This analyzer enhances the representation and underlying data of the PE
LoadConfiguration structure within BinaryNinja.
140011b20 struct Load_Configuration_Directory_Table __load_configuration_directory_table = 140011b20 { 140011b20 uint32_t c h a r a c t e r i s t i c s = 0x140 140011b24 uint32_t t i m e D a t e S t a m p = 0x0 140011b28 uint16_t m a j o r V e r s i o n = 0x0 140011b2a uint16_t m i n o r V e r s i o n = 0x0 140011b2c uint32_t g l o b a l F l a g s C l e a r = 0x0 140011b30 uint32_t g l o b a l F l a g s S e t = 0x0 140011b34 uint32_t c r i t i c a l S e c t i o n D e f a u l t T i m e o u t = 0x0 140011b38 uint64_t d e C o m m i t F r e e B l o c k T h r e s h o l d = 0x0 140011b40 uint64_t d e C o m m i t T o t a l F r e e T h r e s h o l d = 0x0 140011b48 uint64_t l o c k P r e f i x T a b l e = 0x0 140011b50 uint64_t m a x i m u m A l l o c a t i o n S i z e = 0x0 140011b58 uint64_t v i r t u a l M e m o r y T h r e s h o l d = 0x0 140011b60 uint64_t p r o c e s s A f f i n i t y M a s k = 0x0 140011b68 uint32_t p r o c e s s H e a p F l a g s = 0x0 140011b6c uint16_t c s d V e r s i o n = 0x0 140011b6e uint16_t r e s e r v e d = 0x0 140011b70 uint64_t e d i t L i s t = 0x0 140011b78 uint64_t s e c u r i t y C o o k i e = 0x140016040 140011b80 uint64_t s e H a n d l e r T a b l e = 0x0 140011b88 uint64_t s e H a n d l e r C o u n t = 0x0 140011b90 uint64_t g u a r d C F C h e c k F u n c t i o n P o i n t e r = 0x140011070 140011b98 uint64_t g u a r d C F D i s p a t c h F u n c t i o n P o i n t e r = 0x140011080 140011ba0 uint64_t g u a r d C F F u n c t i o n T a b l e = 0x0 140011ba8 uint64_t g u a r d C F F u n c t i o n C o u n t = 0x0 140011bb0 uint32_t g u a r d F l a g s = 0x100 140011bb4 uint16_t F l a g s = 0x0 140011bb6 uint16_t C a t a l o g = 0x0 140011bb8 uint32_t C a t a l o g O f f s e t = 0x0 140011bbc uint32_t R e s e r v e d = 0x0 140011bc0 uint64_t g u a r d A d d r e s s T a k e n I a t E n t r y T a b l e = 0x0 140011bc8 uint64_t g u a r d A d d r e s s T a k e n I a t E n t r y C o u n t = 0x0 140011bd0 uint64_t g u a r d L o n g J u m p T a r g e t T a b l e = 0x0 140011bd8 uint64_t g u a r d L o n g J u m p T a r g e t C o u n t = 0x0 140011be0 uint64_t d y n a m i c V a l u e R e l o c T a b l e = 0x0 140011be8 uint64_t C H P E M e t a d a t a P o i n t e r = 0x1400111f8 140011bf0 uint64_t g u a r d R F F a i l u r e R o u t i n e = 0x0 140011bf8 uint64_t g u a r d R F F a i l u r e R o u t i n e F u n c t i o n P o i n t e r = 0x0 140011c00 uint32_t d y n a m i c V a l u e R e l o c T a b l e O f f s e t = 0x0 140011c04 uint16_t d y n a m i c V a l u e R e l o c T a b l e S e c t i o n = 0x0 140011c06 uint16_t r e s e r v e d 2 = 0x0 140011c08 uint64_t g u a r d R F V e r i f y S t a c k P o i n t e r F u n c t i o n P o i n t e r = 0x0 140011c10 uint32_t h o t P a t c h T a b l e O f f s e t = 0x0 140011c14 uint32_t r e s e r v e d 3 = 0x0 140011c18 uint64_t e n c l a v e C o n f i g u r a t i o n P o i n t e r = 0x0 140011c20 uint64_t v o l a t i l e M e t a d a t a P o i n t e r = 0x0 140011c28 uint64_t g u a r d E H C o n t i n u a t i o n T a b l e = 0x0 140011c30 uint64_t g u a r d E H C o n t i n u a t i o n C o u n t = 0x0 140011c38 uint64_t g u a r d X F G C h e c k F u n c t i o n P o i n t e r = 0x140011078 140011c40 uint64_t g u a r d X F G D i s p a t c h F u n c t i o n P o i n t e r = 0x140011088 140011c48 uint64_t g u a r d X F G T a b l e D i s p a t c h F u n c t i o n P o i n t e r = 0x140011090 140011c50 }
140011b20 struct _LIEF_IMAGE_LOAD_CONFIG_DIRECTORY64 __load_configuration_directory_table = 140011b20 { 140011b20 uint32_t S i z e = 0x140 140011b24 uint32_t T i m e D a t e S t a m p = 0x0 140011b28 uint16_t M a j o r V e r s i o n = 0x0 140011b2a uint16_t M i n o r V e r s i o n = 0x0 140011b2c uint32_t G l o b a l F l a g s C l e a r = 0x0 140011b30 uint32_t G l o b a l F l a g s S e t = 0x0 140011b34 uint32_t C r i t i c a l S e c t i o n D e f a u l t T i m e o u t = 0x0 140011b38 uintptr_t D e C o m m i t F r e e B l o c k T h r e s h o l d = 0x0 140011b40 uintptr_t D e C o m m i t T o t a l F r e e T h r e s h o l d = 0x0 140011b48 void * L o c k P r e f i x T a b l e = 0x0 140011b50 uintptr_t M a x i m u m A l l o c a t i o n S i z e = 0x0 140011b58 uintptr_t V i r t u a l M e m o r y T h r e s h o l d = 0x0 140011b60 uintptr_t P r o c e s s H e a p F l a g s = 0x0 140011b68 uint32_t P r o c e s s A f f i n i t y M a s k = 0x0 140011b6c uint16_t C S D V e r s i o n = 0x0 140011b6e uint16_t D e p e n d e n t L o a d F l a g s = 0x0 140011b70 void * E d i t L i s t = 0x0 140011b78 void * S e c u r i t y C o o k i e = __security_cookie 140011b80 uintptr_t * S E H a n d l e r T a b l e = 0x0 140011b88 uintptr_t S E H a n d l e r C o u n t = 0x0 140011b90 void ( * * G u a r d C F C h e c k F u n c t i o n P o i n t e r ) ( ) = __guard_check_icall_fptr 140011b98 void ( * * G u a r d C F D i s p a t c h F u n c t i o n P o i n t e r ) ( ) = __guard_dispatch_icall_fptr 140011ba0 uint32_t * S E H a n d l e r T a b l e = 0x0 140011ba8 uintptr_t G u a r d C F F u n c t i o n C o u n t = 0x0 140011bb0 enum G u a r d F l a g s = IMAGE_GUARD_CF_INSTRUMENTED 140011bb4 struct C o d e I n t e g r i t y = 140011bb4 { 140011bb4 uint16_t F l a g s = 0x0 140011bb6 uint16_t C a t a l o g = 0x0 140011bb8 uint32_t C a t a l o g O f f s e t = 0x0 140011bbc uint32_t R e s e r v e d = 0x0 140011bc0 } 140011bc0 void * G u a r d A d d r e s s T a k e n I a t E n t r y T a b l e = 0x0 140011bc8 uintptr_t G u a r d A d d r e s s T a k e n I a t E n t r y C o u n t = 0x0 140011bd0 void * G u a r d L o n g J u m p T a r g e t T a b l e = 0x0 140011bd8 uintptr_t G u a r d L o n g J u m p T a r g e t C o u n t = 0x0 140011be0 void * D y n a m i c V a l u e R e l o c T a b l e = 0x0 140011be8 struct _LIEF_IMAGE_ARM64EC_METADATA_V2* const C H P E M e t a d a t a P o i n t e r = __image_arm64ec_metadata 140011bf0 void ( * * G u a r d R F F a i l u r e R o u t i n e ) ( ) = 0x0 140011bf8 void ( * * G u a r d R F F a i l u r e R o u t i n e F u n c t i o n P o i n t e r ) ( ) = 0x0 140011c00 uint32_t D y n a m i c V a l u e R e l o c T a b l e O f f s e t = 0x0 140011c04 uint16_t D y n a m i c V a l u e R e l o c T a b l e S e c t i o n = 0x0 140011c06 uint16_t R e s e r v e d 2 = 0x0 140011c08 void ( * * G u a r d R F V e r i f y S t a c k P o i n t e r F u n c t i o n P o i n t e r ) ( ) = 0x0 140011c10 uint32_t H o t P a t c h T a b l e O f f s e t = 0x0 140011c14 uint32_t R e s e r v e d 3 = 0x0 140011c18 void * E n c l a v e C o n f i g u r a t i o n P o i n t e r = 0x0 140011c20 void * V o l a t i l e M e t a d a t a P o i n t e r = 0x0 140011c28 void * G u a r d E H C o n t i n u a t i o n T a b l e = 0x0 140011c30 void * G u a r d E H C o n t i n u a t i o n C o u n t = 0x0 140011c38 void ( * * G u a r d X F G C h e c k F u n c t i o n P o i n t e r ) ( ) = data_140011078 140011c40 void ( * * G u a r d X F G D i s p a t c h F u n c t i o n P o i n t e r ) ( ) = data_140011088 140011c48 void ( * * G u a r d X F G T a b l e D i s p a t c h F u n c t i o n P o i n t e r ) ( ) = data_140011090 140011c50 void ( * * C a s t G u a r d O s D e t e r m i n e d F a i l u r e M o d e ) ( ) = 0x140011098 140011c58 void ( * * G u a r d M e m c p y F u n c t i o n P o i n t e r ) ( ) = data_1400110a0 140011c60 }
The layout of this structure – exposed in LIEF through the
interface – evolves frequently across new Windows releases.
By running this analyzer, you obtain a more complete and accurate representation
of these attributes along with their correct data types.
Beyond the Load Configuration, the analyzer also defines additional structures, such as
, which provide valuable context for analyzing ARM64EC binaries.
These definitions make it easier to interpret the purpose of certain
functions and pointers, leading to deeper insights during reverse engineering.
1400111e0 00 00 00 00 01 00 00 00 48 65 6c 6c 6f 20 57 6f 72 6c 64 21 0a 00 00 00 02 00 00 00 00 1e 01 00 . . . . . . . . H e l l o W o r l d ! . . . . . . . . . . . . 140011200 02 00 00 00 b4 1c 01 00 00 90 01 00 00 10 01 00 08 10 01 00 18 10 01 00 10 10 01 00 20 10 01 00 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140011220 00 00 00 00 00 50 01 00 01 00 00 00 01 00 00 00 28 10 01 00 30 10 01 00 00 70 01 00 38 0d 00 00 . . . . . P . . . . . . . . . . ( . . . 0 . . . . p . . 8 . . . 140011240 38 10 01 00 48 3e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 10 01 00 48 10 01 00 50 10 01 00 8 . . . H > . . . . . . . . . . . . . . @ . . . H . . . P . . . 140011260 58 10 01 00 60 10 01 00 68 10 01 00 00 00 00 00 X . . . ` . . . h . . . . . . .
1400111e8 char const data_1400111e8 [ 0xe ] = "Hello World!\n" , 0 1400111f6 00 00 . . 1400111f8 struct _LIEF_IMAGE_ARM64EC_METADATA_V2 __image_arm64ec_metadata = 1400111f8 { 1400111f8 uint32_t V e r s i o n = 0x2 1400111fc uint32_t C o d e M a p = 0x11e00 140011200 uint32_t C o d e M a p C o u n t = 0x2 140011204 uint32_t C o d e R a n g e s T o E n t r y P o i n t s = 0x11cb4 140011208 uint32_t R e d i r e c t i o n M e t a d a t a = 0x19000 14001120c uint32_t _ _ o s _ a r m 6 4 x _ d i s p a t c h _ c a l l _ n o _ r e d i r e c t = 0x11000 140011210 uint32_t _ _ o s _ a r m 6 4 x _ d i s p a t c h _ r e t = 0x11008 140011214 uint32_t _ _ o s _ a r m 6 4 x _ d i s p a t c h _ c a l l = 0x11018 140011218 uint32_t _ _ o s _ a r m 6 4 x _ d i s p a t c h _ i c a l l = 0x11010 14001121c uint32_t _ _ o s _ a r m 6 4 x _ d i s p a t c h _ i c a l l _ c f g = 0x11020 140011220 uint32_t A l t e r n a t e E n t r y P o i n t = 0x0 140011224 uint32_t A u x i l i a r y I A T = 0x15000 140011228 uint32_t C o d e R a n g e s T o E n t r y P o i n t s C o u n t = 0x1 14001122c uint32_t R e d i r e c t i o n M e t a d a t a C o u n t = 0x1 140011230 uint32_t G e t X 6 4 I n f o r m a t i o n F u n c t i o n P o i n t e r = 0x11028 140011234 uint32_t S e t X 6 4 I n f o r m a t i o n F u n c t i o n P o i n t e r = 0x11030 140011238 uint32_t E x t r a R F E T a b l e = 0x17000 14001123c uint32_t E x t r a R F E T a b l e S i z e = 0xd38 140011240 uint32_t _ _ o s _ a r m 6 4 x _ d i s p a t c h _ f p t r = 0x11038 140011244 uint32_t A u x i l i a r y I A T C o p y = 0x13e48 140011248 uint32_t A u x D e l a y l o a d I A T = 0x0 14001124c uint32_t A u x D e l a y l o a d I A T C o p y = 0x0 140011250 uint32_t R e s e r v e d B i t F i e l d = 0x0 140011254 }