Type of module descriptor. This is a very sensitive structure, do not modify directly!
typedef struct t_module { // Executable module descriptor
ulong base; // Base address of module
ulong size; // Size occupied by module
ulong type; // Service information, TY_xxx
ulong codebase; // Base address of module code block
ulong codesize; // Size of module code block
ulong resbase; // Base address of resources
ulong ressize; // Size of resources
t_stringtable *stringtable; // Pointers to string resources or NULL
int nstringtable; // Actual number of used stringtable
int maxstringtable; // Actual number of allocated stringtable
ulong entry; // Address of <ModuleEntryPoint> or NULL
ulong database; // Base address of module data block
ulong idatatable; // Base address of import data table
ulong idatabase; // Base address of import data block
ulong edatatable; // Base address of export data table
ulong edatasize; // Size of export data table
ulong reloctable; // Base address of relocation table
ulong relocsize; // Size of relocation table
char name[SHORTLEN]; // Short name of the module
char path[MAXPATH]; // Full name of the module
int nsect; // Number of sections in the module
IMAGE_SECTION_HEADER *sect; // Copy of section headers from file
ulong headersize; // Total size of headers in executable
ulong fixupbase; // Base of image in executable file
int nfixup; // Number of fixups in executable
t_fixup *fixup; // Extracted fixups or NULL
char *codedec; // Decoded code features or NULL
ulong codecrc; // Code CRC for actual decoding
char *hittrace; // Hit tracing data or NULL
char *hittracecopy; // Copy of INT3-substituted code
char *datadec; // Decoded data features or NULL
t_table namelist; // List of module names
t_symvar *symvar; // Descriptions of symbolic variables
int nsymvar; // Actual number of elements in symvar
int maxsymvar; // Maximal number of elements in symvar
char *globaltypes; // Global types from debug info
ulong mainentry; // Address of WinMain() etc. in dbg data
ulong realsfxentry; // Entry of packed code or NULL
int updatenamelist; // Request to update namelist
ulong origcodesize; // Original size of module code block
ulong sfxbase; // Base of memory block with SFX
ulong sfxsize; // Size of memory block with SFX
int issystemdll; // Whether system DLL
int processed; // 0: not processed, 1: good, -1: bad
int dbghelpsym; // 1: symbols loaded by dbghelp.dll
char version[NVERS]; // Version of executable file
t_jdest *jddata; // Recognized jumps within the module
int njddata; // Number of recognized jumps
ulong reserved[15]; // Reserved for plugin compatibility
} t_module;
Members (members that intended stricly for internal use are not explained):
base - base address of module in the memory space of debugged process;
size - total size occupied by module, not necessarily contiguous memory;
type - service information, combination of bits TY_xxx;
codebase - base address of executable code, as stays in COFF header. In some cases, OllyDbg may correct definitely invalid code base;
codesize - size of executable code, as stays in COFF header. In some cases, OllyDbg may correct definitely invalid code size;
resbase - base address of resources;
ressize - size of resources;
entry - address of module's entry point, as stays in COFF header;
database - base address of module's data block. OllyDbg uses heuristics to locate data;
idatatable - base address of import data table, as stays in COFF header;
idatabase - base address of import data block, as stays in COFF header;
edatatable - base address of export data table, as stays in COFF header;
edatasize - size of export data table, as stays in COFF header;
reloctable - base address of relocation table, as stays in COFF header;
relocsize - size of relocation table, as stays in COFF header;
name - short name of the module, not necessarily NULL-terminated;
path - full name of executable file;
nsect - number of sections in the module;
sect - pointer to copy of section headers from the COFF header;
headersize - total size of headers in executable file;
fixupbase - base of image in executable file;
nfixup - number of fixups in executable file;
fixup - pointer to list of extracted fixups or NULL;
mainentry - address of WinMain or DllEntryPoint from debugging data or 0;
realsfxentry - real entry of unpacked SFX code or 0;
updatenamelist - request to update namelist;
issystemdll - 1 if module is system DLL (i.e. DLL residing in Windows' system directory) and 0 otherwise;
dbghelpsym - 1 if debugging information in one of Microsoft formats is available and 0 otherwise;
version - zero-terminated ASCII string containing version of executable file, NVERS-1 bytes long;
reserved - reserved for future use exclusively by OllyDbg.
See also: Findmodule, Findfileoffset