pe

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2019 License: Apache-2.0 Imports: 10 Imported by: 2

README

go-pe - A Golang parser for PE files.

This parser is designed to extract high level information about PE files on disk. The information currently provided:

  • RSDS GUID and PDB files.
  • VersionInformation strings.

Documentation

Index

Constants

View Source 
const (
	IMAGE_DIRECTORY_ENTRY_DEBUG    = 6
	IMAGE_DIRECTORY_ENTRY_RESOURCE = 2
)
View Source 
const (
	IMAGE_DIRECTORY_ENTRY_IMPORT = 1
)

Variables

View Source 
var (
	PE_DEBUG *bool
)

Functions

func DebugPrint 

func DebugPrint(fmt_str string, v ...interface{})

func GetImports 

func GetImports(nt_header *IMAGE_NT_HEADERS, rva_resolver *RVAResolver) []string

func GetVersionInformation 

func GetVersionInformation(
	nt_header *IMAGE_NT_HEADERS,
	rva_resolver *RVAResolver,
	resource_base int64) map[string]string

func ParseArray_byte 

func ParseArray_byte(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []byte

func ParseString 

func ParseString(reader io.ReaderAt, offset int64, length int64) string

func ParseTerminatedString 

func ParseTerminatedString(reader io.ReaderAt, offset int64) string

func ParseTerminatedUTF16String 

func ParseTerminatedUTF16String(reader io.ReaderAt, offset int64) string

func ParseUTF16String 

func ParseUTF16String(reader io.ReaderAt, offset int64, length int64) string

func ParseUint16 

func ParseUint16(reader io.ReaderAt, offset int64) uint16

func ParseUint32 

func ParseUint32(reader io.ReaderAt, offset int64) uint32

func ParseUint64 

func ParseUint64(reader io.ReaderAt, offset int64) uint64

func ParseUint8 

func ParseUint8(reader io.ReaderAt, offset int64) byte

func RoundUpToWordAlignment 

func RoundUpToWordAlignment(offset int64) int64

func UTF16BytesToUTF8 

func UTF16BytesToUTF8(b []byte, o binary.ByteOrder) string

Types

type CV_RSDS_HEADER 

type CV_RSDS_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewCV_RSDS_HEADER 

func NewCV_RSDS_HEADER(reader io.ReaderAt) *CV_RSDS_HEADER

func (*CV_RSDS_HEADER) Age 

func (self *CV_RSDS_HEADER) Age() uint32

func (*CV_RSDS_HEADER) Filename 

func (self *CV_RSDS_HEADER) Filename() string

func (*CV_RSDS_HEADER) GUID 

func (self *CV_RSDS_HEADER) GUID() *GUID

func (*CV_RSDS_HEADER) GUIDAge 

func (self *CV_RSDS_HEADER) GUIDAge() string

func (*CV_RSDS_HEADER) Signature 

func (self *CV_RSDS_HEADER) Signature() string

func (*CV_RSDS_HEADER) Size 

func (self *CV_RSDS_HEADER) Size() int

type Enumeration 

type Enumeration struct {
	Value uint64
	Name  string
}

func (Enumeration) DebugString 

func (self Enumeration) DebugString() string

type GUID 

type GUID struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewGUID 

func NewGUID(reader io.ReaderAt) *GUID

func (*GUID) Data1 

func (self *GUID) Data1() uint32

func (*GUID) Data2 

func (self *GUID) Data2() uint16

func (*GUID) Data3 

func (self *GUID) Data3() uint16

func (*GUID) Data4 

func (self *GUID) Data4() []byte

func (*GUID) Size 

func (self *GUID) Size() int

type IMAGE_DATA_DIRECTORY 

type IMAGE_DATA_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_DATA_DIRECTORY 

func NewIMAGE_DATA_DIRECTORY(reader io.ReaderAt) *IMAGE_DATA_DIRECTORY

func ParseArray_IMAGE_DATA_DIRECTORY 

func ParseArray_IMAGE_DATA_DIRECTORY(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []*IMAGE_DATA_DIRECTORY

func (*IMAGE_DATA_DIRECTORY) DirSize 

func (self *IMAGE_DATA_DIRECTORY) DirSize() uint32

func (*IMAGE_DATA_DIRECTORY) Size 

func (self *IMAGE_DATA_DIRECTORY) Size() int

func (*IMAGE_DATA_DIRECTORY) VirtualAddress 

func (self *IMAGE_DATA_DIRECTORY) VirtualAddress() uint32

type IMAGE_DEBUG_DIRECTORY 

type IMAGE_DEBUG_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_DEBUG_DIRECTORY 

func NewIMAGE_DEBUG_DIRECTORY(reader io.ReaderAt) *IMAGE_DEBUG_DIRECTORY

func (*IMAGE_DEBUG_DIRECTORY) AddressOfRawData 

func (self *IMAGE_DEBUG_DIRECTORY) AddressOfRawData() uint32

func (*IMAGE_DEBUG_DIRECTORY) Size 

func (self *IMAGE_DEBUG_DIRECTORY) Size() int

func (*IMAGE_DEBUG_DIRECTORY) TimeDateStamp 

func (self *IMAGE_DEBUG_DIRECTORY) TimeDateStamp() *UnixTimeStamp

func (*IMAGE_DEBUG_DIRECTORY) Type 

func (self *IMAGE_DEBUG_DIRECTORY) Type() *Enumeration

type IMAGE_DOS_HEADER 

type IMAGE_DOS_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_DOS_HEADER 

func NewIMAGE_DOS_HEADER(reader io.ReaderAt) *IMAGE_DOS_HEADER

func (*IMAGE_DOS_HEADER) E_lfanew 

func (self *IMAGE_DOS_HEADER) E_lfanew() uint32

func (*IMAGE_DOS_HEADER) E_magic 

func (self *IMAGE_DOS_HEADER) E_magic() uint16

func (*IMAGE_DOS_HEADER) NTHeader 

func (self *IMAGE_DOS_HEADER) NTHeader() *IMAGE_NT_HEADERS

func (*IMAGE_DOS_HEADER) Size 

func (self *IMAGE_DOS_HEADER) Size() int

type IMAGE_FILE_HEADER 

type IMAGE_FILE_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_FILE_HEADER 

func NewIMAGE_FILE_HEADER(reader io.ReaderAt) *IMAGE_FILE_HEADER

func (*IMAGE_FILE_HEADER) Machine 

func (self *IMAGE_FILE_HEADER) Machine() *Enumeration

func (*IMAGE_FILE_HEADER) NumberOfSections 

func (self *IMAGE_FILE_HEADER) NumberOfSections() uint16

func (*IMAGE_FILE_HEADER) Size 

func (self *IMAGE_FILE_HEADER) Size() int

func (*IMAGE_FILE_HEADER) SizeOfOptionalHeader 

func (self *IMAGE_FILE_HEADER) SizeOfOptionalHeader() uint16

func (*IMAGE_FILE_HEADER) TimeDateStamp 

func (self *IMAGE_FILE_HEADER) TimeDateStamp() *UnixTimeStamp

type IMAGE_IMPORT_BY_NAME 

type IMAGE_IMPORT_BY_NAME struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_IMPORT_BY_NAME 

func NewIMAGE_IMPORT_BY_NAME(reader io.ReaderAt) *IMAGE_IMPORT_BY_NAME

func (*IMAGE_IMPORT_BY_NAME) Name 

func (self *IMAGE_IMPORT_BY_NAME) Name() string

func (*IMAGE_IMPORT_BY_NAME) Size 

func (self *IMAGE_IMPORT_BY_NAME) Size() int

type IMAGE_IMPORT_DESCRIPTOR 

type IMAGE_IMPORT_DESCRIPTOR struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_IMPORT_DESCRIPTOR 

func NewIMAGE_IMPORT_DESCRIPTOR(reader io.ReaderAt) *IMAGE_IMPORT_DESCRIPTOR

func (*IMAGE_IMPORT_DESCRIPTOR) Characteristics 

func (self *IMAGE_IMPORT_DESCRIPTOR) Characteristics() uint32

func (*IMAGE_IMPORT_DESCRIPTOR) DLLName 

func (self *IMAGE_IMPORT_DESCRIPTOR) DLLName(rva_resolver *RVAResolver) string

func (*IMAGE_IMPORT_DESCRIPTOR) Functions32 

func (self *IMAGE_IMPORT_DESCRIPTOR) Functions32(rva_resolver *RVAResolver) []string

func (*IMAGE_IMPORT_DESCRIPTOR) Functions64 

func (self *IMAGE_IMPORT_DESCRIPTOR) Functions64(rva_resolver *RVAResolver) []string

func (*IMAGE_IMPORT_DESCRIPTOR) Name 

func (self *IMAGE_IMPORT_DESCRIPTOR) Name() uint32

func (*IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk 

func (self *IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk() uint32

func (*IMAGE_IMPORT_DESCRIPTOR) Size 

func (self *IMAGE_IMPORT_DESCRIPTOR) Size() int

type IMAGE_NT_HEADERS 

type IMAGE_NT_HEADERS struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_NT_HEADERS 

func NewIMAGE_NT_HEADERS(reader io.ReaderAt) *IMAGE_NT_HEADERS

func (*IMAGE_NT_HEADERS) DataDirectory 

func (self *IMAGE_NT_HEADERS) DataDirectory(index int64) *IMAGE_DATA_DIRECTORY

func (*IMAGE_NT_HEADERS) DebugDirectory 

func (self *IMAGE_NT_HEADERS) DebugDirectory(
	rva_resolver *RVAResolver) *IMAGE_DEBUG_DIRECTORY

func (*IMAGE_NT_HEADERS) FileHeader 

func (self *IMAGE_NT_HEADERS) FileHeader() *IMAGE_FILE_HEADER

func (*IMAGE_NT_HEADERS) ImportDirectory 

func (self *IMAGE_NT_HEADERS) ImportDirectory(
	rva_resolver *RVAResolver) []*IMAGE_IMPORT_DESCRIPTOR

func (*IMAGE_NT_HEADERS) OptionalHeader 

func (self *IMAGE_NT_HEADERS) OptionalHeader() *IMAGE_OPTIONAL_HEADER

func (*IMAGE_NT_HEADERS) RSDS 

func (self *IMAGE_NT_HEADERS) RSDS(
	rva_resolver *RVAResolver) *CV_RSDS_HEADER

func (*IMAGE_NT_HEADERS) RealOptionalHeader 

func (self *IMAGE_NT_HEADERS) RealOptionalHeader() (
	*IMAGE_OPTIONAL_HEADER, *IMAGE_OPTIONAL_HEADER64)

func (*IMAGE_NT_HEADERS) ResourceDirectory 

func (self *IMAGE_NT_HEADERS) ResourceDirectory(
	rva_resolver *RVAResolver) *IMAGE_RESOURCE_DIRECTORY

func (*IMAGE_NT_HEADERS) SectionByName 

func (self *IMAGE_NT_HEADERS) SectionByName(name string) *IMAGE_SECTION_HEADER

func (*IMAGE_NT_HEADERS) Sections 

func (self *IMAGE_NT_HEADERS) Sections() []*IMAGE_SECTION_HEADER

func (*IMAGE_NT_HEADERS) Signature 

func (self *IMAGE_NT_HEADERS) Signature() uint32

func (*IMAGE_NT_HEADERS) Size 

func (self *IMAGE_NT_HEADERS) Size() int

type IMAGE_OPTIONAL_HEADER 

type IMAGE_OPTIONAL_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_OPTIONAL_HEADER 

func NewIMAGE_OPTIONAL_HEADER(reader io.ReaderAt) *IMAGE_OPTIONAL_HEADER

func (*IMAGE_OPTIONAL_HEADER) DataDirectory 

func (self *IMAGE_OPTIONAL_HEADER) DataDirectory() []*IMAGE_DATA_DIRECTORY

func (*IMAGE_OPTIONAL_HEADER) ImageBase 

func (self *IMAGE_OPTIONAL_HEADER) ImageBase() uint32

func (*IMAGE_OPTIONAL_HEADER) Magic 

func (self *IMAGE_OPTIONAL_HEADER) Magic() uint16

func (*IMAGE_OPTIONAL_HEADER) Size 

func (self *IMAGE_OPTIONAL_HEADER) Size() int

type IMAGE_OPTIONAL_HEADER64 

type IMAGE_OPTIONAL_HEADER64 struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_OPTIONAL_HEADER64 

func NewIMAGE_OPTIONAL_HEADER64(reader io.ReaderAt) *IMAGE_OPTIONAL_HEADER64

func (*IMAGE_OPTIONAL_HEADER64) DataDirectory 

func (self *IMAGE_OPTIONAL_HEADER64) DataDirectory() []*IMAGE_DATA_DIRECTORY

func (*IMAGE_OPTIONAL_HEADER64) ImageBase 

func (self *IMAGE_OPTIONAL_HEADER64) ImageBase() uint64

func (*IMAGE_OPTIONAL_HEADER64) Magic 

func (self *IMAGE_OPTIONAL_HEADER64) Magic() uint16

func (*IMAGE_OPTIONAL_HEADER64) Size 

func (self *IMAGE_OPTIONAL_HEADER64) Size() int

type IMAGE_RESOURCE_DATA_ENTRY 

type IMAGE_RESOURCE_DATA_ENTRY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_RESOURCE_DATA_ENTRY 

func NewIMAGE_RESOURCE_DATA_ENTRY(reader io.ReaderAt) *IMAGE_RESOURCE_DATA_ENTRY

func (*IMAGE_RESOURCE_DATA_ENTRY) CodePage 

func (self *IMAGE_RESOURCE_DATA_ENTRY) CodePage() uint32

func (*IMAGE_RESOURCE_DATA_ENTRY) DataSize 

func (self *IMAGE_RESOURCE_DATA_ENTRY) DataSize() uint32

func (*IMAGE_RESOURCE_DATA_ENTRY) OffsetToData 

func (self *IMAGE_RESOURCE_DATA_ENTRY) OffsetToData() uint32

func (*IMAGE_RESOURCE_DATA_ENTRY) Size 

func (self *IMAGE_RESOURCE_DATA_ENTRY) Size() int

type IMAGE_RESOURCE_DIRECTORY 

type IMAGE_RESOURCE_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_RESOURCE_DIRECTORY 

func NewIMAGE_RESOURCE_DIRECTORY(reader io.ReaderAt) *IMAGE_RESOURCE_DIRECTORY

func (*IMAGE_RESOURCE_DIRECTORY) Entries 

func (self *IMAGE_RESOURCE_DIRECTORY) Entries() []*IMAGE_RESOURCE_DIRECTORY_ENTRY

func (*IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries 

func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries() uint16

func (*IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries 

func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries() uint16

func (*IMAGE_RESOURCE_DIRECTORY) Size 

func (self *IMAGE_RESOURCE_DIRECTORY) Size() int

type IMAGE_RESOURCE_DIRECTORY_ENTRY 

type IMAGE_RESOURCE_DIRECTORY_ENTRY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_RESOURCE_DIRECTORY_ENTRY 

func NewIMAGE_RESOURCE_DIRECTORY_ENTRY(reader io.ReaderAt) *IMAGE_RESOURCE_DIRECTORY_ENTRY

func ParseArray_IMAGE_RESOURCE_DIRECTORY_ENTRY 

func ParseArray_IMAGE_RESOURCE_DIRECTORY_ENTRY(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []*IMAGE_RESOURCE_DIRECTORY_ENTRY

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString(
	resource_base int64) string

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Size 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Size() int

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse(
	resource_base int64) []*IMAGE_RESOURCE_DATA_ENTRY

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Type 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Type() *Enumeration

type IMAGE_SECTION_HEADER 

type IMAGE_SECTION_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_SECTION_HEADER 

func NewIMAGE_SECTION_HEADER(reader io.ReaderAt) *IMAGE_SECTION_HEADER

func (*IMAGE_SECTION_HEADER) Characteristics 

func (self *IMAGE_SECTION_HEADER) Characteristics() uint32

func (*IMAGE_SECTION_HEADER) Data 

func (self *IMAGE_SECTION_HEADER) Data() io.ReaderAt

func (*IMAGE_SECTION_HEADER) Name 

func (self *IMAGE_SECTION_HEADER) Name() string

func (*IMAGE_SECTION_HEADER) Permissions 

func (self *IMAGE_SECTION_HEADER) Permissions() string

func (*IMAGE_SECTION_HEADER) PointerToRawData 

func (self *IMAGE_SECTION_HEADER) PointerToRawData() uint32

func (*IMAGE_SECTION_HEADER) Size 

func (self *IMAGE_SECTION_HEADER) Size() int

func (*IMAGE_SECTION_HEADER) SizeOfRawData 

func (self *IMAGE_SECTION_HEADER) SizeOfRawData() uint32

func (*IMAGE_SECTION_HEADER) VirtualAddress 

func (self *IMAGE_SECTION_HEADER) VirtualAddress() uint32

type IMAGE_THUNK_DATA32 

type IMAGE_THUNK_DATA32 struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_THUNK_DATA32 

func NewIMAGE_THUNK_DATA32(reader io.ReaderAt) *IMAGE_THUNK_DATA32

func (*IMAGE_THUNK_DATA32) AddressOfData 

func (self *IMAGE_THUNK_DATA32) AddressOfData() uint32

func (*IMAGE_THUNK_DATA32) ForwarderString 

func (self *IMAGE_THUNK_DATA32) ForwarderString() uint32

func (*IMAGE_THUNK_DATA32) Function 

func (self *IMAGE_THUNK_DATA32) Function() uint32

func (*IMAGE_THUNK_DATA32) Ordinal 

func (self *IMAGE_THUNK_DATA32) Ordinal() uint32

func (*IMAGE_THUNK_DATA32) Size 

func (self *IMAGE_THUNK_DATA32) Size() int

type IMAGE_THUNK_DATA64 

type IMAGE_THUNK_DATA64 struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewIMAGE_THUNK_DATA64 

func NewIMAGE_THUNK_DATA64(reader io.ReaderAt) *IMAGE_THUNK_DATA64

func (*IMAGE_THUNK_DATA64) AddressOfData 

func (self *IMAGE_THUNK_DATA64) AddressOfData() uint64

func (*IMAGE_THUNK_DATA64) ForwarderString 

func (self *IMAGE_THUNK_DATA64) ForwarderString() uint64

func (*IMAGE_THUNK_DATA64) Function 

func (self *IMAGE_THUNK_DATA64) Function() uint64

func (*IMAGE_THUNK_DATA64) Ordinal 

func (self *IMAGE_THUNK_DATA64) Ordinal() uint64

func (*IMAGE_THUNK_DATA64) Size 

func (self *IMAGE_THUNK_DATA64) Size() int

type OffsetReader 

type OffsetReader struct {
	// contains filtered or unexported fields
}

func (OffsetReader) ReadAt 

func (self OffsetReader) ReadAt(buff []byte, off int64) (int, error)

type PEFile 

type PEFile struct {
	Machine       string     `json:"Machine"`
	TimeDateStamp string     `json:"TimeDateStamp"`
	GUIDAge       string     `json:"GUIDAge"`
	PDB           string     `json:"PDB"`
	Sections      []*Section `json:"Sections"`

	VersionInformation map[string]string `json:"VersionInformation"`

	Imports []string `json:"Imports"`
	// contains filtered or unexported fields
}

func NewPEFile 

func NewPEFile(reader io.ReaderAt) (*PEFile, error)

type PeProfile 

type PeProfile struct {
	Off_CV_RSDS_HEADER_Age                               int64
	Off_CV_RSDS_HEADER_Filename                          int64
	Off_CV_RSDS_HEADER_GUID                              int64
	Off_CV_RSDS_HEADER_Signature                         int64
	Off_PrefixedString_Length                            int64
	Off_PrefixedString__Buffer                           int64
	Off_ResourceString_Key                               int64
	Off_ResourceString_Length                            int64
	Off_ResourceString_Type                              int64
	Off_ResourceString_ValueLength                       int64
	Off_StringFileInfo_Key                               int64
	Off_StringFileInfo_Length                            int64
	Off_StringFileInfo_Type                              int64
	Off_StringFileInfo_ValueLength                       int64
	Off_StringTable_Key                                  int64
	Off_StringTable_Length                               int64
	Off_StringTable_Type                                 int64
	Off_StringTable_ValueLength                          int64
	Off_VS_VERSIONINFO_Length                            int64
	Off_VS_VERSIONINFO_Type                              int64
	Off_VS_VERSIONINFO_ValueLength                       int64
	Off_VS_VERSIONINFO_szKey                             int64
	Off_GUID_Data1                                       int64
	Off_GUID_Data2                                       int64
	Off_GUID_Data3                                       int64
	Off_GUID_Data4                                       int64
	Off_IMAGE_DATA_DIRECTORY_DirSize                     int64
	Off_IMAGE_DATA_DIRECTORY_VirtualAddress              int64
	Off_IMAGE_DEBUG_DIRECTORY_AddressOfRawData           int64
	Off_IMAGE_DEBUG_DIRECTORY_TimeDateStamp              int64
	Off_IMAGE_DEBUG_DIRECTORY_Type                       int64
	Off_IMAGE_DOS_HEADER_E_lfanew                        int64
	Off_IMAGE_DOS_HEADER_E_magic                         int64
	Off_IMAGE_FILE_HEADER_Machine                        int64
	Off_IMAGE_FILE_HEADER_NumberOfSections               int64
	Off_IMAGE_FILE_HEADER_SizeOfOptionalHeader           int64
	Off_IMAGE_FILE_HEADER_TimeDateStamp                  int64
	Off_IMAGE_IMPORT_BY_NAME_Name                        int64
	Off_IMAGE_IMPORT_DESCRIPTOR_Characteristics          int64
	Off_IMAGE_IMPORT_DESCRIPTOR_Name                     int64
	Off_IMAGE_IMPORT_DESCRIPTOR_OriginalFirstThunk       int64
	Off_IMAGE_NT_HEADERS_FileHeader                      int64
	Off_IMAGE_NT_HEADERS_OptionalHeader                  int64
	Off_IMAGE_NT_HEADERS_Signature                       int64
	Off_IMAGE_OPTIONAL_HEADER_DataDirectory              int64
	Off_IMAGE_OPTIONAL_HEADER_ImageBase                  int64
	Off_IMAGE_OPTIONAL_HEADER_Magic                      int64
	Off_IMAGE_OPTIONAL_HEADER64_DataDirectory            int64
	Off_IMAGE_OPTIONAL_HEADER64_ImageBase                int64
	Off_IMAGE_OPTIONAL_HEADER64_Magic                    int64
	Off_IMAGE_RESOURCE_DATA_ENTRY_CodePage               int64
	Off_IMAGE_RESOURCE_DATA_ENTRY_DataSize               int64
	Off_IMAGE_RESOURCE_DATA_ENTRY_OffsetToData           int64
	Off_IMAGE_RESOURCE_DIRECTORY_NumberOfIdEntries       int64
	Off_IMAGE_RESOURCE_DIRECTORY_NumberOfNamedEntries    int64
	Off_IMAGE_RESOURCE_DIRECTORY__Entries                int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_DataIsDirectory   int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_NameIsString      int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_NameOffset        int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_OffsetToData      int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_OffsetToDirectory int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_Type              int64
	Off_IMAGE_SECTION_HEADER_Characteristics             int64
	Off_IMAGE_SECTION_HEADER_Name                        int64
	Off_IMAGE_SECTION_HEADER_PointerToRawData            int64
	Off_IMAGE_SECTION_HEADER_SizeOfRawData               int64
	Off_IMAGE_SECTION_HEADER_VirtualAddress              int64
	Off_IMAGE_THUNK_DATA32_AddressOfData                 int64
	Off_IMAGE_THUNK_DATA32_ForwarderString               int64
	Off_IMAGE_THUNK_DATA32_Function                      int64
	Off_IMAGE_THUNK_DATA32_Ordinal                       int64
	Off_IMAGE_THUNK_DATA64_AddressOfData                 int64
	Off_IMAGE_THUNK_DATA64_ForwarderString               int64
	Off_IMAGE_THUNK_DATA64_Function                      int64
	Off_IMAGE_THUNK_DATA64_Ordinal                       int64
}

func NewPeProfile 

func NewPeProfile() *PeProfile

func (*PeProfile) CV_RSDS_HEADER 

func (self *PeProfile) CV_RSDS_HEADER(reader io.ReaderAt, offset int64) *CV_RSDS_HEADER

func (*PeProfile) GUID 

func (self *PeProfile) GUID(reader io.ReaderAt, offset int64) *GUID

func (*PeProfile) IMAGE_DATA_DIRECTORY 

func (self *PeProfile) IMAGE_DATA_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DATA_DIRECTORY

func (*PeProfile) IMAGE_DEBUG_DIRECTORY 

func (self *PeProfile) IMAGE_DEBUG_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DEBUG_DIRECTORY

func (*PeProfile) IMAGE_DOS_HEADER 

func (self *PeProfile) IMAGE_DOS_HEADER(reader io.ReaderAt, offset int64) *IMAGE_DOS_HEADER

func (*PeProfile) IMAGE_FILE_HEADER 

func (self *PeProfile) IMAGE_FILE_HEADER(reader io.ReaderAt, offset int64) *IMAGE_FILE_HEADER

func (*PeProfile) IMAGE_IMPORT_BY_NAME 

func (self *PeProfile) IMAGE_IMPORT_BY_NAME(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_BY_NAME

func (*PeProfile) IMAGE_IMPORT_DESCRIPTOR 

func (self *PeProfile) IMAGE_IMPORT_DESCRIPTOR(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_DESCRIPTOR

func (*PeProfile) IMAGE_NT_HEADERS 

func (self *PeProfile) IMAGE_NT_HEADERS(reader io.ReaderAt, offset int64) *IMAGE_NT_HEADERS

func (*PeProfile) IMAGE_OPTIONAL_HEADER 

func (self *PeProfile) IMAGE_OPTIONAL_HEADER(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER

func (*PeProfile) IMAGE_OPTIONAL_HEADER64 

func (self *PeProfile) IMAGE_OPTIONAL_HEADER64(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER64

func (*PeProfile) IMAGE_RESOURCE_DATA_ENTRY 

func (self *PeProfile) IMAGE_RESOURCE_DATA_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DATA_ENTRY

func (*PeProfile) IMAGE_RESOURCE_DIRECTORY 

func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY

func (*PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY 

func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY_ENTRY

func (*PeProfile) IMAGE_SECTION_HEADER 

func (self *PeProfile) IMAGE_SECTION_HEADER(reader io.ReaderAt, offset int64) *IMAGE_SECTION_HEADER

func (*PeProfile) IMAGE_THUNK_DATA32 

func (self *PeProfile) IMAGE_THUNK_DATA32(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA32

func (*PeProfile) IMAGE_THUNK_DATA64 

func (self *PeProfile) IMAGE_THUNK_DATA64(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA64

func (*PeProfile) PrefixedString 

func (self *PeProfile) PrefixedString(reader io.ReaderAt, offset int64) *PrefixedString

func (*PeProfile) ResourceString 

func (self *PeProfile) ResourceString(reader io.ReaderAt, offset int64) *ResourceString

func (*PeProfile) StringFileInfo 

func (self *PeProfile) StringFileInfo(reader io.ReaderAt, offset int64) *StringFileInfo

func (*PeProfile) StringTable 

func (self *PeProfile) StringTable(reader io.ReaderAt, offset int64) *StringTable

func (*PeProfile) TagVS_FIXEDFILEINFO 

func (self *PeProfile) TagVS_FIXEDFILEINFO(reader io.ReaderAt, offset int64) *TagVS_FIXEDFILEINFO

func (*PeProfile) UnixTimeStamp 

func (self *PeProfile) UnixTimeStamp(reader io.ReaderAt, offset int64) *UnixTimeStamp

func (*PeProfile) VS_VERSIONINFO 

func (self *PeProfile) VS_VERSIONINFO(reader io.ReaderAt, offset int64) *VS_VERSIONINFO

type PrefixedString 

type PrefixedString struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewPrefixedString 

func NewPrefixedString(reader io.ReaderAt) *PrefixedString

func (*PrefixedString) Length 

func (self *PrefixedString) Length() uint16

func (*PrefixedString) Size 

func (self *PrefixedString) Size() int

func (*PrefixedString) String 

func (self *PrefixedString) String() string

A prefixed string contains a length followed by the UTF16 string.

type RVAResolver 

type RVAResolver struct {
	// For now very simple O(n) search.
	Runs []*Run
}

func NewRVAResolver 

func NewRVAResolver(header *IMAGE_NT_HEADERS) *RVAResolver

func (*RVAResolver) GetFileAddress 

func (self *RVAResolver) GetFileAddress(offset uint32) uint32

type ResourceString 

type ResourceString struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewResourceString 

func NewResourceString(reader io.ReaderAt) *ResourceString

func (*ResourceString) Key 

func (self *ResourceString) Key() string

func (*ResourceString) Length 

func (self *ResourceString) Length() uint16

func (*ResourceString) Size 

func (self *ResourceString) Size() int

func (*ResourceString) Type 

func (self *ResourceString) Type() uint16

func (*ResourceString) Value 

func (self *ResourceString) Value() string

func (*ResourceString) ValueLength 

func (self *ResourceString) ValueLength() uint16

type Run 

type Run struct {
	VirtualAddress  uint32
	VirtualEnd      uint32
	PhysicalAddress uint32
}

An RVA resolver maps a VirtualAddress to a file physical address. When the physical file is mapped into memory, sections in the file are mapped at different memory addresses. Internally the PE file contains pointers to those virtual addresses. This means we need to convert these pointers to mapped memory back into the file so we can read their data. The RVAResolver is responsible for this - it is populated from the header's sections.

type Section 

type Section struct {
	Perm       string `json:"Perm"`
	Name       string `json:"Name"`
	FileOffset int64  `json:"FileOffset"`
	VMA        int64  `json:"VMA"`
	Size       int64  `json:"Size"`
}

type StringFileInfo 

type StringFileInfo struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewStringFileInfo 

func NewStringFileInfo(reader io.ReaderAt) *StringFileInfo

func (*StringFileInfo) Key 

func (self *StringFileInfo) Key() string

func (*StringFileInfo) Length 

func (self *StringFileInfo) Length() uint16

func (*StringFileInfo) Size 

func (self *StringFileInfo) Size() int

func (*StringFileInfo) StringTable 

func (self *StringFileInfo) StringTable() []*StringTable

func (*StringFileInfo) Type 

func (self *StringFileInfo) Type() uint16

func (*StringFileInfo) ValueLength 

func (self *StringFileInfo) ValueLength() uint16

type StringTable 

type StringTable struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewStringTable 

func NewStringTable(reader io.ReaderAt) *StringTable

func (*StringTable) Key 

func (self *StringTable) Key() string

func (*StringTable) Length 

func (self *StringTable) Length() uint16

func (*StringTable) ResourceStrings 

func (self *StringTable) ResourceStrings() []*ResourceString

func (*StringTable) Size 

func (self *StringTable) Size() int

func (*StringTable) Type 

func (self *StringTable) Type() uint16

func (*StringTable) ValueLength 

func (self *StringTable) ValueLength() uint16

type TagVS_FIXEDFILEINFO 

type TagVS_FIXEDFILEINFO struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewTagVS_FIXEDFILEINFO 

func NewTagVS_FIXEDFILEINFO(reader io.ReaderAt) *TagVS_FIXEDFILEINFO

func (*TagVS_FIXEDFILEINFO) Size 

func (self *TagVS_FIXEDFILEINFO) Size() int

type UnixTimeStamp 

type UnixTimeStamp struct {
	time.Time
}

func (*UnixTimeStamp) DebugString 

func (self *UnixTimeStamp) DebugString() string

func (*UnixTimeStamp) String 

func (self *UnixTimeStamp) String() string

type VS_VERSIONINFO 

type VS_VERSIONINFO struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func NewVS_VERSIONINFO 

func NewVS_VERSIONINFO(reader io.ReaderAt) *VS_VERSIONINFO

func (*VS_VERSIONINFO) Children 

func (self *VS_VERSIONINFO) Children() []*StringFileInfo

func (*VS_VERSIONINFO) Length 

func (self *VS_VERSIONINFO) Length() uint16

func (*VS_VERSIONINFO) Size 

func (self *VS_VERSIONINFO) Size() int

func (*VS_VERSIONINFO) Type 

func (self *VS_VERSIONINFO) Type() *Enumeration

func (*VS_VERSIONINFO) Value 

func (self *VS_VERSIONINFO) Value() *TagVS_FIXEDFILEINFO

func (*VS_VERSIONINFO) ValueLength 

func (self *VS_VERSIONINFO) ValueLength() uint16

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.