forked from Freddrickk/ida-efiutils
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathte_image.bt
52 lines (44 loc) · 1.36 KB
/
te_image.bt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
// te_image.bt - a basic TE image template for 010 Editor
//
// See the following URL for more info and the latest version:
// https://github.com/snarez/ida-efiutils
//
// -snare
local int32 i;
typedef UBYTE UINT8;
typedef struct {
UINT32 VirtualAddress;
UINT32 Size;
} EFI_IMAGE_DATA_DIRECTORY;
typedef struct {
UINT16 Signature;
UINT16 Machine;
UINT8 NumberOfSections;
UINT8 Subsystem;
UINT16 StrippedSize;
UINT32 AddressOfEntryPoint;
UINT32 BaseOfCode;
UINT64 ImageBase;
EFI_IMAGE_DATA_DIRECTORY DataDirectory[2];
} TEImageHeader;
typedef struct{
char Name[8];
int32 VirtualSize;
int32 VirtualAddress;
int32 SizeOfRawData;
int32 PointerToRawData;
int32 PointerToRelocations;
int32 PointerToLinenumbers;
int16 NumberOfRelocations;
int16 NumberOfLinenumbers;
int32 Characteristics;
} SectionHeader;
struct SectionData (int size) {
char data[size];
};
TEImageHeader header;
SectionHeader sec_header[header.NumberOfSections];
for (i = 0; i < header.NumberOfSections; i++) {
FSeek(sec_header[i].PointerToRawData - header.StrippedSize + sizeof(header));
SectionData section(sec_header[i].SizeOfRawData);
}