523 lines
19 KiB
Go
523 lines
19 KiB
Go
package pe
|
|
|
|
// CONSTANTS / MAGIC NUMBERS
|
|
|
|
// MZSignature is the signature of the MZ format. This is the value of the
|
|
// Signature field in ImageDOSHeader.
|
|
var MZSignature = [2]byte{'M', 'Z'}
|
|
|
|
// PESignature is the signature of the PE format. This is the value of the
|
|
// Signature field in ImageNTHeaders32 and ImageNTHeaders64.
|
|
var PESignature = [4]byte{'P', 'E', 0, 0}
|
|
|
|
// Enumeration of magic numbers
|
|
const (
|
|
// ImageNTOptionalHeader32Magic is the magic number for 32-bit optional
|
|
// header (ImageOptionalHeader32)
|
|
ImageNTOptionalHeader32Magic = 0x010b
|
|
|
|
// ImageNTOptionalHeader64Magic is the magic number for 64-bit optional
|
|
// header (ImageOptionalHeader64)
|
|
ImageNTOptionalHeader64Magic = 0x020b
|
|
)
|
|
|
|
// Enumeration of structure lengths.
|
|
const (
|
|
// SizeOfImageDOSHeader is the on-disk size of the ImageDOSHeader
|
|
// structure.
|
|
SizeOfImageDOSHeader = 64
|
|
|
|
// SizeOfImageFileHeader is the on-disk size of the ImageFileHeader
|
|
// structure.
|
|
SizeOfImageFileHeader = 20
|
|
|
|
// SizeOfImageOptionalHeader32 is the on-disk size of the
|
|
// ImageOptionalHeader32 structure.
|
|
SizeOfImageOptionalHeader32 = 224
|
|
|
|
// SizeOfImageOptionalHeader64 is the on-disk size of the
|
|
// ImageOptionalHeader64 structure.
|
|
SizeOfImageOptionalHeader64 = 240
|
|
|
|
// SizeOfImageNTHeaders32 is the on-disk size of the ImageNTHeaders32
|
|
// structure.
|
|
SizeOfImageNTHeaders32 = 248
|
|
|
|
// SizeOfImageNTHeaders64 is the on-disk size of the ImageNTHeaders64
|
|
// structure.
|
|
SizeOfImageNTHeaders64 = 264
|
|
|
|
// SizeOfImageDataDirectory is the on-disk size of the ImageDataDirectory
|
|
// structure.
|
|
SizeOfImageDataDirectory = 8
|
|
)
|
|
|
|
// Enumeration of useful field offsets.
|
|
const (
|
|
// OffsetOfOptionalHeaderFromNTHeader is the offset from the start of
|
|
// the NT header to the optional header magic value. This is helpful for
|
|
// determining if the PE file is PE32 or PE64.
|
|
OffsetOfOptionalHeaderFromNTHeader = 0x18
|
|
)
|
|
|
|
// Enumeration of fixed-size array lengths in PE
|
|
const (
|
|
// NumDirectoryEntries specifies the number of data directory entries.
|
|
NumDirectoryEntries = 16
|
|
|
|
// SectionNameLength is the size of a section short name.
|
|
SectionNameLength = 8
|
|
)
|
|
|
|
// Enumeration of known Windows Loader limits. (Some of these may not be
|
|
// imposed by the format itself and purely by Windows runtime.)
|
|
const (
|
|
// MaxNumSections specifies the maximum number of sections that are
|
|
// allowed. This is imposed by Windows Loader.
|
|
MaxNumSections = 96
|
|
)
|
|
|
|
// ENUMERATION VALUES
|
|
|
|
// Enumeration of machine values for the file header.
|
|
const (
|
|
ImageFileMachineUnknown = 0x0000
|
|
ImageFileMachineTargetHost = 0x0001
|
|
ImageFileMachinei386 = 0x014c
|
|
ImageFileMachineR3000BE = 0x0160
|
|
ImageFileMachineR3000 = 0x0162
|
|
ImageFileMachineR4000 = 0x0166
|
|
ImageFileMachineR10000 = 0x0168
|
|
ImageFileMachineWCEMIPSv2 = 0x0169
|
|
ImageFileMachineAlpha = 0x0184
|
|
ImageFileMachineSH3 = 0x01a2
|
|
ImageFileMachineSH3DSP = 0x01a3
|
|
ImageFileMachineSH3E = 0x01a4
|
|
ImageFileMachineSH4 = 0x01a6
|
|
ImageFileMachineSH5 = 0x01a8
|
|
ImageFileMachineARM = 0x01c0
|
|
ImageFileMachineTHUMB = 0x01c2
|
|
ImageFileMachineARMNT = 0x01c4
|
|
ImageFileMachineAM33 = 0x01d3
|
|
ImageFileMachinePowerPC = 0x01F0
|
|
ImageFileMachinePowerPCFP = 0x01f1
|
|
ImageFileMachineIA64 = 0x0200
|
|
ImageFileMachineMIPS16 = 0x0266
|
|
ImageFileMachineAlpha64 = 0x0284
|
|
ImageFileMachineMIPSFPU = 0x0366
|
|
ImageFileMachineMIPSFPU16 = 0x0466
|
|
ImageFileMachineAXP64 = ImageFileMachineAlpha64
|
|
ImageFileMachineTricore = 0x0520
|
|
ImageFileMachineCEF = 0x00CE
|
|
ImageFileMachineEBC = 0x0EBC
|
|
ImageFileMachineAMD64 = 0x8664
|
|
ImageFileMachineM32R = 0x9041
|
|
ImageFileMachineARM64 = 0xAA64
|
|
ImageFileMachineCEE = 0x0C0E
|
|
ImageFileMachineRISCV32 = 0x5032
|
|
ImageFileMachineRISCV64 = 0x5064
|
|
ImageFileMachineRISCV128 = 0x5128
|
|
)
|
|
|
|
// Enumeration of charateristics values for the file header.
|
|
const (
|
|
ImageFileRelocsStripped = 0x0001
|
|
ImageFileExecutableImage = 0x0002
|
|
ImageFileLineNumsStripped = 0x0004
|
|
ImageFileLocalSymsStripped = 0x0008
|
|
ImageFileAggressiveWSTrim = 0x0010
|
|
ImageFileLargeAddressAware = 0x0020
|
|
ImageFileBytesReversedLo = 0x0080
|
|
ImageFile32BitMachine = 0x0100
|
|
ImageFileDebugStripped = 0x0200
|
|
ImageFileRemovableRunFromSwap = 0x0400
|
|
ImageFileNetRunFromSwap = 0x0800
|
|
ImageFileSystem = 0x1000
|
|
ImageFileDLL = 0x2000
|
|
ImageFileUPSystemOnly = 0x4000
|
|
ImageFileBytesReversedHi = 0x8000
|
|
)
|
|
|
|
// Enumeration of image subsystem values.
|
|
const (
|
|
ImageSubsystemUnknown = 0
|
|
ImageSubsystemNative = 1
|
|
ImageSubsystemWindowsGUI = 2
|
|
ImageSubsystemWindowsCUI = 3
|
|
ImageSubsystemOS2CUI = 5
|
|
ImageSubsystemPOSIXCUI = 7
|
|
ImageSubsystemNativeWindows = 8
|
|
ImageSubsystemWindowsCEGUI = 9
|
|
ImageSubsystemEFIApplication = 10
|
|
ImageSubsystemEFIBootServiceDriver = 11
|
|
ImageSubsystemEFIRuntimeDriver = 12
|
|
ImageSubsystemEFIROM = 13
|
|
ImageSubsystemXBox = 14
|
|
ImageSubsystemWindowsBootApplication = 16
|
|
ImageSubsystemXBoxCodeCatalog = 17
|
|
)
|
|
|
|
// Enumeration of DLL characteristics values.
|
|
const (
|
|
ImageDLLCharacteristicsHighEntropyVA = 0x0020
|
|
ImageDLLCharacteristicsDynamicBase = 0x0040
|
|
ImageDLLCharacteristicsForceIntegrity = 0x0080
|
|
ImageDLLCharacteristicsNXCompat = 0x0100
|
|
ImageDLLCharacteristicsNoIsolation = 0x0200
|
|
ImageDLLCharacteristicsNoSEH = 0x0400
|
|
ImageDLLCharacteristicsNoBind = 0x0800
|
|
ImageDLLCharacteristicsAppContainer = 0x1000
|
|
ImageDLLCharacteristicsWDMDriver = 0x2000
|
|
ImageDLLCharacteristicsGuardCF = 0x4000
|
|
ImageDLLCharacteristicsTerminalServerAware = 0x8000
|
|
)
|
|
|
|
// Enumeration of image directory entry indexes. These represent indices into
|
|
// the data directory array of the optional header.
|
|
const (
|
|
ImageDirectoryEntryExport = 0
|
|
ImageDirectoryEntryImport = 1
|
|
ImageDirectoryEntryResource = 2
|
|
ImageDirectoryEntryException = 3
|
|
ImageDirectoryEntrySecurity = 4
|
|
ImageDirectoryEntryBaseReloc = 5
|
|
ImageDirectoryEntryDebug = 6
|
|
ImageDirectoryEntryCopyright = 7
|
|
ImageDirectoryEntryArchitecture = 7
|
|
ImageDirectoryEntryGlobalPtr = 8
|
|
ImageDirectoryEntryTLS = 9
|
|
ImageDirectoryEntryLoadConfig = 10
|
|
ImageDirectoryEntryBoundImport = 11
|
|
ImageDirectoryEntryIAT = 12
|
|
ImageDirectoryEntryDelayImport = 13
|
|
ImageDirectoryEntryCOMDescriptor = 14
|
|
)
|
|
|
|
// Enumeration of image section characteristics.
|
|
const (
|
|
ImageSectionCharacteristicsNoPad = 0x00000008
|
|
ImageSectionCharacteristicsContainsCode = 0x00000020
|
|
ImageSectionCharacteristicsContainsInitializedData = 0x00000040
|
|
ImageSectionCharacteristicsContainsUninitailizedData = 0x00000080
|
|
ImageSectionCharacteristicsLinkOther = 0x00000100
|
|
ImageSectionCharacteristicsLinkInfo = 0x00000200
|
|
ImageSectionCharacteristicsLinkRemove = 0x00000800
|
|
ImageSectionCharacteristicsLinkCOMDAT = 0x00001000
|
|
ImageSectionCharacteristicsNoDeferSpecExc = 0x00004000
|
|
ImageSectionCharacteristicsGPRel = 0x00008000
|
|
ImageSectionCharacteristicsMemoryFarData = 0x00008000
|
|
ImageSectionCharacteristicsMemoryPurgeable = 0x00020000
|
|
ImageSectionCharacteristicsMemory16Bit = 0x00020000
|
|
ImageSectionCharacteristicsMemoryLocked = 0x00040000
|
|
ImageSectionCharacteristicsMemoryPreload = 0x00080000
|
|
ImageSectionCharacteristicsAlign1Bytes = 0x00100000
|
|
ImageSectionCharacteristicsAlign2Bytes = 0x00200000
|
|
ImageSectionCharacteristicsAlign4Bytes = 0x00300000
|
|
ImageSectionCharacteristicsAlign8Bytes = 0x00400000
|
|
ImageSectionCharacteristicsAlign16Bytes = 0x00500000
|
|
ImageSectionCharacteristicsAlign32Bytes = 0x00600000
|
|
ImageSectionCharacteristicsAlign64Bytes = 0x00700000
|
|
ImageSectionCharacteristicsAlign128Bytes = 0x00800000
|
|
ImageSectionCharacteristicsAlign256Bytes = 0x00900000
|
|
ImageSectionCharacteristicsAlign512Bytes = 0x00A00000
|
|
ImageSectionCharacteristicsAlign1024Bytes = 0x00B00000
|
|
ImageSectionCharacteristicsAlign2048Bytes = 0x00C00000
|
|
ImageSectionCharacteristicsAlign4096Bytes = 0x00D00000
|
|
ImageSectionCharacteristicsAlign8192Bytes = 0x00E00000
|
|
ImageSectionCharacteristicsAlignMask = 0x00F00000
|
|
ImageSectionCharacteristicsLinkNumRelocOverflow = 0x01000000
|
|
ImageSectionCharacteristicsMemoryDiscardable = 0x02000000
|
|
ImageSectionCharacteristicsMemoryNotCached = 0x04000000
|
|
ImageSectionCharacteristicsMemoryNotPaged = 0x08000000
|
|
ImageSectionCharacteristicsMemoryShared = 0x10000000
|
|
ImageSectionCharacteristicsMemoryExecute = 0x20000000
|
|
ImageSectionCharacteristicsMemoryRead = 0x40000000
|
|
ImageSectionCharacteristicsMemoryWrite = 0x80000000
|
|
)
|
|
|
|
// Enumeration of TLS characteristics.
|
|
const (
|
|
ImageSectionTLSCharacteristicsScaleIndex = 0x00000001
|
|
)
|
|
|
|
// Enumeration of relocation types.
|
|
const (
|
|
ImageRelBasedAbsolute = 0
|
|
ImageRelBasedHigh = 1
|
|
ImageRelBasedLow = 2
|
|
ImageRelBasedHighLow = 3
|
|
ImageRelBasedHighAdj = 4
|
|
ImageRelBasedMachineSpecific5 = 5
|
|
ImageRelBasedReserved = 6
|
|
ImageRelBasedMachineSpecific7 = 7
|
|
ImageRelBasedMachineSpecific8 = 8
|
|
ImageRelBasedMachineSpecific9 = 9
|
|
ImageRelBasedDir64 = 10
|
|
)
|
|
|
|
// ImageDOSHeader is the structure of the DOS MZ Executable format. All PE
|
|
// files contain at least a valid stub DOS MZ executable at the top; the PE
|
|
// format itself starts at the address specified by NewHeaderAddr.
|
|
type ImageDOSHeader struct {
|
|
Signature [2]byte
|
|
LastPageBytes uint16
|
|
CountPages uint16
|
|
CountRelocs uint16
|
|
HeaderLen uint16
|
|
MinAlloc uint16
|
|
MaxAlloc uint16
|
|
InitialSS uint16
|
|
InitialSP uint16
|
|
Checksum uint16
|
|
InitialIP uint16
|
|
InitialCS uint16
|
|
RelocAddr uint16
|
|
OverlayNum uint16
|
|
Reserved [4]uint16
|
|
OEMID uint16
|
|
OEMInfo uint16
|
|
Reserved2 [10]uint16
|
|
NewHeaderAddr uint32
|
|
}
|
|
|
|
// ImageFileHeader contains some of the basic attributes about the PE/COFF
|
|
// file, including the number of sections and the machine type.
|
|
type ImageFileHeader struct {
|
|
Machine uint16
|
|
NumberOfSections uint16
|
|
TimeDateStamp uint32
|
|
PointerToSymbolTable uint32
|
|
NumberOfSymbols uint32
|
|
SizeOfOptionalHeader uint16
|
|
Characteristics uint16
|
|
}
|
|
|
|
// ImageOptionalHeader32 contains the optional header for 32-bit PE images. It
|
|
// is only 'optional' in the sense that not all PE/COFF binaries have it,
|
|
// however it is required for executables and DLLs.
|
|
type ImageOptionalHeader32 struct {
|
|
Magic uint16
|
|
MajorLinkerVersion uint8
|
|
MinorLinkerVersion uint8
|
|
SizeOfCode uint32
|
|
SizeOfInitializedData uint32
|
|
SizeOfUninitializedData uint32
|
|
AddressOfEntryPoint uint32
|
|
BaseOfCode uint32
|
|
BaseOfData uint32
|
|
|
|
ImageBase uint32
|
|
SectionAlignment uint32
|
|
FileAlignment uint32
|
|
MajorOperatingSystemVersion uint16
|
|
MinorOperatingSystemVersion uint16
|
|
MajorImageVersion uint16
|
|
MinorImageVersion uint16
|
|
MajorSubsystemVersion uint16
|
|
MinorSubsystemVersion uint16
|
|
Win32VersionValue uint32
|
|
SizeOfImage uint32
|
|
SizeOfHeaders uint32
|
|
CheckSum uint32
|
|
Subsystem uint16
|
|
DllCharacteristics uint16
|
|
SizeOfStackReserve uint32
|
|
SizeOfStackCommit uint32
|
|
SizeOfHeapReserve uint32
|
|
SizeOfHeapCommit uint32
|
|
LoaderFlags uint32
|
|
NumberOfRvaAndSizes uint32
|
|
DataDirectory [NumDirectoryEntries]ImageDataDirectory
|
|
}
|
|
|
|
// ImageOptionalHeader64 contains the optional header for 64-bit PE images.
|
|
type ImageOptionalHeader64 struct {
|
|
Magic uint16
|
|
MajorLinkerVersion uint8
|
|
MinorLinkerVersion uint8
|
|
SizeOfCode uint32
|
|
SizeOfInitializedData uint32
|
|
SizeOfUninitializedData uint32
|
|
AddressOfEntryPoint uint32
|
|
BaseOfCode uint32
|
|
ImageBase uint64
|
|
SectionAlignment uint32
|
|
FileAlignment uint32
|
|
MajorOperatingSystemVersion uint16
|
|
MinorOperatingSystemVersion uint16
|
|
MajorImageVersion uint16
|
|
MinorImageVersion uint16
|
|
MajorSubsystemVersion uint16
|
|
MinorSubsystemVersion uint16
|
|
Win32VersionValue uint32
|
|
SizeOfImage uint32
|
|
SizeOfHeaders uint32
|
|
CheckSum uint32
|
|
Subsystem uint16
|
|
DllCharacteristics uint16
|
|
SizeOfStackReserve uint64
|
|
SizeOfStackCommit uint64
|
|
SizeOfHeapReserve uint64
|
|
SizeOfHeapCommit uint64
|
|
LoaderFlags uint32
|
|
NumberOfRvaAndSizes uint32
|
|
DataDirectory [NumDirectoryEntries]ImageDataDirectory
|
|
}
|
|
|
|
// To64 converts the ImageOptionalHeader32 to an ImageOptionalHeader64.
|
|
func (i ImageOptionalHeader32) To64() ImageOptionalHeader64 {
|
|
return ImageOptionalHeader64{
|
|
Magic: i.Magic,
|
|
MajorLinkerVersion: i.MajorLinkerVersion,
|
|
MinorLinkerVersion: i.MinorLinkerVersion,
|
|
SizeOfCode: i.SizeOfCode,
|
|
SizeOfInitializedData: i.SizeOfInitializedData,
|
|
SizeOfUninitializedData: i.SizeOfUninitializedData,
|
|
AddressOfEntryPoint: i.AddressOfEntryPoint,
|
|
BaseOfCode: i.BaseOfCode,
|
|
ImageBase: uint64(i.ImageBase),
|
|
SectionAlignment: i.SectionAlignment,
|
|
FileAlignment: i.FileAlignment,
|
|
MajorOperatingSystemVersion: i.MajorOperatingSystemVersion,
|
|
MinorOperatingSystemVersion: i.MinorOperatingSystemVersion,
|
|
MajorImageVersion: i.MajorImageVersion,
|
|
MinorImageVersion: i.MinorImageVersion,
|
|
MajorSubsystemVersion: i.MajorSubsystemVersion,
|
|
MinorSubsystemVersion: i.MinorSubsystemVersion,
|
|
Win32VersionValue: i.Win32VersionValue,
|
|
SizeOfImage: i.SizeOfImage,
|
|
SizeOfHeaders: i.SizeOfHeaders,
|
|
CheckSum: i.CheckSum,
|
|
Subsystem: i.Subsystem,
|
|
DllCharacteristics: i.DllCharacteristics,
|
|
SizeOfStackReserve: uint64(i.SizeOfStackReserve),
|
|
SizeOfStackCommit: uint64(i.SizeOfStackCommit),
|
|
SizeOfHeapReserve: uint64(i.SizeOfHeapReserve),
|
|
SizeOfHeapCommit: uint64(i.SizeOfHeapCommit),
|
|
LoaderFlags: i.LoaderFlags,
|
|
NumberOfRvaAndSizes: i.NumberOfRvaAndSizes,
|
|
DataDirectory: i.DataDirectory,
|
|
}
|
|
}
|
|
|
|
// ImageNTHeaders32 contains the PE file headers for 32-bit PE images.
|
|
type ImageNTHeaders32 struct {
|
|
// Signature identifies the PE format; Always "PE\0\0".
|
|
Signature [4]byte
|
|
FileHeader ImageFileHeader
|
|
OptionalHeader ImageOptionalHeader32
|
|
}
|
|
|
|
// ImageNTHeaders64 contains the PE file headers for 64-bit PE images.
|
|
type ImageNTHeaders64 struct {
|
|
// Signature identifies the PE format; Always "PE\0\0".
|
|
Signature [4]byte
|
|
FileHeader ImageFileHeader
|
|
OptionalHeader ImageOptionalHeader64
|
|
}
|
|
|
|
// To64 converts the ImageNTHeaders32 to an ImageNTHeaders64.
|
|
func (i ImageNTHeaders32) To64() ImageNTHeaders64 {
|
|
return ImageNTHeaders64{
|
|
Signature: i.Signature,
|
|
FileHeader: i.FileHeader,
|
|
OptionalHeader: i.OptionalHeader.To64(),
|
|
}
|
|
}
|
|
|
|
// ImageDataDirectory holds a record for the given data directory. Each data
|
|
// directory contains information about another section, such as the import
|
|
// table. The index of the directory entry determines which section it
|
|
// pertains to.
|
|
type ImageDataDirectory struct {
|
|
VirtualAddress uint32
|
|
Size uint32
|
|
}
|
|
|
|
// ImageSectionHeader is the header for a section. Windows Loader uses these
|
|
// entries to configure the memory mapping of the executable. A series of
|
|
// these structures immediately follow the headers.
|
|
type ImageSectionHeader struct {
|
|
Name [SectionNameLength]byte
|
|
PhysicalAddressOrVirtualSize uint32
|
|
VirtualAddress uint32
|
|
SizeOfRawData uint32
|
|
PointerToRawData uint32
|
|
PointerToRelocations uint32
|
|
PointerToLinenumbers uint32
|
|
NumberOfRelocations uint16
|
|
NumberOfLinenumbers uint16
|
|
Characteristics uint32
|
|
}
|
|
|
|
// ImageBaseRelocation holds the header for a single page of base relocation
|
|
// data. The .reloc section of the binary contains a series of blocks of
|
|
// base relocation data, each starting with this header and followed by n
|
|
// 16-bit values that each represent a single relocation. The 4 most
|
|
// significant bits specify the type of relocation, while the 12 least
|
|
// significant bits contain the lower bits of the address (which is combined
|
|
// with the virtual address of the page.) The SizeOfBlock value specifies the
|
|
// size of an entire block, in bytes, including its header.
|
|
type ImageBaseRelocation struct {
|
|
VirtualAddress uint32
|
|
SizeOfBlock uint32
|
|
}
|
|
|
|
// The ImageImportDescriptor contains information about an imported module.
|
|
type ImageImportDescriptor struct {
|
|
OriginalFirstThunk uint32
|
|
TimeDateStamp uint32
|
|
ForwarderChain uint32
|
|
Name uint32
|
|
FirstThunk uint32
|
|
}
|
|
|
|
// The ImageExportDirectory contains information about the module's exports.
|
|
type ImageExportDirectory struct {
|
|
Characteristics uint32
|
|
TimeDateStamp uint32
|
|
MajorVersion uint16
|
|
MinorVersion uint16
|
|
Name uint32
|
|
Base uint32
|
|
NumberOfFunctions uint32
|
|
NumberOfNames uint32
|
|
AddressOfFunctions uint32
|
|
AddressOfNames uint32
|
|
AddressOfNameOrdinals uint32
|
|
}
|
|
|
|
// ImageTLSDirectory32 contains information about the module's thread local
|
|
// storage callbacks (in PE32)
|
|
type ImageTLSDirectory32 struct {
|
|
StartAddressOfRawData uint32
|
|
EndAddressOfRawData uint32
|
|
AddressOfIndex uint32
|
|
AddressOfCallBacks uint32
|
|
SizeOfZeroFill uint32
|
|
Characteristics uint32
|
|
}
|
|
|
|
// ImageTLSDirectory64 contains information about the module's thread local
|
|
// storage callbacks (in PE64)
|
|
type ImageTLSDirectory64 struct {
|
|
StartAddressOfRawData uint64
|
|
EndAddressOfRawData uint64
|
|
AddressOfIndex uint64
|
|
AddressOfCallBacks uint64
|
|
SizeOfZeroFill uint32
|
|
Characteristics uint32
|
|
}
|
|
|
|
// To64 converts the ImageTLSDirectory32 to an ImageTLSDirectory64.
|
|
func (i ImageTLSDirectory32) To64() ImageTLSDirectory64 {
|
|
return ImageTLSDirectory64{
|
|
StartAddressOfRawData: uint64(i.StartAddressOfRawData),
|
|
EndAddressOfRawData: uint64(i.EndAddressOfRawData),
|
|
AddressOfIndex: uint64(i.AddressOfIndex),
|
|
AddressOfCallBacks: uint64(i.AddressOfCallBacks),
|
|
SizeOfZeroFill: i.SizeOfZeroFill,
|
|
Characteristics: i.Characteristics,
|
|
}
|
|
}
|