGE_SUBSYSTEM_OS2_CUI UINT16_C(0x0005)
+#define IMAGE_SUBSYSTEM_POSIX_CUI UINT16_C(0x0007)
+/** @} */
+
+/** @name Optional header characteristics.
+ * @{ */
+#define IMAGE_LIBRARY_PROCESS_INIT UINT16_C(0x0001)
+#define IMAGE_LIBRARY_PROCESS_TERM UINT16_C(0x0002)
+#define IMAGE_LIBRARY_THREAD_INIT UINT16_C(0x0004)
+#define IMAGE_LIBRARY_THREAD_TERM UINT16_C(0x0008)
+#define IMAGE_DLLCHARACTERISTICS_RESERVED UINT16_C(0x0010)
+#define IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA UINT16_C(0x0020)
+#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE UINT16_C(0x0040)
+#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY UINT16_C(0x0080)
+#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT UINT16_C(0x0100)
+#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION UINT16_C(0x0200)
+#define IMAGE_DLLCHARACTERISTICS_NO_SEH UINT16_C(0x0400)
+#define IMAGE_DLLCHARACTERISTICS_NO_BIND UINT16_C(0x0800)
+#define IMAGE_DLLCHARACTERISTICS_APPCONTAINER UINT16_C(0x1000)
+#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER UINT16_C(0x2000)
+#define IMAGE_DLLCHARACTERISTICS_GUARD_CF UINT16_C(0x4000)
+#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE UINT16_C(0x8000)
+/** @} */
+
+
+/** @name IMAGE_DIRECTORY_ENTRY_XXX - Data directory indexes.
+ * Used to index IMAGE_OPTIONAL_HEADER32::DataDirectory and
+ * IMAGE_OPTIONAL_HEADER64::DataDirectory
+ * @{ */
+#define IMAGE_DIRECTORY_ENTRY_EXPORT 0x0
+#define IMAGE_DIRECTORY_ENTRY_IMPORT 0x1
+#define IMAGE_DIRECTORY_ENTRY_RESOURCE 0x2
+#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x3
+#define IMAGE_DIRECTORY_ENTRY_SECURITY 0x4
+#define IMAGE_DIRECTORY_ENTRY_BASERELOC 0x5
+#define IMAGE_DIRECTORY_ENTRY_DEBUG 0x6
+#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 0x7
+#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
+#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x8
+#define IMAGE_DIRECTORY_ENTRY_TLS 0x9
+#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0xa
+#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0xb
+#define IMAGE_DIRECTORY_ENTRY_IAT 0xc
+#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0xd
+#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0xe
+/** @} */
+
+
+/**
+ * PE (NT) headers, 32-bit version.
+ */
+typedef struct _IMAGE_NT_HEADERS32
+{
+ uint32_t Signature; /**< 0x00 */
+ IMAGE_FILE_HEADER FileHeader; /**< 0x04 */
+ IMAGE_OPTIONAL_HEADER32 OptionalHeader; /**< 0x18 */
+} IMAGE_NT_HEADERS32; /* size: 0xf8 */
+AssertCompileSize(IMAGE_NT_HEADERS32, 0xf8);
+AssertCompileMemberOffset(IMAGE_NT_HEADERS32, FileHeader, 4);
+AssertCompileMemberOffset(IMAGE_NT_HEADERS32, OptionalHeader, 24);
+typedef IMAGE_NT_HEADERS32 *PIMAGE_NT_HEADERS32;
+typedef IMAGE_NT_HEADERS32 const *PCIMAGE_NT_HEADERS32;
+
+/**
+ * PE (NT) headers, 64-bit version.
+ */
+typedef struct _IMAGE_NT_HEADERS64
+{
+ uint32_t Signature; /**< 0x00 */
+ IMAGE_FILE_HEADER FileHeader; /**< 0x04 */
+ IMAGE_OPTIONAL_HEADER64 OptionalHeader; /**< 0x18 */
+} IMAGE_NT_HEADERS64; /**< 0x108 */
+AssertCompileSize(IMAGE_NT_HEADERS64, 0x108);
+AssertCompileMemberOffset(IMAGE_NT_HEADERS64, FileHeader, 4);
+AssertCompileMemberOffset(IMAGE_NT_HEADERS64, OptionalHeader, 24);
+typedef IMAGE_NT_HEADERS64 *PIMAGE_NT_HEADERS64;
+typedef IMAGE_NT_HEADERS64 const *PCIMAGE_NT_HEADERS64;
+
+/** The PE signature.
+ * Used by IMAGE_NT_HEADERS32::Signature, IMAGE_NT_HEADERS64::Signature. */
+#define IMAGE_NT_SIGNATURE UINT32_C(0x00004550)
+
+
+/** Section header short name length (IMAGE_SECTION_HEADER::Name). */
+#define IMAGE_SIZEOF_SHORT_NAME 0x8
+
+/**
+ * PE & COFF section header.
+ */
+typedef struct _IMAGE_SECTION_HEADER
+{
+ uint8_t Name[IMAGE_SIZEOF_SHORT_NAME];
+ union
+ {
+ uint32_t PhysicalAddress;
+ uint32_t VirtualSize;
+ } Misc;
+ uint32_t VirtualAddress;
+ uint32_t SizeOfRawData;
+ uint32_t PointerToRawData;
+ uint32_t PointerToRelocations;
+ uint32_t PointerToLinenumbers;
+ uint16_t NumberOfRelocations;
+ uint16_t NumberOfLinenumbers;
+ uint32_t Characteristics;
+} IMAGE_SECTION_HEADER;
+AssertCompileSize(IMAGE_SECTION_HEADER, 40);
+typedef IMAGE_SECTION_HEADER *PIMAGE_SECTION_HEADER;
+typedef IMAGE_SECTION_HEADER const *PCIMAGE_SECTION_HEADER;
+
+/** @name IMAGE_SCN_XXX - Section header characteristics.
+ * Used by IMAGE_SECTION_HEADER::Characteristics.
+ * @{ */
+#define IMAGE_SCN_TYPE_REG UINT32_C(0x00000000)
+#define IMAGE_SCN_TYPE_DSECT UINT32_C(0x00000001)
+#define IMAGE_SCN_TYPE_NOLOAD UINT32_C(0x00000002)
+#define IMAGE_SCN_TYPE_GROUP UINT32_C(0x00000004)
+#define IMAGE_SCN_TYPE_NO_PAD UINT32_C(0x00000008)
+#define IMAGE_SCN_TYPE_COPY UINT32_C(0x00000010)
+
+#define IMAGE_SCN_CNT_CODE UINT32_C(0x00000020)
+#define IMAGE_SCN_CNT_INITIALIZED_DATA UINT32_C(0x00000040)
+#define IMAGE_SCN_CNT_UNINITIALIZED_DATA UINT32_C(0x00000080)
+
+#define IMAGE_SCN_LNK_OTHER UINT32_C(0x00000100)
+#define IMAGE_SCN_LNK_INFO UINT32_C(0x00000200)
+#define IMAGE_SCN_TYPE_OVER UINT32_C(0x00000400)
+#define IMAGE_SCN_LNK_REMOVE UINT32_C(0x00000800)
+#define IMAGE_SCN_LNK_COMDAT UINT32_C(0x00001000)
+#define IMAGE_SCN_MEM_PROTECTED UINT32_C(0x00004000)
+#define IMAGE_SCN_NO_DEFER_SPEC_EXC UINT32_C(0x00004000)
+#define IMAGE_SCN_GPREL UINT32_C(0x00008000)
+#define IMAGE_SCN_MEM_FARDATA UINT32_C(0x00008000)
+#define IMAGE_SCN_MEM_SYSHEAP UINT32_C(0x00010000)
+#define IMAGE_SCN_MEM_PURGEABLE UINT32_C(0x00020000)
+#define IMAGE_SCN_MEM_16BIT UINT32_C(0x00020000)
+#define IMAGE_SCN_MEM_LOCKED UINT32_C(0x00040000)
+#define IMAGE_SCN_MEM_PRELOAD UINT32_C(0x00080000)
+
+#define IMAGE_SCN_ALIGN_1BYTES UINT32_C(0x00100000)
+#define IMAGE_SCN_ALIGN_2BYTES UINT32_C(0x00200000)
+#define IMAGE_SCN_ALIGN_4BYTES UINT32_C(0x00300000)
+#define IMAGE_SCN_ALIGN_8BYTES UINT32_C(0x00400000)
+#define IMAGE_SCN_ALIGN_16BYTES UINT32_C(0x00500000)
+#define IMAGE_SCN_ALIGN_32BYTES UINT32_C(0x00600000)
+#define IMAGE_SCN_ALIGN_64BYTES UINT32_C(0x00700000)
+#define IMAGE_SCN_ALIGN_128BYTES UINT32_C(0x00800000)
+#define IMAGE_SCN_ALIGN_256BYTES UINT32_C(0x00900000)
+#define IMAGE_SCN_ALIGN_512BYTES UINT32_C(0x00A00000)
+#define IMAGE_SCN_ALIGN_1024BYTES UINT32_C(0x00B00000)
+#define IMAGE_SCN_ALIGN_2048BYTES UINT32_C(0x00C00000)
+#define IMAGE_SCN_ALIGN_4096BYTES UINT32_C(0x00D00000)
+#define IMAGE_SCN_ALIGN_8192BYTES UINT32_C(0x00E00000)
+#define IMAGE_SCN_ALIGN_MASK UINT32_C(0x00F00000)
+#define IMAGE_SCN_ALIGN_SHIFT 20
+
+#define IMAGE_SCN_LNK_NRELOC_OVFL UINT32_C(0x01000000)
+#define IMAGE_SCN_MEM_DISCARDABLE UINT32_C(0x02000000)
+#define IMAGE_SCN_MEM_NOT_CACHED UINT32_C(0x04000000)
+#define IMAGE_SCN_MEM_NOT_PAGED UINT32_C(0x08000000)
+#define IMAGE_SCN_MEM_SHARED UINT32_C(0x10000000)
+#define IMAGE_SCN_MEM_EXECUTE UINT32_C(0x20000000)
+#define IMAGE_SCN_MEM_READ UINT32_C(0x40000000)
+#define IMAGE_SCN_MEM_WRITE UINT32_C(0x80000000)
+/** @} */
+
+
+/**
+ * PE image base relocations block header.
+ *
+ * This found in IMAGE_DIRECTORY_ENTRY_BASERELOC. Each entry is follow
+ * immediately by an array of 16-bit words, where the lower 12-bits are used
+ * for the page offset and the upper 4-bits for the base relocation type
+ * (IMAGE_REL_BASE_XXX). The block should be padded with
+ * IMAGE_REL_BASED_ABSOLUTE entries to ensure 32-bit alignment of this header.
+ */
+typedef struct _IMAGE_BASE_RELOCATION
+{
+ /** The RVA of the page/block the following ase relocations applies to. */
+ uint32_t VirtualAddress;
+ /** The size of this relocation block, including this header. */
+ uint32_t SizeOfBlock;
+} IMAGE_BASE_RELOCATION;
+AssertCompileSize(IMAGE_BASE_RELOCATION, 8);
+typedef IMAGE_BASE_RELOCATION *PIMAGE_BASE_RELOCATION;
+typedef IMAGE_BASE_RELOCATION const *PCIMAGE_BASE_RELOCATION;
+
+/** @name IMAGE_REL_BASED_XXX - PE base relocations.
+ * Found in the IMAGE_DIRECTORY_ENTRY_BASERELOC data directory.
+ * @{ */
+#define IMAGE_REL_BASED_ABSOLUTE UINT16_C(0x0)
+#define IMAGE_REL_BASED_HIGH UINT16_C(0x1)
+#define IMAGE_REL_BASED_LOW UINT16_C(0x2)
+#define IMAGE_REL_BASED_HIGHLOW UINT16_C(0x3)
+#define IMAGE_REL_BASED_HIGHADJ UINT16_C(0x4)
+#define IMAGE_REL_BASED_MIPS_JMPADDR UINT16_C(0x5)
+#define IMAGE_REL_BASED_MIPS_JMPADDR16 UINT16_C(0x9)
+#define IMAGE_REL_BASED_IA64_IMM64 UINT16_C(0x9)
+#define IMAGE_REL_BASED_DIR64 UINT16_C(0xa)
+#define IMAGE_REL_BASED_HIGH3ADJ UINT16_C(0xb)
+/** @} */
+
+/**
+ * PE export directory entry.
+ */
+typedef struct _IMAGE_EXPORT_DIRECTORY
+{
+ uint32_t Characteristics;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t Name;
+ uint32_t Base;
+ uint32_t NumberOfFunctions;
+ uint32_t NumberOfNames;
+ uint32_t AddressOfFunctions;
+ uint32_t AddressOfNames;
+ uint32_t AddressOfNameOrdinals;
+} IMAGE_EXPORT_DIRECTORY;
+AssertCompileSize(IMAGE_EXPORT_DIRECTORY, 40);
+typedef IMAGE_EXPORT_DIRECTORY *PIMAGE_EXPORT_DIRECTORY;
+typedef IMAGE_EXPORT_DIRECTORY const *PCIMAGE_EXPORT_DIRECTORY;
+
+
+/**
+ * PE import directory entry.
+ */
+typedef struct _IMAGE_IMPORT_DESCRIPTOR
+{
+ union
+ {
+ uint32_t Characteristics;
+ uint32_t OriginalFirstThunk;
+ } u;
+ uint32_t TimeDateStamp;
+ uint32_t ForwarderChain;
+ uint32_t Name;
+ uint32_t FirstThunk;
+} IMAGE_IMPORT_DESCRIPTOR;
+AssertCompileSize(IMAGE_IMPORT_DESCRIPTOR, 20);
+typedef IMAGE_IMPORT_DESCRIPTOR *PIMAGE_IMPORT_DESCRIPTOR;
+typedef IMAGE_IMPORT_DESCRIPTOR const *PCIMAGE_IMPORT_DESCRIPTOR;
+
+/**
+ * Something we currently don't make use of...
+ */
+typedef struct _IMAGE_IMPORT_BY_NAME
+{
+ uint16_t Hint;
+ uint8_t Name[1];
+} IMAGE_IMPORT_BY_NAME;
+AssertCompileSize(IMAGE_IMPORT_BY_NAME, 4);
+typedef IMAGE_IMPORT_BY_NAME *PIMAGE_IMPORT_BY_NAME;
+typedef IMAGE_IMPORT_BY_NAME const *PCIMAGE_IMPORT_BY_NAME;
+
+
+#if 0
+/* The image_thunk_data32/64 structures are not very helpful except for getting RSI.
+ keep them around till all the code has been converted. */
+typedef struct _IMAGE_THUNK_DATA64
+{
+ union
+ {
+ uint64_t ForwarderString;
+ uint64_t Function;
+ uint64_t Ordinal;
+ uint64_t AddressOfData;
+ } u1;
+} IMAGE_THUNK_DATA64;
+typedef IMAGE_THUNK_DATA64 *PIMAGE_THUNK_DATA64;
+typedef IMAGE_THUNK_DATA64 const *PCIMAGE_THUNK_DATA64;
+
+typedef struct _IMAGE_THUNK_DATA32
+{
+ union
+ {
+ uint32_t ForwarderString;
+ uint32_t Function;
+ uint32_t Ordinal;
+ uint32_t AddressOfData;
+ } u1;
+} IMAGE_THUNK_DATA32;
+typedef IMAGE_THUNK_DATA32 *PIMAGE_THUNK_DATA32;
+typedef IMAGE_THUNK_DATA32 const *PCIMAGE_THUNK_DATA32;
+#endif
+
+/** @name PE import directory macros.
+ * @{ */
+#define IMAGE_ORDINAL_FLAG32 UINT32_C(0x80000000)
+#define IMAGE_ORDINAL32(ord) ((ord) & UINT32_C(0xffff))
+#define IMAGE_SNAP_BY_ORDINAL32(ord) (!!((ord) & IMAGE_ORDINAL_FLAG32))
+
+#define IMAGE_ORDINAL_FLAG64 UINT64_C(0x8000000000000000)
+#define IMAGE_ORDINAL64(ord) ((ord) & UINT32_C(0xffff))
+#define IMAGE_SNAP_BY_ORDINAL64(ord) (!!((ord) & IMAGE_ORDINAL_FLAG64))
+/** @} */
+
+/** @name PE Resource directory
+ * @{ */
+typedef struct _IMAGE_RESOURCE_DIRECTORY
+{
+ uint32_t Characteristics;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint16_t NumberOfNamedEntries;
+ uint16_t NumberOfIdEntries;
+} IMAGE_RESOURCE_DIRECTORY;
+typedef IMAGE_RESOURCE_DIRECTORY *PIMAGE_RESOURCE_DIRECTORY;
+typedef IMAGE_RESOURCE_DIRECTORY const *PCIMAGE_RESOURCE_DIRECTORY;
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY
+{
+ union
+ {
+ struct
+ {
+ uint32_t NameOffset : 31;
+ uint32_t NameIsString : 1; /**< IMAGE_RESOURCE_NAME_IS_STRING */
+ } s;
+ uint32_t Name;
+ uint16_t Id;
+ } u;
+ union
+ {
+ struct
+ {
+ uint32_t OffsetToDirectory : 31;
+ uint32_t DataIsDirectory : 1; /**< IMAGE_RESOURCE_DATA_IS_DIRECTORY*/
+ } s2;
+ uint32_t OffsetToData;
+ } u2;
+} IMAGE_RESOURCE_DIRECTORY_ENTRY;
+typedef IMAGE_RESOURCE_DIRECTORY_ENTRY *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
+typedef IMAGE_RESOURCE_DIRECTORY_ENTRY const *PCIMAGE_RESOURCE_DIRECTORY_ENTRY;
+
+#define IMAGE_RESOURCE_NAME_IS_STRING UINT32_C(0x80000000)
+#define IMAGE_RESOURCE_DATA_IS_DIRECTORY UINT32_C(0x80000000)
+
+typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING
+{
+ uint16_t Length;
+ char NameString[1];
+} IMAGE_RESOURCE_DIRECTORY_STRING;
+typedef IMAGE_RESOURCE_DIRECTORY_STRING *PIMAGE_RESOURCE_DIRECTORY_STRING;
+typedef IMAGE_RESOURCE_DIRECTORY_STRING const *PCIMAGE_RESOURCE_DIRECTORY_STRING;
+
+
+typedef struct _IMAGE_RESOURCE_DIR_STRING_U
+{
+ uint16_t Length;
+ RTUTF16 NameString[1];
+} IMAGE_RESOURCE_DIR_STRING_U;
+typedef IMAGE_RESOURCE_DIR_STRING_U *PIMAGE_RESOURCE_DIR_STRING_U;
+typedef IMAGE_RESOURCE_DIR_STRING_U const *PCIMAGE_RESOURCE_DIR_STRING_U;
+
+
+typedef struct _IMAGE_RESOURCE_DATA_ENTRY
+{
+ uint32_t OffsetToData;
+ uint32_t Size;
+ uint32_t CodePage;
+ uint32_t Reserved;
+} IMAGE_RESOURCE_DATA_ENTRY;
+typedef IMAGE_RESOURCE_DATA_ENTRY *PIMAGE_RESOURCE_DATA_ENTRY;
+typedef IMAGE_RESOURCE_DATA_ENTRY const *PCIMAGE_RESOURCE_DATA_ENTRY;
+
+/** @} */
+
+/** @name Image exception information
+ * @{ */
+
+/** This structure is used by AMD64 and "Itanic".
+ * MIPS uses a different one. ARM, SH3, SH4 and PPC on WinCE also uses a different one. */
+typedef struct _IMAGE_RUNTIME_FUNCTION_ENTRY
+{
+ uint32_t BeginAddress;
+ uint32_t EndAddress;
+ uint32_t UnwindInfoAddress;
+} IMAGE_RUNTIME_FUNCTION_ENTRY;
+AssertCompileSize(IMAGE_RUNTIME_FUNCTION_ENTRY, 12);
+typedef IMAGE_RUNTIME_FUNCTION_ENTRY *PIMAGE_RUNTIME_FUNCTION_ENTRY;
+typedef IMAGE_RUNTIME_FUNCTION_ENTRY const *PCIMAGE_RUNTIME_FUNCTION_ENTRY;
+
+/**
+ * An unwind code for AMD64 and ARM64.
+ *
+ * @note Also known as UNWIND_CODE or _UNWIND_CODE.
+ */
+typedef union IMAGE_UNWIND_CODE
+{
+ struct
+ {
+ /** The prolog offset where the change takes effect.
+ * This means the instruction following the one being described. */
+ uint8_t CodeOffset;
+ /** Unwind opcode.
+ * For AMD64 see IMAGE_AMD64_UNWIND_OP_CODES. */
+ RT_GCC_EXTENSION uint8_t UnwindOp : 4;
+ /** Opcode specific. */
+ RT_GCC_EXTENSION uint8_t OpInfo : 4;
+ } u;
+ uint16_t FrameOffset;
+} IMAGE_UNWIND_CODE;
+AssertCompileSize(IMAGE_UNWIND_CODE, 2);
+
+/**
+ * Unwind information for AMD64 and ARM64.
+ *
+ * Pointed to by IMAGE_RUNTIME_FUNCTION_ENTRY::UnwindInfoAddress,
+ *
+ * @note Also known as UNWIND_INFO or _UNWIND_INFO.
+ */
+typedef struct IMAGE_UNWIND_INFO
+{
+ /** Version, currently 1 or 2. The latter if IMAGE_AMD64_UWOP_EPILOG is used. */
+ RT_GCC_EXTENSION uint8_t Version : 3;
+ /** IMAGE_UNW_FLAG_XXX */
+ RT_GCC_EXTENSION uint8_t Flags : 5;
+ /** Size of function prolog. */
+ uint8_t SizeOfProlog;
+ /** Number of opcodes in aOpcodes. */
+ uint8_t CountOfCodes;
+ /** Initial frame register. */
+ RT_GCC_EXTENSION uint8_t FrameRegister : 4;
+ /** Scaled frame register offset. */
+ RT_GCC_EXTENSION uint8_t FrameOffset : 4;
+ /** Unwind opcodes. */
+ RT_FLEXIBLE_ARRAY_EXTENSION
+ IMAGE_UNWIND_CODE aOpcodes[RT_FLEXIBLE_ARRAY];
+} IMAGE_UNWIND_INFO;
+AssertCompileMemberOffset(IMAGE_UNWIND_INFO, aOpcodes, 4);
+typedef IMAGE_UNWIND_INFO *PIMAGE_UNWIND_INFO;
+typedef IMAGE_UNWIND_INFO const *PCIMAGE_UNWIND_INFO;
+
+/** IMAGE_UNW_FLAGS_XXX - IMAGE_UNWIND_INFO::Flags.
+ * @{ */
+/** No handler.
+ * @note Aslo know as UNW_FLAG_NHANDLER. */
+#define IMAGE_UNW_FLAGS_NHANDLER 0
+/** Have exception handler (RVA after codes, dword aligned.)
+ * @note Aslo know as UNW_FLAG_NHANDLER. */
+#define IMAGE_UNW_FLAGS_EHANDLER 1
+/** Have unwind handler (RVA after codes, dword aligned.)
+ * @note Aslo know as UNW_FLAG_NHANDLER. */
+#define IMAGE_UNW_FLAGS_UHANDLER 2
+/** Set if not primary unwind info for a function. An
+ * IMAGE_RUNTIME_FUNCTION_ENTRY giving the chained unwind info follows the
+ * aOpcodes array at a dword aligned offset. */
+#define IMAGE_UNW_FLAGS_CHAININFO 4
+/** @} */
+
+/**
+ * AMD64 unwind opcodes.
+ */
+typedef enum IMAGE_AMD64_UNWIND_OP_CODES
+{
+ /** Push non-volatile register (OpInfo).
+ * YASM: [pushreg reg]
+ * MASM: .PUSHREG reg */
+ IMAGE_AMD64_UWOP_PUSH_NONVOL = 0,
+ /** Stack allocation: Size stored in scaled in the next slot if OpInfo == 0,
+ * otherwise stored unscaled in the next two slots.
+ * YASM: [allocstack size]
+ * MASM: .ALLOCSTACK size */
+ IMAGE_AMD64_UWOP_ALLOC_LARGE,
+ /** Stack allocation: OpInfo = size / 8 - 1.
+ * YASM: [allocstack size]
+ * MASM: .ALLOCSTACK size */
+ IMAGE_AMD64_UWOP_ALLOC_SMALL,
+ /** Set frame pointer register: RSP + FrameOffset * 16.
+ * YASM: [setframe reg, offset]
+ * MASM: .SETFRAME reg, offset
+ * @code
+ * LEA RBP, [RSP + 20h]
+ * [setframe RBP, 20h]
+ * @endcode */
+ IMAGE_AMD64_UWOP_SET_FPREG,
+ /** Save non-volatile register (OpInfo) on stack (RSP/FP + next slot).
+ * YASM: [savereg reg, offset]
+ * MASM: .SAVEREG reg, offset */
+ IMAGE_AMD64_UWOP_SAVE_NONVOL,
+ /** Save non-volatile register (OpInfo) on stack (RSP/FP + next two slots).
+ * YASM: [savereg reg, offset]
+ * MASM: .SAVEREG reg, offset */
+ IMAGE_AMD64_UWOP_SAVE_NONVOL_FAR,
+ /** Epilog info, version 2+.
+ *
+ * The first time this opcode is used, the CodeOffset gives the size of the
+ * epilog and bit 0 of the OpInfo field indicates that there is only one
+ * epilog at the very end of the function.
+ *
+ * Subsequent uses of this opcode specifies epilog start offsets relative to
+ * the end of the function, using CodeOffset for the 8 lower bits and OpInfo
+ * for bits 8 thru 11.
+ *
+ * The compiler seems to stack allocations and register saving opcodes and
+ * indicates the location mirroring the first IMAGE_AMD64_UWOP_PUSH_NONVOL. */
+ IMAGE_AMD64_UWOP_EPILOG,
+ /** Undefined. */
+ IMAGE_AMD64_UWOP_RESERVED_7,
+ /** Save 128-bit XMM register (OpInfo) on stack (RSP/FP + next slot).
+ * YASM: [savexmm128 reg, offset]
+ * MASM: .SAVEXMM128 reg, offset */
+ IMAGE_AMD64_UWOP_SAVE_XMM128,
+ /** Save 128-bit XMM register (OpInfo) on stack (RSP/FP + next two slots).
+ * YASM: [savexmm128 reg, offset]
+ * MASM: .SAVEXMM128 reg, offset */
+ IMAGE_AMD64_UWOP_SAVE_XMM128_FAR,
+ /** IRET frame, OpInfo serves as error code indicator.
+ * YASM: [pushframe with-code]
+ * MASM: .pushframe with-code */
+ IMAGE_AMD64_UWOP_PUSH_MACHFRAME
+} IMAGE_AMD64_UNWIND_OP_CODES;
+/** @} */
+
+
+
+/** @name Image load config directories
+ * @{ */
+
+/** @since Windows 10 (preview 9879) */
+typedef struct _IMAGE_LOAD_CONFIG_CODE_INTEGRITY
+{
+ uint16_t Flags;
+ uint16_t Catalog;
+ uint32_t CatalogOffset;
+ uint32_t Reserved;
+} IMAGE_LOAD_CONFIG_CODE_INTEGRITY;
+AssertCompileSize(IMAGE_LOAD_CONFIG_CODE_INTEGRITY, 12);
+typedef IMAGE_LOAD_CONFIG_CODE_INTEGRITY *PIMAGE_LOAD_CONFIG_CODE_INTEGRITY;
+typedef IMAGE_LOAD_CONFIG_CODE_INTEGRITY const *PCIMAGE_LOAD_CONFIG_CODE_INTEGRITY;
+
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V1
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint32_t DeCommitFreeBlockThreshold;
+ uint32_t DeCommitTotalFreeThreshold;
+ uint32_t LockPrefixTable;
+ uint32_t MaximumAllocationSize;
+ uint32_t VirtualMemoryThreshold;
+ uint32_t ProcessHeapFlags;
+ uint32_t ProcessAffinityMask;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint32_t EditList;
+ uint32_t SecurityCookie;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V1;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V1, 0x40);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V1 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V1;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V1 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V1;
+
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V2
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint32_t DeCommitFreeBlockThreshold;
+ uint32_t DeCommitTotalFreeThreshold;
+ uint32_t LockPrefixTable;
+ uint32_t MaximumAllocationSize;
+ uint32_t VirtualMemoryThreshold;
+ uint32_t ProcessHeapFlags;
+ uint32_t ProcessAffinityMask;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint32_t EditList;
+ uint32_t SecurityCookie;
+ uint32_t SEHandlerTable;
+ uint32_t SEHandlerCount;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V2;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V2, 0x48);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V2 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V2;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V2 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V2;
+
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V3
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint32_t DeCommitFreeBlockThreshold;
+ uint32_t DeCommitTotalFreeThreshold;
+ uint32_t LockPrefixTable;
+ uint32_t MaximumAllocationSize;
+ uint32_t VirtualMemoryThreshold;
+ uint32_t ProcessHeapFlags;
+ uint32_t ProcessAffinityMask;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint32_t EditList;
+ uint32_t SecurityCookie;
+ uint32_t SEHandlerTable;
+ uint32_t SEHandlerCount;
+ uint32_t GuardCFCCheckFunctionPointer;
+ uint32_t GuardCFDispatchFunctionPointer;
+ uint32_t GuardCFFunctionTable;
+ uint32_t GuardCFFunctionCount;
+ uint32_t GuardFlags;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V3;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V3, 0x5c);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V3;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V3 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V3;
+
+/** @since Windows 10 (preview 9879) */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V4
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint32_t DeCommitFreeBlockThreshold;
+ uint32_t DeCommitTotalFreeThreshold;
+ uint32_t LockPrefixTable;
+ uint32_t MaximumAllocationSize;
+ uint32_t VirtualMemoryThreshold;
+ uint32_t ProcessHeapFlags;
+ uint32_t ProcessAffinityMask;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint32_t EditList;
+ uint32_t SecurityCookie;
+ uint32_t SEHandlerTable;
+ uint32_t SEHandlerCount;
+ uint32_t GuardCFCCheckFunctionPointer;
+ uint32_t GuardCFDispatchFunctionPointer;
+ uint32_t GuardCFFunctionTable;
+ uint32_t GuardCFFunctionCount;
+ uint32_t GuardFlags;
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V4;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V4, 0x68);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V4 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V4;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V4 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V4;
+
+/** @since Windows 10 build 14286 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V5
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint32_t DeCommitFreeBlockThreshold;
+ uint32_t DeCommitTotalFreeThreshold;
+ uint32_t LockPrefixTable;
+ uint32_t MaximumAllocationSize;
+ uint32_t VirtualMemoryThreshold;
+ uint32_t ProcessHeapFlags;
+ uint32_t ProcessAffinityMask;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint32_t EditList;
+ uint32_t SecurityCookie;
+ uint32_t SEHandlerTable;
+ uint32_t SEHandlerCount;
+ uint32_t GuardCFCCheckFunctionPointer;
+ uint32_t GuardCFDispatchFunctionPointer;
+ uint32_t GuardCFFunctionTable;
+ uint32_t GuardCFFunctionCount;
+ uint32_t GuardFlags;
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity;
+ uint32_t GuardAddressTakenIatEntryTable;
+ uint32_t GuardAddressTakenIatEntryCount;
+ uint32_t GuardLongJumpTargetTable;
+ uint32_t GuardLongJumpTargetCount;
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V5;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V5, 0x78);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V5 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V5;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V5 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V5;
+
+/** @since Windows 10 build 14383 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V6
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t HybridMetadataPointer; /**< 0x7c */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V6;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V6, 0x80);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V6 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V6;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V6 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V6;
+
+/** @since Windows 10 build 14901 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V7
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
+ uint32_t GuardRFFailureRoutine; /**< 0x80 */
+ uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
+ uint16_t DynamicValueRelocTableSection; /**< 0x8c */
+ uint16_t Reserved2; /**< 0x8e */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V7;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V7, 0x90);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V7 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V7;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V7 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V7;
+
+/** @since Windows 10 build 15002 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V8
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
+ uint32_t GuardRFFailureRoutine; /**< 0x80 */
+ uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
+ uint16_t DynamicValueRelocTableSection; /**< 0x8c */
+ uint16_t Reserved2; /**< 0x8e */
+ uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
+ uint32_t HotPatchTableOffset; /**< 0x94 */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V8;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V8, 0x98);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V8 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V8;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V8 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V8;
+
+/** @since Windows 10 build 16237 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V9
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
+ uint32_t GuardRFFailureRoutine; /**< 0x80 */
+ uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
+ uint16_t DynamicValueRelocTableSection; /**< 0x8c */
+ uint16_t Reserved2; /**< 0x8e */
+ uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
+ uint32_t HotPatchTableOffset; /**< 0x94 */
+ uint32_t Reserved3; /**< 0x98 */
+ uint32_t EnclaveConfigurationPointer; /**< 0x9c */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V9;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V9, 0xa0);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V9 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V9;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V9 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V9;
+
+/** @since Windows 10 build 18362 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V10
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
+ uint32_t GuardRFFailureRoutine; /**< 0x80 */
+ uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
+ uint16_t DynamicValueRelocTableSection; /**< 0x8c */
+ uint16_t Reserved2; /**< 0x8e */
+ uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
+ uint32_t HotPatchTableOffset; /**< 0x94 */
+ uint32_t Reserved3; /**< 0x98 */
+ uint32_t EnclaveConfigurationPointer; /**< 0x9c */
+ uint32_t VolatileMetadataPointer; /**< 0xa0 */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V10;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V10, 0xa4);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V10 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V10;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V10 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V10;
+
+/** @since Windows 10 build 19564 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V11
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
+ uint32_t GuardRFFailureRoutine; /**< 0x80 */
+ uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
+ uint16_t DynamicValueRelocTableSection; /**< 0x8c */
+ uint16_t Reserved2; /**< 0x8e */
+ uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
+ uint32_t HotPatchTableOffset; /**< 0x94 */
+ uint32_t Reserved3; /**< 0x98 */
+ uint32_t EnclaveConfigurationPointer; /**< 0x9c - virtual address */
+ uint32_t VolatileMetadataPointer; /**< 0xa0 */
+ uint32_t GuardEHContinuationTable; /**< 0xa4 - virtual address */
+ uint32_t GuardEHContinuationCount; /**< 0xa8 */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V11;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V11, 0xac);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V11 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V11;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V11 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V11;
+
+/** @since Visual C++ 2019 / RS5_IMAGE_LOAD_CONFIG_DIRECTORY32. */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY32_V12
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint32_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint32_t DeCommitTotalFreeThreshold; /**< 0x1c */
+ uint32_t LockPrefixTable; /**< 0x20 */
+ uint32_t MaximumAllocationSize; /**< 0x24 */
+ uint32_t VirtualMemoryThreshold; /**< 0x28 */
+ uint32_t ProcessHeapFlags; /**< 0x2c */
+ uint32_t ProcessAffinityMask; /**< 0x30 */
+ uint16_t CSDVersion; /**< 0x34 */
+ uint16_t DependentLoadFlags; /**< 0x36 */
+ uint32_t EditList; /**< 0x38 */
+ uint32_t SecurityCookie; /**< 0x3c */
+ uint32_t SEHandlerTable; /**< 0x40 */
+ uint32_t SEHandlerCount; /**< 0x44 */
+ uint32_t GuardCFCCheckFunctionPointer; /**< 0x48 */
+ uint32_t GuardCFDispatchFunctionPointer; /**< 0x4c */
+ uint32_t GuardCFFunctionTable; /**< 0x50 */
+ uint32_t GuardCFFunctionCount; /**< 0x54 */
+ uint32_t GuardFlags; /**< 0x58 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x5c */
+ uint32_t GuardAddressTakenIatEntryTable; /**< 0x68 */
+ uint32_t GuardAddressTakenIatEntryCount; /**< 0x6c */
+ uint32_t GuardLongJumpTargetTable; /**< 0x70 */
+ uint32_t GuardLongJumpTargetCount; /**< 0x74 */
+ uint32_t DynamicValueRelocTable; /**< 0x78 */
+ uint32_t CHPEMetadataPointer; /**< 0x7c Not sure when this was renamed from HybridMetadataPointer. */
+ uint32_t GuardRFFailureRoutine; /**< 0x80 */
+ uint32_t GuardRFFailureRoutineFunctionPointer; /**< 0x84 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0x88 */
+ uint16_t DynamicValueRelocTableSection; /**< 0x8c */
+ uint16_t Reserved2; /**< 0x8e */
+ uint32_t GuardRFVerifyStackPointerFunctionPointer; /**< 0x90 */
+ uint32_t HotPatchTableOffset; /**< 0x94 */
+ uint32_t Reserved3; /**< 0x98 */
+ uint32_t EnclaveConfigurationPointer; /**< 0x9c - virtual address */
+ uint32_t VolatileMetadataPointer; /**< 0xa0 */
+ uint32_t GuardEHContinuationTable; /**< 0xa4 - virtual address */
+ uint32_t GuardEHContinuationCount; /**< 0xa8 */
+ uint32_t GuardXFGCheckFunctionPointer; /**< 0xac */
+ uint32_t GuardXFGDispatchFunctionPointer; /**< 0xb0 */
+ uint32_t GuardXFGTableDispatchFunctionPointer; /**< 0xb4 */
+} IMAGE_LOAD_CONFIG_DIRECTORY32_V12;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY32_V12, 0xb8);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V12 *PIMAGE_LOAD_CONFIG_DIRECTORY32_V12;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V12 const *PCIMAGE_LOAD_CONFIG_DIRECTORY32_V12;
+
+typedef IMAGE_LOAD_CONFIG_DIRECTORY32_V12 IMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef PIMAGE_LOAD_CONFIG_DIRECTORY32_V12 PIMAGE_LOAD_CONFIG_DIRECTORY32;
+typedef PCIMAGE_LOAD_CONFIG_DIRECTORY32_V12 PCIMAGE_LOAD_CONFIG_DIRECTORY32;
+
+
+/* No _IMAGE_LOAD_CONFIG_DIRECTORY64_V1 exists. */
+
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V2
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint64_t DeCommitFreeBlockThreshold;
+ uint64_t DeCommitTotalFreeThreshold;
+ uint64_t LockPrefixTable;
+ uint64_t MaximumAllocationSize;
+ uint64_t VirtualMemoryThreshold;
+ uint64_t ProcessAffinityMask;
+ uint32_t ProcessHeapFlags;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint64_t EditList;
+ uint64_t SecurityCookie;
+ uint64_t SEHandlerTable;
+ uint64_t SEHandlerCount;
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V2;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V2, 0x70);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V2 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V2;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V2 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V2;
+
+#pragma pack(4) /* Why not 8 byte alignment, baka microsofties?!? */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V3
+{
+ uint32_t Size;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t GlobalFlagsClear;
+ uint32_t GlobalFlagsSet;
+ uint32_t CriticalSectionDefaultTimeout;
+ uint64_t DeCommitFreeBlockThreshold;
+ uint64_t DeCommitTotalFreeThreshold;
+ uint64_t LockPrefixTable;
+ uint64_t MaximumAllocationSize;
+ uint64_t VirtualMemoryThreshold;
+ uint64_t ProcessAffinityMask;
+ uint32_t ProcessHeapFlags;
+ uint16_t CSDVersion;
+ uint16_t DependentLoadFlags;
+ uint64_t EditList;
+ uint64_t SecurityCookie;
+ uint64_t SEHandlerTable;
+ uint64_t SEHandlerCount;
+ uint64_t GuardCFCCheckFunctionPointer;
+ uint64_t GuardCFDispatchFunctionPointer;
+ uint64_t GuardCFFunctionTable;
+ uint64_t GuardCFFunctionCount;
+ uint32_t GuardFlags;
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V3;
+#pragma pack()
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V3, 0x94);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V3;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V3 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V3;
+
+/** @since Windows 10 (Preview (9879). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V4
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V4;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V4, 0xa0);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V4 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V4;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V4 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V4;
+
+/** @since Windows 10 build 14286 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V5
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V5;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V5, 0xc0);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V5 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V5;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V5 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V5;
+
+/** @since Windows 10 build 14393 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V6
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t HybridMetadataPointer; /**< 0xc8 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V6;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V6, 0xd0);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V6 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V6;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V6 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V6;
+
+/** @since Windows 10 build 14901 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V7
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t CHPEMetadataPointer; /**< 0xc8 Not sure when this was renamed from HybridMetadataPointer. */
+ uint64_t GuardRFFailureRoutine; /**< 0xd0 */
+ uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
+ uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
+ uint16_t Reserved2; /**< 0xe6 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V7;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V7, 0xe8);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V7 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V7;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V7 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V7;
+
+/** @since Windows 10 build 15002 (or maybe earlier). */
+#pragma pack(4) /* Stupid, stupid microsofties! */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V8
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t CHPEMetadataPointer; /**< 0xc8 */
+ uint64_t GuardRFFailureRoutine; /**< 0xd0 */
+ uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
+ uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
+ uint16_t Reserved2; /**< 0xe6 */
+ uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
+ uint32_t HotPatchTableOffset; /**< 0xf0 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V8;
+#pragma pack()
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V8, 0xf4);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V8 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V8;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V8 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V8;
+
+/** @since Windows 10 build 15002 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V9
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t CHPEMetadataPointer; /**< 0xc8 */
+ uint64_t GuardRFFailureRoutine; /**< 0xd0 */
+ uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
+ uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
+ uint16_t Reserved2; /**< 0xe6 */
+ uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
+ uint32_t HotPatchTableOffset; /**< 0xf0 */
+ uint32_t Reserved3; /**< 0xf4 */
+ uint64_t EnclaveConfigurationPointer; /**< 0xf8 - seen in bcrypt and bcryptprimitives pointing to the string "L". */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V9;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V9, 0x100);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V9 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V9;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V9 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V9;
+
+/** @since Windows 10 build 18362 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V10
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t CHPEMetadataPointer; /**< 0xc8 */
+ uint64_t GuardRFFailureRoutine; /**< 0xd0 */
+ uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
+ uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
+ uint16_t Reserved2; /**< 0xe6 */
+ uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
+ uint32_t HotPatchTableOffset; /**< 0xf0 */
+ uint32_t Reserved3; /**< 0xf4 */
+ uint64_t EnclaveConfigurationPointer; /**< 0xf8 - seen in bcrypt and bcryptprimitives pointing to the string "L". */
+ uint64_t VolatileMetadataPointer; /**< 0x100 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V10;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V10, 0x108);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V10 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V10;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V10 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V10;
+
+/** @since Windows 10 build 19534 (or maybe earlier). */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V11
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t CHPEMetadataPointer; /**< 0xc8 */
+ uint64_t GuardRFFailureRoutine; /**< 0xd0 */
+ uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
+ uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
+ uint16_t Reserved2; /**< 0xe6 */
+ uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
+ uint32_t HotPatchTableOffset; /**< 0xf0 */
+ uint32_t Reserved3; /**< 0xf4 */
+ uint64_t EnclaveConfigurationPointer; /**< 0xf8 - seen in bcrypt and bcryptprimitives pointing to the string "L". */
+ uint64_t VolatileMetadataPointer; /**< 0x100 */
+ uint64_t GuardEHContinuationTable; /**< 0x108 - virtual address */
+ uint64_t GuardEHContinuationCount; /**< 0x110 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V11;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V11, 0x118);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V11 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V11;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V11 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V11;
+
+/** @since Visual C++ 2019 / RS5_IMAGE_LOAD_CONFIG_DIRECTORY64. */
+typedef struct _IMAGE_LOAD_CONFIG_DIRECTORY64_V12
+{
+ uint32_t Size; /**< 0x00 */
+ uint32_t TimeDateStamp; /**< 0x04 */
+ uint16_t MajorVersion; /**< 0x08 */
+ uint16_t MinorVersion; /**< 0x0a */
+ uint32_t GlobalFlagsClear; /**< 0x0c */
+ uint32_t GlobalFlagsSet; /**< 0x10 */
+ uint32_t CriticalSectionDefaultTimeout; /**< 0x14 */
+ uint64_t DeCommitFreeBlockThreshold; /**< 0x18 */
+ uint64_t DeCommitTotalFreeThreshold; /**< 0x20 */
+ uint64_t LockPrefixTable; /**< 0x28 */
+ uint64_t MaximumAllocationSize; /**< 0x30 */
+ uint64_t VirtualMemoryThreshold; /**< 0x38 */
+ uint64_t ProcessAffinityMask; /**< 0x40 */
+ uint32_t ProcessHeapFlags; /**< 0x48 */
+ uint16_t CSDVersion; /**< 0x4c */
+ uint16_t DependentLoadFlags; /**< 0x4e */
+ uint64_t EditList; /**< 0x50 */
+ uint64_t SecurityCookie; /**< 0x58 */
+ uint64_t SEHandlerTable; /**< 0x60 */
+ uint64_t SEHandlerCount; /**< 0x68 */
+ uint64_t GuardCFCCheckFunctionPointer; /**< 0x70 */
+ uint64_t GuardCFDispatchFunctionPointer; /**< 0x78 */
+ uint64_t GuardCFFunctionTable; /**< 0x80 */
+ uint64_t GuardCFFunctionCount; /**< 0x88 */
+ uint32_t GuardFlags; /**< 0x90 */
+ IMAGE_LOAD_CONFIG_CODE_INTEGRITY CodeIntegrity; /**< 0x94 */
+ uint64_t GuardAddressTakenIatEntryTable; /**< 0xa0 */
+ uint64_t GuardAddressTakenIatEntryCount; /**< 0xa8 */
+ uint64_t GuardLongJumpTargetTable; /**< 0xb0 */
+ uint64_t GuardLongJumpTargetCount; /**< 0xb8 */
+ uint64_t DynamicValueRelocTable; /**< 0xc0 */
+ uint64_t CHPEMetadataPointer; /**< 0xc8 */
+ uint64_t GuardRFFailureRoutine; /**< 0xd0 */
+ uint64_t GuardRFFailureRoutineFunctionPointer; /**< 0xd8 */
+ uint32_t DynamicValueRelocTableOffset; /**< 0xe0 */
+ uint16_t DynamicValueRelocTableSection; /**< 0xe4 */
+ uint16_t Reserved2; /**< 0xe6 */
+ uint64_t GuardRFVerifyStackPointerFunctionPointer; /**< 0xe8 */
+ uint32_t HotPatchTableOffset; /**< 0xf0 */
+ uint32_t Reserved3; /**< 0xf4 */
+ uint64_t EnclaveConfigurationPointer; /**< 0xf8 - seen in bcrypt and bcryptprimitives pointing to the string "L". */
+ uint64_t VolatileMetadataPointer; /**< 0x100 */
+ uint64_t GuardEHContinuationTable; /**< 0x108 - virtual address */
+ uint64_t GuardEHContinuationCount; /**< 0x110 */
+ uint64_t GuardXFGCheckFunctionPointer; /**< 0x118 */
+ uint64_t GuardXFGDispatchFunctionPointer; /**< 0x120 */
+ uint64_t GuardXFGTableDispatchFunctionPointer; /**< 0x128 */
+} IMAGE_LOAD_CONFIG_DIRECTORY64_V12;
+AssertCompileSize(IMAGE_LOAD_CONFIG_DIRECTORY64_V12, 0x130);
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V12 *PIMAGE_LOAD_CONFIG_DIRECTORY64_V12;
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V12 const *PCIMAGE_LOAD_CONFIG_DIRECTORY64_V12;
+
+typedef IMAGE_LOAD_CONFIG_DIRECTORY64_V12 IMAGE_LOAD_CONFIG_DIRECTORY64;
+typedef PIMAGE_LOAD_CONFIG_DIRECTORY64_V12 PIMAGE_LOAD_CONFIG_DIRECTORY64;
+typedef PCIMAGE_LOAD_CONFIG_DIRECTORY64_V12 PCIMAGE_LOAD_CONFIG_DIRECTORY64;
+
+/** @} */
+
+
+/**
+ * PE certificate directory.
+ *
+ * Found in IMAGE_DIRECTORY_ENTRY_SECURITY.
+ */
+typedef struct WIN_CERTIFICATE
+{
+ uint32_t dwLength;
+ uint16_t wRevision;
+ uint16_t wCertificateType;
+ uint8_t bCertificate[8];
+} WIN_CERTIFICATE;
+AssertCompileSize(WIN_CERTIFICATE, 16);
+typedef WIN_CERTIFICATE *PWIN_CERTIFICATE;
+typedef WIN_CERTIFICATE const *PCWIN_CERTIFICATE;
+
+/** @name WIN_CERT_REVISION_XXX - Certificate data directory revision.
+ * Used WIN_CERTIFICATE::wRevision found in the IMAGE_DIRECTORY_ENTRY_SECURITY
+ * data directory.
+ * @{ */
+#define WIN_CERT_REVISION_1_0 UINT16_C(0x0100)
+#define WIN_CERT_REVISION_2_0 UINT16_C(0x0200)
+/** @} */
+
+/** @name WIN_CERT_TYPE_XXX - Signature type.
+ * Used by WIN_CERTIFICATE::wCertificateType.
+ * @{ */
+#define WIN_CERT_TYPE_X509 UINT16_C(1)
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA UINT16_C(2)
+#define WIN_CERT_TYPE_RESERVED_1 UINT16_C(3)
+#define WIN_CERT_TYPE_TS_STACK_SIGNED UINT16_C(4)
+#define WIN_CERT_TYPE_EFI_PKCS115 UINT16_C(0x0ef0)
+#define WIN_CERT_TYPE_EFI_GUID UINT16_C(0x0ef1)
+/** @} */
+
+/** The alignment of the certificate table.
+ * @remarks Found thru signtool experiments. */
+#define WIN_CERTIFICATE_ALIGNMENT UINT32_C(8)
+
+
+/**
+ * Debug directory.
+ *
+ * Found in IMAGE_DIRECTORY_ENTRY_DEBUG.
+ */
+typedef struct _IMAGE_DEBUG_DIRECTORY
+{
+ uint32_t Characteristics;
+ uint32_t TimeDateStamp;
+ uint16_t MajorVersion;
+ uint16_t MinorVersion;
+ uint32_t Type;
+ uint32_t SizeOfData;
+ uint32_t AddressOfRawData;
+ uint32_t PointerToRawData;
+} IMAGE_DEBUG_DIRECTORY;
+AssertCompileSize(IMAGE_DEBUG_DIRECTORY, 28);
+typedef IMAGE_DEBUG_DIRECTORY *PIMAGE_DEBUG_DIRECTORY;
+typedef IMAGE_DEBUG_DIRECTORY const *PCIMAGE_DEBUG_DIRECTORY;
+
+/** @name IMAGE_DEBUG_TYPE_XXX - Debug format types.
+ * Used by IMAGE_DEBUG_DIRECTORY::Type.
+ * @{ */
+#define IMAGE_DEBUG_TYPE_UNKNOWN UINT32_C(0x00)
+#define IMAGE_DEBUG_TYPE_COFF UINT32_C(0x01)
+#define IMAGE_DEBUG_TYPE_CODEVIEW UINT32_C(0x02)
+#define IMAGE_DEBUG_TYPE_FPO UINT32_C(0x03)
+#define IMAGE_DEBUG_TYPE_MISC UINT32_C(0x04)
+#define IMAGE_DEBUG_TYPE_EXCEPTION UINT32_C(0x05)
+#define IMAGE_DEBUG_TYPE_FIXUP UINT32_C(0x06)
+#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC UINT32_C(0x07)
+#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC UINT32_C(0x08)
+#define IMAGE_DEBUG_TYPE_BORLAND UINT32_C(0x09)
+#define IMAGE_DEBUG_TYPE_RESERVED10 UINT32_C(0x0a)
+#define IMAGE_DEBUG_TYPE_CLSID UINT32_C(0x0b)
+#define IMAGE_DEBUG_TYPE_VC_FEATURE UINT32_C(0x0c)
+#define IMAGE_DEBUG_TYPE_POGO UINT32_C(0x0d)
+#define IMAGE_DEBUG_TYPE_ILTCG UINT32_C(0x0e)
+#define IMAGE_DEBUG_TYPE_MPX UINT32_C(0x0f)
+#define IMAGE_DEBUG_TYPE_REPRO UINT32_C(0x10)
+/** @} */
+
+/** @name IMAGE_DEBUG_MISC_XXX - Misc debug data type.
+ * Used by IMAGE_DEBUG_MISC::DataType.
+ * @{ */
+#define IMAGE_DEBUG_MISC_EXENAME UINT32_C(1)
+/** @} */
+
+
+/**
+ * The format of IMAGE_DEBUG_TYPE_MISC debug info.
+ */
+typedef struct _IMAGE_DEBUG_MISC
+{
+ uint32_t DataType;
+ uint32_t Length;
+ uint8_t Unicode;
+ uint8_t Reserved[3];
+ uint8_t Data[1];
+} IMAGE_DEBUG_MISC;
+AssertCompileSize(IMAGE_DEBUG_MISC, 16);
+typedef IMAGE_DEBUG_MISC *PIMAGE_DEBUG_MISC;
+typedef IMAGE_DEBUG_MISC const *PCIMAGE_DEBUG_MISC;
+
+
+
+/**
+ * The header of a .DBG file (NT4).
+ */
+typedef struct _IMAGE_SEPARATE_DEBUG_HEADER
+{
+ uint16_t Signature; /**< 0x00 */
+ uint16_t Flags; /**< 0x02 */
+ uint16_t Machine; /**< 0x04 */
+ uint16_t Characteristics; /**< 0x06 */
+ uint32_t TimeDateStamp; /**< 0x08 */
+ uint32_t CheckSum; /**< 0x0c */
+ uint32_t ImageBase; /**< 0x10 */
+ uint32_t SizeOfImage; /**< 0x14 */
+ uint32_t NumberOfSections; /**< 0x18 */
+ uint32_t ExportedNamesSize; /**< 0x1c */
+ uint32_t DebugDirectorySize; /**< 0x20 */
+ uint32_t SectionAlignment; /**< 0x24 */
+ uint32_t Reserved[2]; /**< 0x28 */
+} IMAGE_SEPARATE_DEBUG_HEADER; /* size: 0x30 */
+AssertCompileSize(IMAGE_SEPARATE_DEBUG_HEADER, 0x30);
+typedef IMAGE_SEPARATE_DEBUG_HEADER *PIMAGE_SEPARATE_DEBUG_HEADER;
+typedef IMAGE_SEPARATE_DEBUG_HEADER const *PCIMAGE_SEPARATE_DEBUG_HEADER;
+
+/** The signature of a IMAGE_SEPARATE_DEBUG_HEADER. */
+#define IMAGE_SEPARATE_DEBUG_SIGNATURE UINT16_C(0x4944)
+
+
+/**
+ * The format of IMAGE_DEBUG_TYPE_COFF debug info.
+ */
+typedef struct _IMAGE_COFF_SYMBOLS_HEADER
+{
+ uint32_t NumberOfSymbols;
+ uint32_t LvaToFirstSymbol;
+ uint32_t NumberOfLinenumbers;
+ uint32_t LvaToFirstLinenumber;
+ uint32_t RvaToFirstByteOfCode;
+ uint32_t RvaToLastByteOfCode;
+ uint32_t RvaToFirstByteOfData;
+ uint32_t RvaToLastByteOfData;
+} IMAGE_COFF_SYMBOLS_HEADER;
+AssertCompileSize(IMAGE_COFF_SYMBOLS_HEADER, 0x20);
+typedef IMAGE_COFF_SYMBOLS_HEADER *PIMAGE_COFF_SYMBOLS_HEADER;
+typedef IMAGE_COFF_SYMBOLS_HEADER const *PCIMAGE_COFF_SYMBOLS_HEADER;
+
+
+/**
+ * Line number format of IMAGE_DEBUG_TYPE_COFF debug info.
+ *
+ * @remarks This has misaligned members.
+ */
+#pragma pack(2)
+typedef struct _IMAGE_LINENUMBER
+{
+ union
+ {
+ uint32_t VirtualAddress;
+ uint32_t SymbolTableIndex;
+ } Type;
+ uint16_t Linenumber;
+} IMAGE_LINENUMBER;
+#pragma pack()
+AssertCompileSize(IMAGE_LINENUMBER, 6);
+typedef IMAGE_LINENUMBER *PIMAGE_LINENUMBER;
+typedef IMAGE_LINENUMBER const *PCIMAGE_LINENUMBER;
+
+
+/** The size of a IMAGE_SYMBOL & IMAGE_AUX_SYMBOL structure. */
+#define IMAGE_SIZE_OF_SYMBOL 18
+/** The size of a IMAGE_SYMBOL_EX & IMAGE_AUX_SYMBOL_EX structure. */
+#define IMAGE_SIZE_OF_SYMBOL_EX 20
+
+/**
+ * COFF symbol.
+ */
+#pragma pack(2)
+typedef struct _IMAGE_SYMBOL
+{
+ union
+ {
+ uint8_t ShortName[8];
+ struct
+ {
+ uint32_t Short;
+ uint32_t Long;
+ } Name;
+ uint32_t LongName[2];
+ } N;
+
+ uint32_t Value;
+ int16_t SectionNumber;
+ uint16_t Type;
+ uint8_t StorageClass;
+ uint8_t NumberOfAuxSymbols;
+} IMAGE_SYMBOL;
+#pragma pack()
+AssertCompileSize(IMAGE_SYMBOL, IMAGE_SIZE_OF_SYMBOL);
+typedef IMAGE_SYMBOL *PIMAGE_SYMBOL;
+typedef IMAGE_SYMBOL const *PCIMAGE_SYMBOL;
+
+/**
+ * COFF auxiliary symbol token defintion (whatever that is).
+ */
+#pragma pack(2)
+typedef struct IMAGE_AUX_SYMBOL_TOKEN_DEF
+{
+ uint8_t bAuxType;
+ uint8_t bReserved;
+ uint32_t SymbolTableIndex;
+ uint8_t rgbReserved[12];
+} IMAGE_AUX_SYMBOL_TOKEN_DEF;
+#pragma pack()
+AssertCompileSize(IMAGE_AUX_SYMBOL_TOKEN_DEF, IMAGE_SIZE_OF_SYMBOL);
+typedef IMAGE_AUX_SYMBOL_TOKEN_DEF *PIMAGE_AUX_SYMBOL_TOKEN_DEF;
+typedef IMAGE_AUX_SYMBOL_TOKEN_DEF const *PCIMAGE_AUX_SYMBOL_TOKEN_DEF;
+
+/**
+ * COFF auxiliary symbol.
+ */
+#pragma pack(1)
+typedef union _IMAGE_AUX_SYMBOL
+{
+ struct
+ {
+ uint32_t TagIndex;
+ union
+ {
+ struct
+ {
+ uint16_t Linenumber;
+ uint16_t Size;
+ } LnSz;
+ } Misc;
+ union
+ {
+ struct
+ {
+ uint32_t PointerToLinenumber;
+ uint32_t PointerToNextFunction;
+ } Function;
+ struct
+ {
+ uint16_t Dimension[4];
+ } Array;
+ } FcnAry;
+ uint16_t TvIndex;
+ } Sym;
+
+ struct
+ {
+ uint8_t Name[IMAGE_SIZE_OF_SYMBOL];
+ } File;
+
+ struct
+ {
+ uint32_t Length;
+ uint16_t NumberOfRelocations;
+ uint16_t NumberOfLinenumbers;
+ uint32_t CheckSum;
+ uint16_t Number;
+ uint8_t Selection;
+ uint8_t bReserved;
+ uint16_t HighNumber;
+ } Section;
+
+ IMAGE_AUX_SYMBOL_TOKEN_DEF TokenDef;
+ struct
+ {
+ uint32_t crc;
+ uint8_t rgbReserved[14];
+ } CRC;
+} IMAGE_AUX_SYMBOL;
+#pragma pack()
+AssertCompileSize(IMAGE_AUX_SYMBOL, IMAGE_SIZE_OF_SYMBOL);
+typedef IMAGE_AUX_SYMBOL *PIMAGE_AUX_SYMBOL;
+typedef IMAGE_AUX_SYMBOL const *PCIMAGE_AUX_SYMBOL;
+
+
+/**
+ * Extended COFF symbol.
+ */
+typedef struct _IMAGE_SYMBOL_EX
+{
+ union
+ {
+ uint8_t ShortName[8];
+ struct
+ {
+ uint32_t Short;
+ uint32_t Long;
+ } Name;
+ uint32_t LongName[2];
+ } N;
+
+ uint32_t Value;
+ int32_t SectionNumber; /* The difference from IMAGE_SYMBOL */
+ uint16_t Type;
+ uint8_t StorageClass;
+ uint8_t NumberOfAuxSymbols;
+} IMAGE_SYMBOL_EX;
+AssertCompileSize(IMAGE_SYMBOL_EX, IMAGE_SIZE_OF_SYMBOL_EX);
+typedef IMAGE_SYMBOL_EX *PIMAGE_SYMBOL_EX;
+typedef IMAGE_SYMBOL_EX const *PCIMAGE_SYMBOL_EX;
+
+/**
+ * Extended COFF auxiliary symbol.
+ */
+typedef union _IMAGE_AUX_SYMBOL_EX
+{
+ struct
+ {
+ uint32_t WeakDefaultSymIndex;
+ uint32_t WeakSearchType;
+ uint8_t rgbReserved[12];
+ } Sym;
+
+ struct
+ {
+ uint8_t Name[IMAGE_SIZE_OF_SYMBOL_EX];
+ } File;
+
+ struct
+ {
+ uint32_t Length;
+ uint16_t NumberOfRelocations;
+ uint16_t NumberOfLinenumbers;
+ uint32_t CheckSum;
+ uint16_t Number;
+ uint8_t Selection;
+ uint8_t bReserved;
+ uint16_t HighNumber;
+ uint8_t rgbReserved[2];
+ } Section;
+
+ IMAGE_AUX_SYMBOL_TOKEN_DEF TokenDef;
+
+ struct
+ {
+ uint32_t crc;
+ uint8_t rgbReserved[16];
+ } CRC;
+} IMAGE_AUX_SYMBOL_EX;
+AssertCompileSize(IMAGE_AUX_SYMBOL_EX, IMAGE_SIZE_OF_SYMBOL_EX);
+typedef IMAGE_AUX_SYMBOL_EX *PIMAGE_AUX_SYMBOL_EX;
+typedef IMAGE_AUX_SYMBOL_EX const *PCIMAGE_AUX_SYMBOL_EX;
+
+/** @name Special COFF section numbers.
+ * Used by IMAGE_SYMBOL::SectionNumber and IMAGE_SYMBOL_EX::SectionNumber
+ * @{ */
+#define IMAGE_SYM_UNDEFINED INT16_C(0)
+#define IMAGE_SYM_ABSOLUTE INT16_C(-1)
+#define IMAGE_SYM_DEBUG INT16_C(-2)
+/** @} */
+
+/** @name IMAGE_SYM_CLASS_XXX - COFF symbol storage classes.
+ * @{ */
+#define IMAGE_SYM_CLASS_END_OF_FUNCTION UINT8_C(0xff) /* -1 */
+#define IMAGE_SYM_CLASS_NULL UINT8_C(0)
+#define IMAGE_SYM_CLASS_AUTOMATIC UINT8_C(1)
+#define IMAGE_SYM_CLASS_EXTERNAL UINT8_C(2)
+#define IMAGE_SYM_CLASS_STATIC UINT8_C(3)
+#define IMAGE_SYM_CLASS_REGISTER UINT8_C(4)
+#define IMAGE_SYM_CLASS_EXTERNAL_DEF UINT8_C(5)
+#define IMAGE_SYM_CLASS_LABEL UINT8_C(6)
+#define IMAGE_SYM_CLASS_UNDEFINED_LABEL UINT8_C(7)
+#define IMAGE_SYM_CLASS_MEMBER_OF_STRUCT UINT8_C(8)
+#define IMAGE_SYM_CLASS_ARGUMENT UINT8_C(9)
+#define IMAGE_SYM_CLASS_STRUCT_TAG UINT8_C(10)
+#define IMAGE_SYM_CLASS_MEMBER_OF_UNION UINT8_C(11)
+#define IMAGE_SYM_CLASS_UNION_TAG UINT8_C(12)
+#define IMAGE_SYM_CLASS_TYPE_DEFINITION UINT8_C(13)
+#define IMAGE_SYM_CLASS_UNDEFINED_STATIC UINT8_C(14)
+#define IMAGE_SYM_CLASS_ENUM_TAG UINT8_C(15)
+#define IMAGE_SYM_CLASS_MEMBER_OF_ENUM UINT8_C(16)
+#define IMAGE_SYM_CLASS_REGISTER_PARAM UINT8_C(17)
+#define IMAGE_SYM_CLASS_BIT_FIELD UINT8_C(18)
+#define IMAGE_SYM_CLASS_FAR_EXTERNAL UINT8_C(68)
+#define IMAGE_SYM_CLASS_BLOCK UINT8_C(100)
+#define IMAGE_SYM_CLASS_FUNCTION UINT8_C(101)
+#define IMAGE_SYM_CLASS_END_OF_STRUCT UINT8_C(102)
+#define IMAGE_SYM_CLASS_FILE UINT8_C(103)
+#define IMAGE_SYM_CLASS_SECTION UINT8_C(104)
+#define IMAGE_SYM_CLASS_WEAK_EXTERNAL UINT8_C(105)
+#define IMAGE_SYM_CLASS_CLR_TOKEN UINT8_C(107)
+/** @} */
+
+/** @name IMAGE_SYM_TYPE_XXX - COFF symbol base types
+ * @{ */
+#define IMAGE_SYM_TYPE_NULL UINT16_C(0x0000)
+#define IMAGE_SYM_TYPE_VOID UINT16_C(0x0001)
+#define IMAGE_SYM_TYPE_CHAR UINT16_C(0x0002)
+#define IMAGE_SYM_TYPE_SHORT UINT16_C(0x0003)
+#define IMAGE_SYM_TYPE_INT UINT16_C(0x0004)
+#define IMAGE_SYM_TYPE_LONG UINT16_C(0x0005)
+#define IMAGE_SYM_TYPE_FLOAT UINT16_C(0x0006)
+#define IMAGE_SYM_TYPE_DOUBLE UINT16_C(0x0007)
+#define IMAGE_SYM_TYPE_STRUCT UINT16_C(0x0008)
+#define IMAGE_SYM_TYPE_UNION UINT16_C(0x0009)
+#define IMAGE_SYM_TYPE_ENUM UINT16_C(0x000a)
+#define IMAGE_SYM_TYPE_MOE UINT16_C(0x000b)
+#define IMAGE_SYM_TYPE_BYTE UINT16_C(0x000c)
+#define IMAGE_SYM_TYPE_WORD UINT16_C(0x000d)
+#define IMAGE_SYM_TYPE_UINT UINT16_C(0x000e)
+#define IMAGE_SYM_TYPE_DWORD UINT16_C(0x000f)
+#define IMAGE_SYM_TYPE_PCODE UINT16_C(0x8000)
+/** @} */
+
+/** @name IMAGE_SYM_DTYPE_XXX - COFF symbol complex types
+ * @{ */
+#define IMAGE_SYM_DTYPE_NULL UINT16_C(0x0)
+#define IMAGE_SYM_DTYPE_POINTER UINT16_C(0x1)
+#define IMAGE_SYM_DTYPE_FUNCTION UINT16_C(0x2)
+#define IMAGE_SYM_DTYPE_ARRAY UINT16_C(0x3)
+/** @} */
+
+/** @name COFF Symbol type masks and shift counts.
+ * @{ */
+#define N_BTMASK UINT16_C(0x000f)
+#define N_TMASK UINT16_C(0x0030)
+#define N_TMASK1 UINT16_C(0x00c0)
+#define N_TMASK2 UINT16_C(0x00f0)
+#define N_BTSHFT 4
+#define N_TSHIFT 2
+/** @} */
+
+/** @name COFF Symbol type macros.
+ * @{ */
+#define BTYPE(a_Type) ( (a_Type) & N_BTMASK )
+#define ISPTR(a_Type) ( ((a_Type) & N_TMASK) == (IMAGE_SYM_DTYPE_POINTER << N_BTSHFT) )
+#define ISFCN(a_Type) ( ((a_Type) & N_TMASK) == (IMAGE_SYM_DTYPE_FUNCTION << N_BTSHFT) )
+#define ISARY(a_Type) ( ((a_Type) & N_TMASK) == (IMAGE_SYM_DTYPE_ARRAY << N_BTSHFT) )
+#define ISTAG(a_StorageClass) ( (a_StorageClass) == IMAGE_SYM_CLASS_STRUCT_TAG \
+ || (a_StorageClass) == IMAGE_SYM_CLASS_UNION_TAG \
+ || (a_StorageClass) == IMAGE_SYM_CLASS_ENUM_TAG )
+/** @} */
+
+
+/**
+ * COFF relocation table entry.
+ *
+ * @note The size of the structure is not a multiple of the largest member
+ * (uint32_t), so odd relocation table entry members will have
+ * misaligned uint32_t members.
+ */
+#pragma pack(1)
+typedef struct _IMAGE_RELOCATION
+{
+ union
+ {
+ uint32_t VirtualAddress;
+ uint32_t RelocCount;
+ } u;
+ uint32_t SymbolTableIndex;
+ uint16_t Type;
+} IMAGE_RELOCATION;
+#pragma pack()
+/** The size of a COFF relocation entry. */
+#define IMAGE_SIZEOF_RELOCATION 10
+AssertCompileSize(IMAGE_RELOCATION, IMAGE_SIZEOF_RELOCATION);
+typedef IMAGE_RELOCATION *PIMAGE_RELOCATION;
+typedef IMAGE_RELOCATION const *PCIMAGE_RELOCATION;
+
+
+/** @name IMAGE_REL_AMD64_XXX - COFF relocations for AMD64 CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_AMD64_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_AMD64_ADDR64 UINT16_C(0x0001)
+#define IMAGE_REL_AMD64_ADDR32 UINT16_C(0x0002)
+#define IMAGE_REL_AMD64_ADDR32NB UINT16_C(0x0003)
+#define IMAGE_REL_AMD64_REL32 UINT16_C(0x0004)
+#define IMAGE_REL_AMD64_REL32_1 UINT16_C(0x0005)
+#define IMAGE_REL_AMD64_REL32_2 UINT16_C(0x0006)
+#define IMAGE_REL_AMD64_REL32_3 UINT16_C(0x0007)
+#define IMAGE_REL_AMD64_REL32_4 UINT16_C(0x0008)
+#define IMAGE_REL_AMD64_REL32_5 UINT16_C(0x0009)
+#define IMAGE_REL_AMD64_SECTION UINT16_C(0x000a)
+#define IMAGE_REL_AMD64_SECREL UINT16_C(0x000b)
+#define IMAGE_REL_AMD64_SECREL7 UINT16_C(0x000c)
+#define IMAGE_REL_AMD64_TOKEN UINT16_C(0x000d)
+#define IMAGE_REL_AMD64_SREL32 UINT16_C(0x000e)
+#define IMAGE_REL_AMD64_PAIR UINT16_C(0x000f)
+#define IMAGE_REL_AMD64_SSPAN32 UINT16_C(0x0010)
+/** @} */
+
+/** @name ARM IMAGE_REL_ARM_XXX - COFF relocations for ARM CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_ARM_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_ARM_ADDR32 UINT16_C(0x0001)
+#define IMAGE_REL_ARM_ADDR32NB UINT16_C(0x0002)
+#define IMAGE_REL_ARM_BRANCH24 UINT16_C(0x0003)
+#define IMAGE_REL_ARM_BRANCH11 UINT16_C(0x0004)
+#define IMAGE_REL_ARM_TOKEN UINT16_C(0x0005)
+#define IMAGE_REL_ARM_BLX24 UINT16_C(0x0008)
+#define IMAGE_REL_ARM_BLX11 UINT16_C(0x0009)
+#define IMAGE_REL_ARM_SECTION UINT16_C(0x000e)
+#define IMAGE_REL_ARM_SECREL UINT16_C(0x000f)
+#define IMAGE_REL_ARM_MOV32A UINT16_C(0x0010)
+#define IMAGE_REL_ARM_MOV32T UINT16_C(0x0011)
+#define IMAGE_REL_ARM_BRANCH20T UINT16_C(0x0012)
+#define IMAGE_REL_ARM_BRANCH24T UINT16_C(0x0014)
+#define IMAGE_REL_ARM_BLX23T UINT16_C(0x0015)
+/** @} */
+
+/** @name IMAGE_REL_ARM64_XXX - COFF relocations for ARMv8 CPUs (64-bit).
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_ARM64_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_ARM64_ADDR32 UINT16_C(0x0001)
+#define IMAGE_REL_ARM64_ADDR32NB UINT16_C(0x0002)
+#define IMAGE_REL_ARM64_BRANCH26 UINT16_C(0x0003)
+#define IMAGE_REL_ARM64_PAGEBASE_REL21 UINT16_C(0x0004)
+#define IMAGE_REL_ARM64_REL21 UINT16_C(0x0005)
+#define IMAGE_REL_ARM64_PAGEOFFSET_12A UINT16_C(0x0006)
+#define IMAGE_REL_ARM64_PAGEOFFSET_12L UINT16_C(0x0007)
+#define IMAGE_REL_ARM64_SECREL UINT16_C(0x0008)
+#define IMAGE_REL_ARM64_SECREL_LOW12A UINT16_C(0x0009)
+#define IMAGE_REL_ARM64_SECREL_HIGH12A UINT16_C(0x000a)
+#define IMAGE_REL_ARM64_SECREL_LOW12L UINT16_C(0x000b)
+#define IMAGE_REL_ARM64_TOKEN UINT16_C(0x000c)
+#define IMAGE_REL_ARM64_SECTION UINT16_C(0x000d)
+#define IMAGE_REL_ARM64_ADDR64 UINT16_C(0x000e)
+/** @} */
+
+/** @name IMAGE_REL_SH3_XXX - COFF relocation for Hitachi SuperH CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_SH3_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_SH3_DIRECT16 UINT16_C(0x0001)
+#define IMAGE_REL_SH3_DIRECT32 UINT16_C(0x0002)
+#define IMAGE_REL_SH3_DIRECT8 UINT16_C(0x0003)
+#define IMAGE_REL_SH3_DIRECT8_WORD UINT16_C(0x0004)
+#define IMAGE_REL_SH3_DIRECT8_LONG UINT16_C(0x0005)
+#define IMAGE_REL_SH3_DIRECT4 UINT16_C(0x0006)
+#define IMAGE_REL_SH3_DIRECT4_WORD UINT16_C(0x0007)
+#define IMAGE_REL_SH3_DIRECT4_LONG UINT16_C(0x0008)
+#define IMAGE_REL_SH3_PCREL8_WORD UINT16_C(0x0009)
+#define IMAGE_REL_SH3_PCREL8_LONG UINT16_C(0x000a)
+#define IMAGE_REL_SH3_PCREL12_WORD UINT16_C(0x000b)
+#define IMAGE_REL_SH3_STARTOF_SECTION UINT16_C(0x000c)
+#define IMAGE_REL_SH3_SIZEOF_SECTION UINT16_C(0x000d)
+#define IMAGE_REL_SH3_SECTION UINT16_C(0x000e)
+#define IMAGE_REL_SH3_SECREL UINT16_C(0x000f)
+#define IMAGE_REL_SH3_DIRECT32_NB UINT16_C(0x0010)
+#define IMAGE_REL_SH3_GPREL4_LONG UINT16_C(0x0011)
+#define IMAGE_REL_SH3_TOKEN UINT16_C(0x0012)
+#define IMAGE_REL_SHM_PCRELPT UINT16_C(0x0013)
+#define IMAGE_REL_SHM_REFLO UINT16_C(0x0014)
+#define IMAGE_REL_SHM_REFHALF UINT16_C(0x0015)
+#define IMAGE_REL_SHM_RELLO UINT16_C(0x0016)
+#define IMAGE_REL_SHM_RELHALF UINT16_C(0x0017)
+#define IMAGE_REL_SHM_PAIR UINT16_C(0x0018)
+#define IMAGE_REL_SHM_NOMODE UINT16_C(0x8000)
+/** @} */
+
+/** @name IMAGE_REL_PPC_XXX - COFF relocations for IBM PowerPC CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_PPC_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_PPC_ADDR64 UINT16_C(0x0001)
+#define IMAGE_REL_PPC_ADDR32 UINT16_C(0x0002)
+#define IMAGE_REL_PPC_ADDR24 UINT16_C(0x0003)
+#define IMAGE_REL_PPC_ADDR16 UINT16_C(0x0004)
+#define IMAGE_REL_PPC_ADDR14 UINT16_C(0x0005)
+#define IMAGE_REL_PPC_REL24 UINT16_C(0x0006)
+#define IMAGE_REL_PPC_REL14 UINT16_C(0x0007)
+#define IMAGE_REL_PPC_ADDR32NB UINT16_C(0x000a)
+#define IMAGE_REL_PPC_SECREL UINT16_C(0x000b)
+#define IMAGE_REL_PPC_SECTION UINT16_C(0x000c)
+#define IMAGE_REL_PPC_SECREL16 UINT16_C(0x000f)
+#define IMAGE_REL_PPC_REFHI UINT16_C(0x0010)
+#define IMAGE_REL_PPC_REFLO UINT16_C(0x0011)
+#define IMAGE_REL_PPC_PAIR UINT16_C(0x0012)
+#define IMAGE_REL_PPC_SECRELLO UINT16_C(0x0013)
+#define IMAGE_REL_PPC_GPREL UINT16_C(0x0015)
+#define IMAGE_REL_PPC_TOKEN UINT16_C(0x0016)
+/** @} */
+
+/** @name IMAGE_REL_I386_XXX - COFF relocations for x86 CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_I386_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_I386_DIR16 UINT16_C(0x0001)
+#define IMAGE_REL_I386_REL16 UINT16_C(0x0002)
+#define IMAGE_REL_I386_DIR32 UINT16_C(0x0006)
+#define IMAGE_REL_I386_DIR32NB UINT16_C(0x0007)
+#define IMAGE_REL_I386_SEG12 UINT16_C(0x0009)
+#define IMAGE_REL_I386_SECTION UINT16_C(0x000A)
+#define IMAGE_REL_I386_SECREL UINT16_C(0x000B)
+#define IMAGE_REL_I386_TOKEN UINT16_C(0x000C)
+#define IMAGE_REL_I386_SECREL7 UINT16_C(0x000D)
+#define IMAGE_REL_I386_REL32 UINT16_C(0x0014)
+/** @} */
+
+/** @name IMAGE_REL_IA64_XXX - COFF relocations for "Itanic" CPUs.
+ * @{ */
+#define IMAGE_REL_IA64_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_IA64_IMM14 UINT16_C(0x0001)
+#define IMAGE_REL_IA64_IMM22 UINT16_C(0x0002)
+#define IMAGE_REL_IA64_IMM64 UINT16_C(0x0003)
+#define IMAGE_REL_IA64_DIR32 UINT16_C(0x0004)
+#define IMAGE_REL_IA64_DIR64 UINT16_C(0x0005)
+#define IMAGE_REL_IA64_PCREL21B UINT16_C(0x0006)
+#define IMAGE_REL_IA64_PCREL21M UINT16_C(0x0007)
+#define IMAGE_REL_IA64_PCREL21F UINT16_C(0x0008)
+#define IMAGE_REL_IA64_GPREL22 UINT16_C(0x0009)
+#define IMAGE_REL_IA64_LTOFF22 UINT16_C(0x000a)
+#define IMAGE_REL_IA64_SECTION UINT16_C(0x000b)
+#define IMAGE_REL_IA64_SECREL22 UINT16_C(0x000c)
+#define IMAGE_REL_IA64_SECREL64I UINT16_C(0x000d)
+#define IMAGE_REL_IA64_SECREL32 UINT16_C(0x000e)
+#define IMAGE_REL_IA64_DIR32NB UINT16_C(0x0010)
+#define IMAGE_REL_IA64_SREL14 UINT16_C(0x0011)
+#define IMAGE_REL_IA64_SREL22 UINT16_C(0x0012)
+#define IMAGE_REL_IA64_SREL32 UINT16_C(0x0013)
+#define IMAGE_REL_IA64_UREL32 UINT16_C(0x0014)
+#define IMAGE_REL_IA64_PCREL60X UINT16_C(0x0015)
+#define IMAGE_REL_IA64_PCREL60B UINT16_C(0x0016)
+#define IMAGE_REL_IA64_PCREL60F UINT16_C(0x0017)
+#define IMAGE_REL_IA64_PCREL60I UINT16_C(0x0018)
+#define IMAGE_REL_IA64_PCREL60M UINT16_C(0x0019)
+#define IMAGE_REL_IA64_IMMGPREL64 UINT16_C(0x001a)
+#define IMAGE_REL_IA64_TOKEN UINT16_C(0x001b)
+#define IMAGE_REL_IA64_GPREL32 UINT16_C(0x001c)
+#define IMAGE_REL_IA64_ADDEND UINT16_C(0x001f)
+/** @} */
+
+/** @name IMAGE_REL_MIPS_XXX - COFF relocations for MIPS CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_MIPS_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_MIPS_REFHALF UINT16_C(0x0001)
+#define IMAGE_REL_MIPS_REFWORD UINT16_C(0x0002)
+#define IMAGE_REL_MIPS_JMPADDR UINT16_C(0x0003)
+#define IMAGE_REL_MIPS_REFHI UINT16_C(0x0004)
+#define IMAGE_REL_MIPS_REFLO UINT16_C(0x0005)
+#define IMAGE_REL_MIPS_GPREL UINT16_C(0x0006)
+#define IMAGE_REL_MIPS_LITERAL UINT16_C(0x0007)
+#define IMAGE_REL_MIPS_SECTION UINT16_C(0x000a)
+#define IMAGE_REL_MIPS_SECREL UINT16_C(0x000b)
+#define IMAGE_REL_MIPS_SECRELLO UINT16_C(0x000c)
+#define IMAGE_REL_MIPS_SECRELHI UINT16_C(0x000d)
+#define IMAGE_REL_MIPS_JMPADDR16 UINT16_C(0x0010)
+#define IMAGE_REL_MIPS_REFWORDNB UINT16_C(0x0022)
+#define IMAGE_REL_MIPS_PAIR UINT16_C(0x0025)
+/** @} */
+
+/** @name IMAGE_REL_M32R_XXX - COFF relocations for Mitsubishi M32R CPUs.
+ * Used by IMAGE_RELOCATION::Type.
+ * @{ */
+#define IMAGE_REL_M32R_ABSOLUTE UINT16_C(0x0000)
+#define IMAGE_REL_M32R_ADDR32 UINT16_C(0x0001)
+#define IMAGE_REL_M32R_ADDR32NB UINT16_C(0x0002)
+#define IMAGE_REL_M32R_ADDR24 UINT16_C(0x0003)
+#define IMAGE_REL_M32R_GPREL16 UINT16_C(0x0004)
+#define IMAGE_REL_M32R_PCREL24 UINT16_C(0x0005)
+#define IMAGE_REL_M32R_PCREL16 UINT16_C(0x0006)
+#define IMAGE_REL_M32R_PCREL8 UINT16_C(0x0007)
+#define IMAGE_REL_M32R_REFHALF UINT16_C(0x0008)
+#define IMAGE_REL_M32R_REFHI UINT16_C(0x0009)
+#define IMAGE_REL_M32R_REFLO UINT16_C(0x000a)
+#define IMAGE_REL_M32R_PAIR UINT16_C(0x000b)
+#define IMAGE_REL_M32R_SECTION UINT16_C(0x000c)
+#define IMAGE_REL_M32R_SECREL UINT16_C(0x000d)
+#define IMAGE_REL_M32R_TOKEN UINT16_C(0x000e)
+/** @} */
+
+
+/** @} */
+
+#endif /* !IPRT_INCLUDED_formats_pecoff_h */
+