pe

package module
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

README

go-pe - A Golang parser for PE files.

This parser is designed to extract high level information about PE files on disk. The information currently provided:

  • RSDS GUID and PDB files.
  • VersionInformation strings.

Documentation

Index

Constants

View Source 
const (
	IMAGE_DIRECTORY_ENTRY_DEBUG    = 6
	IMAGE_DIRECTORY_ENTRY_RESOURCE = 2
)
View Source 
const (
	IMAGE_DIRECTORY_ENTRY_EXPORT = 0
)
View Source 
const (
	IMAGE_DIRECTORY_ENTRY_IMPORT = 1
)

Variables

View Source 
var (
	PE_DEBUG *bool
)

Functions

func DebugPrint 

func DebugPrint(fmt_str string, v ...interface{})

func GetImports 

func GetImports(nt_header *IMAGE_NT_HEADERS, rva_resolver *RVAResolver) []string

func GetVersionInformation 

func GetVersionInformation(
	nt_header *IMAGE_NT_HEADERS,
	rva_resolver *RVAResolver,
	resource_base int64) *ordereddict.Dict

func IsInExportDir added in v0.1.2 

func IsInExportDir(dir *IMAGE_DATA_DIRECTORY, va uint32) bool

Is the virtual address within the export directory. 

https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-edata-section-image-only

Each entry in the export address table is a field that uses one of
two formats in the following table. If the address specified is not
within the export section (as defined by the address and length
that are indicated in the optional header), the field is an export
RVA, which is an actual address in code or data. Otherwise, the
field is a forwarder RVA, which names a symbol in another DLL.

func ParseArray_byte 

func ParseArray_byte(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []byte

func ParseArray_uint16 added in v0.1.2 

func ParseArray_uint16(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []uint16

func ParseArray_uint32 added in v0.1.2 

func ParseArray_uint32(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []uint32

func ParseArray_uint64 added in v0.1.2 

func ParseArray_uint64(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []uint64

func ParseInt32 added in v0.1.2 

func ParseInt32(reader io.ReaderAt, offset int64) int32

func ParseString 

func ParseString(reader io.ReaderAt, offset int64, length int64) string

func ParseTerminatedString 

func ParseTerminatedString(reader io.ReaderAt, offset int64) string

func ParseTerminatedUTF16String 

func ParseTerminatedUTF16String(reader io.ReaderAt, offset int64) string

func ParseUTF16String 

func ParseUTF16String(reader io.ReaderAt, offset int64, length int64) string

func ParseUint16 

func ParseUint16(reader io.ReaderAt, offset int64) uint16

func ParseUint32 

func ParseUint32(reader io.ReaderAt, offset int64) uint32

func ParseUint64 

func ParseUint64(reader io.ReaderAt, offset int64) uint64

func ParseUint8 

func ParseUint8(reader io.ReaderAt, offset int64) byte

func RoundUpToWordAlignment 

func RoundUpToWordAlignment(offset int64) int64

func UTF16BytesToUTF8 

func UTF16BytesToUTF8(b []byte, o binary.ByteOrder) string

Types

type CV_RSDS_HEADER 

type CV_RSDS_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*CV_RSDS_HEADER) Age 

func (self *CV_RSDS_HEADER) Age() uint32

func (*CV_RSDS_HEADER) DebugString added in v0.1.2 

func (self *CV_RSDS_HEADER) DebugString() string

func (*CV_RSDS_HEADER) Filename 

func (self *CV_RSDS_HEADER) Filename() string

func (*CV_RSDS_HEADER) GUID 

func (self *CV_RSDS_HEADER) GUID() *GUID

func (*CV_RSDS_HEADER) GUIDAge 

func (self *CV_RSDS_HEADER) GUIDAge() string

func (*CV_RSDS_HEADER) Signature 

func (self *CV_RSDS_HEADER) Signature() string

func (*CV_RSDS_HEADER) Size 

func (self *CV_RSDS_HEADER) Size() int

type Enumeration 

type Enumeration struct {
	Value uint64
	Name  string
}

func (Enumeration) DebugString 

func (self Enumeration) DebugString() string

type FileHeader added in v0.1.2 

type FileHeader struct {
	Machine          string `json:"Machine"`
	TimeDateStamp    string `json:"TimeDateStamp"`
	TimeDateStampRaw uint32 `json:"TimeDateStampRaw"`
	Characteristics  uint16 `json:"Characteristics"`
}

type GUID 

type GUID struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*GUID) Data1 

func (self *GUID) Data1() uint32

func (*GUID) Data2 

func (self *GUID) Data2() uint16

func (*GUID) Data3 

func (self *GUID) Data3() uint16

func (*GUID) Data4 

func (self *GUID) Data4() []byte

func (*GUID) DebugString added in v0.1.2 

func (self *GUID) DebugString() string

func (*GUID) Size 

func (self *GUID) Size() int

type IMAGE_DATA_DIRECTORY 

type IMAGE_DATA_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func ParseArray_IMAGE_DATA_DIRECTORY 

func ParseArray_IMAGE_DATA_DIRECTORY(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []*IMAGE_DATA_DIRECTORY

func (*IMAGE_DATA_DIRECTORY) DebugString added in v0.1.2 

func (self *IMAGE_DATA_DIRECTORY) DebugString() string

func (*IMAGE_DATA_DIRECTORY) DirSize 

func (self *IMAGE_DATA_DIRECTORY) DirSize() uint32

func (*IMAGE_DATA_DIRECTORY) Size 

func (self *IMAGE_DATA_DIRECTORY) Size() int

func (*IMAGE_DATA_DIRECTORY) VirtualAddress 

func (self *IMAGE_DATA_DIRECTORY) VirtualAddress() uint32

type IMAGE_DEBUG_DIRECTORY 

type IMAGE_DEBUG_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_DEBUG_DIRECTORY) AddressOfRawData 

func (self *IMAGE_DEBUG_DIRECTORY) AddressOfRawData() uint32

func (*IMAGE_DEBUG_DIRECTORY) DebugString added in v0.1.2 

func (self *IMAGE_DEBUG_DIRECTORY) DebugString() string

func (*IMAGE_DEBUG_DIRECTORY) Size 

func (self *IMAGE_DEBUG_DIRECTORY) Size() int

func (*IMAGE_DEBUG_DIRECTORY) TimeDateStamp 

func (self *IMAGE_DEBUG_DIRECTORY) TimeDateStamp() *UnixTimeStamp

func (*IMAGE_DEBUG_DIRECTORY) Type 

func (self *IMAGE_DEBUG_DIRECTORY) Type() *Enumeration

type IMAGE_DOS_HEADER 

type IMAGE_DOS_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_DOS_HEADER) DebugString added in v0.1.2 

func (self *IMAGE_DOS_HEADER) DebugString() string

func (*IMAGE_DOS_HEADER) E_lfanew 

func (self *IMAGE_DOS_HEADER) E_lfanew() int32

func (*IMAGE_DOS_HEADER) E_magic 

func (self *IMAGE_DOS_HEADER) E_magic() uint16

func (*IMAGE_DOS_HEADER) NTHeader 

func (self *IMAGE_DOS_HEADER) NTHeader() *IMAGE_NT_HEADERS

func (*IMAGE_DOS_HEADER) Size 

func (self *IMAGE_DOS_HEADER) Size() int

type IMAGE_EXPORT_DESCRIPTOR added in v0.1.2 

type IMAGE_EXPORT_DESCRIPTOR struct {
	Ordinal   int
	Name      string
	RVA       int64
	Forwarder string
	DLLName   string
}

type IMAGE_EXPORT_DIRECTORY added in v0.1.2 

type IMAGE_EXPORT_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_EXPORT_DIRECTORY) AddressOfFunctions added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) AddressOfFunctions() uint32

func (*IMAGE_EXPORT_DIRECTORY) AddressOfNameOrdinals added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) AddressOfNameOrdinals() uint32

func (*IMAGE_EXPORT_DIRECTORY) AddressOfNames added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) AddressOfNames() uint32

func (*IMAGE_EXPORT_DIRECTORY) Base added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) Base() uint32

func (*IMAGE_EXPORT_DIRECTORY) DLLName added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) DLLName(rva_resolver *RVAResolver) string

func (*IMAGE_EXPORT_DIRECTORY) DebugString added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) DebugString() string

func (*IMAGE_EXPORT_DIRECTORY) Name added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) Name() uint32

func (*IMAGE_EXPORT_DIRECTORY) NumberOfFunctions added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) NumberOfFunctions() uint32

func (*IMAGE_EXPORT_DIRECTORY) NumberOfNames added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) NumberOfNames() uint32

func (*IMAGE_EXPORT_DIRECTORY) Size added in v0.1.2 

func (self *IMAGE_EXPORT_DIRECTORY) Size() int

type IMAGE_FILE_HEADER 

type IMAGE_FILE_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_FILE_HEADER) Characteristics added in v0.1.2 

func (self *IMAGE_FILE_HEADER) Characteristics() uint16

func (*IMAGE_FILE_HEADER) DebugString added in v0.1.2 

func (self *IMAGE_FILE_HEADER) DebugString() string

func (*IMAGE_FILE_HEADER) Machine 

func (self *IMAGE_FILE_HEADER) Machine() *Enumeration

func (*IMAGE_FILE_HEADER) NumberOfSections 

func (self *IMAGE_FILE_HEADER) NumberOfSections() uint16

func (*IMAGE_FILE_HEADER) Size 

func (self *IMAGE_FILE_HEADER) Size() int

func (*IMAGE_FILE_HEADER) SizeOfOptionalHeader 

func (self *IMAGE_FILE_HEADER) SizeOfOptionalHeader() uint16

func (*IMAGE_FILE_HEADER) TimeDateStamp 

func (self *IMAGE_FILE_HEADER) TimeDateStamp() *UnixTimeStamp

func (*IMAGE_FILE_HEADER) TimeDateStampRaw added in v0.1.2 

func (self *IMAGE_FILE_HEADER) TimeDateStampRaw() uint32

type IMAGE_IMPORT_BY_NAME 

type IMAGE_IMPORT_BY_NAME struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_IMPORT_BY_NAME) DebugString added in v0.1.2 

func (self *IMAGE_IMPORT_BY_NAME) DebugString() string

func (*IMAGE_IMPORT_BY_NAME) Name 

func (self *IMAGE_IMPORT_BY_NAME) Name() string

func (*IMAGE_IMPORT_BY_NAME) Size 

func (self *IMAGE_IMPORT_BY_NAME) Size() int

type IMAGE_IMPORT_DESCRIPTOR 

type IMAGE_IMPORT_DESCRIPTOR struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_IMPORT_DESCRIPTOR) Characteristics 

func (self *IMAGE_IMPORT_DESCRIPTOR) Characteristics() uint32

func (*IMAGE_IMPORT_DESCRIPTOR) DLLName 

func (self *IMAGE_IMPORT_DESCRIPTOR) DLLName(rva_resolver *RVAResolver) string

func (*IMAGE_IMPORT_DESCRIPTOR) DebugString added in v0.1.2 

func (self *IMAGE_IMPORT_DESCRIPTOR) DebugString() string

func (*IMAGE_IMPORT_DESCRIPTOR) Functions32 

func (self *IMAGE_IMPORT_DESCRIPTOR) Functions32(rva_resolver *RVAResolver) []string

func (*IMAGE_IMPORT_DESCRIPTOR) Functions64 

func (self *IMAGE_IMPORT_DESCRIPTOR) Functions64(rva_resolver *RVAResolver) []string

func (*IMAGE_IMPORT_DESCRIPTOR) Name 

func (self *IMAGE_IMPORT_DESCRIPTOR) Name() uint32

func (*IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk 

func (self *IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk() uint32

func (*IMAGE_IMPORT_DESCRIPTOR) Size 

func (self *IMAGE_IMPORT_DESCRIPTOR) Size() int

type IMAGE_NT_HEADERS 

type IMAGE_NT_HEADERS struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_NT_HEADERS) DataDirectory 

func (self *IMAGE_NT_HEADERS) DataDirectory(index int64) *IMAGE_DATA_DIRECTORY

func (*IMAGE_NT_HEADERS) DebugDirectory 

func (self *IMAGE_NT_HEADERS) DebugDirectory(
	rva_resolver *RVAResolver) *IMAGE_DEBUG_DIRECTORY

func (*IMAGE_NT_HEADERS) DebugString added in v0.1.2 

func (self *IMAGE_NT_HEADERS) DebugString() string

func (*IMAGE_NT_HEADERS) ExportDirectory added in v0.1.2 

func (self *IMAGE_NT_HEADERS) ExportDirectory(
	rva_resolver *RVAResolver) *IMAGE_EXPORT_DIRECTORY

func (*IMAGE_NT_HEADERS) ExportTable added in v0.1.2 

func (self *IMAGE_NT_HEADERS) ExportTable(
	rva_resolver *RVAResolver) []*IMAGE_EXPORT_DESCRIPTOR

func (*IMAGE_NT_HEADERS) FileHeader 

func (self *IMAGE_NT_HEADERS) FileHeader() *IMAGE_FILE_HEADER

func (*IMAGE_NT_HEADERS) ImportDirectory 

func (self *IMAGE_NT_HEADERS) ImportDirectory(
	rva_resolver *RVAResolver) []*IMAGE_IMPORT_DESCRIPTOR

func (*IMAGE_NT_HEADERS) OptionalHeader 

func (self *IMAGE_NT_HEADERS) OptionalHeader() *IMAGE_OPTIONAL_HEADER

func (*IMAGE_NT_HEADERS) RSDS 

func (self *IMAGE_NT_HEADERS) RSDS(
	rva_resolver *RVAResolver) *CV_RSDS_HEADER

func (*IMAGE_NT_HEADERS) RealOptionalHeader 

func (self *IMAGE_NT_HEADERS) RealOptionalHeader() (
	*IMAGE_OPTIONAL_HEADER, *IMAGE_OPTIONAL_HEADER64)

func (*IMAGE_NT_HEADERS) ResourceDirectory 

func (self *IMAGE_NT_HEADERS) ResourceDirectory(
	rva_resolver *RVAResolver) *IMAGE_RESOURCE_DIRECTORY

func (*IMAGE_NT_HEADERS) SectionByName 

func (self *IMAGE_NT_HEADERS) SectionByName(name string) *IMAGE_SECTION_HEADER

func (*IMAGE_NT_HEADERS) Sections 

func (self *IMAGE_NT_HEADERS) Sections() []*IMAGE_SECTION_HEADER

func (*IMAGE_NT_HEADERS) Signature 

func (self *IMAGE_NT_HEADERS) Signature() uint32

func (*IMAGE_NT_HEADERS) Size 

func (self *IMAGE_NT_HEADERS) Size() int

type IMAGE_OPTIONAL_HEADER 

type IMAGE_OPTIONAL_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_OPTIONAL_HEADER) DataDirectory 

func (self *IMAGE_OPTIONAL_HEADER) DataDirectory() []*IMAGE_DATA_DIRECTORY

func (*IMAGE_OPTIONAL_HEADER) DebugString added in v0.1.2 

func (self *IMAGE_OPTIONAL_HEADER) DebugString() string

func (*IMAGE_OPTIONAL_HEADER) ImageBase 

func (self *IMAGE_OPTIONAL_HEADER) ImageBase() uint32

func (*IMAGE_OPTIONAL_HEADER) Magic 

func (self *IMAGE_OPTIONAL_HEADER) Magic() uint16

func (*IMAGE_OPTIONAL_HEADER) Size 

func (self *IMAGE_OPTIONAL_HEADER) Size() int

type IMAGE_OPTIONAL_HEADER64 

type IMAGE_OPTIONAL_HEADER64 struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_OPTIONAL_HEADER64) DataDirectory 

func (self *IMAGE_OPTIONAL_HEADER64) DataDirectory() []*IMAGE_DATA_DIRECTORY

func (*IMAGE_OPTIONAL_HEADER64) DebugString added in v0.1.2 

func (self *IMAGE_OPTIONAL_HEADER64) DebugString() string

func (*IMAGE_OPTIONAL_HEADER64) ImageBase 

func (self *IMAGE_OPTIONAL_HEADER64) ImageBase() uint64

func (*IMAGE_OPTIONAL_HEADER64) Magic 

func (self *IMAGE_OPTIONAL_HEADER64) Magic() uint16

func (*IMAGE_OPTIONAL_HEADER64) Size 

func (self *IMAGE_OPTIONAL_HEADER64) Size() int

type IMAGE_RESOURCE_DATA_ENTRY 

type IMAGE_RESOURCE_DATA_ENTRY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_RESOURCE_DATA_ENTRY) CodePage 

func (self *IMAGE_RESOURCE_DATA_ENTRY) CodePage() uint32

func (*IMAGE_RESOURCE_DATA_ENTRY) DataSize 

func (self *IMAGE_RESOURCE_DATA_ENTRY) DataSize() uint32

func (*IMAGE_RESOURCE_DATA_ENTRY) DebugString added in v0.1.2 

func (self *IMAGE_RESOURCE_DATA_ENTRY) DebugString() string

func (*IMAGE_RESOURCE_DATA_ENTRY) OffsetToData 

func (self *IMAGE_RESOURCE_DATA_ENTRY) OffsetToData() uint32

func (*IMAGE_RESOURCE_DATA_ENTRY) Size 

func (self *IMAGE_RESOURCE_DATA_ENTRY) Size() int

type IMAGE_RESOURCE_DIRECTORY 

type IMAGE_RESOURCE_DIRECTORY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_RESOURCE_DIRECTORY) DebugString added in v0.1.2 

func (self *IMAGE_RESOURCE_DIRECTORY) DebugString() string

func (*IMAGE_RESOURCE_DIRECTORY) Entries 

func (self *IMAGE_RESOURCE_DIRECTORY) Entries() []*IMAGE_RESOURCE_DIRECTORY_ENTRY

func (*IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries 

func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries() uint16

func (*IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries 

func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries() uint16

func (*IMAGE_RESOURCE_DIRECTORY) Size 

func (self *IMAGE_RESOURCE_DIRECTORY) Size() int

type IMAGE_RESOURCE_DIRECTORY_ENTRY 

type IMAGE_RESOURCE_DIRECTORY_ENTRY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func ParseArray_IMAGE_RESOURCE_DIRECTORY_ENTRY 

func ParseArray_IMAGE_RESOURCE_DIRECTORY_ENTRY(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []*IMAGE_RESOURCE_DIRECTORY_ENTRY

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) DebugString added in v0.1.2 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DebugString() string

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString(
	resource_base int64) string

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory() uint64

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Size 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Size() int

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse(
	resource_base int64) []*IMAGE_RESOURCE_DATA_ENTRY

func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Type 

func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Type() *Enumeration

type IMAGE_SECTION_HEADER 

type IMAGE_SECTION_HEADER struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_SECTION_HEADER) Characteristics 

func (self *IMAGE_SECTION_HEADER) Characteristics() uint32

func (*IMAGE_SECTION_HEADER) Data 

func (self *IMAGE_SECTION_HEADER) Data() io.ReaderAt

func (*IMAGE_SECTION_HEADER) DebugString added in v0.1.2 

func (self *IMAGE_SECTION_HEADER) DebugString() string

func (*IMAGE_SECTION_HEADER) Name 

func (self *IMAGE_SECTION_HEADER) Name() string

func (*IMAGE_SECTION_HEADER) Permissions 

func (self *IMAGE_SECTION_HEADER) Permissions() string

func (*IMAGE_SECTION_HEADER) PointerToRawData 

func (self *IMAGE_SECTION_HEADER) PointerToRawData() uint32

func (*IMAGE_SECTION_HEADER) Size 

func (self *IMAGE_SECTION_HEADER) Size() int

func (*IMAGE_SECTION_HEADER) SizeOfRawData 

func (self *IMAGE_SECTION_HEADER) SizeOfRawData() uint32

func (*IMAGE_SECTION_HEADER) VirtualAddress 

func (self *IMAGE_SECTION_HEADER) VirtualAddress() uint32

type IMAGE_THUNK_DATA32 

type IMAGE_THUNK_DATA32 struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_THUNK_DATA32) AddressOfData 

func (self *IMAGE_THUNK_DATA32) AddressOfData() uint32

func (*IMAGE_THUNK_DATA32) DebugString added in v0.1.2 

func (self *IMAGE_THUNK_DATA32) DebugString() string

func (*IMAGE_THUNK_DATA32) ForwarderString 

func (self *IMAGE_THUNK_DATA32) ForwarderString() uint32

func (*IMAGE_THUNK_DATA32) Function 

func (self *IMAGE_THUNK_DATA32) Function() uint32

func (*IMAGE_THUNK_DATA32) Ordinal 

func (self *IMAGE_THUNK_DATA32) Ordinal() uint32

func (*IMAGE_THUNK_DATA32) Size 

func (self *IMAGE_THUNK_DATA32) Size() int

type IMAGE_THUNK_DATA64 

type IMAGE_THUNK_DATA64 struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*IMAGE_THUNK_DATA64) AddressOfData 

func (self *IMAGE_THUNK_DATA64) AddressOfData() uint64

func (*IMAGE_THUNK_DATA64) DebugString added in v0.1.2 

func (self *IMAGE_THUNK_DATA64) DebugString() string

func (*IMAGE_THUNK_DATA64) ForwarderString 

func (self *IMAGE_THUNK_DATA64) ForwarderString() uint64

func (*IMAGE_THUNK_DATA64) Function 

func (self *IMAGE_THUNK_DATA64) Function() uint64

func (*IMAGE_THUNK_DATA64) Ordinal 

func (self *IMAGE_THUNK_DATA64) Ordinal() uint64

func (*IMAGE_THUNK_DATA64) Size 

func (self *IMAGE_THUNK_DATA64) Size() int

type MESSAGE_RESOURCE_BLOCK added in v0.1.2 

type MESSAGE_RESOURCE_BLOCK struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func ParseArray_MESSAGE_RESOURCE_BLOCK added in v0.1.2 

func ParseArray_MESSAGE_RESOURCE_BLOCK(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []*MESSAGE_RESOURCE_BLOCK

func (*MESSAGE_RESOURCE_BLOCK) DebugString added in v0.1.2 

func (self *MESSAGE_RESOURCE_BLOCK) DebugString() string

func (*MESSAGE_RESOURCE_BLOCK) HighId added in v0.1.2 

func (self *MESSAGE_RESOURCE_BLOCK) HighId() uint32

func (*MESSAGE_RESOURCE_BLOCK) LowId added in v0.1.2 

func (self *MESSAGE_RESOURCE_BLOCK) LowId() uint32

func (*MESSAGE_RESOURCE_BLOCK) Messages added in v0.1.2 

func (self *MESSAGE_RESOURCE_BLOCK) Messages() []*Message

Each block contains a list of entries.

func (*MESSAGE_RESOURCE_BLOCK) OffsetToEntries added in v0.1.2 

func (self *MESSAGE_RESOURCE_BLOCK) OffsetToEntries() uint32

func (*MESSAGE_RESOURCE_BLOCK) Size added in v0.1.2 

func (self *MESSAGE_RESOURCE_BLOCK) Size() int

type MESSAGE_RESOURCE_DATA added in v0.1.2 

type MESSAGE_RESOURCE_DATA struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*MESSAGE_RESOURCE_DATA) Blocks added in v0.1.2 

func (self *MESSAGE_RESOURCE_DATA) Blocks() []*MESSAGE_RESOURCE_BLOCK

func (*MESSAGE_RESOURCE_DATA) DebugString added in v0.1.2 

func (self *MESSAGE_RESOURCE_DATA) DebugString() string

func (*MESSAGE_RESOURCE_DATA) Messages added in v0.1.2 

func (self *MESSAGE_RESOURCE_DATA) Messages() []*Message

func (*MESSAGE_RESOURCE_DATA) NumberOfBlocks added in v0.1.2 

func (self *MESSAGE_RESOURCE_DATA) NumberOfBlocks() uint32

func (*MESSAGE_RESOURCE_DATA) Size added in v0.1.2 

func (self *MESSAGE_RESOURCE_DATA) Size() int

type MESSAGE_RESOURCE_ENTRY added in v0.1.2 

type MESSAGE_RESOURCE_ENTRY struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*MESSAGE_RESOURCE_ENTRY) DebugString added in v0.1.2 

func (self *MESSAGE_RESOURCE_ENTRY) DebugString() string

func (*MESSAGE_RESOURCE_ENTRY) Flags added in v0.1.2 

func (self *MESSAGE_RESOURCE_ENTRY) Flags() uint16

func (*MESSAGE_RESOURCE_ENTRY) Length added in v0.1.2 

func (self *MESSAGE_RESOURCE_ENTRY) Length() uint16

func (*MESSAGE_RESOURCE_ENTRY) Message added in v0.1.2 

func (self *MESSAGE_RESOURCE_ENTRY) Message() string

func (*MESSAGE_RESOURCE_ENTRY) Size added in v0.1.2 

func (self *MESSAGE_RESOURCE_ENTRY) Size() int

func (*MESSAGE_RESOURCE_ENTRY) Text added in v0.1.2 

func (self *MESSAGE_RESOURCE_ENTRY) Text() string

type Message added in v0.1.2 

type Message struct {
	Id      int64
	EventId int
	Message string
}

type OffsetReader 

type OffsetReader struct {
	// contains filtered or unexported fields
}

func (OffsetReader) ReadAt 

func (self OffsetReader) ReadAt(buff []byte, off int64) (int, error)

type PEFile 

type PEFile struct {
	NtHeader *IMAGE_NT_HEADERS

	// Used to resolve RVA to file offsets.
	RvaResolver *RVAResolver

	// The file offset to the resource section.
	ResourceBase int64

	FileHeader FileHeader `json:"FileHeader"`
	GUIDAge    string     `json:"GUIDAge"`
	PDB        string     `json:"PDB"`
	Sections   []*Section `json:"Sections"`
	// contains filtered or unexported fields
}

func NewPEFile 

func NewPEFile(reader io.ReaderAt) (*PEFile, error)

func (*PEFile) Exports added in v0.1.2 

func (self *PEFile) Exports() []string

Delay calculating these until absolutely necessary.

func (*PEFile) Forwards added in v0.1.2 

func (self *PEFile) Forwards() []string

func (*PEFile) GetMessages added in v0.1.2 

func (self *PEFile) GetMessages() []*Message

func (*PEFile) ImpHash added in v0.1.2 

func (self *PEFile) ImpHash() string

Calculate the import table hash https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html

func (*PEFile) Imports 

func (self *PEFile) Imports() []string

Delay calculating these until absolutely necessary.

func (PEFile) Members added in v0.1.2 

func (self PEFile) Members() []string

func (*PEFile) VersionInformation 

func (self *PEFile) VersionInformation() *ordereddict.Dict

type PeProfile 

type PeProfile struct {
	Off_CV_RSDS_HEADER_Signature                         int64
	Off_CV_RSDS_HEADER_GUID                              int64
	Off_CV_RSDS_HEADER_Age                               int64
	Off_CV_RSDS_HEADER_Filename                          int64
	Off_MESSAGE_RESOURCE_BLOCK_LowId                     int64
	Off_MESSAGE_RESOURCE_BLOCK_HighId                    int64
	Off_MESSAGE_RESOURCE_BLOCK_OffsetToEntries           int64
	Off_MESSAGE_RESOURCE_DATA_NumberOfBlocks             int64
	Off_MESSAGE_RESOURCE_DATA__Blocks                    int64
	Off_MESSAGE_RESOURCE_ENTRY_Length                    int64
	Off_MESSAGE_RESOURCE_ENTRY_Flags                     int64
	Off_MESSAGE_RESOURCE_ENTRY_Text                      int64
	Off_PrefixedString_Length                            int64
	Off_PrefixedString__Buffer                           int64
	Off_ResourceString_Length                            int64
	Off_ResourceString_ValueLength                       int64
	Off_ResourceString_Type                              int64
	Off_ResourceString_Key                               int64
	Off_StringFileInfo_Length                            int64
	Off_StringFileInfo_ValueLength                       int64
	Off_StringFileInfo_Type                              int64
	Off_StringFileInfo_Key                               int64
	Off_StringTable_Length                               int64
	Off_StringTable_ValueLength                          int64
	Off_StringTable_Type                                 int64
	Off_StringTable_Key                                  int64
	Off_VS_VERSIONINFO_Length                            int64
	Off_VS_VERSIONINFO_ValueLength                       int64
	Off_VS_VERSIONINFO_Type                              int64
	Off_VS_VERSIONINFO_szKey                             int64
	Off_GUID_Data1                                       int64
	Off_GUID_Data2                                       int64
	Off_GUID_Data3                                       int64
	Off_GUID_Data4                                       int64
	Off_IMAGE_DATA_DIRECTORY_DirSize                     int64
	Off_IMAGE_DATA_DIRECTORY_VirtualAddress              int64
	Off_IMAGE_DEBUG_DIRECTORY_AddressOfRawData           int64
	Off_IMAGE_DEBUG_DIRECTORY_TimeDateStamp              int64
	Off_IMAGE_DEBUG_DIRECTORY_Type                       int64
	Off_IMAGE_DOS_HEADER_E_lfanew                        int64
	Off_IMAGE_DOS_HEADER_E_magic                         int64
	Off_IMAGE_EXPORT_DIRECTORY_AddressOfFunctions        int64
	Off_IMAGE_EXPORT_DIRECTORY_AddressOfNameOrdinals     int64
	Off_IMAGE_EXPORT_DIRECTORY_AddressOfNames            int64
	Off_IMAGE_EXPORT_DIRECTORY_Base                      int64
	Off_IMAGE_EXPORT_DIRECTORY_Name                      int64
	Off_IMAGE_EXPORT_DIRECTORY_NumberOfFunctions         int64
	Off_IMAGE_EXPORT_DIRECTORY_NumberOfNames             int64
	Off_IMAGE_EXPORT_DIRECTORY_ordinals                  int64
	Off_IMAGE_EXPORT_DIRECTORY_names                     int64
	Off_IMAGE_EXPORT_DIRECTORY_funcs64                   int64
	Off_IMAGE_FILE_HEADER_Characteristics                int64
	Off_IMAGE_FILE_HEADER_Machine                        int64
	Off_IMAGE_FILE_HEADER_NumberOfSections               int64
	Off_IMAGE_FILE_HEADER_SizeOfOptionalHeader           int64
	Off_IMAGE_FILE_HEADER_TimeDateStamp                  int64
	Off_IMAGE_FILE_HEADER_TimeDateStampRaw               int64
	Off_IMAGE_IMPORT_BY_NAME_Name                        int64
	Off_IMAGE_IMPORT_DESCRIPTOR_Characteristics          int64
	Off_IMAGE_IMPORT_DESCRIPTOR_Name                     int64
	Off_IMAGE_IMPORT_DESCRIPTOR_OriginalFirstThunk       int64
	Off_IMAGE_NT_HEADERS_FileHeader                      int64
	Off_IMAGE_NT_HEADERS_OptionalHeader                  int64
	Off_IMAGE_NT_HEADERS_Signature                       int64
	Off_IMAGE_OPTIONAL_HEADER_DataDirectory              int64
	Off_IMAGE_OPTIONAL_HEADER_ImageBase                  int64
	Off_IMAGE_OPTIONAL_HEADER_Magic                      int64
	Off_IMAGE_OPTIONAL_HEADER64_DataDirectory            int64
	Off_IMAGE_OPTIONAL_HEADER64_ImageBase                int64
	Off_IMAGE_OPTIONAL_HEADER64_Magic                    int64
	Off_IMAGE_RESOURCE_DATA_ENTRY_OffsetToData           int64
	Off_IMAGE_RESOURCE_DATA_ENTRY_DataSize               int64
	Off_IMAGE_RESOURCE_DATA_ENTRY_CodePage               int64
	Off_IMAGE_RESOURCE_DIRECTORY_NumberOfIdEntries       int64
	Off_IMAGE_RESOURCE_DIRECTORY_NumberOfNamedEntries    int64
	Off_IMAGE_RESOURCE_DIRECTORY__Entries                int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_Type              int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_DataIsDirectory   int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_NameIsString      int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_NameOffset        int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_OffsetToData      int64
	Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_OffsetToDirectory int64
	Off_IMAGE_SECTION_HEADER_Characteristics             int64
	Off_IMAGE_SECTION_HEADER_Name                        int64
	Off_IMAGE_SECTION_HEADER_PointerToRawData            int64
	Off_IMAGE_SECTION_HEADER_SizeOfRawData               int64
	Off_IMAGE_SECTION_HEADER_VirtualAddress              int64
	Off_IMAGE_THUNK_DATA32_AddressOfData                 int64
	Off_IMAGE_THUNK_DATA32_ForwarderString               int64
	Off_IMAGE_THUNK_DATA32_Function                      int64
	Off_IMAGE_THUNK_DATA32_Ordinal                       int64
	Off_IMAGE_THUNK_DATA64_AddressOfData                 int64
	Off_IMAGE_THUNK_DATA64_ForwarderString               int64
	Off_IMAGE_THUNK_DATA64_Function                      int64
	Off_IMAGE_THUNK_DATA64_Ordinal                       int64
}

func NewPeProfile 

func NewPeProfile() *PeProfile

func (*PeProfile) CV_RSDS_HEADER 

func (self *PeProfile) CV_RSDS_HEADER(reader io.ReaderAt, offset int64) *CV_RSDS_HEADER

func (*PeProfile) GUID 

func (self *PeProfile) GUID(reader io.ReaderAt, offset int64) *GUID

func (*PeProfile) IMAGE_DATA_DIRECTORY 

func (self *PeProfile) IMAGE_DATA_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DATA_DIRECTORY

func (*PeProfile) IMAGE_DEBUG_DIRECTORY 

func (self *PeProfile) IMAGE_DEBUG_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DEBUG_DIRECTORY

func (*PeProfile) IMAGE_DOS_HEADER 

func (self *PeProfile) IMAGE_DOS_HEADER(reader io.ReaderAt, offset int64) *IMAGE_DOS_HEADER

func (*PeProfile) IMAGE_EXPORT_DIRECTORY added in v0.1.2 

func (self *PeProfile) IMAGE_EXPORT_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_EXPORT_DIRECTORY

func (*PeProfile) IMAGE_FILE_HEADER 

func (self *PeProfile) IMAGE_FILE_HEADER(reader io.ReaderAt, offset int64) *IMAGE_FILE_HEADER

func (*PeProfile) IMAGE_IMPORT_BY_NAME 

func (self *PeProfile) IMAGE_IMPORT_BY_NAME(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_BY_NAME

func (*PeProfile) IMAGE_IMPORT_DESCRIPTOR 

func (self *PeProfile) IMAGE_IMPORT_DESCRIPTOR(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_DESCRIPTOR

func (*PeProfile) IMAGE_NT_HEADERS 

func (self *PeProfile) IMAGE_NT_HEADERS(reader io.ReaderAt, offset int64) *IMAGE_NT_HEADERS

func (*PeProfile) IMAGE_OPTIONAL_HEADER 

func (self *PeProfile) IMAGE_OPTIONAL_HEADER(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER

func (*PeProfile) IMAGE_OPTIONAL_HEADER64 

func (self *PeProfile) IMAGE_OPTIONAL_HEADER64(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER64

func (*PeProfile) IMAGE_RESOURCE_DATA_ENTRY 

func (self *PeProfile) IMAGE_RESOURCE_DATA_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DATA_ENTRY

func (*PeProfile) IMAGE_RESOURCE_DIRECTORY 

func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY

func (*PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY 

func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY_ENTRY

func (*PeProfile) IMAGE_SECTION_HEADER 

func (self *PeProfile) IMAGE_SECTION_HEADER(reader io.ReaderAt, offset int64) *IMAGE_SECTION_HEADER

func (*PeProfile) IMAGE_THUNK_DATA32 

func (self *PeProfile) IMAGE_THUNK_DATA32(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA32

func (*PeProfile) IMAGE_THUNK_DATA64 

func (self *PeProfile) IMAGE_THUNK_DATA64(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA64

func (*PeProfile) MESSAGE_RESOURCE_BLOCK added in v0.1.2 

func (self *PeProfile) MESSAGE_RESOURCE_BLOCK(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_BLOCK

func (*PeProfile) MESSAGE_RESOURCE_DATA added in v0.1.2 

func (self *PeProfile) MESSAGE_RESOURCE_DATA(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_DATA

func (*PeProfile) MESSAGE_RESOURCE_ENTRY added in v0.1.2 

func (self *PeProfile) MESSAGE_RESOURCE_ENTRY(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_ENTRY

func (*PeProfile) PrefixedString 

func (self *PeProfile) PrefixedString(reader io.ReaderAt, offset int64) *PrefixedString

func (*PeProfile) ResourceString 

func (self *PeProfile) ResourceString(reader io.ReaderAt, offset int64) *ResourceString

func (*PeProfile) StringFileInfo 

func (self *PeProfile) StringFileInfo(reader io.ReaderAt, offset int64) *StringFileInfo

func (*PeProfile) StringTable 

func (self *PeProfile) StringTable(reader io.ReaderAt, offset int64) *StringTable

func (*PeProfile) TagVS_FIXEDFILEINFO 

func (self *PeProfile) TagVS_FIXEDFILEINFO(reader io.ReaderAt, offset int64) *TagVS_FIXEDFILEINFO

func (*PeProfile) UnixTimeStamp 

func (self *PeProfile) UnixTimeStamp(reader io.ReaderAt, offset int64) *UnixTimeStamp

func (*PeProfile) VS_VERSIONINFO 

func (self *PeProfile) VS_VERSIONINFO(reader io.ReaderAt, offset int64) *VS_VERSIONINFO

type PrefixedString 

type PrefixedString struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*PrefixedString) DebugString added in v0.1.2 

func (self *PrefixedString) DebugString() string

func (*PrefixedString) Length 

func (self *PrefixedString) Length() uint16

func (*PrefixedString) Size 

func (self *PrefixedString) Size() int

func (*PrefixedString) String 

func (self *PrefixedString) String() string

A prefixed string contains a length followed by the UTF16 string.

type RVAResolver 

type RVAResolver struct {
	// For now very simple O(n) search.
	Runs []*Run
}

func NewRVAResolver 

func NewRVAResolver(header *IMAGE_NT_HEADERS) *RVAResolver

func (*RVAResolver) GetFileAddress 

func (self *RVAResolver) GetFileAddress(offset uint32) uint32

type ResourceString 

type ResourceString struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*ResourceString) DebugString added in v0.1.2 

func (self *ResourceString) DebugString() string

func (*ResourceString) Key 

func (self *ResourceString) Key() string

func (*ResourceString) Length 

func (self *ResourceString) Length() uint16

func (*ResourceString) Size 

func (self *ResourceString) Size() int

func (*ResourceString) Type 

func (self *ResourceString) Type() uint16

func (*ResourceString) Value 

func (self *ResourceString) Value() string

func (*ResourceString) ValueLength 

func (self *ResourceString) ValueLength() uint16

type Run 

type Run struct {
	VirtualAddress  uint32
	VirtualEnd      uint32
	PhysicalAddress uint32
}

An RVA resolver maps a VirtualAddress to a file physical address. When the physical file is mapped into memory, sections in the file are mapped at different memory addresses. Internally the PE file contains pointers to those virtual addresses. This means we need to convert these pointers to mapped memory back into the file so we can read their data. The RVAResolver is responsible for this - it is populated from the header's sections.

type Section 

type Section struct {
	Perm       string `json:"Perm"`
	Name       string `json:"Name"`
	FileOffset int64  `json:"FileOffset"`
	VMA        int64  `json:"VMA"`
	Size       int64  `json:"Size"`
}

type StringFileInfo 

type StringFileInfo struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*StringFileInfo) DebugString added in v0.1.2 

func (self *StringFileInfo) DebugString() string

func (*StringFileInfo) Key 

func (self *StringFileInfo) Key() string

func (*StringFileInfo) Length 

func (self *StringFileInfo) Length() uint16

func (*StringFileInfo) Size 

func (self *StringFileInfo) Size() int

func (*StringFileInfo) StringTable 

func (self *StringFileInfo) StringTable() []*StringTable

func (*StringFileInfo) Type 

func (self *StringFileInfo) Type() uint16

func (*StringFileInfo) ValueLength 

func (self *StringFileInfo) ValueLength() uint16

type StringTable 

type StringTable struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*StringTable) DebugString added in v0.1.2 

func (self *StringTable) DebugString() string

func (*StringTable) Key 

func (self *StringTable) Key() string

func (*StringTable) Length 

func (self *StringTable) Length() uint16

func (*StringTable) ResourceStrings 

func (self *StringTable) ResourceStrings() []*ResourceString

func (*StringTable) Size 

func (self *StringTable) Size() int

func (*StringTable) Type 

func (self *StringTable) Type() uint16

func (*StringTable) ValueLength 

func (self *StringTable) ValueLength() uint16

type TagVS_FIXEDFILEINFO 

type TagVS_FIXEDFILEINFO struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*TagVS_FIXEDFILEINFO) DebugString added in v0.1.2 

func (self *TagVS_FIXEDFILEINFO) DebugString() string

func (*TagVS_FIXEDFILEINFO) Size 

func (self *TagVS_FIXEDFILEINFO) Size() int

type UnixTimeStamp 

type UnixTimeStamp struct {
	time.Time
}

func (*UnixTimeStamp) DebugString 

func (self *UnixTimeStamp) DebugString() string

func (*UnixTimeStamp) String 

func (self *UnixTimeStamp) String() string

type VS_VERSIONINFO 

type VS_VERSIONINFO struct {
	Reader  io.ReaderAt
	Offset  int64
	Profile *PeProfile
}

func (*VS_VERSIONINFO) Children 

func (self *VS_VERSIONINFO) Children() []*StringFileInfo

func (*VS_VERSIONINFO) DebugString added in v0.1.2 

func (self *VS_VERSIONINFO) DebugString() string

func (*VS_VERSIONINFO) Length 

func (self *VS_VERSIONINFO) Length() uint16

func (*VS_VERSIONINFO) Size 

func (self *VS_VERSIONINFO) Size() int

func (*VS_VERSIONINFO) Type 

func (self *VS_VERSIONINFO) Type() *Enumeration

func (*VS_VERSIONINFO) Value 

func (self *VS_VERSIONINFO) Value() *TagVS_FIXEDFILEINFO

func (*VS_VERSIONINFO) ValueLength 

func (self *VS_VERSIONINFO) ValueLength() uint16

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.