Package ghidra.app.util.bin.format.pe

Class NTHeader

  • All Implemented Interfaces:
    OffsetValidator, StructConverter
    public class NTHeader
extends java.lang.Object
implements StructConverter, OffsetValidator
    A class to represent the IMAGE_NT_HEADERS32 and IMAGE_NT_HEADERS64 structs as defined in winnt.h. 
     typedef struct _IMAGE_NT_HEADERS {
    DWORD Signature;
    IMAGE_FILE_HEADER FileHeader;
    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
 };

    • Field Detail

      • NAME

        public static final java.lang.String NAME
        The name to use when converting into a structure data type.
        See Also:
        Constant Field Values

      • SIZEOF_SIGNATURE

        public static final int SIZEOF_SIGNATURE
        The size of the NT header signature.
        See Also:
        Constant Field Values

    • Constructor Detail

      • NTHeader

        public NTHeader()
        DO NOT USE THIS CONSTRUCTOR, USE create*(GenericFactory ...) FACTORY METHODS INSTEAD.

    • Method Detail

      • createNTHeader

        public static NTHeader createNTHeader​(FactoryBundledWithBinaryReader reader,
                                      int index,
                                      PortableExecutable.SectionLayout layout,
                                      boolean advancedProcess,
                                      boolean parseCliHeaders)
                               throws InvalidNTHeaderException,
                                      java.io.IOException
        Constructs a new NT header.
        Parameters:
        reader - the binary reader
        index - the index into the reader to the start of the NT header
        advancedProcess - if true, information rafside of the base header will be processed
        parseCliHeaders - if true, CLI headers are parsed (if present)
        Throws:
        InvalidNTHeaderException - if the bytes the specified index do not constitute an accurate NT header.
        java.io.IOException

      • isRVAResoltionSectionAligned

        public boolean isRVAResoltionSectionAligned()

      • getFileHeader

        public FileHeader getFileHeader()
        Returns the file header.
        Returns:
        the file header

      • getOptionalHeader

        public OptionalHeader getOptionalHeader()
        Returns the optional header.
        Returns:
        the optional header

      • toDataType

        public DataType toDataType()
                    throws DuplicateNameException,
                           java.io.IOException
        Description copied from interface: StructConverter
        Returns a structure datatype representing the contents of the implementor of this interface.

        For example, given: 

         class A {
     int foo;
     double bar;
 }

        The return value should be a structure data type with two data type components; an INT and a DOUBLE. The structure should contain field names and, if possible, field comments.

        Specified by:
        toDataType in interface StructConverter
        Returns:
        returns a structure datatype representing the implementor of this interface
        Throws:
        DuplicateNameException - when a datatype of the same name already exists
        java.io.IOException
        See Also:
        StructConverter.toDataType()

      • rvaToPointer

        public int rvaToPointer​(int rva)
        Converts a relative virtual address (RVA) into a pointer.
        See Also:
        rvaToPointer(long)

      • rvaToPointer

        public long rvaToPointer​(long rva)
        Parameters:
        rva - the relative virtual address
        Returns:
        the pointer into binary image, 0 if not valid

      • vaToPointer

        public int vaToPointer​(int va)
        Converts a virtual address (VA) into a pointer.
        See Also:
        vaToPointer(long)

      • vaToPointer

        public long vaToPointer​(long va)
        Parameters:
        va - the virtual address
        Returns:
        the pointer into binary image, 0 if not valid