ionicons-v5-d 1.0.0 (ab3b10bf)
Updated on 15/02/2026, 16:56:20.

Ghidra - Analyzers - IMAGE_LOAD_CONFIG_DIRECTORY

This analyzer enhances the representation and underlying data of the PE LoadConfiguration structure within Ghidra.

                    IMAGE_LOAD_CONFIG_DIRECTORY64_140011b20   XREF[1]:   1400001c0(*)140011b20 40 01 00 00 00 00 00 00 00 00 00 00 00       IMAGE_LOAD_CONFIG_DIRECTORY64          00 00 00 00 00 00 00 00 00 00 00 00 00          00 00 00 00 00 00 00 00 00 00 00 00 00      140011b20 40 01 00 00                             ddw                       140h                                  Size                            XREF[1]:   1400001c0(*)      140011b24 00 00 00 00                             ddw                       0h                                    TimeDateStamp      140011b28 00 00                                   dw                        0h                                    MajorVersion      140011b2a 00 00                                   dw                        0h                                    MinorVersion      140011b2c 00 00 00 00                             ddw                       0h                                    GlobalFlagsClear      140011b30 00 00 00 00                             ddw                       0h                                    GlobalFlagsSet      140011b34 00 00 00 00                             ddw                       0h                                    CriticalSectionDefaultTimeout      140011b38 00 00 00 00 00 00 00 00                 dq                        0h                                    DeCommitFreeBlockThreshold      140011b40 00 00 00 00 00 00 00 00                 dq                        0h                                    DeCommitTotalFreeThreshold      140011b48 00 00 00 00 00 00 00 00                 addr                      00000000                              LockPrefixTable      140011b50 00 00 00 00 00 00 00 00                 dq                        0h                                    MaximumAllocationSize      140011b58 00 00 00 00 00 00 00 00                 dq                        0h                                    VirtualMemoryThreshold      140011b60 00 00 00 00 00 00 00 00                 dq                        0h                                    ProcessAffinityMask      140011b68 00 00 00 00                             ddw                       0h                                    ProcessHeapFlags      140011b6c 00 00                                   dw                        0h                                    CsdVersion      140011b6e 00 00                                   dw                        0h                                    DependentLoadFlags      140011b70 00 00 00 00 00 00 00 00                 addr                      00000000                              EditList      140011b78 40 60 01 40 01 00 00 00                 addr                      DAT_140016040                         SecurityCookie                         = 32h    2      140011b80 00 00 00 00 00 00 00 00                 addr                      00000000                              SEHandlerTable      140011b88 00 00 00 00 00 00 00 00                 dq                        0h                                    SEHandlerCount      140011b90 70 10 01 40 01 00 00 00                 addr                      PTR__guard_check_icall_140011070      GuardCFCCheckFunctionPointer           = 14000b8d8      140011b98 80 10 01 40 01 00 00 00                 addr                      PTR__guard_dispatch_icall_140011080   GuardCFDispatchFunctionPointer         = 14000e2c0      140011ba0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardCFFunctionTable      140011ba8 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardCFFunctionCount      140011bb0 00 01 00 00                             IMAGE_GUARD_FLAGS         IMAGE_GUARD_CF_INSTRUMENTED           GuardFlags      140011bb4 00 00 00 00 00 00 00 00 00 00 00 00     IMAGE_LOAD_CONFIG_CODE_I                                        CodeIntegrity      140011bc0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardAddressTakenIatEntryTable      140011bc8 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardAddressTakenIatEntryCount      140011bd0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardLongJumpTargetTable      140011bd8 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardLongJumpTargetCount      140011be0 00 00 00 00 00 00 00 00                 addr                      00000000                              DynamicValueRelocTable      140011be8 f8 11 01 40 01 00 00 00                 addr                      DAT_1400111f8                         CHPEMetadataPointer                    = 02h      140011bf0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardRFFailureRoutine      140011bf8 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardRFFailureRoutineFunctionPointer      140011c00 00 00 00 00                             ddw                       0h                                    DynamicValueRelocTableOffset      140011c04 00 00                                   dw                        0h                                    DynamicValueRelocTableSection      140011c06 00 00                                   dw                        0h                                    Reserved1      140011c08 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardRFVerifyStackPointerFunctionPoin      140011c10 00 00 00 00                             ddw                       0h                                    HotPatchTableOffset      140011c14 00 00 00 00                             ddw                       0h                                    Reserved2      140011c18 00 00 00 00 00 00 00 00                 dq                        0h                                    Reserved3
                    IMAGE_LOAD_CONFIG_DIRECTORY64_140011b20   XREF[1]:   1400001c0(*)140011b20 40 01 00 00 00 00 00 00 00 00 00 00 00       IMAGE_LOAD_CONFIG_DIRECTORY64          00 00 00 00 00 00 00 00 00 00 00 00 00          00 00 00 00 00 00 00 00 00 00 00 00 00      140011b20 40 01 00 00                             ddw                       140h                                  Size                            XREF[1]:   1400001c0(*)      140011b24 00 00 00 00                             ddw                       0h                                    TimeDateStamp      140011b28 00 00                                   dw                        0h                                    MajorVersion      140011b2a 00 00                                   dw                        0h                                    MinorVersion      140011b2c 00 00 00 00                             ddw                       0h                                    GlobalFlagsClear      140011b30 00 00 00 00                             ddw                       0h                                    GlobalFlagsSet      140011b34 00 00 00 00                             ddw                       0h                                    CriticalSectionDefaultTimeout      140011b38 00 00 00 00 00 00 00 00                 dq                        0h                                    DeCommitFreeBlockThreshold      140011b40 00 00 00 00 00 00 00 00                 dq                        0h                                    DeCommitTotalFreeThreshold      140011b48 00 00 00 00 00 00 00 00                 addr                      00000000                              LockPrefixTable      140011b50 00 00 00 00 00 00 00 00                 dq                        0h                                    MaximumAllocationSize      140011b58 00 00 00 00 00 00 00 00                 dq                        0h                                    VirtualMemoryThreshold      140011b60 00 00 00 00 00 00 00 00                 dq                        0h                                    ProcessAffinityMask      140011b68 00 00 00 00                             ddw                       0h                                    ProcessHeapFlags      140011b6c 00 00                                   dw                        0h                                    CSDVersion      140011b6e 00 00                                   dw                        0h                                    DependentLoadFlags      140011b70 00 00 00 00 00 00 00 00                 addr                      00000000                              EditList      140011b78 40 60 01 40 01 00 00 00                 addr                      DAT_140016040                         SecurityCookie                         = 32h    2      140011b80 00 00 00 00 00 00 00 00                 dq *                      00000000                              SEHandlerTable      140011b88 00 00 00 00 00 00 00 00                 dq                        0h                                    SEHandlerCount      140011b90 70 10 01 40 01 00 00 00                 addr                      PTR__guard_check_icall_140011070      GuardCFCheckFunctionPointer            = 14000b8d8      140011b98 80 10 01 40 01 00 00 00                 addr                      PTR__guard_dispatch_icall_140011080   GuardCFDispatchFunctionPointer         = 14000e2c0      140011ba0 00 00 00 00 00 00 00 00                 ddw *                     00000000                              GuardCFFunctionTable      140011ba8 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardCFFunctionCount      140011bb0 00 01 00 00                             IMAGE_GUARD_FLAGS         IMAGE_GUARD_CF_INSTRUMENTED           GuardFlags      140011bb4 00 00 00 00 00 00 00 00 00 00 00 00     IMAGE_LOAD_CONFIG_CODE_I                                        CodeIntegrity      140011bc0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardAddressTakenIatEntryTable      140011bc8 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardAddressTakenIatEntryCount      140011bd0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardLongJumpTargetTable      140011bd8 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardLongJumpTargetCount      140011be0 00 00 00 00 00 00 00 00                 addr                      00000000                              DynamicValueRelocTable      140011be8 f8 11 01 40 01 00 00 00                 IMAGE_ARM64EC_METADATA_V  IMAGE_ARM64EC_METADATA_V2_1400111f8   CHPEMetadataPointer      140011bf0 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardRFFailureRoutine      140011bf8 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardRFFailureRoutineFunctionPointer      140011c00 00 00 00 00                             ibo32                     NaP                                   DynamicValueRelocTableOffset      140011c04 00 00                                   dw                        0h                                    DynamicValueRelocTableSection      140011c06 00 00                                   dw                        0h                                    Reserved2      140011c08 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardRFVerifyStackPointerFunctionPoin      140011c10 00 00 00 00                             ibo32                     NaP                                   HotPatchTableOffset      140011c14 00 00 00 00                             ddw                       0h                                    Reserved3      140011c18 00 00 00 00 00 00 00 00                 addr                      00000000                              EnclaveConfigurationPointer      140011c20 00 00 00 00 00 00 00 00                 addr                      00000000                              VolatileMetadataPointer      140011c28 00 00 00 00 00 00 00 00                 addr                      00000000                              GuardEHContinuationTable      140011c30 00 00 00 00 00 00 00 00                 dq                        0h                                    GuardEHContinuationCount      140011c38 78 10 01 40 01 00 00 00                 addr                      PTR__guard_check_icall_140011078      GuardXFGCheckFunctionPointer           = 14000b8d8      140011c40 88 10 01 40 01 00 00 00                 addr                      PTR_LAB_140011088                     GuardXFGDispatchFunctionPointer        = 14000e2e0      140011c48 90 10 01 40 01 00 00 00                 addr                      PTR_LAB_140011090                     GuardXFGTableDispatchFunctionPointer   = 14000e2e0      140011c50 98 10 01 40 01 00 00 00                 addr                      DAT_140011098                         CastGuardOsDeterminedFailureMode      140011c58 a0 10 01 40 01 00 00 00                 addr                      PTR_LAB_1400110a0                     GuardMemcpyFunctionPointer             = 14000e080
The layout of this structure – exposed in LIEF through the
lief::pe::LoadConfiguration lief.PE.LoadConfiguration LIEF::PE::LoadConfiguration
interface – evolves frequently across new Windows releases. As of today, Ghidra does not natively recognize many of the newer attributes introduced in recent versions. By running this analyzer, you obtain a more complete and accurate representation of these attributes along with their correct data types.
Beyond the Load Configuration, the analyzer also defines additional structures, such as
lief::pe::chpe_metadata_arm64::CHPEMetadata lief.PE.CHPEMetadataARM64 LIEF::PE::CHPEMetadataARM64
, which provide valuable context for analyzing ARM64EC binaries. These definitions make it easier to interpret the purpose of certain functions and pointers, leading to deeper insights during reverse engineering.
                    DAT_1400111f8                             XREF[1]:   140011be8(*)1400111f8 02                                           ??                                                   02h1400111f9 00                                           ??                                                   00h1400111fa 00                                           ??                                                   00h1400111fb 00                                           ??                                                   00h1400111fc 00                                           ??                                                   00h1400111fd 1e                                           ??                                                   1Eh1400111fe 01                                           ??                                                   01h1400111ff 00                                           ??                                                   00h140011200 02                                           ??                                                   02h140011201 00                                           ??                                                   00h140011202 00                                           ??                                                   00h140011203 00                                           ??                                                   00h140011204 b4                                           ??                                                   B4h140011205 1c                                           ??                                                   1Ch140011206 01                                           ??                                                   01h140011207 00                                           ??                                                   00h140011208 00                                           ??                                                   00h140011209 90                                           ??                                                   90h14001120a 01                                           ??                                                   01h14001120b 00                                           ??                                                   00h14001120c 00                                           ??                                                   00h14001120d 10                                           ??                                                   10h14001120e 01                                           ??                                                   01h14001120f 00                                           ??                                                   00h140011210 08                                           ??                                                   08h140011211 10                                           ??                                                   10h140011212 01                                           ??                                                   01h140011213 00                                           ??                                                   00h140011214 18                                           ??                                                   18h
                    IMAGE_ARM64EC_METADATA_V2_1400111f8       XREF[1]:   140011be8(*)1400111f8 02 00 00 00 00 1e 01 00 02 00 00 00 b4       IMAGE_ARM64EC_METADATA_V2          1c 01 00 00 90 01 00 00 10 01 00 08 10          01 00 18 10 01 00 10 10 01 00 20 10 01      1400111f8 02 00 00 00 00 1e 01 00 02 00 00 00 b4  IMAGE_ARM64EC_METADATA                                                                              V1                1c 01 00 00 90 01 00 00 10 01 00 08 10                01 00 18 10 01 00 10 10 01 00 20 10 01         1400111f8 02 00 00 00                             ddw                2h                                                             Version         1400111fc 00 1e 01 00                             ibo32              IMAGE_ARM64EC_METADATA_CODE_RANGE_ARRAY_140011e00              CodeMap         140011200 02 00 00 00                             ddw                2h                                                             CodeMapCount         140011204 b4 1c 01 00                             ibo32              IMAGE_ARM64EC_CODE_RANGE_ENTRY_POINT_ARRAY_140011cb4           CodeRangesToEntryPoints         140011208 00 90 01 00                             ibo32              IMAGE_ARM64EC_METADATA_REDIRECTION_ARRAY_140019000             RedirectionMetadata         14001120c 00 10 01 00                             ibo32              DAT_140011000                                                  __os_arm64x_dispatch_call_no_redirect         140011210 08 10 01 00                             ibo32              DAT_140011008                                                  __os_arm64x_dispatch_ret         140011214 18 10 01 00                             ibo32              DAT_140011018                                                  __os_arm64x_dispatch_call         140011218 10 10 01 00                             ibo32              PTR_DAT_140011010                                              __os_arm64x_dispatch_icall         14001121c 20 10 01 00                             ibo32              PTR_DAT_140011020                                              __os_arm64x_dispatch_icall_cfg         140011220 00 00 00 00                             ibo32              NaP                                                            AlternateEntryPoint         140011224 00 50 01 00                             ibo32              PTR_DAT_140015000                                              AuxiliaryIAT         140011228 01 00 00 00                             ddw                1h                                                             CodeRangesToEntryPointsCount         14001122c 01 00 00 00                             ddw                1h                                                             RedirectionMetadataCount         140011230 28 10 01 00                             ibo32              DAT_140011028                                                  GetX64InformationFunctionPointer         140011234 30 10 01 00                             ibo32              DAT_140011030                                                  SetX64InformationFunctionPointer         140011238 00 70 01 00                             ibo32              IMAGE_ARM64_RUNTIME_FUNCTION_UNPACKED_ENTRY_140017000          ExtraRFETable         14001123c 38 0d 00 00                             ddw                D38h                                                           ExtraRFETableSize         140011240 38 10 01 00                             ibo32              DAT_140011038                                                  __os_arm64x_dispatch_fptr         140011244 48 3e 01 00                             ibo32              PTR_DAT_140013e48                                              AuxiliaryIATCopy      140011248 00 00 00 00                             ibo32              NaP                                                            AuxDelayloadIAT      14001124c 00 00 00 00                             ibo32              NaP                                                            AuxDelayloadIATCopy      140011250 00 00 00 00                             ddw                0h                                                             ReservedBitField

BinaryNinja

BinaryNinja’s LIEF plugin also provides this support: LoadConfiguration