diff --git a/pe-parser-library/include/parser-library/nt-headers.h b/pe-parser-library/include/parser-library/nt-headers.h index d3f744a..db538b3 100644 --- a/pe-parser-library/include/parser-library/nt-headers.h +++ b/pe-parser-library/include/parser-library/nt-headers.h @@ -61,11 +61,16 @@ constexpr std::uint16_t DIR_COM_DESCRIPTOR = 14; // Machine Types constexpr std::uint16_t IMAGE_FILE_MACHINE_UNKNOWN = 0x0; +constexpr std::uint16_t IMAGE_FILE_MACHINE_ALPHA = 0x1d3; // Alpha_AXP +constexpr std::uint16_t IMAGE_FILE_MACHINE_ALPHA64 = 0x284; // ALPHA64 constexpr std::uint16_t IMAGE_FILE_MACHINE_AM33 = 0x1d3; // Matsushita AM33 constexpr std::uint16_t IMAGE_FILE_MACHINE_AMD64 = 0x8664; // x64 constexpr std::uint16_t IMAGE_FILE_MACHINE_ARM = 0x1c0; // ARM little endian constexpr std::uint16_t IMAGE_FILE_MACHINE_ARM64 = 0xaa64; // ARM64 little endian constexpr std::uint16_t IMAGE_FILE_MACHINE_ARMNT = 0x1c4; // ARM Thumb-2 little endian +constexpr std::uint16_t IMAGE_FILE_MACHINE_AXP64 = 0x284; // ALPHA64 +constexpr std::uint16_t IMAGE_FILE_MACHINE_CEE = 0xc0ee; +constexpr std::uint16_t IMAGE_FILE_MACHINE_CEF = 0xcef; constexpr std::uint16_t IMAGE_FILE_MACHINE_EBC = 0xebc; // EFI byte code constexpr std::uint16_t IMAGE_FILE_MACHINE_I386 = 0x14c; // Intel 386 or later processors and compatible processors constexpr std::uint16_t IMAGE_FILE_MACHINE_IA64 = 0x200; // Intel Itanium processor family @@ -75,7 +80,9 @@ constexpr std::uint16_t IMAGE_FILE_MACHINE_MIPSFPU = 0x366; // MIPS with FPU constexpr std::uint16_t IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466; // MIPS16 with FPU constexpr std::uint16_t IMAGE_FILE_MACHINE_POWERPC = 0x1f0; // Power PC little endian constexpr std::uint16_t IMAGE_FILE_MACHINE_POWERPCFP = 0x1f1; // Power PC with floating point support +constexpr std::uint16_t IMAGE_FILE_MACHINE_R3000 = 0x166; // MIPS little endian, 0x160 big-endian constexpr std::uint16_t IMAGE_FILE_MACHINE_R4000 = 0x166; // MIPS little endian +constexpr std::uint16_t IMAGE_FILE_MACHINE_R10000 = 0x166; // MIPS little endian constexpr std::uint16_t IMAGE_FILE_MACHINE_RISCV32 = 0x5032; // RISC-V 32-bit address space constexpr std::uint16_t IMAGE_FILE_MACHINE_RISCV64 = 0x5064; // RISC-V 64-bit address space constexpr std::uint16_t IMAGE_FILE_MACHINE_RISCV128 = 0x5128; // RISC-V 128-bit address space @@ -84,6 +91,7 @@ constexpr std::uint16_t IMAGE_FILE_MACHINE_SH3DSP = 0x1a3; // Hitachi SH3 DSP constexpr std::uint16_t IMAGE_FILE_MACHINE_SH4 = 0x1a6; // Hitachi SH4 constexpr std::uint16_t IMAGE_FILE_MACHINE_SH5 = 0x1a8; // Hitachi SH5 constexpr std::uint16_t IMAGE_FILE_MACHINE_THUMB = 0x1c2; // Thumb +constexpr std::uint16_t IMAGE_FILE_MACHINE_TRICORE = 0x520; // Infineon constexpr std::uint16_t IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169; // MIPS little-endian WCE v2 constexpr std::uint16_t IMAGE_FILE_RELOCS_STRIPPED = 0x0001; @@ -141,6 +149,22 @@ constexpr std::uint32_t IMAGE_SCN_MEM_EXECUTE = 0x20000000; constexpr std::uint32_t IMAGE_SCN_MEM_READ = 0x40000000; constexpr std::uint32_t IMAGE_SCN_MEM_WRITE = 0x80000000; +constexpr std::uint16_t IMAGE_SUBSYSTEM_UNKNOWN = 0; +constexpr std::uint16_t IMAGE_SUBSYSTEM_NATIVE = 1; +constexpr std::uint16_t IMAGE_SUBSYSTEM_WINDOWS_GUI = 2; +constexpr std::uint16_t IMAGE_SUBSYSTEM_WINDOWS_CUI = 3; +constexpr std::uint16_t IMAGE_SUBSYSTEM_OS2_CUI = 5; +constexpr std::uint16_t IMAGE_SUBSYSTEM_POSIX_CUI = 7; +constexpr std::uint16_t IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8; +constexpr std::uint16_t IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9; +constexpr std::uint16_t IMAGE_SUBSYSTEM_EFI_APPLICATION = 10; +constexpr std::uint16_t IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11; +constexpr std::uint16_t IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12; +constexpr std::uint16_t IMAGE_SUBSYSTEM_EFI_ROM = 13; +constexpr std::uint16_t IMAGE_SUBSYSTEM_XBOX = 14; +constexpr std::uint16_t IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16; +constexpr std::uint16_t IMAGE_SUBSYSTEM_XBOX_CODE_CATALOG = 17; + // Symbol section number values constexpr std::int16_t IMAGE_SYM_UNDEFINED = 0; constexpr std::int16_t IMAGE_SYM_ABSOLUTE = -1; diff --git a/pe-parser-library/src/parse.cpp b/pe-parser-library/src/parse.cpp index b1f50f0..9bf6e4e 100644 --- a/pe-parser-library/src/parse.cpp +++ b/pe-parser-library/src/parse.cpp @@ -1964,17 +1964,17 @@ const char *GetMachineAsString(parsed_pe *pe) { return nullptr; switch (pe->peHeader.nt.FileHeader.Machine) { - case 0x014c: + case IMAGE_FILE_MACHINE_I386: return "x86"; - case 0x01c4: + case IMAGE_FILE_MACHINE_ARMNT: return "ARM Thumb-2 Little-Endian"; - case 0x0200: + case IMAGE_FILE_MACHINE_IA64: return "Intel IA64"; - case 0x8664: + case IMAGE_FILE_MACHINE_AMD64: return "x64"; - case 0xaa64: + case IMAGE_FILE_MACHINE_ARM64: return "ARM64"; - case 0xc0ee: + case IMAGE_FILE_MACHINE_CEE: return "CLR Pure MSIL"; default: return nullptr; @@ -1994,34 +1994,36 @@ const char *GetSubsystemAsString(parsed_pe *pe) { return nullptr; switch (subsystem) { - case 0: + case IMAGE_SUBSYSTEM_UNKNOWN: return "UNKNOWN"; - case 1: + case IMAGE_SUBSYSTEM_NATIVE: return "NATIVE"; - case 2: + case IMAGE_SUBSYSTEM_WINDOWS_GUI: return "WINDOWS_GUI"; - case 3: + case IMAGE_SUBSYSTEM_WINDOWS_CUI: return "WINDOWS_CUI"; - case 5: + case IMAGE_SUBSYSTEM_OS2_CUI: return "OS2_CUI"; - case 7: + case IMAGE_SUBSYSTEM_POSIX_CUI: return "POSIX_CUI"; - case 8: + case IMAGE_SUBSYSTEM_NATIVE_WINDOWS: return "NATIVE_WINDOWS"; - case 9: + case IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: return "WINDOWS_CE_GUI"; - case 10: + case IMAGE_SUBSYSTEM_EFI_APPLICATION: return "EFI_APPLICATION"; - case 11: + case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: return "EFI_BOOT_SERVICE_DRIVER"; - case 12: + case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: return "EFI_RUNTIME_DRIVER"; - case 13: + case IMAGE_SUBSYSTEM_EFI_ROM: return "EFI_ROM"; - case 14: + case IMAGE_SUBSYSTEM_XBOX: return "XBOX"; - case 16: + case IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: return "WINDOWS_BOOT_APPLICATION"; + case IMAGE_SUBSYSTEM_XBOX_CODE_CATALOG: + return "XBOX_CODE_CATALOG"; default: return nullptr; }