blob: f5c1fe4e5d008e0c0e6de3570bab3308cd86035a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
/*
type characteristic =
| IMAGE_FILE_RELOCS_STRIPPED
| IMAGE_FILE_EXECUTABLE_IMAGE
| IMAGE_FILE_LINE_NUMS_STRIPPED
| IMAGE_FILE_LOCAL_SYMS_STRIPPED
| IMAGE_FILE_AGGRESSIVE_WS_TRIM
| IMAGE_FILE_LARGE_ADDRESS_AWARE
| RESERVED
| IMAGE_FILE_BYTES_REVERSED_LO
| IMAGE_FILE_32BIT_MACHINE
| IMAGE_FILE_DEBUG_STRIPPED
| IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
| IMAGE_FILE_NET_RUN_FROM_SWAP
| IMAGE_FILE_SYSTEM
| IMAGE_FILE_DLL
| IMAGE_FILE_UP_SYSTEM_ONLY
| IMAGE_FILE_BYTES_REVERSED_HI
| UNKNOWN of int
let get_characteristic =
function
| 0x0001 -> IMAGE_FILE_RELOCS_STRIPPED
| 0x0002 -> IMAGE_FILE_EXECUTABLE_IMAGE
| 0x0004 -> IMAGE_FILE_LINE_NUMS_STRIPPED
| 0x0008 -> IMAGE_FILE_LOCAL_SYMS_STRIPPED
| 0x0010 -> IMAGE_FILE_AGGRESSIVE_WS_TRIM
| 0x0020 -> IMAGE_FILE_LARGE_ADDRESS_AWARE
| 0x0040 -> RESERVED
| 0x0080 -> IMAGE_FILE_BYTES_REVERSED_LO
| 0x0100 -> IMAGE_FILE_32BIT_MACHINE
| 0x0200 -> IMAGE_FILE_DEBUG_STRIPPED
| 0x0400 -> IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
| 0x0800 -> IMAGE_FILE_NET_RUN_FROM_SWAP
| 0x1000 -> IMAGE_FILE_SYSTEM
| 0x2000 -> IMAGE_FILE_DLL
| 0x4000 -> IMAGE_FILE_UP_SYSTEM_ONLY
| 0x8000 -> IMAGE_FILE_BYTES_REVERSED_HI
| x -> UNKNOWN x
let characteristic_to_string =
function
| IMAGE_FILE_RELOCS_STRIPPED -> "IMAGE_FILE_RELOCS_STRIPPED"
| IMAGE_FILE_EXECUTABLE_IMAGE -> "IMAGE_FILE_EXECUTABLE_IMAGE"
| IMAGE_FILE_LINE_NUMS_STRIPPED -> "IMAGE_FILE_LINE_NUMS_STRIPPED"
| IMAGE_FILE_LOCAL_SYMS_STRIPPED -> "IMAGE_FILE_LOCAL_SYMS_STRIPPED"
| IMAGE_FILE_AGGRESSIVE_WS_TRIM -> "IMAGE_FILE_AGGRESSIVE_WS_TRIM"
| IMAGE_FILE_LARGE_ADDRESS_AWARE -> "IMAGE_FILE_LARGE_ADDRESS_AWARE"
| RESERVED -> "RESERVED"
| IMAGE_FILE_BYTES_REVERSED_LO -> "IMAGE_FILE_BYTES_REVERSED_LO"
| IMAGE_FILE_32BIT_MACHINE -> "IMAGE_FILE_32BIT_MACHINE"
| IMAGE_FILE_DEBUG_STRIPPED -> "IMAGE_FILE_DEBUG_STRIPPED"
| IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP -> "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP"
| IMAGE_FILE_NET_RUN_FROM_SWAP -> "IMAGE_FILE_NET_RUN_FROM_SWAP"
| IMAGE_FILE_SYSTEM -> "IMAGE_FILE_SYSTEM"
| IMAGE_FILE_DLL -> "IMAGE_FILE_DLL"
| IMAGE_FILE_UP_SYSTEM_ONLY -> "IMAGE_FILE_UP_SYSTEM_ONLY"
| IMAGE_FILE_BYTES_REVERSED_HI -> "IMAGE_FILE_BYTES_REVERSED_HI"
| UNKNOWN x -> Printf.sprintf "UNKNOWN_CHARACTERISTIC 0x%x" x
let is_dll characteristics =
let characteristic = characteristic_to_int IMAGE_FILE_DLL in
characteristics land characteristic = characteristic
let has characteristic characteristics =
let characteristic = characteristic_to_int characteristic in
characteristics land characteristic = characteristic
(* TODO: this is a mad hack *)
let show_type characteristics =
if (has IMAGE_FILE_DLL characteristics) then "DLL"
else if (has IMAGE_FILE_EXECUTABLE_IMAGE characteristics) then "EXE"
else "MANY" (* print all *)
*/
pub const IMAGE_FILE_RELOCS_STRIPPED: u16 = 0x0001;
pub const IMAGE_FILE_EXECUTABLE_IMAGE: u16 = 0x0002;
pub const IMAGE_FILE_LINE_NUMS_STRIPPED: u16 = 0x0004;
pub const IMAGE_FILE_LOCAL_SYMS_STRIPPED: u16 = 0x0008;
pub const IMAGE_FILE_AGGRESSIVE_WS_TRIM: u16 = 0x0010;
pub const IMAGE_FILE_LARGE_ADDRESS_AWARE: u16 = 0x0020;
pub const RESERVED: u16 = 0x0040;
pub const IMAGE_FILE_BYTES_REVERSED_LO: u16 = 0x0080;
pub const IMAGE_FILE_32BIT_MACHINE: u16 = 0x0100;
pub const IMAGE_FILE_DEBUG_STRIPPED: u16 = 0x0200;
pub const IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP: u16 = 0x0400;
pub const IMAGE_FILE_NET_RUN_FROM_SWAP: u16 = 0x0800;
pub const IMAGE_FILE_SYSTEM: u16 = 0x1000;
pub const IMAGE_FILE_DLL: u16 = 0x2000;
pub const IMAGE_FILE_UP_SYSTEM_ONLY: u16 = 0x4000;
pub const IMAGE_FILE_BYTES_REVERSED_HI: u16 = 0x8000;
pub fn is_dll(characteristics: u16) -> bool {
characteristics & IMAGE_FILE_DLL == IMAGE_FILE_DLL
}
pub fn is_exe(characteristics: u16) -> bool {
characteristics & IMAGE_FILE_EXECUTABLE_IMAGE == IMAGE_FILE_EXECUTABLE_IMAGE
}
|
