unit lowlevel_data; interface uses type_fixes; type TMSDOSHeader = record { C } { IMAGE_DOS_HEADER } Signature : TUINT16; { MZ } LastSize : TUINT16; { words on last page of file. } BlockCount : TUINT16; { # pages in file. } RelocationCount : TUINT16; HeaderSize : TUINT16; { size of header in paragraphs. } MinimumAllocation : TUINT16; { in paragraphs. } MaximumAllocation : TUINT16; { in paragraphs. } StackSegment : TUINT16; { 16 bit segment (relative) } StackPointer : TUINT16; { 16 bit pointer. } Checksum : TUINT16; InstructionPointer : TUINT16; CodeSegment : TUINT16; { (relative) segment. } RelocationPosition : TUINT16; { file address of relocation table. } OverlayCount : TUINT16; { overlay number. } Reserved1_1 : TUINT16; Reserved1_2 : TUINT16; Reserved1_3 : TUINT16; Reserved1_4 : TUINT16; OEM_ID : TUINT16; OEM_Info : TUINT16; Reserved2_1 : TUINT16; Reserved2_2 : TUINT16; Reserved2_3 : TUINT16; Reserved2_4 : TUINT16; Reserved2_5 : TUINT16; Reserved2_6 : TUINT16; Reserved2_7 : TUINT16; Reserved2_8 : TUINT16; Reserved2_9 : TUINT16; Reserved2_10 : TUINT16; PEHeaderPosition : TUINT32; { file address of new EXE header. } end; TPEMagic = record Magic : TUINT16; MajorVersion : TByte; { linker major version. } MinorVersion : TByte; { linker minor version. } end; TCOFFHeader = record { C } { IMAGE_NEW_HEADER } Machine : TUINT16; { 0x14C (332 in decimal) is the code for an Intel 80386. } SectionCount : TUINT16; { sections immediately following the header. } Timestamp : TUINT32; SymbolTableOffset : TUINT32; SymbolCount : TUINT32; { string table immediately follows the symbol table. } OptionalHeaderSize : TUINT16; { 0 in object files. } Characteristics : TUINT16; { * 0x02 = Executable file * 0x200 = file is non-relocatable (addresses are absolute, not RVA). * 0x2000 = File is a DLL Library, not an EXE. } end; TOS2Header = record { C } { and DOS 4.0 } EntryTableOffset : TUINT16; EntryTableSize : TUINT16; // bytes. Checksum : TUINT32; // of the whole file. 0. ProgramFlags : TByte; { bits: 0-1 - DGroup type : 0 - none 1 - single shared 2 - multiple 3 - (null) 2 - Global initialization 3 - Protected mode only 4 - 8086 instructions 5 - 80286 instructions 6 - 80386 instructions 7 - 80x87 instructions} ApplicationFlags : TByte; { bits: 0-2 - Application type 1 - Full screen (not aware of Windows/P.M. API) 2 - Compatible with Windows/P.M. API 3 - Uses Windows/P.M. API 3 - OS/2 family application 4 - reserved? 5 - Errors in image/executable 6 - "non-conforming program" whatever 7 - DLL or driver (SS:SP info invalid, CS:IP points at FAR init routine called with AX=module handle which returns AX=0000h on failure, AX nonzero on successful initialization)} AutomaticDataSegmentIndex : TUINT16; { index into segment table (1-based), 0 = none. } HeapSize : TINT16; { bytes. } StackSize : TUINT16; { bytes. } CS_IP : TUINT32; // TODO split. CS is index into segment table. SS_SP : TUINT32; // TODO split. SS is index into segment table. SegmentCount : TUINT16; ModuleReferenceCount : TUINT16; NonResidentNameTableSize : TUINT16; SegmentTableOffset : TUINT16; ResourceTableOffset : TUINT16; ResidentNameTableOffset : TUINT16; ModuleReferenceTableOffset : TUINT16; ImportedNameTableOffset : TUINT16; NonResidentNameTableOffset : TUINT32; MovableEntryCount : TUINT16; { in entry table } FileAlignmentShiftCount : TUINT16; { 0 is equivalent to 9 (default 512-byte pages) } ResourceEntryCount : TUINT16; OSTarget : TByte; { 0 - unknown 1 - OS/2 2 - Windows 3 - European MS-DOS 4.x 4 - Windows 386 5 - BOSS (Borland Operating System Services) } OtherFlags : TByte; { 0 - Long filename support 1 - 2.x protected mode 2 - 2.x proportional fonts 3 - Executable has gangload area } ReturnThunksOffset : TUINT16; { or start of gangload area. } SegmentReferenceThunks : TUINT16; { or length of gangload area. } MinimumCodeSwapSize : TUINT16; ExpectedWinodwsVersion : TINT16; { minor first. } Reserved1 : TByte; end; TCOFFOptionalHeader = record { C } Signature : TUINT16; { 267 decimal. } MajorLinkerVersion : TByte; MinorLinkerVersion : TByte; CodeSize : TUINT32; InitializedDataSize : TUINT32; UninitializedDataSize : TUINT32; RVAEntryPointAddress : TUINT32; CodeBase : TUINT32; DataBase : TUINT32; ImageBase : TUINT32; SectionAlignment : TUINT32; FileAlignment : TUINT32; MajorOSVersion : TUINT16; MinorOSVersion : TUINT16; MajorImageVersion : TUINT16; MinorImageVersion : TUINT16; MajorSubsystemVersion : TUINT16; MinorSubsystemVersion : TUINT16; Reserved : TUINT32; ImageSize : TUINT32; HeaderSize : TUINT32; Checksum : TUINT32; Subsystem : TUINT16; DLLCharacteristics : TUINT16; StackReserveSize : TINT32; StackCommitSize : TUINT32; HeapReserveSize : TUINT32; HeapCommitSize : TUINT32; LoaderFlags : TUINT32; RVAAndSizesCount : TUINT32; { 16. } end; TCOFFOptionalHeaderRVAEntry = record { C } { DataDirectory Possibly the most interesting member of this structure. Provides RVAs and sizes which locate various data structures, which are used for setting up the execution environment of a module. The details of what these structures do exist in other sections of this page, but the most interesting entries in DataDirectory are below: * IMAGE_DIRECTORY_ENTRY_EXPORT (0) : Location of the export directory * IMAGE_DIRECTORY_ENTRY_IMPORT (1) : Location of the import directory * IMAGE_DIRECTORY_ENTRY_RESOURCE (2) : Location of the resource directory * IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (11) : Location of alternate import-binding directory } VirtualAddress : TUINT32; Size : TUINT32; end; TWIN32ResourceDirectory = record { C } Characteristics : TUINT32; TimeDateStamp : TUINT32; MajorVersion : TUINT16; MinorVersion : TUINT16; NamedEntryCount : TUINT16; IDEntryCount : TUINT16; end; TWIN32ResourceDirectoryEntry = record { C } NameID : TUINT32; { bit 31: flag, bits 30..0: data } Data : TUINT32; { bit 31: directory?, bits 30..0: data } end; TWIN32ResourceDataEntry = record { C } Data : TUINT32; Size : TUINT32; CodePage : TUINT32; Reserved : TUINT32; end; implementation end.