pelican

package module

v0.0.0-...-ac04c09 Latest Latest Go to latest Published: Jun 4, 2020 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/SilentTTxo/pelican

Links

Open Source Insights

README ¶

pelican

Probe PE files.

License

pelican is released under the MIT License. See the LICENSE file for details.

Documentation ¶

Index ¶

Constants
Variables
func DecodeUTF16(bs []byte) string
type Arch
type AssemblyIdentity
type AssemblyInfo
type PeInfo
- func Probe(file eos.File, params ProbeParams) (*PeInfo, error)
- func (pi *PeInfo) RequiresElevation() bool
type ProbeParams
type ReadSeekerAt
type ResourceType
type VsBlock
- func (vb *VsBlock) KeyString() string
type VsFixedFileInfo

Constants ¶

View Source

const (
	Arch386   = "386"
	ArchAmd64 = "amd64"
)

View Source

const ResourceTableIdx = 2

https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#resource-directory-table Resource Table

Variables ¶

View Source

var ResourceTypeNames = map[ResourceType]string{
	ResourceTypeCursor:       "Cursor",
	ResourceTypeBitmap:       "Bitmap",
	ResourceTypeIcon:         "Icon",
	ResourceTypeMenu:         "Menu",
	ResourceTypeDialog:       "Dialog",
	ResourceTypeString:       "String",
	ResourceTypeFontDir:      "FontDir",
	ResourceTypeFont:         "Font",
	ResourceTypeAccelerator:  "Accelerator",
	ResourceTypeRcData:       "RcData",
	ResourceTypeMessageTable: "MessageTable",
	ResourceTypeGroupCursor:  "GroupCursor",
	ResourceTypeGroupIcon:    "GroupIcon",
	ResourceTypeVersion:      "Version",
	ResourceTypeDlgInclude:   "DlgInclude",
	ResourceTypePlugPlay:     "PlugPlay",
	ResourceTypeVXD:          "VXD",
	ResourceTypeAniCursor:    "AniCursor",
	ResourceTypeAniIcon:      "AniIcon",
	ResourceTypeHTML:         "HTML",
	ResourceTypeManifest:     "Manifest",
}

Functions ¶

func DecodeUTF16 ¶

func DecodeUTF16(bs []byte) string

Convert a UTF-16 string (as a byte slice) to unicode

Types ¶

type Arch ¶

type Arch string

type AssemblyIdentity ¶

type AssemblyIdentity struct {
	Name    string `json:"name"`
	Version string `json:"version"`
	Type    string `json:"type"`

	ProcessorArchitecture string `json:"processorArchitecture,omitempty"`
	Language              string `json:"language,omitempty"`
	PublicKeyToken        string `json:"publicKeyToken,omitempty"`
}

type AssemblyInfo ¶

type AssemblyInfo struct {
	Identity    *AssemblyIdentity `json:"identity"`
	Description string            `json:"description"`

	RequestedExecutionLevel string `json:"requestedExecutionLevel,omitempty"`
}

type PeInfo ¶

type PeInfo struct {
	Arch                Arch                `json:"arch"`
	VersionProperties   map[string]string   `json:"versionProperties"`
	AssemblyInfo        *AssemblyInfo       `json:"assemblyInfo"`
	DependentAssemblies []*AssemblyIdentity `json:"dependentAssemblies"`
	Imports             []string            `json:"imports"`
}

PeInfo contains the architecture of a binary file

For command `PeInfo`

func Probe ¶

func Probe(file eos.File, params ProbeParams) (*PeInfo, error)

Probe retrieves information about an PE file

func (*PeInfo) RequiresElevation ¶

func (pi *PeInfo) RequiresElevation() bool

type ProbeParams ¶

type ProbeParams struct {
	Consumer *state.Consumer
	// Return errors instead of printing warnings when
	// we can't parse some parts of the file
	Strict bool
}

type ReadSeekerAt ¶

type ReadSeekerAt interface {
	io.ReadSeeker
	io.ReaderAt
}

type ResourceType ¶

type ResourceType uint32

const (
	ResourceTypeNone ResourceType = 0

	ResourceTypeCursor       ResourceType = 1
	ResourceTypeBitmap       ResourceType = 2
	ResourceTypeIcon         ResourceType = 3
	ResourceTypeMenu         ResourceType = 4
	ResourceTypeDialog       ResourceType = 5
	ResourceTypeString       ResourceType = 6
	ResourceTypeFontDir      ResourceType = 7
	ResourceTypeFont         ResourceType = 8
	ResourceTypeAccelerator  ResourceType = 9
	ResourceTypeRcData       ResourceType = 10
	ResourceTypeMessageTable ResourceType = 11

	ResourceTypeGroupCursor ResourceType = ResourceTypeCursor + 11 // 12
	ResourceTypeGroupIcon   ResourceType = ResourceTypeIcon + 11   // 14

	ResourceTypeVersion    ResourceType = 16
	ResourceTypeDlgInclude ResourceType = 17
	ResourceTypePlugPlay   ResourceType = 19
	ResourceTypeVXD        ResourceType = 20 // vxd = virtual device
	ResourceTypeAniCursor  ResourceType = 21
	ResourceTypeAniIcon    ResourceType = 22
	ResourceTypeHTML       ResourceType = 23
	ResourceTypeManifest   ResourceType = 24
)

https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms648009(v=vs.85).aspx

type VsBlock ¶

type VsBlock struct {
	Length      uint16
	ValueLength uint16
	Type        uint16
	Key         []byte
	EndOffset   int64

	ReadSeekerAt
}

func (*VsBlock) KeyString ¶

func (vb *VsBlock) KeyString() string

type VsFixedFileInfo ¶

type VsFixedFileInfo struct {
	DwSignature        uint32
	DwStrucVersion     uint32
	DwFileVersionMS    uint32
	DwFileVersionLS    uint32
	DwProductVersionMS uint32
	DwProductVersionLS uint32
	DwFileFlagsMask    uint32
	DwFileFlags        uint32
	DwFileOS           uint32
	DwFileType         uint32
	DwFileSubtype      uint32
	DwFileDateMS       uint32
	DwFileDateLS       uint32
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pe Package pe implements access to PE (Microsoft Windows Portable Executable) files.	Package pe implements access to PE (Microsoft Windows Portable Executable) files.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL