diff options
| author | jmpoep <OriginalEntryPoint@qq.com> | 2023-12-07 16:51:07 +0800 |
|---|---|---|
| committer | jmpoep <OriginalEntryPoint@qq.com> | 2023-12-07 16:51:07 +0800 |
| commit | 28008a746a31abb7909dd86cb0cd413ac8943b0b (patch) | |
| tree | a30b74b8cad548048c3c1551d652828ab76fa9bd /core/dotnet.h | |
| download | vmprotect-3.5.1-master.tar vmprotect-3.5.1-master.tar.gz vmprotect-3.5.1-master.tar.bz2 vmprotect-3.5.1-master.zip | |
Diffstat (limited to 'core/dotnet.h')
| -rw-r--r-- | core/dotnet.h | 456 |
1 files changed, 456 insertions, 0 deletions
diff --git a/core/dotnet.h b/core/dotnet.h new file mode 100644 index 0000000..d0fd658 --- /dev/null +++ b/core/dotnet.h @@ -0,0 +1,456 @@ +#ifndef DOTNET_H +#define DOTNET_H + +typedef LPVOID mdScope; // Why is this still needed? +typedef ULONG32 mdToken; // Generic token + + +// Token definitions + + +typedef mdToken mdModule; // Module token (roughly, a scope) +typedef mdToken mdTypeRef; // TypeRef reference (this or other scope) +typedef mdToken mdTypeDef; // TypeDef in this scope +typedef mdToken mdFieldDef; // Field in this scope +typedef mdToken mdMethodDef; // Method in this scope +typedef mdToken mdParamDef; // param token +typedef mdToken mdInterfaceImpl; // interface implementation token + +typedef mdToken mdMemberRef; // MemberRef (this or other scope) +typedef mdToken mdCustomAttribute; // attribute token +typedef mdToken mdPermission; // DeclSecurity + +typedef mdToken mdSignature; // Signature object +typedef mdToken mdEvent; // event token +typedef mdToken mdProperty; // property token + +typedef mdToken mdModuleRef; // Module reference (for the imported modules) + +// Assembly tokens. +typedef mdToken mdAssembly; // Assembly token. +typedef mdToken mdAssemblyRef; // AssemblyRef token. +typedef mdToken mdFile; // File token. +typedef mdToken mdExportedType; // ExportedType token. +typedef mdToken mdManifestResource; // ManifestResource token. + +#ifndef __IMAGE_COR20_HEADER_DEFINED__ + +typedef enum ReplacesCorHdrNumericDefines +{ + // COM+ Header entry point flags. + COMIMAGE_FLAGS_ILONLY =0x00000001, + COMIMAGE_FLAGS_32BITREQUIRED =0x00000002, + COMIMAGE_FLAGS_IL_LIBRARY =0x00000004, + COMIMAGE_FLAGS_STRONGNAMESIGNED =0x00000008, + COMIMAGE_FLAGS_NATIVE_ENTRYPOINT =0x00000010, + COMIMAGE_FLAGS_TRACKDEBUGDATA =0x00010000, + + // Version flags for image. + COR_VERSION_MAJOR_V2 =2, + COR_VERSION_MAJOR =COR_VERSION_MAJOR_V2, + COR_VERSION_MINOR =0, + COR_DELETED_NAME_LENGTH =8, + COR_VTABLEGAP_NAME_LENGTH =8, + + // Maximum size of a NativeType descriptor. + NATIVE_TYPE_MAX_CB =1, + COR_ILMETHOD_SECT_SMALL_MAX_DATASIZE=0xFF, + + // #defines for the MIH FLAGS + IMAGE_COR_MIH_METHODRVA =0x01, + IMAGE_COR_MIH_EHRVA =0x02, + IMAGE_COR_MIH_BASICBLOCK =0x08, + + // V-table constants + COR_VTABLE_32BIT =0x01, // V-table slots are 32-bits in size. + COR_VTABLE_64BIT =0x02, // V-table slots are 64-bits in size. + COR_VTABLE_FROM_UNMANAGED =0x04, // If set, transition from unmanaged. + COR_VTABLE_FROM_UNMANAGED_RETAIN_APPDOMAIN =0x08, // If set, transition from unmanaged with keeping the current appdomain. + COR_VTABLE_CALL_MOST_DERIVED =0x10, // Call most derived method described by + + // EATJ constants + IMAGE_COR_EATJ_THUNK_SIZE =32, // Size of a jump thunk reserved range. + + // Max name lengths + //@todo: Change to unlimited name lengths. + MAX_CLASS_NAME =1024, + MAX_PACKAGE_NAME =1024, +} ReplacesCorHdrNumericDefines; + +typedef struct IMAGE_COR20_HEADER +{ + // Header versioning + DWORD cb; + WORD MajorRuntimeVersion; + WORD MinorRuntimeVersion; + + // Symbol table and startup information + IMAGE_DATA_DIRECTORY MetaData; + DWORD Flags; + + // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is not set, EntryPointToken represents a managed entrypoint. + // If COMIMAGE_FLAGS_NATIVE_ENTRYPOINT is set, EntryPointRVA represents an RVA to a native entrypoint. + union { + DWORD EntryPointToken; + DWORD EntryPointRVA; + } DUMMYUNIONNAME; + + // Binding information + IMAGE_DATA_DIRECTORY Resources; + IMAGE_DATA_DIRECTORY StrongNameSignature; + + // Regular fixup and binding information + IMAGE_DATA_DIRECTORY CodeManagerTable; + IMAGE_DATA_DIRECTORY VTableFixups; + IMAGE_DATA_DIRECTORY ExportAddressTableJumps; + + // Precompiled image info (internal use only - set to zero) + IMAGE_DATA_DIRECTORY ManagedNativeHeader; + +} IMAGE_COR20_HEADER, *PIMAGE_COR20_HEADER; +#endif + +// TypeDef/ExportedType attr bits, used by DefineTypeDef. +typedef enum CorTypeAttr +{ + // Use this mask to retrieve the type visibility information. + tdVisibilityMask = 0x00000007, + tdNotPublic = 0x00000000, // Class is not public scope. + tdPublic = 0x00000001, // Class is public scope. + tdNestedPublic = 0x00000002, // Class is nested with public visibility. + tdNestedPrivate = 0x00000003, // Class is nested with private visibility. + tdNestedFamily = 0x00000004, // Class is nested with family visibility. + tdNestedAssembly = 0x00000005, // Class is nested with assembly visibility. + tdNestedFamANDAssem = 0x00000006, // Class is nested with family and assembly visibility. + tdNestedFamORAssem = 0x00000007, // Class is nested with family or assembly visibility. + + // Use this mask to retrieve class layout information + tdLayoutMask = 0x00000018, + tdAutoLayout = 0x00000000, // Class fields are auto-laid out + tdSequentialLayout = 0x00000008, // Class fields are laid out sequentially + tdExplicitLayout = 0x00000010, // Layout is supplied explicitly + // end layout mask + + // Use this mask to retrieve class semantics information. + tdClassSemanticsMask = 0x00000020, + tdClass = 0x00000000, // Type is a class. + tdInterface = 0x00000020, // Type is an interface. + // end semantics mask + + // Special semantics in addition to class semantics. + tdAbstract = 0x00000080, // Class is abstract + tdSealed = 0x00000100, // Class is concrete and may not be extended + tdSpecialName = 0x00000400, // Class name is special. Name describes how. + + // Implementation attributes. + tdImport = 0x00001000, // Class / interface is imported + tdSerializable = 0x00002000, // The class is Serializable. + + // Use tdStringFormatMask to retrieve string information for native interop + tdStringFormatMask = 0x00030000, + tdAnsiClass = 0x00000000, // LPTSTR is interpreted as ANSI in this class + tdUnicodeClass = 0x00010000, // LPTSTR is interpreted as UNICODE + tdAutoClass = 0x00020000, // LPTSTR is interpreted automatically + // end string format mask + + tdBeforeFieldInit = 0x00100000, // Initialize the class any time before first static field access. + + // Flags reserved for runtime use. + tdReservedMask = 0x00040800, + tdRTSpecialName = 0x00000800, // Runtime should check name encoding. + tdHasSecurity = 0x00040000, // Class has security associate with it. +} CorTypeAttr; + +typedef enum CorILMethodFlags +{ + CorILMethod_InitLocals = 0x0010, // call default constructor on all local vars + CorILMethod_MoreSects = 0x0008, // there is another attribute after this one + + CorILMethod_CompressedIL = 0x0040, // FIX Remove this and do it on a per Module basis + + // Indicates the format for the COR_ILMETHOD header + CorILMethod_FormatShift = 2, + CorILMethod_FormatMask = ((1 << CorILMethod_FormatShift) - 1), + CorILMethod_TinyFormat = 0x0002, + CorILMethod_SmallFormat = 0x0000, + CorILMethod_FatFormat = 0x0003, +} CorILMethodFlags; + +typedef struct IMAGE_COR_ILMETHOD_FAT +{ + unsigned Flags : 12; // Flags + unsigned Size : 4; // size in DWords of this structure (currently 3) + unsigned MaxStack : 16; // maximum number of items (I4, I, I8, obj ...), on the operand stack + DWORD CodeSize; // size of the code + mdSignature LocalVarSigTok; // token that indicates the signature of the local vars (0 means none) +} IMAGE_COR_ILMETHOD_FAT; + +typedef enum CorILMethodSect // codes that identify attributes +{ + CorILMethod_Sect_Reserved = 0, + CorILMethod_Sect_EHTable = 1, + CorILMethod_Sect_OptILTable = 2, + + CorILMethod_Sect_KindMask = 0x3F, // The mask for decoding the type code + CorILMethod_Sect_FatFormat = 0x40, // fat format + CorILMethod_Sect_MoreSects = 0x80, // there is another attribute after this one +} CorILMethodSect; + +typedef enum CorExceptionFlag +{ + COR_ILEXCEPTION_CLAUSE_NONE, + COR_ILEXCEPTION_CLAUSE_FILTER = 0x0001, + COR_ILEXCEPTION_CLAUSE_FINALLY = 0x0002, + COR_ILEXCEPTION_CLAUSE_FAULT = 0x0004, +} CorExceptionFlag; + +// MethodDef attr bits, Used by DefineMethod. +typedef enum CorMethodAttr +{ + // member access mask - Use this mask to retrieve accessibility information. + mdMemberAccessMask = 0x0007, + mdPrivateScope = 0x0000, // Member not referenceable. + mdPrivate = 0x0001, // Accessible only by the parent type. + mdFamANDAssem = 0x0002, // Accessible by sub-types only in this Assembly. + mdAssem = 0x0003, // Accessibly by anyone in the Assembly. + mdFamily = 0x0004, // Accessible only by type and sub-types. + mdFamORAssem = 0x0005, // Accessibly by sub-types anywhere, plus anyone in assembly. + mdPublic = 0x0006, // Accessibly by anyone who has visibility to this scope. + // end member access mask + + // method contract attributes. + mdStatic = 0x0010, // Defined on type, else per instance. + mdFinal = 0x0020, // Method may not be overridden. + mdVirtual = 0x0040, // Method virtual. + mdHideBySig = 0x0080, // Method hides by name+sig, else just by name. + + // vtable layout mask - Use this mask to retrieve vtable attributes. + mdVtableLayoutMask = 0x0100, + mdReuseSlot = 0x0000, // The default. + mdNewSlot = 0x0100, // Method always gets a new slot in the vtable. + // end vtable layout mask + + // method implementation attributes. + mdCheckAccessOnOverride = 0x0200, // Overridability is the same as the visibility. + mdAbstract = 0x0400, // Method does not provide an implementation. + mdSpecialName = 0x0800, // Method is special. Name describes how. + + // interop attributes + mdPinvokeImpl = 0x2000, // Implementation is forwarded through pinvoke. + mdUnmanagedExport = 0x0008, // Managed method exported via thunk to unmanaged code. + + // Reserved flags for runtime use only. + mdReservedMask = 0xd000, + mdRTSpecialName = 0x1000, // Runtime should check name encoding. + mdHasSecurity = 0x4000, // Method has security associate with it. + mdRequireSecObject = 0x8000, // Method calls another method containing security code. + +} CorMethodAttr; + +// Assembly attr bits, used by DefineAssembly. +typedef enum CorAssemblyFlags +{ + afPublicKey = 0x0001, // The assembly ref holds the full (unhashed) public key. + + afPA_None = 0x0000, // Processor Architecture unspecified + afPA_MSIL = 0x0010, // Processor Architecture: neutral (PE32) + afPA_x86 = 0x0020, // Processor Architecture: x86 (PE32) + afPA_IA64 = 0x0030, // Processor Architecture: Itanium (PE32+) + afPA_AMD64 = 0x0040, // Processor Architecture: AMD X64 (PE32+) + afPA_ARM = 0x0050, // Processor Architecture: ARM (PE32) + afPA_ARM64 = 0x0060, // Processor Architecture: ARM64 (PE32+) + afPA_NoPlatform = 0x0070, // applies to any platform but cannot run on any (e.g. reference assembly), should not have "specified" set + afPA_Specified = 0x0080, // Propagate PA flags to AssemblyRef record + afPA_Mask = 0x0070, // Bits describing the processor architecture + afPA_FullMask = 0x00F0, // Bits describing the PA incl. Specified + afPA_Shift = 0x0004, // NOT A FLAG, shift count in PA flags <--> index conversion + + afEnableJITcompileTracking = 0x8000, // From "DebuggableAttribute". + afDisableJITcompileOptimizer = 0x4000, // From "DebuggableAttribute". + afDebuggableAttributeMask = 0xc000, + + afRetargetable = 0x0100, // The assembly can be retargeted (at runtime) to an + // assembly from a different publisher. + + afContentType_Default = 0x0000, + afContentType_WindowsRuntime = 0x0200, + afContentType_Mask = 0x0E00, // Bits describing ContentType +} CorAssemblyFlags; + +// FieldDef attr bits, used by DefineField. +typedef enum CorFieldAttr +{ + // member access mask - Use this mask to retrieve accessibility information. + fdFieldAccessMask = 0x0007, + fdPrivateScope = 0x0000, // Member not referenceable. + fdPrivate = 0x0001, // Accessible only by the parent type. + fdFamANDAssem = 0x0002, // Accessible by sub-types only in this Assembly. + fdAssembly = 0x0003, // Accessibly by anyone in the Assembly. + fdFamily = 0x0004, // Accessible only by type and sub-types. + fdFamORAssem = 0x0005, // Accessibly by sub-types anywhere, plus anyone in assembly. + fdPublic = 0x0006, // Accessibly by anyone who has visibility to this scope. + // end member access mask + + // field contract attributes. + fdStatic = 0x0010, // Defined on type, else per instance. + fdInitOnly = 0x0020, // Field may only be initialized, not written to after init. + fdLiteral = 0x0040, // Value is compile time constant. + fdNotSerialized = 0x0080, // Field does not have to be serialized when type is remoted. + + fdSpecialName = 0x0200, // field is special. Name describes how. + + // interop attributes + fdPinvokeImpl = 0x2000, // Implementation is forwarded through pinvoke. + + // Reserved flags for runtime use only. + fdReservedMask = 0x9500, + fdRTSpecialName = 0x0400, // Runtime(metadata internal APIs) should check name encoding. + fdHasFieldMarshal = 0x1000, // Field has marshalling information. + fdHasDefault = 0x8000, // Field has default. + fdHasFieldRVA = 0x0100, // Field has RVA. +} CorFieldAttr; + +// MethodImpl attr bits, used by DefineMethodImpl. +typedef enum CorMethodImpl +{ + // code impl mask + miCodeTypeMask = 0x0003, // Flags about code type. + miIL = 0x0000, // Method impl is IL. + miNative = 0x0001, // Method impl is native. + miOPTIL = 0x0002, // Method impl is OPTIL + miRuntime = 0x0003, // Method impl is provided by the runtime. + // end code impl mask + + // managed mask + miManagedMask = 0x0004, // Flags specifying whether the code is managed or unmanaged. + miUnmanaged = 0x0004, // Method impl is unmanaged, otherwise managed. + miManaged = 0x0000, // Method impl is managed. + // end managed mask + + // implementation info and interop + miForwardRef = 0x0010, // Indicates method is defined; used primarily in merge scenarios. + miPreserveSig = 0x0080, // Indicates method sig is not to be mangled to do HRESULT conversion. + + miInternalCall = 0x1000, // Reserved for internal use. + + miSynchronized = 0x0020, // Method is single threaded through the body. + miNoInlining = 0x0008, // Method may not be inlined. + miMaxMethodImplVal = 0xffff, // Range check value +} CorMethodImpl; + +typedef enum CorPropertyAttr +{ + prSpecialName = 0x0200, // property is special. Name describes how. + + // Reserved flags for Runtime use only. + prReservedMask = 0xf400, + prRTSpecialName = 0x0400, // Runtime(metadata internal APIs) should check name encoding. + prHasDefault = 0x1000, // Property has default + + prUnused = 0xe9ff, +} CorPropertyAttr; + +// Event attr bits, used by DefineEvent. +typedef enum CorEventAttr +{ + evSpecialName = 0x0200, // event is special. Name describes how. + + // Reserved flags for Runtime use only. + evReservedMask = 0x0400, + evRTSpecialName = 0x0400, // Runtime(metadata internal APIs) should check name encoding. +} CorEventAttr; + +// ManifestResource attr bits, used by DefineManifestResource. +typedef enum CorManifestResourceFlags +{ + mrVisibilityMask = 0x0007, + mrPublic = 0x0001, // The Resource is exported from the Assembly. + mrPrivate = 0x0002, // The Resource is private to the Assembly. +} CorManifestResourceFlags; + +typedef enum CorMethodSemanticsAttr +{ + msSetter = 0x0001, + msGetter = 0x0002, + msOther = 0x0004, + msAddOn = 0x0008, + msRemoveOn = 0x0010, + msFire = 0x0020, +} CorMethodSemanticsAttr; + +//***************************************************************************** +// +// Element type for Cor signature +// +//***************************************************************************** + +typedef enum CorElementType +{ + ELEMENT_TYPE_END = 0x0, + ELEMENT_TYPE_VOID = 0x1, + ELEMENT_TYPE_BOOLEAN = 0x2, + ELEMENT_TYPE_CHAR = 0x3, + ELEMENT_TYPE_I1 = 0x4, + ELEMENT_TYPE_U1 = 0x5, + ELEMENT_TYPE_I2 = 0x6, + ELEMENT_TYPE_U2 = 0x7, + ELEMENT_TYPE_I4 = 0x8, + ELEMENT_TYPE_U4 = 0x9, + ELEMENT_TYPE_I8 = 0xa, + ELEMENT_TYPE_U8 = 0xb, + ELEMENT_TYPE_R4 = 0xc, + ELEMENT_TYPE_R8 = 0xd, + ELEMENT_TYPE_STRING = 0xe, + + // every type above PTR will be simple type + ELEMENT_TYPE_PTR = 0xf, // PTR <type> + ELEMENT_TYPE_BYREF = 0x10, // BYREF <type> + + // Please use ELEMENT_TYPE_VALUETYPE. ELEMENT_TYPE_VALUECLASS is deprecated. + ELEMENT_TYPE_VALUETYPE = 0x11, // VALUETYPE <class Token> + ELEMENT_TYPE_CLASS = 0x12, // CLASS <class Token> + ELEMENT_TYPE_VAR = 0x13, // number + + ELEMENT_TYPE_ARRAY = 0x14, // MDARRAY <type> <rank> <bcount> <bound1> ... <lbcount> <lb1> ... + ELEMENT_TYPE_GENERICINST = 0x15, // <type> <type-arg-count> <type-1> \x{2026} <type-n> + + ELEMENT_TYPE_TYPEDBYREF = 0x16, // This is a simple type. + + ELEMENT_TYPE_I = 0x18, // native integer size + ELEMENT_TYPE_U = 0x19, // native unsigned integer size + ELEMENT_TYPE_FNPTR = 0x1B, // FNPTR <complete sig for the function including calling convention> + ELEMENT_TYPE_OBJECT = 0x1C, // Shortcut for System.Object + ELEMENT_TYPE_SZARRAY = 0x1D, // Shortcut for single dimension zero lower bound array + // SZARRAY <type> + ELEMENT_TYPE_MVAR = 0x1E, // number + + // This is only for binding + ELEMENT_TYPE_CMOD_REQD = 0x1F, // required C modifier : E_T_CMOD_REQD <mdTypeRef/mdTypeDef> + ELEMENT_TYPE_CMOD_OPT = 0x20, // optional C modifier : E_T_CMOD_OPT <mdTypeRef/mdTypeDef> + + // This is for signatures generated internally (which will not be persisted in any way). + ELEMENT_TYPE_INTERNAL = 0x21, // INTERNAL <typehandle> + + // Note that this is the max of base type excluding modifiers + ELEMENT_TYPE_MAX = 0x22, // first invalid element type + + + ELEMENT_TYPE_MODIFIER = 0x40, + ELEMENT_TYPE_SENTINEL = 0x01 | ELEMENT_TYPE_MODIFIER, // sentinel for varargs + ELEMENT_TYPE_PINNED = 0x05 | ELEMENT_TYPE_MODIFIER, + + // For internal usage only + + ELEMENT_TYPE_TYPE = 0x50, + ELEMENT_TYPE_TAGGED_OBJECT = 0x51, + ELEMENT_TYPE_ENUM = 0x55 +} CorElementType; + +typedef struct IMAGE_COR_VTABLEFIXUP +{ + ULONG RVA; // Offset of v-table array in image. + USHORT Count; // How many entries at location. + USHORT Type; // COR_VTABLE_xxx type of entries. +} IMAGE_COR_VTABLEFIXUP; + +#endif
\ No newline at end of file |