pefile

package

v0.0.0-...-49e33ef Latest Latest Go to latest Published: Jun 15, 2020 License: GPL-2.0 Imports: 11 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/carbonblack/binee

Links

Open Source Insights

Documentation ¶

Index ¶

func Sha256Sum(b []byte) (hexsum string)
type ApisetHeader6
type ApisetHeader63
type ApisetNameEntry
type ApisetNameEntry2
type ApisetValueEntry
type CoffHeader
type DataDirectory
type DosHeader
type Export
type ExportAddressTable
type ExportDirectory
type ImportDirectory
type ImportInfo
type OptionalHeader32
type OptionalHeader32P
type PeFile
- func LoadPeBytes(data []byte, name string) (*PeFile, error)
- func LoadPeFile(path string) (*PeFile, error)
- func (pe *PeFile) ApiSetLookup(name string) string
- func (pe *PeFile) EntryPoint() uint32
- func (pe *PeFile) ImageBase() uint64
- func (pe *PeFile) ImportedDlls() []string
- func (pe *PeFile) SetImageBase(imageBase uint64) error
- func (pe *PeFile) SetImportAddress(importInfo *ImportInfo, realAddr uint64) error
- func (pe *PeFile) String() string
type PeType
type RelocationBlock
type Section
type SectionHeader
type ValuesArray2
type ValuesEntry2

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Sha256Sum ¶

func Sha256Sum(b []byte) (hexsum string)

Sha256Sum will calcuate the sha256 of the supplied byte slice

Types ¶

type ApisetHeader6 ¶

type ApisetHeader6 struct {
	Version int32
	Count   int32
}

type ApisetHeader63 ¶

type ApisetHeader63 struct {
	Version         uint32
	Size            uint32
	Sealed          uint32
	NumberOfApisets uint32
	NamesOffset     uint32
	TableOffset     uint32
	Multiplier      uint32
}

type ApisetNameEntry ¶

type ApisetNameEntry struct {
	Sealed        uint32
	Offset        uint32
	Ignored       uint32
	Size          uint32
	HostOffset    uint32
	NumberOfHosts uint32
}

type ApisetNameEntry2 ¶

type ApisetNameEntry2 struct {
	NameOffset int32
	NameLength int32
	DataOffset int32
}

type ApisetValueEntry ¶

type ApisetValueEntry struct {
	Ignored     uint32
	NameOffset  uint32
	NameLength  uint32
	ValueOffset uint32
	ValueLength uint32
}

type CoffHeader ¶

type CoffHeader struct {
	Machine              uint16
	NumberOfSections     uint16
	TimeDataStamp        uint32
	PointerSymbolTable   uint32
	NumberOfSymbols      uint32
	SizeOfOptionalHeader uint16
	Characteristics      uint16
}

type DataDirectory ¶

type DataDirectory struct {
	VirtualAddress uint32
	Size           uint32
}

type DosHeader ¶

type DosHeader struct {
	Magic                      uint16
	BytesOnLastPage            uint16
	PagesInFile                uint16
	Relocations                uint16
	SizeOfHeader               uint16
	MinExtra                   uint16
	MaxExtra                   uint16
	InitialSS                  uint16
	InitialSP                  uint16
	Checksum                   uint16
	InitialIP                  uint16
	InitialCS                  uint16
	FileAddressRelocationTable uint16
	Overlay                    uint16
	Reserved                   [4]uint16
	OemId                      uint16
	OemInfo                    uint16
	Reserved2                  [10]uint16
	AddressExeHeader           uint32
}

type Export ¶

type Export struct {
	Name    string
	Ordinal uint16
	Rva     uint32
}

type ExportAddressTable ¶

type ExportAddressTable struct {
	ExportRva  uint32
	ForwardRva uint32
}

type ExportDirectory ¶

type ExportDirectory struct {
	ExportFlags          uint32
	TimeDateStamp        uint32
	MajorVersion         uint16
	MinorVersion         uint16
	NameRva              uint32
	OrdinalBase          uint32
	NumberOfFunctions    uint32
	NumberOfNamePointers uint32
	FunctionsRva         uint32
	NamesRva             uint32
	OrdinalsRva          uint32
}

type ImportDirectory ¶

type ImportDirectory struct {
	ImportLookupTableRva  uint32
	TimeDataStamp         uint32
	ForwarderChain        uint32
	NameRva               uint32
	ImportAddressTableRva uint32
}

type ImportInfo ¶

type ImportInfo struct {
	DllName  string
	FuncName string
	Offset   uint32
	Ordinal  uint16
}

type OptionalHeader32 ¶

type OptionalHeader32 struct {
	Magic                   uint16
	MajorLinkerVersion      uint8
	MinorLinkerVersion      uint8
	SizeOfCode              uint32
	SizeOfInitializedData   uint32
	SizeOfUninitializedData uint32
	AddressOfEntryPoint     uint32
	BaseOfCode              uint32
	BaseOfData              uint32
	ImageBase               uint32
	SectionAlignment        uint32
	FileAlignment           uint32
	MajorOSVersion          uint16
	MinorOSVersion          uint16
	MajorImageVersion       uint16
	MinorImageVersion       uint16
	MajorSubsystemVersion   uint16
	MinorSubsystemVersion   uint16
	Win32Version            uint32
	SizeOfImage             uint32
	SizeOfHeaders           uint32
	Checksum                uint32
	Sybsystem               uint16
	DllCharacteristics      uint16
	SizeOfStackReserve      uint32
	SizeOfStackCommit       uint32
	SizeOfHeapReserve       uint32
	SizeOfHeapCommit        uint32
	LoaderFlags             uint32
	NumberOfRvaAndSizes     uint32
	DataDirectories         [16]DataDirectory
}

type OptionalHeader32P ¶

type OptionalHeader32P struct {
	Magic                   uint16
	MajorLinkerVersion      uint8
	MinorLinkerVersion      uint8
	SizeOfCode              uint32
	SizeOfInitializedData   uint32
	SizeOfUninitializedData uint32
	AddressOfEntryPoint     uint32
	BaseOfCode              uint32
	ImageBase               uint64
	SectionAlignment        uint32
	FileAlignment           uint32
	MajorOSVersion          uint16
	MinorOSVersion          uint16
	MajorImageVersion       uint16
	MinorImageVersion       uint16
	MajorSubsystemVersion   uint16
	MinorSubsystemVersion   uint16
	Win32Version            uint32
	SizeOfImage             uint32
	SizeOfHeaders           uint32
	Checksum                uint32
	Sybsystem               uint16
	DllCharacteristics      uint16
	SizeOfStackReserve      uint64
	SizeOfStackCommit       uint64
	SizeOfHeapReserve       uint64
	SizeOfHeapCommit        uint64
	LoaderFlags             uint32
	NumberOfRvaAndSizes     uint32
	DataDirectories         [16]DataDirectory
}

type PeFile ¶

type PeFile struct {
	Path           string
	Name           string //import name, apiset or on disk
	RealName       string //on disk short name
	Sha256         string
	DosHeader      *DosHeader
	CoffHeader     *CoffHeader
	OptionalHeader interface{}
	PeType         PeType
	Sections       []*Section

	HeadersAsSection *Section
	Imports          []*ImportInfo
	Exports          []*Export
	ExportNameMap    map[string]*Export
	ExportOrdinalMap map[int]*Export
	Apisets          map[string][]string
	Size             int64
	RawHeaders       []byte

	ImageSize int64
	// contains filtered or unexported fields
}

func LoadPeBytes ¶

func LoadPeBytes(data []byte, name string) (*PeFile, error)

LoadPeBytes will take a PE file in the form of an in memory byte array and parse it

func LoadPeFile ¶

func LoadPeFile(path string) (*PeFile, error)

LoadPeFile will parse a file from disk, given a path. The output will be a PeFile object or an error

func (*PeFile) ApiSetLookup ¶

func (pe *PeFile) ApiSetLookup(name string) string

func (*PeFile) EntryPoint ¶

func (pe *PeFile) EntryPoint() uint32

EntryPoint returns the entry point of the PE file

func (*PeFile) ImageBase ¶

func (pe *PeFile) ImageBase() uint64

ImageBase returns the base address of the PE file

func (*PeFile) ImportedDlls ¶

func (pe *PeFile) ImportedDlls() []string

func (*PeFile) SetImageBase ¶

func (pe *PeFile) SetImageBase(imageBase uint64) error

SetImageBase updates the image base of a PeFile and also updates all rolcations of the file

func (*PeFile) SetImportAddress ¶

func (pe *PeFile) SetImportAddress(importInfo *ImportInfo, realAddr uint64) error

func (*PeFile) String ¶

func (pe *PeFile) String() string

type PeType ¶

type PeType int

const (
	Pe32 PeType = iota
	Pe32p
)

type RelocationBlock ¶

type RelocationBlock struct {
	PageRva uint32
	Size    uint32
}

type Section ¶

type Section struct {
	Name                 string
	VirtualSize          uint32
	VirtualAddress       uint32
	Size                 uint32
	Offset               uint32
	PointerToRelocations uint32
	PointerToLineNumbers uint32
	NumberOfRelocations  uint16
	NumberOfLineNumbers  uint16
	Characteristics      uint32
	Raw                  []byte
	Entropy              float64
}

type SectionHeader ¶

type SectionHeader struct {
	Name                 [8]byte
	VirtualSize          uint32
	VirtualAddress       uint32
	Size                 uint32
	Offset               uint32
	PointerToRelocations uint32
	PointerToLineNumbers uint32
	NumberOfRelocations  uint16
	NumberOfLineNumbers  uint16
	Characteristics      uint32
}

type ValuesArray2 ¶

type ValuesArray2 struct {
	Count uint32
}

type ValuesEntry2 ¶

type ValuesEntry2 struct {
	NameOffset  int32
	NameLength  int32
	ValueOffset int32
	ValueLength int32
}

Source Files ¶

View all Source files

pefile.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL