view ticoff/filestruct.h @ 92:708f2452d1ae

armdis: full ldr/str decoding implemented
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Sun, 30 Mar 2014 01:47:28 +0000
parents c20dc315a9d4
children
line wrap: on
line source

/*
 * Here we are going to define the structures found in the COFF artifact
 * file to be analyzed.
 */

struct external_filehdr {
    u_char f_magic[2];	/* magic number			*/
    u_char f_nscns[2];	/* number of sections		*/
    u_char f_timdat[4];	/* time & date stamp		*/
    u_char f_symptr[4];	/* file pointer to symtab	*/
    u_char f_nsyms[4];	/* number of symtab entries	*/
    u_char f_opthdr[2];	/* sizeof(optional hdr)		*/
    u_char f_flags[2];	/* flags			*/
    u_char f_target_id[2];    /* magic no. (TI COFF-specific) */
};

struct external_scnhdr {
	u_char		s_name[8];	/* section name			*/
	u_char		s_paddr[4];	/* physical address, aliased s_nlib */
	u_char		s_vaddr[4];	/* virtual address		*/
	u_char		s_size[4];	/* section size (in WORDS)      */
	u_char		s_scnptr[4];	/* file ptr to raw data for section */
	u_char		s_relptr[4];	/* file ptr to relocation	*/
	u_char		s_lnnoptr[4];	/* file ptr to line numbers	*/
	u_char		s_nreloc[4];	/* number of relocation entries	*/
	u_char		s_nlnno[4];	/* number of line number entries*/
	u_char		s_flags[4];	/* flags			*/
	u_char		s_reserved[2];  /* reserved                     */ 
	u_char		s_page[2];      /* section page number (LOAD)   */
};

struct external_syment {
	u_char	e_name[8];
	u_char	e_value[4];
	u_char	e_scnum[2];
	u_char	e_type[2];
	u_char	e_sclass;
	u_char	e_numaux;
};

struct external_reloc {
  u_char r_vaddr[4];
  u_char r_symndx[4];
  u_char r_reserved[2]; /* extended pmad byte for COFF2 */
  u_char r_type[2];
};