pefile

package
v0.0.0-...-49e33ef Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2020 License: GPL-2.0 Imports: 11 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Sha256Sum 

func Sha256Sum(b []byte) (hexsum string)

Sha256Sum will calcuate the sha256 of the supplied byte slice

Types

type ApisetHeader6 

type ApisetHeader6 struct {
	Version int32
	Count   int32
}

type ApisetHeader63 

type ApisetHeader63 struct {
	Version         uint32
	Size            uint32
	Sealed          uint32
	NumberOfApisets uint32
	NamesOffset     uint32
	TableOffset     uint32
	Multiplier      uint32
}

type ApisetNameEntry 

type ApisetNameEntry struct {
	Sealed        uint32
	Offset        uint32
	Ignored       uint32
	Size          uint32
	HostOffset    uint32
	NumberOfHosts uint32
}

type ApisetNameEntry2 

type ApisetNameEntry2 struct {
	NameOffset int32
	NameLength int32
	DataOffset int32
}

type ApisetValueEntry 

type ApisetValueEntry struct {
	Ignored     uint32
	NameOffset  uint32
	NameLength  uint32
	ValueOffset uint32
	ValueLength uint32
}

type CoffHeader 

type CoffHeader struct {
	Machine              uint16
	NumberOfSections     uint16
	TimeDataStamp        uint32
	PointerSymbolTable   uint32
	NumberOfSymbols      uint32
	SizeOfOptionalHeader uint16
	Characteristics      uint16
}

type DataDirectory 

type DataDirectory struct {
	VirtualAddress uint32
	Size           uint32
}

type DosHeader 

type DosHeader struct {
	Magic                      uint16
	BytesOnLastPage            uint16
	PagesInFile                uint16
	Relocations                uint16
	SizeOfHeader               uint16
	MinExtra                   uint16
	MaxExtra                   uint16
	InitialSS                  uint16
	InitialSP                  uint16
	Checksum                   uint16
	InitialIP                  uint16
	InitialCS                  uint16
	FileAddressRelocationTable uint16
	Overlay                    uint16
	Reserved                   [4]uint16
	OemId                      uint16
	OemInfo                    uint16
	Reserved2                  [10]uint16
	AddressExeHeader           uint32
}

type Export 

type Export struct {
	Name    string
	Ordinal uint16
	Rva     uint32
}

type ExportAddressTable 

type ExportAddressTable struct {
	ExportRva  uint32
	ForwardRva uint32
}

type ExportDirectory 

type ExportDirectory struct {
	ExportFlags          uint32
	TimeDateStamp        uint32
	MajorVersion         uint16
	MinorVersion         uint16
	NameRva              uint32
	OrdinalBase          uint32
	NumberOfFunctions    uint32
	NumberOfNamePointers uint32
	FunctionsRva         uint32
	NamesRva             uint32
	OrdinalsRva          uint32
}

type ImportDirectory 

type ImportDirectory struct {
	ImportLookupTableRva  uint32
	TimeDataStamp         uint32
	ForwarderChain        uint32
	NameRva               uint32
	ImportAddressTableRva uint32
}

type ImportInfo 

type ImportInfo struct {
	DllName  string
	FuncName string
	Offset   uint32
	Ordinal  uint16
}

type OptionalHeader32 

type OptionalHeader32 struct {
	Magic                   uint16
	MajorLinkerVersion      uint8
	MinorLinkerVersion      uint8
	SizeOfCode              uint32
	SizeOfInitializedData   uint32
	SizeOfUninitializedData uint32
	AddressOfEntryPoint     uint32
	BaseOfCode              uint32
	BaseOfData              uint32
	ImageBase               uint32
	SectionAlignment        uint32
	FileAlignment           uint32
	MajorOSVersion          uint16
	MinorOSVersion          uint16
	MajorImageVersion       uint16
	MinorImageVersion       uint16
	MajorSubsystemVersion   uint16
	MinorSubsystemVersion   uint16
	Win32Version            uint32
	SizeOfImage             uint32
	SizeOfHeaders           uint32
	Checksum                uint32
	Sybsystem               uint16
	DllCharacteristics      uint16
	SizeOfStackReserve      uint32
	SizeOfStackCommit       uint32
	SizeOfHeapReserve       uint32
	SizeOfHeapCommit        uint32
	LoaderFlags             uint32
	NumberOfRvaAndSizes     uint32
	DataDirectories         [16]DataDirectory
}

type OptionalHeader32P 

type OptionalHeader32P struct {
	Magic                   uint16
	MajorLinkerVersion      uint8
	MinorLinkerVersion      uint8
	SizeOfCode              uint32
	SizeOfInitializedData   uint32
	SizeOfUninitializedData uint32
	AddressOfEntryPoint     uint32
	BaseOfCode              uint32
	ImageBase               uint64
	SectionAlignment        uint32
	FileAlignment           uint32
	MajorOSVersion          uint16
	MinorOSVersion          uint16
	MajorImageVersion       uint16
	MinorImageVersion       uint16
	MajorSubsystemVersion   uint16
	MinorSubsystemVersion   uint16
	Win32Version            uint32
	SizeOfImage             uint32
	SizeOfHeaders           uint32
	Checksum                uint32
	Sybsystem               uint16
	DllCharacteristics      uint16
	SizeOfStackReserve      uint64
	SizeOfStackCommit       uint64
	SizeOfHeapReserve       uint64
	SizeOfHeapCommit        uint64
	LoaderFlags             uint32
	NumberOfRvaAndSizes     uint32
	DataDirectories         [16]DataDirectory
}

type PeFile 

type PeFile struct {
	Path           string
	Name           string //import name, apiset or on disk
	RealName       string //on disk short name
	Sha256         string
	DosHeader      *DosHeader
	CoffHeader     *CoffHeader
	OptionalHeader interface{}
	PeType         PeType
	Sections       []*Section

	HeadersAsSection *Section
	Imports          []*ImportInfo
	Exports          []*Export
	ExportNameMap    map[string]*Export
	ExportOrdinalMap map[int]*Export
	Apisets          map[string][]string
	Size             int64
	RawHeaders       []byte

	ImageSize int64
	// contains filtered or unexported fields
}

func LoadPeBytes 

func LoadPeBytes(data []byte, name string) (*PeFile, error)

LoadPeBytes will take a PE file in the form of an in memory byte array and parse it

func LoadPeFile 

func LoadPeFile(path string) (*PeFile, error)

LoadPeFile will parse a file from disk, given a path. The output will be a PeFile object or an error

func (*PeFile) ApiSetLookup 

func (pe *PeFile) ApiSetLookup(name string) string

func (*PeFile) EntryPoint 

func (pe *PeFile) EntryPoint() uint32

EntryPoint returns the entry point of the PE file

func (*PeFile) ImageBase 

func (pe *PeFile) ImageBase() uint64

ImageBase returns the base address of the PE file

func (*PeFile) ImportedDlls 

func (pe *PeFile) ImportedDlls() []string

func (*PeFile) SetImageBase 

func (pe *PeFile) SetImageBase(imageBase uint64) error

SetImageBase updates the image base of a PeFile and also updates all rolcations of the file

func (*PeFile) SetImportAddress 

func (pe *PeFile) SetImportAddress(importInfo *ImportInfo, realAddr uint64) error

func (*PeFile) String 

func (pe *PeFile) String() string

type PeType 

type PeType int
const (
	Pe32 PeType = iota
	Pe32p
)

type RelocationBlock 

type RelocationBlock struct {
	PageRva uint32
	Size    uint32
}

type Section 

type Section struct {
	Name                 string
	VirtualSize          uint32
	VirtualAddress       uint32
	Size                 uint32
	Offset               uint32
	PointerToRelocations uint32
	PointerToLineNumbers uint32
	NumberOfRelocations  uint16
	NumberOfLineNumbers  uint16
	Characteristics      uint32
	Raw                  []byte
	Entropy              float64
}

type SectionHeader 

type SectionHeader struct {
	Name                 [8]byte
	VirtualSize          uint32
	VirtualAddress       uint32
	Size                 uint32
	Offset               uint32
	PointerToRelocations uint32
	PointerToLineNumbers uint32
	NumberOfRelocations  uint16
	NumberOfLineNumbers  uint16
	Characteristics      uint32
}

type ValuesArray2 

type ValuesArray2 struct {
	Count uint32
}

type ValuesEntry2 

type ValuesEntry2 struct {
	NameOffset  int32
	NameLength  int32
	ValueOffset int32
	ValueLength int32
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.