mappe

package

v0.0.0-...-9e5eb3f Latest Latest Go to latest Published: May 6, 2022 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/EgeBalci/MapPE

Links

Open Source Insights

Documentation ¶

Index ¶

func Scrape(Map []byte) []byte
func SetOptionalHeader(fileName string, newOPHeader interface{}) error
type DataDirectory
type PEMap
- func Open(fileName string) (*PEMap, error)
type UnifiedOptionalHeader

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Scrape ¶

func Scrape(Map []byte) []byte

Scrape function removes the PE header from the mapped image

func SetOptionalHeader ¶

func SetOptionalHeader(fileName string, newOPHeader interface{}) error

SetOptionalHeader sets a new optional header

Types ¶

type DataDirectory ¶

type DataDirectory struct {
	VirtualAddress uint32
	Size           uint32
}

DataDirectory = pe.DataDirectory

type PEMap ¶

type PEMap struct {
	Name string
	PE   *pe.File
	Raw  []byte
}

PEMap holds the PE file for processing

func Open ¶

func Open(fileName string) (*PEMap, error)

Open a new PEMap

func (PEMap) CreateFileMapping ¶

func (file PEMap) CreateFileMapping() ([]byte, error)

CreateFileMapping constructs the memory mapped image of given PE file.

func (PEMap) PerformIntegrityChecks ¶

func (file PEMap) PerformIntegrityChecks(memMap []byte) error

PerformIntegrityChecks validates the integrity of the mapped PE file

func (PEMap) SetSection ¶

func (file PEMap) SetSection(sectionName string, newSectionData []byte) error

SetSection sets the given raw section contents as byte array as the named section Also fixes the section header accordingly

func (PEMap) UnifyOptionalHeader ¶

func (file PEMap) UnifyOptionalHeader() UnifiedOptionalHeader

UnifyOptionalHeader stores a given 32 bit OptionalHeader struct inside a 64 bit OptionalHeader

type UnifiedOptionalHeader ¶

type UnifiedOptionalHeader struct {
	Magic                       uint16
	MajorLinkerVersion          uint8
	MinorLinkerVersion          uint8
	SizeOfCode                  uint32
	SizeOfInitializedData       uint32
	SizeOfUninitializedData     uint32
	AddressOfEntryPoint         uint32
	BaseOfCode                  uint32
	ImageBase                   uint64 // uint32
	SectionAlignment            uint32
	FileAlignment               uint32
	MajorOperatingSystemVersion uint16
	MinorOperatingSystemVersion uint16
	MajorImageVersion           uint16
	MinorImageVersion           uint16
	MajorSubsystemVersion       uint16
	MinorSubsystemVersion       uint16
	Win32VersionValue           uint32
	SizeOfImage                 uint32
	SizeOfHeaders               uint32
	CheckSum                    uint32
	Subsystem                   uint16
	DllCharacteristics          uint16
	SizeOfStackReserve          uint64 // uint32
	SizeOfStackCommit           uint64 // uint32
	SizeOfHeapReserve           uint64 // uint32
	SizeOfHeapCommit            uint64 // uint32
	LoaderFlags                 uint32
	NumberOfRvaAndSizes         uint32
	DataDirectory               [16]DataDirectory
}

UnifiedOptionalHeader = pe.OptionalHeader64

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL