editPE

package module
v0.0.0-...-c6fb60a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 24, 2021 License: MIT Imports: 5 Imported by: 1

README

editPE

edit PE file with go

    
func Test (){

    // open a exe file
	file, err := ioutil.ReadFile("..\\hello.exe")
	if err != nil {
		panic(err)
	}

	p := PE{}
	p.Parse(file)

	fmt.Println(len(p.ImageSectionHeaders))

	// add a new section size is 100 byte
	p.AddSection(".new", 100)

	// save to disk
	f, err := os.Create("..\\hello2.exe")
	if err != nil {
		panic(err)
	}

	f.Write(p.raw)

    // get PE file icon
    icons, err := p.GetIcon()
   	if err != nil {
    	panic(err)
    }
    
    for k, icon := range icons {
    	f, err := os.Create(fmt.Sprintf("icon%d.ico", k))
    	if err != nil {
    		panic(err)
    	}
    	f.Write(icon)
    	f.Close()
    }

    // get dll export function
    funcs := p.GetExportFunc()

	for _, v := range funcs.EAT {
		fmt.Printf("%x \n", v.RVA)
	}

	for _, v := range funcs.FuncName {
		fmt.Printf("%s \n", v.Name)
	}
}

Documentation

Index

Constants

View Source 
const (
	SIZE_OF_OPTIONAL_HEADER_32 = 0xe0
	SIZE_OF_OPTIONAL_HEADER_64 = 0xf0
)
View Source 
const (
	ENTRY_NAME_CURSOR              = 0x01
	ENTRY_NAME_BITMAP              = 0x02
	ENTRY_NAME_ICON                = 0x03
	ENTRY_NAME_MENU                = 0x04
	ENTRY_NAME_DIALOG              = 0x05
	ENTRY_NAME_STIRING             = 0x06
	ENTRY_NAME_FONT_DIRECTORY      = 0x07
	ENTRY_NAME_FONT                = 0x08
	ENTRY_NAME_ACCELERATOR         = 0x09
	ENTRY_NAME_UNFORMATTED         = 0x0a
	ENTRY_NAME_MESSAGETABLE        = 0x0b
	ENTRY_NAME_GROUP_CURSOR        = 0x0c
	ENTRY_NAME_GROUP_ICON          = 0x0e
	ENTRY_NAME_VERSION_INFORMATION = 0x10
)

Variables

This section is empty.

Functions

func GetDataDirectory 

func GetDataDirectory(f []byte) *[16]pe.DataDirectory

func GetOptHeader32 

func GetOptHeader32(f []byte) *pe.OptionalHeader32

func GetOptHeader64 

func GetOptHeader64(f []byte) *pe.OptionalHeader64

func Offset2VA 

func Offset2VA(offset uint32, f []byte) uint64

PIMAGE_DOS_HEADER pDos = (PIMAGE_DOS_HEADER)lpFileBuf;

size_t stPEHeadAddr = (size_t)lpFileBuf + pDos ->e_lfanew; PIMAGE_NT_HEADERS32 pNT = (PIMAGE_NT_HEADERS32)stPEHeadAddr;

DWORD dwSectionCount = pNT->FileHeader.NumberOfSections;

DWORD dwImageBase = pNT->OptionalHeader.ImageBase;

PIMAGE_SECTION_HEADER pSection = IMAGE_FIRST_SECTION(pNT);

DWORD dwDiffer = 0; for (DWORD i = 0; i < dwSectionCount; i++) 

{
	DWORD dwBeginVA     = pSection[i].PointerToRawData;
	DWORD dwEndVA       = pSection[i].PointerToRawData + pSection[i].SizeOfRawData;

	if (stOffset >= dwBeginVA && stOffset < dwEndVA)
	{
		dwDiffer = stOffset - dwBeginVA;

		return dwImageBase + pSection[i].VirtualAddress + dwDiffer;
	}
	else if (stOffset < dwBeginVA)
	{
		return dwImageBase + stOffset;
	}
}

return 0;

func RVAToOffset 

func RVAToOffset(RVA uint32, f []byte) uint32

Types

type EAT 

type EAT struct {
	RVA uint32
}

type ENT 

type ENT struct {
	Name []byte
}

type ExportFunc 

type ExportFunc struct {
	FuncName []*ENT
	EAT      []*EAT
}

type IconDir 

type IconDir struct {
	IdReserved uint16
	IdType     uint16
	IdCount    uint16
}

typedef struct 

{
    WORD idReserved; // Reserved (must be 0)
    WORD idType; // Resource Type (1 for icons)
    WORD idCount; // How many images?
    ICONDIRENTRY idEntries[1]; // An entry for each image (idCount of 'em)
} ICONDIR, *LPICONDIR;

type IconDirEntry 

type IconDirEntry struct {
	BWidth      byte
	BHeight     byte
	BColorCount byte
	BReserved   byte
	WPlanes     uint16
	WBitCount   uint16
	BytesInRes  uint32
	ImageOffset uint32
}

typedef struct 

{
    BYTE bWidth; // Width, in pixels, of the image
    BYTE bHeight; // Height, in pixels, of the image
    BYTE bColorCount; // Number of colors in image (0 if >=8bpp)
    BYTE bReserved; // Reserved ( must be 0)
    WORD wPlanes; // Color Planes
    WORD wBitCount; // Bits per pixel
    DWORD dwBytesInRes; // How many bytes in this resource?
    DWORD dwImageOffset; // Where in the file is this image?
} ICONDIRENTRY, *LPICONDIRENTRY;

type ImageDataDirectory 

type ImageDataDirectory struct {
	VirtualAddress uint32
	Size           uint32
}
typedef struct _IMAGE_DATA_DIRECTORY {
    DWORD   VirtualAddress;
    DWORD   Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;

type ImageDosHeader 

type ImageDosHeader struct {
	EMagic    uint16     // Magic number
	ECblp     uint16     // Bytes on last page of file
	ECp       uint16     // Pages in file
	ECrlc     uint16     // Relocations
	ECparhdr  uint16     // Size of header in paragraphs
	EMinalloc uint16     // Minimum extra paragraphs needed
	EMaxalloc uint16     // Maximum extra paragraphs needed
	ESs       uint16     // Initial (relative) SS value
	ESp       uint16     // Initial SP value
	ECsum     uint16     // Checksum
	EIp       uint16     // Initial IP value
	ECs       uint16     // Initial (relative) CS value
	ELfarlc   uint16     // File address of relocation table
	EOvno     uint16     // Overlay number
	ERes      [4]uint16  // Reserved uint16s
	EOemid    uint16     // OEM identifier (for e_oeminfo)
	EOeminfo  uint16     // OEM information; e_oemid specific
	ERes2     [10]uint16 // Reserved uint16s
	ELfanew   uint32     // File address of new exe header
}

typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header 

  WORD   e_magic;                     // Magic number
  WORD   e_cblp;                      // Bytes on last page of file
  WORD   e_cp;                        // Pages in file
  WORD   e_crlc;                      // Relocations
  WORD   e_cparhdr;                   // Size of header in paragraphs
  WORD   e_minalloc;                  // Minimum extra paragraphs needed
  WORD   e_maxalloc;                  // Maximum extra paragraphs needed
  WORD   e_ss;                        // Initial (relative) SS value
  WORD   e_sp;                        // Initial SP value
  WORD   e_csum;                      // Checksum
  WORD   e_ip;                        // Initial IP value
  WORD   e_cs;                        // Initial (relative) CS value
  WORD   e_lfarlc;                    // File address of relocation table
  WORD   e_ovno;                      // Overlay number
  WORD   e_res[4];                    // Reserved words
  WORD   e_oemid;                     // OEM identifier (for e_oeminfo)
  WORD   e_oeminfo;                   // OEM information; e_oemid specific
  WORD   e_res2[10];                  // Reserved words
  LONG   e_lfanew;                    // File address of new exe header
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

func GetDOSHeader 

func GetDOSHeader(f []byte) *ImageDosHeader

type ImageExportDirectory 

type ImageExportDirectory struct {
	Characteristics       uint32 // always 0
	TimeDateStamp         uint32 // create file time
	MajorVersion          uint16 // always 0
	MinorVersion          uint16 // always 0
	Name                  uint32 // pointer of dll name ascii string rva
	Base                  uint32 // number of function
	NumberOfFunctions     uint32 // function total
	NumberOfNames         uint32 //
	AddressOfFunctions    uint32 // RVA from base of image
	AddressOfNames        uint32 // RVA from base of image
	AddressOfNameOrdinals uint32 // RVA from base of image
}

func GetExportDirectory 

func GetExportDirectory(f []byte) *ImageExportDirectory

type ImageFileHeader 

type ImageFileHeader struct {
	Machine              uint16
	NumberOfSections     uint16
	TimeDateStamp        uint32
	PointerToSymbolTable uint32
	NumberOfSymbols      uint32
	SizeOfOptionalHeader uint16
	Characteristics      uint16
}
typedef struct _IMAGE_FILE_HEADER {
    WORD    Machine;
    WORD    NumberOfSections;
    DWORD   TimeDateStamp;
    DWORD   PointerToSymbolTable;
    DWORD   NumberOfSymbols;
    WORD    SizeOfOptionalHeader;
    WORD    Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

func GetFileHeader 

func GetFileHeader(f []byte) *ImageFileHeader

type ImageImportByName 

type ImageImportByName struct {
	Hint uint16
	Name byte
}

func (*ImageImportByName) ShowName 

func (name *ImageImportByName) ShowName() string

type ImageImportDirectory 

type ImageImportDirectory struct {
	OriginalFirstThunk uint32
	TimeDateStamp      uint32
	ForwarderChain     uint32
	Name               uint32
	FirstThunk         uint32
}

func GetImportDirectory 

func GetImportDirectory(f []byte) *ImageImportDirectory

func (*ImageImportDirectory) ShowName 

func (i *ImageImportDirectory) ShowName(file []byte) string

type ImageNTHeaders 

type ImageNTHeaders struct {
	Signature  uint32
	FileHeader ImageFileHeader
}
typedef struct _IMAGE_NT_HEADERS {
    DWORD Signature;
    IMAGE_FILE_HEADER FileHeader;
    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;

func GetNtHeader 

func GetNtHeader(f []byte) *ImageNTHeaders

type ImageResourceDataEntry 

type ImageResourceDataEntry struct {
	OffsetToData uint32
	Size         uint32
	CodePage     uint32
	Reserved     uint32
}
typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
    DWORD   OffsetToData;
    DWORD   Size;
    DWORD   CodePage;
    DWORD   Reserved;
} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;

type ImageResourceDirectory 

type ImageResourceDirectory struct {
	Characteristics      uint32
	TimeDateStamp        uint32
	MajorVersion         uint16
	MinorVersion         uint16
	NumberOfNamedEntries uint16
	NumberOfIdEntries    uint16
}
typedef struct _IMAGE_RESOURCE_DIRECTORY {
    DWORD   Characteristics;
    DWORD   TimeDateStamp;
    WORD    MajorVersion;
    WORD    MinorVersion;
    WORD    NumberOfNamedEntries;
    WORD    NumberOfIdEntries;

// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[]; } IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;

func GetResourceDirectory 

func GetResourceDirectory(f []byte) (dir *ImageResourceDirectory, rootOffset uint32)

type ImageResourceDirectoryEntry 

type ImageResourceDirectoryEntry struct {
	Name         uint32
	OffsetToData uint32
}

typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY 

	DWORD  Name;
	DWORD  OffsetToData;
}_IMAGE_RESOURCE_DIRECTORY_ENTRY, *P_IMAGE_RESOURCE_DIRECTORY_ENTRY;

type ImageSectionHeader 

type ImageSectionHeader struct {
	Name                         [8]byte
	PhysicalAddressOrVirtualSize uint32
	VirtualAddress               uint32
	SizeOfRawData                uint32
	PointerToRawData             uint32
	PointerToRelocations         uint32
	PointerToLinenumbers         uint32
	NumberOfRelocations          uint16
	NumberOfLinenumbers          uint16
	Characteristics              uint32
}
typedef struct _IMAGE_SECTION_HEADER {
    BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
    union {
            DWORD   PhysicalAddress;
            DWORD   VirtualSize;
    } Misc;
    DWORD   VirtualAddress;
    DWORD   SizeOfRawData;
    DWORD   PointerToRawData;
    DWORD   PointerToRelocations;
    DWORD   PointerToLinenumbers;
    WORD    NumberOfRelocations;
    WORD    NumberOfLinenumbers;
    DWORD   Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

func GetSectionHeader 

func GetSectionHeader(f []byte) []*ImageSectionHeader

type ImportTable 

type ImportTable struct {
	*ImageImportDirectory
	APIName []*ImageImportByName
}

type PE 

type PE struct {
	Raw                   []byte
	ImageDosHeader        *ImageDosHeader
	ImageNTHeaders        *ImageNTHeaders
	ImageOptionalHeader32 *pe.OptionalHeader32
	ImageOptionalHeader64 *pe.OptionalHeader64
	ImageSectionHeaders   []*ImageSectionHeader
	ExportDirectory       *ImageExportDirectory
	ImportDirectory       *ImageImportDirectory
}

func (*PE) AddSection 

func (p *PE) AddSection(name string, size uint32)

func (*PE) GetExportFunc 

func (p *PE) GetExportFunc() ExportFunc

func (*PE) GetIcon 

func (p *PE) GetIcon() ([][]byte, error)

func (*PE) GetImportData 

func (p *PE) GetImportData() []ImportTable

func (*PE) Parse 

func (p *PE) Parse(file []byte)

please make sure this file is a correct PE file you can use pe.Open() function verification if this file is not correct PE file , may happen panic

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.