Package ghidra.app.util.bin.format.pe
Class FileHeader
- java.lang.Object
-
- ghidra.app.util.bin.format.pe.FileHeader
-
- All Implemented Interfaces:
StructConverter
public class FileHeader extends java.lang.Object implements StructConverter
A class to represent the IMAGE_FILE_HEADER struct as defined inwinnt.h.
typedef struct _IMAGE_FILE_HEADER { WORD Machine; // MANDATORY WORD NumberOfSections; // USED DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; // USED WORD Characteristics; // MANDATORY } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String[]CHARACTERISTICSstatic intIMAGE_FILE_32BIT_MACHINE32 bit word machine.static intIMAGE_FILE_AGGRESIVE_WS_TRIMAgressively trim working setstatic intIMAGE_FILE_BYTES_REVERSED_HIBytes of machine word are reversed.static intIMAGE_FILE_BYTES_REVERSED_LOBytes of machine word are reversed.static intIMAGE_FILE_DEBUG_STRIPPEDDebugging info stripped from file in .DBG filestatic intIMAGE_FILE_DLLFile is a DLL.static intIMAGE_FILE_EXECUTABLE_IMAGEFile is executable (no unresolved externel references).static intIMAGE_FILE_LARGE_ADDRESS_AWAREApp can handle >2gb addressesstatic intIMAGE_FILE_LINE_NUMS_STRIPPEDLine nunbers stripped from file.static intIMAGE_FILE_LOCAL_SYMS_STRIPPEDLocal symbols stripped from file.static intIMAGE_FILE_NET_RUN_FROM_SWAPIf Image is on Net, copy and run from the swap file.static intIMAGE_FILE_RELOCS_STRIPPEDRelocation info stripped from file.static intIMAGE_FILE_REMOVABLE_RUN_FROM_SWAPIf Image is on removable media, copy and run from the swap file.static intIMAGE_FILE_SYSTEMSystem File.static intIMAGE_FILE_UP_SYSTEM_ONLYFile should only be run on a UP machinestatic intIMAGE_SIZEOF_FILE_HEADERThe size of theIMAGE_FILE_HEADERin bytes.static java.lang.StringNAMEThe name to use when converting into a structure data type.
-
Constructor Summary
Constructors Constructor Description FileHeader()DO NOT USE THIS CONSTRUCTOR, USE create*(GenericFactory ...) FACTORY METHODS INSTEAD.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddSection(MemoryBlock block, OptionalHeader optionalHeader)Adds a new section to this file header.intgetCharacteristics()Returns a set of bit flags indicating attributes of the file.java.io.InputStreamgetDataStream()shortgetMachine()Returns the architecture type of the computer.java.lang.StringgetMachineName()Returns a string representation of the architecture type of the computer.intgetNumberOfSections()Returns the number of sections.intgetNumberOfSymbols()Returns the number of symbols in the COFF symbol tableintgetPointerToSections()Returns the file pointer to the section headers.intgetPointerToSymbolTable()Returns the file offset of the COFF symbol tableSectionHeadergetSectionHeader(int index)Returns the section header at the specified position in the array.SectionHeadergetSectionHeaderContaining(int virtualAddr)Returns the section header that contains the specified virtual address.SectionHeader[]getSectionHeaders()Returns the array of section headers.intgetSizeOfOptionalHeader()Returns the size of the optional header datajava.util.List<DebugCOFFSymbol>getSymbols()Returns the array of symbols.intgetTimeDateStamp()Returns the time stamp of the image.booleanisLordPE()DataTypetoDataType()Returns a structure datatype representing the contents of the implementor of this interface.
-
-
-
Field Detail
-
NAME
public static final java.lang.String NAME
The name to use when converting into a structure data type.- See Also:
- Constant Field Values
-
IMAGE_SIZEOF_FILE_HEADER
public static final int IMAGE_SIZEOF_FILE_HEADER
The size of theIMAGE_FILE_HEADERin bytes.- See Also:
- Constant Field Values
-
IMAGE_FILE_RELOCS_STRIPPED
public static final int IMAGE_FILE_RELOCS_STRIPPED
Relocation info stripped from file.- See Also:
- Constant Field Values
-
IMAGE_FILE_EXECUTABLE_IMAGE
public static final int IMAGE_FILE_EXECUTABLE_IMAGE
File is executable (no unresolved externel references).- See Also:
- Constant Field Values
-
IMAGE_FILE_LINE_NUMS_STRIPPED
public static final int IMAGE_FILE_LINE_NUMS_STRIPPED
Line nunbers stripped from file.- See Also:
- Constant Field Values
-
IMAGE_FILE_LOCAL_SYMS_STRIPPED
public static final int IMAGE_FILE_LOCAL_SYMS_STRIPPED
Local symbols stripped from file.- See Also:
- Constant Field Values
-
IMAGE_FILE_AGGRESIVE_WS_TRIM
public static final int IMAGE_FILE_AGGRESIVE_WS_TRIM
Agressively trim working set- See Also:
- Constant Field Values
-
IMAGE_FILE_LARGE_ADDRESS_AWARE
public static final int IMAGE_FILE_LARGE_ADDRESS_AWARE
App can handle >2gb addresses- See Also:
- Constant Field Values
-
IMAGE_FILE_BYTES_REVERSED_LO
public static final int IMAGE_FILE_BYTES_REVERSED_LO
Bytes of machine word are reversed.- See Also:
- Constant Field Values
-
IMAGE_FILE_32BIT_MACHINE
public static final int IMAGE_FILE_32BIT_MACHINE
32 bit word machine.- See Also:
- Constant Field Values
-
IMAGE_FILE_DEBUG_STRIPPED
public static final int IMAGE_FILE_DEBUG_STRIPPED
Debugging info stripped from file in .DBG file- See Also:
- Constant Field Values
-
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
public static final int IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
If Image is on removable media, copy and run from the swap file.- See Also:
- Constant Field Values
-
IMAGE_FILE_NET_RUN_FROM_SWAP
public static final int IMAGE_FILE_NET_RUN_FROM_SWAP
If Image is on Net, copy and run from the swap file.- See Also:
- Constant Field Values
-
IMAGE_FILE_SYSTEM
public static final int IMAGE_FILE_SYSTEM
System File.- See Also:
- Constant Field Values
-
IMAGE_FILE_DLL
public static final int IMAGE_FILE_DLL
File is a DLL.- See Also:
- Constant Field Values
-
IMAGE_FILE_UP_SYSTEM_ONLY
public static final int IMAGE_FILE_UP_SYSTEM_ONLY
File should only be run on a UP machine- See Also:
- Constant Field Values
-
IMAGE_FILE_BYTES_REVERSED_HI
public static final int IMAGE_FILE_BYTES_REVERSED_HI
Bytes of machine word are reversed.- See Also:
- Constant Field Values
-
CHARACTERISTICS
public static final java.lang.String[] CHARACTERISTICS
-
-
Method Detail
-
getMachine
public short getMachine()
Returns the architecture type of the computer.- Returns:
- the architecture type of the computer
-
getMachineName
public java.lang.String getMachineName()
Returns a string representation of the architecture type of the computer.- Returns:
- a string representation of the architecture type of the computer
-
getNumberOfSections
public int getNumberOfSections()
Returns the number of sections. Sections equate to Ghidra memory blocks.- Returns:
- the number of sections
-
getSectionHeaders
public SectionHeader[] getSectionHeaders()
Returns the array of section headers.- Returns:
- the array of section headers
-
getSymbols
public java.util.List<DebugCOFFSymbol> getSymbols()
Returns the array of symbols.- Returns:
- the array of symbols
-
getSectionHeaderContaining
public SectionHeader getSectionHeaderContaining(int virtualAddr)
Returns the section header that contains the specified virtual address.- Parameters:
virtualAddr- the virtual address- Returns:
- the section header that contains the specified virtual address
-
getSectionHeader
public SectionHeader getSectionHeader(int index)
Returns the section header at the specified position in the array.- Parameters:
index- index of section header to return- Returns:
- the section header at the specified position in the array
-
getTimeDateStamp
public int getTimeDateStamp()
Returns the time stamp of the image.- Returns:
- the time stamp of the image
-
getPointerToSymbolTable
public int getPointerToSymbolTable()
Returns the file offset of the COFF symbol table- Returns:
- the file offset of the COFF symbol table
-
getNumberOfSymbols
public int getNumberOfSymbols()
Returns the number of symbols in the COFF symbol table- Returns:
- the number of symbols in the COFF symbol table
-
getSizeOfOptionalHeader
public int getSizeOfOptionalHeader()
Returns the size of the optional header data- Returns:
- the size of the optional header, in bytes
-
getCharacteristics
public int getCharacteristics()
Returns a set of bit flags indicating attributes of the file.- Returns:
- a set of bit flags indicating attributes
-
getPointerToSections
public int getPointerToSections()
Returns the file pointer to the section headers.- Returns:
- the file pointer to the section headers
-
isLordPE
public boolean isLordPE()
-
toDataType
public DataType toDataType() throws DuplicateNameException
Description copied from interface:StructConverterReturns a structure datatype representing the contents of the implementor of this interface.For example, given:
class A { int foo; double bar; }The return value should be a structure data type with two data type components; an INT and a DOUBLE. The structure should contain field names and, if possible, field comments.
- Specified by:
toDataTypein interfaceStructConverter- Returns:
- returns a structure datatype representing the implementor of this interface
- Throws:
DuplicateNameException- when a datatype of the same name already exists- See Also:
StructConverter.toDataType()
-
addSection
public void addSection(MemoryBlock block, OptionalHeader optionalHeader)
Adds a new section to this file header. Uses the given memory block as the section template. The section will have the memory block's name, start address, size, etc. The optional header is needed to determine the free byte position in the file.- Parameters:
block- the memory block templateoptionalHeader- the related optional header- Throws:
MemoryAccessException- if the memory block is uninitialized
-
getDataStream
public java.io.InputStream getDataStream() throws java.io.IOException- Throws:
java.io.IOException
-
-