Convert to src-layout ta/nix

author: Theofilos Augoustis <theofilos.augoustis@gmail.com> 2025-10-14 09:09:29 +0000
committer: Theofilos Augoustis <theofilos.augoustis@gmail.com> 2025-10-14 09:09:29 +0000
commit: 579cf1d03fb932083e6317967d1613d5c2587fb6 (patch)
tree: 629f039935382a2a7391bce9253f6c9968159049 /src/miasm/os_dep/win_32_structs.py
parent: 51c15d3ea2e16d4fc5f0f01a3b9befc66b1f982e (diff)
download: focaccia-miasm-579cf1d03fb932083e6317967d1613d5c2587fb6.tar.gz
focaccia-miasm-579cf1d03fb932083e6317967d1613d5c2587fb6.zip
1 files changed, 231 insertions, 0 deletions
diff --git a/src/miasm/os_dep/win_32_structs.py b/src/miasm/os_dep/win_32_structs.py
new file mode 100644
index 00000000..fc9c62ea
--- /dev/null
+++ b/src/miasm/os_dep/win_32_structs.py
@@ -0,0 +1,231 @@
+from miasm.core.types import MemStruct, Num, Ptr, Str, \
+    Array, RawStruct, Union, \
+    BitField, Self, Void, Bits, \
+    set_allocator, MemUnion, Struct
+
+
+class UnicodeString(MemStruct):
+    fields = [
+        ("length", Num("H")),
+        ("maxlength", Num("H")),
+        ("data", Ptr("<I", Str("utf16"))),
+    ]
+
+
+class ListEntry(MemStruct):
+    fields = [
+        ("flink", Ptr("<I", Void())),
+        ("blink", Ptr("<I", Void())),
+    ]
+
+
+class LdrDataEntry(MemStruct):
+
+    """
+    +0x000 InLoadOrderLinks : _LIST_ENTRY
+    +0x008 InMemoryOrderLinks : _LIST_ENTRY
+    +0x010 InInitializationOrderLinks : _LIST_ENTRY
+    +0x018 DllBase : Ptr32 Void
+    +0x01c EntryPoint : Ptr32 Void
+    +0x020 SizeOfImage : Uint4B
+    +0x024 FullDllName : _UNICODE_STRING
+    +0x02c BaseDllName : _UNICODE_STRING
+    +0x034 Flags : Uint4B
+    +0x038 LoadCount : Uint2B
+    +0x03a TlsIndex : Uint2B
+    +0x03c HashLinks : _LIST_ENTRY
+    +0x03c SectionPointer : Ptr32 Void
+    +0x040 CheckSum : Uint4B
+    +0x044 TimeDateStamp : Uint4B
+    +0x044 LoadedImports : Ptr32 Void
+    +0x048 EntryPointActivationContext : Ptr32 Void
+    +0x04c PatchInformation : Ptr32 Void
+    """
+
+    fields = [
+        ("InLoadOrderLinks", ListEntry),
+        ("InMemoryOrderLinks", ListEntry),
+        ("InInitializationOrderLinks", ListEntry),
+        ("DllBase", Ptr("<I", Void())),
+        ("EntryPoint", Ptr("<I", Void())),
+        ("SizeOfImage", Num("<I")),
+        ("FullDllName", UnicodeString),
+        ("BaseDllName", UnicodeString),
+        ("Flags", Array(Num("B"), 4)),
+        ("LoadCount", Num("H")),
+        ("TlsIndex", Num("H")),
+        ("union1", Union([
+            ("HashLinks", Ptr("<I", Void())),
+            ("SectionPointer", Ptr("<I", Void())),
+        ])),
+        ("CheckSum", Num("<I")),
+        ("union2", Union([
+            ("TimeDateStamp", Num("<I")),
+            ("LoadedImports", Ptr("<I", Void())),
+        ])),
+        ("EntryPointActivationContext", Ptr("<I", Void())),
+        ("PatchInformation", Ptr("<I", Void())),
+
+    ]
+
+
+class PEB_LDR_DATA(MemStruct):
+
+    """
+    +0x000 Length                          : Uint4B
+    +0x004 Initialized                     : UChar
+    +0x008 SsHandle                        : Ptr32 Void
+    +0x00c InLoadOrderModuleList           : _LIST_ENTRY
+    +0x014 InMemoryOrderModuleList         : _LIST_ENTRY
+    +0x01C InInitializationOrderModuleList         : _LIST_ENTRY
+    """
+
+    fields = [
+        ("Length", Num("<I")),
+        ("Initialized", Num("<I")),
+        ("SsHandle", Ptr("<I", Void())),
+        ("InLoadOrderModuleList", ListEntry),
+        ("InMemoryOrderModuleList", ListEntry),
+        ("InInitializationOrderModuleList", ListEntry)
+    ]
+
+
+class PEB(MemStruct):
+
+    """
+    +0x000 InheritedAddressSpace    : UChar
+    +0x001 ReadImageFileExecOptions : UChar
+    +0x002 BeingDebugged            : UChar
+    +0x003 SpareBool                : UChar
+    +0x004 Mutant                   : Ptr32 Void
+    +0x008 ImageBaseAddress         : Ptr32 Void
+    +0x00c Ldr                      : Ptr32 _PEB_LDR_DATA
+    +0x010 processparameter
+    """
+
+    fields = [
+        ("InheritedAddressSpace", Num("B")),
+        ("ReadImageFileExecOptions", Num("B")),
+        ("BeingDebugged", Num("B")),
+        ("SpareBool", Num("B")),
+        ("Mutant", Ptr("<I", Void())),
+        ("ImageBaseAddress", Num("<I")),
+        ("Ldr", Ptr("<I", PEB_LDR_DATA)),
+    ]
+
+
+class EXCEPTION_REGISTRATION_RECORD(MemStruct):
+    """
+    +0x00 Next    : struct _EXCEPTION_REGISTRATION_RECORD *
+    +0x04 Handler : Ptr32 Void
+    """
+
+    fields = [
+        ("Next", Ptr("<I", Self())),
+        ("Handler", Ptr("<I", Void())),
+    ]
+
+
+class EXCEPTION_RECORD(MemStruct):
+    """
+    DWORD                    ExceptionCode;
+    DWORD                    ExceptionFlags;
+    struct _EXCEPTION_RECORD *ExceptionRecord;
+    PVOID                    ExceptionAddress;
+    DWORD                    NumberParameters;
+    ULONG_PTR ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS];
+    """
+    EXCEPTION_MAXIMUM_PARAMETERS = 15
+
+    fields = [
+        ("ExceptionCode", Num("<I")),
+        ("ExceptionFlags", Num("<I")),
+        ("ExceptionRecord", Ptr("<I", Self())),
+        ("ExceptionAddress", Ptr("<I", Void())),
+        ("NumberParameters", Num("<I")),
+        ("ExceptionInformation", Ptr("<I", Void())),
+    ]
+
+
+class NT_TIB(MemStruct):
+
+    """
+    +00 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList
+    +04 void *StackBase
+    +08 void *StackLimit
+    +0c void *SubSystemTib
+    +10 void *FiberData
+    +10 uint32 Version
+    +14 void *ArbitraryUserPointer
+    +18 struct _NT_TIB *Self
+    """
+
+    fields = [
+        ("ExceptionList", Ptr("<I", EXCEPTION_REGISTRATION_RECORD)),
+        ("StackBase", Ptr("<I", Void())),
+        ("StackLimit", Ptr("<I", Void())),
+        ("SubSystemTib", Ptr("<I", Void())),
+        (None, Union([
+            ("FiberData", Ptr("<I", Void())),
+            ("Version", Num("<I"))
+        ])),
+        ("ArbitraryUserPointer", Ptr("<I", Void())),
+        ("Self", Ptr("<I", Self())),
+    ]
+
+
+class TEB(MemStruct):
+
+    """
+    +0x000 NtTib                     : _NT_TIB
+    +0x01c EnvironmentPointer        : Ptr32 Void
+    +0x020 ClientId                  : _CLIENT_ID
+    +0x028 ActiveRpcHandle           : Ptr32 Void
+    +0x02c ThreadLocalStoragePointer : Ptr32 Void
+    +0x030 ProcessEnvironmentBlock   : Ptr32 _PEB
+    +0x034 LastErrorValue            : Uint4B
+    ...
+    """
+
+    fields = [
+        ("NtTib", NT_TIB),
+        ("EnvironmentPointer", Ptr("<I", Void())),
+        ("ClientId", Array(Num("B"), 0x8)),
+        ("ActiveRpcHandle", Ptr("<I", Void())),
+        ("ThreadLocalStoragePointer", Ptr("<I", Void())),
+        ("ProcessEnvironmentBlock", Ptr("<I", PEB)),
+        ("LastErrorValue", Num("<I")),
+    ]
+
+
+class ContextException(MemStruct):
+    fields = [
+        ("ContextFlags", Num("<I")),
+        ("dr0", Num("<I")),
+        ("dr1", Num("<I")),
+        ("dr2", Num("<I")),
+        ("dr3", Num("<I")),
+        ("dr4", Num("<I")),
+        ("dr5", Num("<I")),
+
+        ("Float", Array(Num("B"), 112)),
+
+        ("gs", Num("<I")),
+        ("fs", Num("<I")),
+        ("es", Num("<I")),
+        ("ds", Num("<I")),
+
+        ("edi", Num("<I")),
+        ("esi", Num("<I")),
+        ("ebx", Num("<I")),
+        ("edx", Num("<I")),
+        ("ecx", Num("<I")),
+        ("eax", Num("<I")),
+        ("ebp", Num("<I")),
+        ("eip", Num("<I")),
+
+        ("cs", Num("<I")),
+        ("eflags", Num("<I")),
+        ("esp", Num("<I")),
+        ("ss", Num("<I")),
+    ]
author	Theofilos Augoustis <theofilos.augoustis@gmail.com>	2025-10-14 09:09:29 +0000
committer	Theofilos Augoustis <theofilos.augoustis@gmail.com>	2025-10-14 09:09:29 +0000
commit	579cf1d03fb932083e6317967d1613d5c2587fb6 (patch)
tree	629f039935382a2a7391bce9253f6c9968159049 /src/miasm/os_dep/win_32_structs.py
parent	51c15d3ea2e16d4fc5f0f01a3b9befc66b1f982e (diff)
download	focaccia-miasm-579cf1d03fb932083e6317967d1613d5c2587fb6.tar.gz focaccia-miasm-579cf1d03fb932083e6317967d1613d5c2587fb6.zip