本次修改日期: 2014-10-21
版本: 1.10
作者: Charlie (Fingertipx)
/*====================================================================
@Table
00 Unknown
01 UnusedSpace
Binary
WString
ShortString
Settings
Contacts
====================================================================*/
typedef ULONG32 SIGNATURE;
typedef ULONG64 OFFSET;
/*********************************************************************
* Common used in nearly all structures
* struct OBJ_VERSION
* struct OBJ_TIME
*********************************************************************/
///========================================
/// struct OBJ_VERSION
///========================================
typedef struct _OBJ_VERSION {
USHORT MajorVersion;
USHORT MinorVersion;
ULONG ServicePack;
} OBJ_VERSION, *POBJ_VERSION;
///========================================
/// struct OBJ_TIME
///========================================
typedef struct _OBJ_TIME {
LARGE_INTEGER Create;
LARGE_INTEGER LastAccess;
LARGE_INTEGER LastModify;
} OBJ_TIME, *POBJ_TIME;
///========================================
/// struct OBJ_NAME
///========================================
typedef struct _OBJ_NAME {
CHAR Buffer[63];
BYTE BufferLength;
}OBJ_NAME, *POBJ_NAME;
/*********************************************************************
* Package file & file header
* struct PKG_FILE
* struct PKG_FILE_HEADER
* struct PKG_OPTIONAL_HEADER
* struct PKG_EXTENSION_HEADER
*********************************************************************/
///========================================
/// struct PKG_FILE
///========================================
typedef struct _PKG_FILE {
IMAGE_DOS_HEADER PeDosHeader;
ULONG64 PkgFileSignature;
OFFSET _PkgFileHeader;
} PKG_FILE, *PKG_FILE;
///========================================
/// struct PKG_FILE_HEADER
///========================================
typedef struct _PKG_FILE_HEADER {
SIGNATURE Signature;
ULONG Size;
ULONG64 PkgSize;
OBJ_VERSION Version;
// OBJ_TIME Time;
// Time属性在PKG_EXTENSION_HEADER结构中
// 因为Time属性可以被加密
ULONG FileChecksum;
// 文件效验码
// 即整个包含了PkgFile的文件的效验码
// 计算FileChecksum时将略去FileChecksum本身这4字节, 视为0x00000000...
ULONG Checksum;
// PkgFile的效验码
union {
struct {
BOOLEAN OpenedByLowerVersion;
// 是否允许被低版本的阅读器打开
};
ULONG Flags;
};
union {
struct {
UCHAR Type;
UCHAR SubType;
UCHAR Reserve1;
UCHAR Reserve2;
};
ULONG Value;
}PackageType;
ULONG64 Property1;
ULONG64 Property2;
union {
struct {
BOOLEAN TotalFileEncrypted;
BOOLEAN DataEncrypted;
};
ULONG64 EncryptValue;
};
BYTE Password[128];
OFFSET _ExtensionHeader;
OFFSET _OptionalHeader;
} PKG_FILE_HEADER, *PPKG_FILE_HEADER;
///========================================
/// struct PKG_OPTIONAL_HEADER
///========================================
typedef struct _PKG_OPTIONAL_HEADER {
SIGNATURE Signature;
ULONG Size;
OBJ_VERSION Version;
OBJ_TIME Time;
OBJ_NAME Author;
OBJ_NAME SubAuthor;
OBJ_NAME Corporation;
} PKG_OPTIONAL_HEADER, *PPKG_OPTIONAL_HEADER;
///========================================
/// struct PKG_EXTENSION_HEADER
///========================================
typedef struct _PKG_EXTENSION_HEADER {
SIGNATURE Signature;
ULONG Size;
OBJ_VERSION Version;
OBJ_TIME Time;
//
} PKG_EXTENSION_HEADER, *PPKG_EXTENSION_HEADER;