editPE

package module

v0.0.0-...-c6fb60a Latest Latest Go to latest Published: Jun 24, 2021 License: MIT Imports: 5 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/soyum2222/editPE

Links

Open Source Insights

README ¶

editPE

edit PE file with go

    
func Test (){

    // open a exe file
	file, err := ioutil.ReadFile("..\\hello.exe")
	if err != nil {
		panic(err)
	}

	p := PE{}
	p.Parse(file)

	fmt.Println(len(p.ImageSectionHeaders))

	// add a new section size is 100 byte
	p.AddSection(".new", 100)

	// save to disk
	f, err := os.Create("..\\hello2.exe")
	if err != nil {
		panic(err)
	}

	f.Write(p.raw)

    // get PE file icon
    icons, err := p.GetIcon()
   	if err != nil {
    	panic(err)
    }
    
    for k, icon := range icons {
    	f, err := os.Create(fmt.Sprintf("icon%d.ico", k))
    	if err != nil {
    		panic(err)
    	}
    	f.Write(icon)
    	f.Close()
    }

    // get dll export function
    funcs := p.GetExportFunc()

	for _, v := range funcs.EAT {
		fmt.Printf("%x \n", v.RVA)
	}

	for _, v := range funcs.FuncName {
		fmt.Printf("%s \n", v.Name)
	}
}

Documentation ¶

Index ¶

Constants
func GetDataDirectory(f []byte) *[16]pe.DataDirectory
func GetOptHeader32(f []byte) *pe.OptionalHeader32
func GetOptHeader64(f []byte) *pe.OptionalHeader64
func Offset2VA(offset uint32, f []byte) uint64
func RVAToOffset(RVA uint32, f []byte) uint32
type EAT
type ENT
type ExportFunc
type IconDir
type IconDirEntry
type ImageDataDirectory
type ImageDosHeader
- func GetDOSHeader(f []byte) *ImageDosHeader
type ImageExportDirectory
- func GetExportDirectory(f []byte) *ImageExportDirectory
type ImageFileHeader
- func GetFileHeader(f []byte) *ImageFileHeader
type ImageImportByName
- func (name *ImageImportByName) ShowName() string
type ImageImportDirectory
- func GetImportDirectory(f []byte) *ImageImportDirectory
- func (i *ImageImportDirectory) ShowName(file []byte) string
type ImageNTHeaders
- func GetNtHeader(f []byte) *ImageNTHeaders
type ImageResourceDataEntry
type ImageResourceDirectory
- func GetResourceDirectory(f []byte) (dir *ImageResourceDirectory, rootOffset uint32)
type ImageResourceDirectoryEntry
type ImageSectionHeader
- func GetSectionHeader(f []byte) []*ImageSectionHeader
type ImportTable
type PE
- func (p *PE) AddSection(name string, size uint32)
- func (p *PE) GetExportFunc() ExportFunc
- func (p *PE) GetIcon() ([][]byte, error)
- func (p *PE) GetImportData() []ImportTable
- func (p *PE) Parse(file []byte)

Constants ¶

View Source

const (
	SIZE_OF_OPTIONAL_HEADER_32 = 0xe0
	SIZE_OF_OPTIONAL_HEADER_64 = 0xf0
)

View Source

const (
	ENTRY_NAME_CURSOR              = 0x01
	ENTRY_NAME_BITMAP              = 0x02
	ENTRY_NAME_ICON                = 0x03
	ENTRY_NAME_MENU                = 0x04
	ENTRY_NAME_DIALOG              = 0x05
	ENTRY_NAME_STIRING             = 0x06
	ENTRY_NAME_FONT_DIRECTORY      = 0x07
	ENTRY_NAME_FONT                = 0x08
	ENTRY_NAME_ACCELERATOR         = 0x09
	ENTRY_NAME_UNFORMATTED         = 0x0a
	ENTRY_NAME_MESSAGETABLE        = 0x0b
	ENTRY_NAME_GROUP_CURSOR        = 0x0c
	ENTRY_NAME_GROUP_ICON          = 0x0e
	ENTRY_NAME_VERSION_INFORMATION = 0x10
)

Variables ¶

This section is empty.

Functions ¶

func GetDataDirectory ¶

func GetDataDirectory(f []byte) *[16]pe.DataDirectory

func GetOptHeader32 ¶

func GetOptHeader32(f []byte) *pe.OptionalHeader32

func GetOptHeader64 ¶

func GetOptHeader64(f []byte) *pe.OptionalHeader64

func Offset2VA ¶

func Offset2VA(offset uint32, f []byte) uint64

PIMAGE_DOS_HEADER pDos = (PIMAGE_DOS_HEADER)lpFileBuf;

size_t stPEHeadAddr = (size_t)lpFileBuf + pDos ->e_lfanew; PIMAGE_NT_HEADERS32 pNT = (PIMAGE_NT_HEADERS32)stPEHeadAddr;

DWORD dwSectionCount = pNT->FileHeader.NumberOfSections;

DWORD dwImageBase = pNT->OptionalHeader.ImageBase;

PIMAGE_SECTION_HEADER pSection = IMAGE_FIRST_SECTION(pNT);

DWORD dwDiffer = 0; for (DWORD i = 0; i < dwSectionCount; i++)

{
	DWORD dwBeginVA     = pSection[i].PointerToRawData;
	DWORD dwEndVA       = pSection[i].PointerToRawData + pSection[i].SizeOfRawData;

	if (stOffset >= dwBeginVA && stOffset < dwEndVA)
	{
		dwDiffer = stOffset - dwBeginVA;

		return dwImageBase + pSection[i].VirtualAddress + dwDiffer;
	}
	else if (stOffset < dwBeginVA)
	{
		return dwImageBase + stOffset;
	}
}

return 0;

func RVAToOffset ¶

func RVAToOffset(RVA uint32, f []byte) uint32

Types ¶

type EAT ¶

type EAT struct {
	RVA uint32
}

type ENT ¶

type ENT struct {
	Name []byte
}

type ExportFunc ¶

type ExportFunc struct {
	FuncName []*ENT
	EAT      []*EAT
}

type IconDir ¶

type IconDir struct {
	IdReserved uint16
	IdType     uint16
	IdCount    uint16
}

typedef struct

{
    WORD idReserved; // Reserved (must be 0)
    WORD idType; // Resource Type (1 for icons)
    WORD idCount; // How many images?
    ICONDIRENTRY idEntries[1]; // An entry for each image (idCount of 'em)
} ICONDIR, *LPICONDIR;

type IconDirEntry ¶

type IconDirEntry struct {
	BWidth      byte
	BHeight     byte
	BColorCount byte
	BReserved   byte
	WPlanes     uint16
	WBitCount   uint16
	BytesInRes  uint32
	ImageOffset uint32
}

typedef struct

{
    BYTE bWidth; // Width, in pixels, of the image
    BYTE bHeight; // Height, in pixels, of the image
    BYTE bColorCount; // Number of colors in image (0 if >=8bpp)
    BYTE bReserved; // Reserved ( must be 0)
    WORD wPlanes; // Color Planes
    WORD wBitCount; // Bits per pixel
    DWORD dwBytesInRes; // How many bytes in this resource?
    DWORD dwImageOffset; // Where in the file is this image?
} ICONDIRENTRY, *LPICONDIRENTRY;

type ImageDataDirectory ¶

type ImageDataDirectory struct {
	VirtualAddress uint32
	Size           uint32
}

typedef struct _IMAGE_DATA_DIRECTORY {
    DWORD   VirtualAddress;
    DWORD   Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;

type ImageDosHeader ¶

type ImageDosHeader struct {
	EMagic    uint16     // Magic number
	ECblp     uint16     // Bytes on last page of file
	ECp       uint16     // Pages in file
	ECrlc     uint16     // Relocations
	ECparhdr  uint16     // Size of header in paragraphs
	EMinalloc uint16     // Minimum extra paragraphs needed
	EMaxalloc uint16     // Maximum extra paragraphs needed
	ESs       uint16     // Initial (relative) SS value
	ESp       uint16     // Initial SP value
	ECsum     uint16     // Checksum
	EIp       uint16     // Initial IP value
	ECs       uint16     // Initial (relative) CS value
	ELfarlc   uint16     // File address of relocation table
	EOvno     uint16     // Overlay number
	ERes      [4]uint16  // Reserved uint16s
	EOemid    uint16     // OEM identifier (for e_oeminfo)
	EOeminfo  uint16     // OEM information; e_oemid specific
	ERes2     [10]uint16 // Reserved uint16s
	ELfanew   uint32     // File address of new exe header
}

typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header

  WORD   e_magic;                     // Magic number
  WORD   e_cblp;                      // Bytes on last page of file
  WORD   e_cp;                        // Pages in file
  WORD   e_crlc;                      // Relocations
  WORD   e_cparhdr;                   // Size of header in paragraphs
  WORD   e_minalloc;                  // Minimum extra paragraphs needed
  WORD   e_maxalloc;                  // Maximum extra paragraphs needed
  WORD   e_ss;                        // Initial (relative) SS value
  WORD   e_sp;                        // Initial SP value
  WORD   e_csum;                      // Checksum
  WORD   e_ip;                        // Initial IP value
  WORD   e_cs;                        // Initial (relative) CS value
  WORD   e_lfarlc;                    // File address of relocation table
  WORD   e_ovno;                      // Overlay number
  WORD   e_res[4];                    // Reserved words
  WORD   e_oemid;                     // OEM identifier (for e_oeminfo)
  WORD   e_oeminfo;                   // OEM information; e_oemid specific
  WORD   e_res2[10];                  // Reserved words
  LONG   e_lfanew;                    // File address of new exe header
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

func GetDOSHeader ¶

func GetDOSHeader(f []byte) *ImageDosHeader

type ImageExportDirectory ¶

type ImageExportDirectory struct {
	Characteristics       uint32 // always 0
	TimeDateStamp         uint32 // create file time
	MajorVersion          uint16 // always 0
	MinorVersion          uint16 // always 0
	Name                  uint32 // pointer of dll name ascii string rva
	Base                  uint32 // number of function
	NumberOfFunctions     uint32 // function total
	NumberOfNames         uint32 //
	AddressOfFunctions    uint32 // RVA from base of image
	AddressOfNames        uint32 // RVA from base of image
	AddressOfNameOrdinals uint32 // RVA from base of image
}

func GetExportDirectory ¶

func GetExportDirectory(f []byte) *ImageExportDirectory

type ImageFileHeader ¶

type ImageFileHeader struct {
	Machine              uint16
	NumberOfSections     uint16
	TimeDateStamp        uint32
	PointerToSymbolTable uint32
	NumberOfSymbols      uint32
	SizeOfOptionalHeader uint16
	Characteristics      uint16
}

typedef struct _IMAGE_FILE_HEADER {
    WORD    Machine;
    WORD    NumberOfSections;
    DWORD   TimeDateStamp;
    DWORD   PointerToSymbolTable;
    DWORD   NumberOfSymbols;
    WORD    SizeOfOptionalHeader;
    WORD    Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

func GetFileHeader ¶

func GetFileHeader(f []byte) *ImageFileHeader

type ImageImportByName ¶

type ImageImportByName struct {
	Hint uint16
	Name byte
}

func (*ImageImportByName) ShowName ¶

func (name *ImageImportByName) ShowName() string

type ImageImportDirectory ¶

type ImageImportDirectory struct {
	OriginalFirstThunk uint32
	TimeDateStamp      uint32
	ForwarderChain     uint32
	Name               uint32
	FirstThunk         uint32
}

func GetImportDirectory ¶

func GetImportDirectory(f []byte) *ImageImportDirectory

func (*ImageImportDirectory) ShowName ¶

func (i *ImageImportDirectory) ShowName(file []byte) string

type ImageNTHeaders ¶

type ImageNTHeaders struct {
	Signature  uint32
	FileHeader ImageFileHeader
}

typedef struct _IMAGE_NT_HEADERS {
    DWORD Signature;
    IMAGE_FILE_HEADER FileHeader;
    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;

func GetNtHeader ¶

func GetNtHeader(f []byte) *ImageNTHeaders

type ImageResourceDataEntry ¶

type ImageResourceDataEntry struct {
	OffsetToData uint32
	Size         uint32
	CodePage     uint32
	Reserved     uint32
}

typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
    DWORD   OffsetToData;
    DWORD   Size;
    DWORD   CodePage;
    DWORD   Reserved;
} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;

type ImageResourceDirectory ¶

type ImageResourceDirectory struct {
	Characteristics      uint32
	TimeDateStamp        uint32
	MajorVersion         uint16
	MinorVersion         uint16
	NumberOfNamedEntries uint16
	NumberOfIdEntries    uint16
}

typedef struct _IMAGE_RESOURCE_DIRECTORY {
    DWORD   Characteristics;
    DWORD   TimeDateStamp;
    WORD    MajorVersion;
    WORD    MinorVersion;
    WORD    NumberOfNamedEntries;
    WORD    NumberOfIdEntries;

// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; } IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;

func GetResourceDirectory ¶

func GetResourceDirectory(f []byte) (dir *ImageResourceDirectory, rootOffset uint32)

type ImageResourceDirectoryEntry ¶

type ImageResourceDirectoryEntry struct {
	Name         uint32
	OffsetToData uint32
}

typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY

	DWORD  Name;
	DWORD  OffsetToData;
}_IMAGE_RESOURCE_DIRECTORY_ENTRY, *P_IMAGE_RESOURCE_DIRECTORY_ENTRY;

type ImageSectionHeader ¶

type ImageSectionHeader struct {
	Name                         [8]byte
	PhysicalAddressOrVirtualSize uint32
	VirtualAddress               uint32
	SizeOfRawData                uint32
	PointerToRawData             uint32
	PointerToRelocations         uint32
	PointerToLinenumbers         uint32
	NumberOfRelocations          uint16
	NumberOfLinenumbers          uint16
	Characteristics              uint32
}

typedef struct _IMAGE_SECTION_HEADER {
    BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
    union {
            DWORD   PhysicalAddress;
            DWORD   VirtualSize;
    } Misc;
    DWORD   VirtualAddress;
    DWORD   SizeOfRawData;
    DWORD   PointerToRawData;
    DWORD   PointerToRelocations;
    DWORD   PointerToLinenumbers;
    WORD    NumberOfRelocations;
    WORD    NumberOfLinenumbers;
    DWORD   Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

func GetSectionHeader ¶

func GetSectionHeader(f []byte) []*ImageSectionHeader

type ImportTable ¶

type ImportTable struct {
	*ImageImportDirectory
	APIName []*ImageImportByName
}

type PE ¶

type PE struct {
	Raw                   []byte
	ImageDosHeader        *ImageDosHeader
	ImageNTHeaders        *ImageNTHeaders
	ImageOptionalHeader32 *pe.OptionalHeader32
	ImageOptionalHeader64 *pe.OptionalHeader64
	ImageSectionHeaders   []*ImageSectionHeader
	ExportDirectory       *ImageExportDirectory
	ImportDirectory       *ImageImportDirectory
}

func (*PE) AddSection ¶

func (p *PE) AddSection(name string, size uint32)

func (*PE) GetExportFunc ¶

func (p *PE) GetExportFunc() ExportFunc

func (*PE) GetIcon ¶

func (p *PE) GetIcon() ([][]byte, error)

func (*PE) GetImportData ¶

func (p *PE) GetImportData() []ImportTable

func (*PE) Parse ¶

func (p *PE) Parse(file []byte)

please make sure this file is a correct PE file you can use pe.Open() function verification if this file is not correct PE file , may happen panic

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL