pe

package module
v0.0.0-...-626f521 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2022 License: MIT Imports: 18 Imported by: 0

README

pefile

pefile is a golang module to read and work with PE (Portable Executable) files

Documentation

Index

Constants

View Source 
const (
	ImageDOSSignature   = 0x5A4D // MZ
	ImageDOSZMSignature = 0x4D5A // ZM
)
View Source 
const (
	ImageDirectoryEntryExport        = 0
	ImageDirectoryEntryImport        = 1
	ImageDirectoryEntryResource      = 2
	ImageDirectoryEntryException     = 3
	ImageDirectoryEntrySecurity      = 4
	ImageDirectoryEntryBaseReLoc     = 5
	ImageDirectoryEntryDebug         = 6
	ImageDirectoryEntryArchitecture  = 7
	ImageDirectoryEntryGlobalPtr     = 8
	ImageDirectoryEntryTls           = 9
	ImageDirectoryEntryLoadConfig    = 10
	ImageDirectoryEntryBoundImport   = 11
	ImageDirectoryEntryIat           = 12
	ImageDirectoryEntryDelayImport   = 13
	ImageDirectoryEntryComDescriptor = 14
)

IMAGE_DIRECTORY_ENTRY constants

View Source 
const (
	ImageScnMemExecute = 0x20000000
	ImageScnMemRead    = 0x40000000
	ImageScnMemWrite   = 0x80000000
)
View Source 
const (
	DansSignature = 0x536E6144
	RichSignature = "Rich"
)
View Source 
const COFFSymbolSize = 18
View Source 
const FileAlignmentHardcodedValue = 0x200
View Source 
const ImageNTHeaderSignature = 0x00004550
View Source 
const MinFileSize = 97

MinFileSize On Windows XP (x32) the smallest PE executable is 97 bytes.

Variables

View Source 
var (
	DOSHeaderSize  = 64
	FileHeaderSize = 20
)
View Source 
var (
	ErrOutsideBoundary    = errors.New("reading data outside boundary")
	ErrDamagedImportTable = errors.New(
		"damaged Import Table information. ILT and/or IAT appear to be broken")
)
View Source 
var (
	ErrInvalidPESize = errors.New("not a PE file, smaller than tiny PE")
)
View Source 
var Language = map[uint32]string{
	0:   "LANG_NEUTRAL",
	1:   "LANG_ARABIC",
	2:   "LANG_BULGARIAN",
	3:   "LANG_CATALAN",
	4:   "LANG_CHINESE",
	5:   "LANG_CZECH",
	6:   "LANG_DANISH",
	7:   "LANG_GERMAN",
	8:   "LANG_GREEK",
	9:   "LANG_ENGLISH",
	10:  "LANG_SPANISH",
	11:  "LANG_FINNISH",
	12:  "LANG_FRENCH",
	13:  "LANG_HEBREW",
	14:  "LANG_HUNGARIAN",
	15:  "LANG_ICELANDIC",
	16:  "LANG_ITALIAN",
	17:  "LANG_JAPANESE",
	18:  "LANG_KOREAN",
	19:  "LANG_DUTCH",
	20:  "LANG_NORWEGIAN",
	21:  "LANG_POLISH",
	22:  "LANG_PORTUGUESE",
	23:  "LANG_RHAETO_ROMANCE",
	24:  "LANG_ROMANIAN",
	25:  "LANG_RUSSIAN",
	26:  "LANG_SERBIAN",
	27:  "LANG_SLOVAK",
	28:  "LANG_ALBANIAN",
	29:  "LANG_SWEDISH",
	30:  "LANG_THAI",
	31:  "LANG_TURKISH",
	32:  "LANG_URDU",
	33:  "LANG_INDONESIAN",
	34:  "LANG_UKRAINIAN",
	35:  "LANG_BELARUSIAN",
	36:  "LANG_SLOVENIAN",
	37:  "LANG_ESTONIAN",
	38:  "LANG_LATVIAN",
	39:  "LANG_LITHUANIAN",
	40:  "LANG_MAORI",
	41:  "LANG_FARSI",
	42:  "LANG_VIETNAMESE",
	43:  "LANG_ARMENIAN",
	44:  "LANG_AZERI",
	45:  "LANG_BASQUE",
	46:  "LANG_SORBIAN",
	47:  "LANG_MACEDONIAN",
	48:  "LANG_SUTU",
	49:  "LANG_TSONGA",
	50:  "LANG_TSWANA",
	51:  "LANG_VENDA",
	52:  "LANG_XHOSA",
	53:  "LANG_ZULU",
	54:  "LANG_AFRIKAANS",
	55:  "LANG_GEORGIAN",
	56:  "LANG_FAEROESE",
	57:  "LANG_HINDI",
	58:  "LANG_MALTESE",
	59:  "LANG_SAAMI",
	60:  "LANG_GAELIC",
	62:  "LANG_MALAY",
	63:  "LANG_KAZAK",
	64:  "LANG_KYRGYZ",
	65:  "LANG_SWAHILI",
	67:  "LANG_UZBEK",
	68:  "LANG_TATAR",
	69:  "LANG_BENGALI",
	70:  "LANG_PUNJABI",
	71:  "LANG_GUJARATI",
	72:  "LANG_ORIYA",
	73:  "LANG_TAMIL",
	74:  "LANG_TELUGU",
	75:  "LANG_KANNADA",
	76:  "LANG_MALAYALAM",
	77:  "LANG_ASSAMESE",
	78:  "LANG_MARATHI",
	79:  "LANG_SANSKRIT",
	80:  "LANG_MONGOLIAN",
	86:  "LANG_GALICIAN",
	87:  "LANG_KONKANI",
	88:  "LANG_MANIPURI",
	89:  "LANG_SINDHI",
	90:  "LANG_SYRIAC",
	96:  "LANG_KASHMIRI",
	97:  "LANG_NEPALI",
	101: "LANG_DIVEHI",
	127: "LANG_INVARIANT",
	143: "LANG_ESPERANTO",
	144: "LANG_WALON",
	145: "LANG_CORNISH",
	146: "LANG_WELSH",
	147: "LANG_BRETON",
}
View Source 
var OleAut32OrdNames = map[uint64]string{}/* 398 elements not displayed */

OleAut32OrdNames maps ordinals to names.

View Source 
var OrdNames = map[string]map[uint64]string{
	"ws2_32.dll":   WS232OrdNames,
	"wsock32.dll":  WS232OrdNames,
	"oleaut32.dll": OleAut32OrdNames,
}

OrdNames maps the dll names to ordinal names.

View Source 
var SubLanguage = map[uint32][]string{
	0: {"SUBLANG_NEUTRAL"},
	1: {"SUBLANG_DEFAULT",
		"SUBLANG_ARABIC_SAUDI_ARABIA",
		"SUBLANG_AZERI_LATIN",
		"SUBLANG_CHINESE_TRADITIONAL",
		"SUBLANG_DUTCH",
		"SUBLANG_ENGLISH_US",
		"SUBLANG_FRENCH",
		"SUBLANG_GERMAN",
		"SUBLANG_ITALIAN",
		"SUBLANG_KOREAN",
		"SUBLANG_LITHUANIAN",
		"SUBLANG_MALAY_MALAYSIA",
		"SUBLANG_NORWEGIAN_BOKMAL",
		"SUBLANG_PORTUGUESE_BRAZILIAN",
		"SUBLANG_SPANISH",
		"SUBLANG_SWEDISH",
		"SUBLANG_URDU_PAKISTAN",
		"SUBLANG_UZBEK_LATIN",
		"SUBLANG_ROMANIAN",
		"SUBLANG_RUSSIAN",
		"SUBLANG_CROATIAN",
		"SUBLANG_GAELIC"},
	2: {"SUBLANG_SYS_DEFAULT",
		"SUBLANG_ARABIC_IRAQ",
		"SUBLANG_AZERI_CYRILLIC",
		"SUBLANG_CHINESE_SIMPLIFIED",
		"SUBLANG_DUTCH_BELGIAN",
		"SUBLANG_ENGLISH_UK",
		"SUBLANG_FRENCH_BELGIAN",
		"SUBLANG_GERMAN_SWISS",
		"SUBLANG_ITALIAN_SWISS",
		"SUBLANG_KASHMIRI_SASIA",
		"SUBLANG_KASHMIRI_INDIA",
		"SUBLANG_MALAY_BRUNEI_DARUSSALAM",
		"SUBLANG_NEPALI_INDIA",
		"SUBLANG_NORWEGIAN_NYNORSK",
		"SUBLANG_PORTUGUESE",
		"SUBLANG_SERBIAN_LATIN",
		"SUBLANG_SPANISH_MEXICAN",
		"SUBLANG_SWEDISH_FINLAND",
		"SUBLANG_URDU_INDIA",
		"SUBLANG_UZBEK_CYRILLIC",
		"SUBLANG_ROMANIAN_MOLDAVIA",
		"SUBLANG_RUSSIAN_MOLDAVIA",
		"SUBLANG_LITHUANIAN_CLASSIC",
		"SUBLANG_GAELIC_SCOTTISH"},
	3: {"SUBLANG_ARABIC_EGYPT",
		"SUBLANG_CHINESE_HONGKONG",
		"SUBLANG_ENGLISH_AUS",
		"SUBLANG_FRENCH_CANADIAN",
		"SUBLANG_GERMAN_AUSTRIAN",
		"SUBLANG_SERBIAN_CYRILLIC",
		"SUBLANG_SPANISH_MODERN",
		"SUBLANG_DUTCH_SURINAM",
		"SUBLANG_GAELIC_MANX"},
	4: {"SUBLANG_ARABIC_LIBYA",
		"SUBLANG_CHINESE_SINGAPORE",
		"SUBLANG_ENGLISH_CAN",
		"SUBLANG_FRENCH_SWISS",
		"SUBLANG_GERMAN_LUXEMBOURG",
		"SUBLANG_SPANISH_GUATEMALA"},
	5: {"SUBLANG_ARABIC_ALGERIA",
		"SUBLANG_CHINESE_MACAU",
		"SUBLANG_ENGLISH_NZ",
		"SUBLANG_FRENCH_LUXEMBOURG",
		"SUBLANG_GERMAN_LIECHTENSTEIN",
		"SUBLANG_SPANISH_COSTA_RICA"},
	6: {"SUBLANG_ARABIC_MOROCCO",
		"SUBLANG_ENGLISH_EIRE",
		"SUBLANG_FRENCH_MONACO",
		"SUBLANG_SPANISH_PANAMA"},
	7: {"SUBLANG_ARABIC_TUNISIA",
		"SUBLANG_ENGLISH_SOUTH_AFRICA",
		"SUBLANG_SPANISH_DOMINICAN_REPUBLIC"},
	8: {"SUBLANG_ARABIC_OMAN",
		"SUBLANG_ENGLISH_JAMAICA",
		"SUBLANG_SPANISH_VENEZUELA"},
	9: {"SUBLANG_ARABIC_YEMEN",
		"SUBLANG_ENGLISH_CARIBBEAN",
		"SUBLANG_SPANISH_COLOMBIA"},
	10: {"SUBLANG_ARABIC_SYRIA",
		"SUBLANG_ENGLISH_BELIZE",
		"SUBLANG_SPANISH_PERU"},
	11: {"SUBLANG_ARABIC_JORDAN",
		"SUBLANG_ENGLISH_TRINIDAD",
		"SUBLANG_SPANISH_ARGENTINA"},
	12: {"SUBLANG_ARABIC_LEBANON",
		"SUBLANG_ENGLISH_ZIMBABWE",
		"SUBLANG_SPANISH_ECUADOR"},
	13: {"SUBLANG_ARABIC_KUWAIT",
		"SUBLANG_ENGLISH_PHILIPPINES",
		"SUBLANG_SPANISH_CHILE"},
	14: {"SUBLANG_ARABIC_UAE", "SUBLANG_SPANISH_URUGUAY"},
	15: {"SUBLANG_ARABIC_BAHRAIN", "SUBLANG_SPANISH_PARAGUAY"},
	16: {"SUBLANG_ARABIC_QATAR", "SUBLANG_SPANISH_BOLIVIA"},
	17: {"SUBLANG_SPANISH_EL_SALVADOR"},
	18: {"SUBLANG_SPANISH_HONDURAS"},
	19: {"SUBLANG_SPANISH_NICARAGUA"},
	20: {"SUBLANG_SPANISH_PUERTO_RICO"},
}
View Source 
var WS232OrdNames = map[uint64]string{}/* 117 elements not displayed */

WS232OrdNames maps ordinals to name.

Functions

func GetResourceTypeName 

func GetResourceTypeName(resourceType ResourceDirectoryEntry) string

func GetSubLangNameForLang 

func GetSubLangNameForLang(langValue, subLangValue uint32) string

func IsValidDosFilename 

func IsValidDosFilename(filename string) bool

func IsValidFunctionName 

func IsValidFunctionName(functionName string) bool

func Max 

func Max(x, y uint32) uint32

func Min 

func Min(values []uint32) uint32

func OrdLookup 

func OrdLookup(libName string, ord uint64, makeName bool) string

OrdLookup returns API name given an ordinal.

Types

type COFF 

type COFF struct {
	SymbolTable       []COFFSymbol
	StringTable       []string
	StringTableOffset uint32
	StringTableM      map[uint32]string
}

type COFFSymbol 

type COFFSymbol struct {
	Name               [8]uint8
	Value              uint32
	SectionNumber      int16
	Type               uint16
	StorageClass       uint8
	NumberOfAuxSymbols uint8
}

COFFSymbol represents single COFF symbol table record.

func (*COFFSymbol) FullName 

func (sym *COFFSymbol) FullName(st StringTable) (string, error)

FullName finds real name of symbol sym. Normally name is stored in sym.Name, but if it is longer then 8 characters, it is stored in COFF string table st instead.

type CompID 

type CompID struct {
	MinorCV  uint16
	ProdID   uint16
	Count    uint32
	Unmasked uint32
}

type DOSHeader 

type DOSHeader struct {
	Magic                    uint16
	BytesOnLastPageOfFile    uint16
	PagesInFile              uint16
	Relocations              uint16
	SizeOfHeader             uint16
	MinExtraParagraphsNeeded uint16
	MaxExtraParagraphsNeeded uint16
	InitialSS                uint16
	InitialSP                uint16
	Checksum                 uint16
	InitialIP                uint16
	InitialCS                uint16
	AddressOfRelocationTable uint16
	OverlayNumber            uint16
	ReservedWords1           [4]uint16
	OEMIdentifier            uint16
	OEMInformation           uint16
	ReservedWords2           [10]uint16
	AddressOfNewEXEHeader    uint32
}

type DataDirectory 

type DataDirectory struct {
	VirtualAddress uint32
	Size           uint32
}

type DelayImport 

type DelayImport struct {
	Offset     uint32
	Name       string
	Functions  []*ImportFunction
	Descriptor ImageDelayImportDirectory
}

type EntropyCalculator 

type EntropyCalculator struct {
	// contains filtered or unexported fields
}

func (*EntropyCalculator) Sum 

func (e *EntropyCalculator) Sum() (entropy float64)

func (*EntropyCalculator) Write 

func (e *EntropyCalculator) Write(p []byte) (n int, err error)

type File 

type File struct {
	DOSHeader
	NtHeader
	Sections    []*Section
	Symbols     []*Symbol
	COFFSymbols []COFFSymbol
	StringTable StringTable

	RichHeader *RichHeader
	COFF       *COFF
	Imports    []*Import
	Resources  ResourceDirectory
	GlobalPtr  uint32
	Header     []byte

	OverlayOffset int64

	Is64 bool
	Is32 bool
	// contains filtered or unexported fields
}

func NewFile 

func NewFile(filename string) (*File, error)

func (*File) Authentihash 

func (f *File) Authentihash() []byte

func (*File) AuthentihashMd5 

func (f *File) AuthentihashMd5() []byte

func (*File) AuthentihashSha1 

func (f *File) AuthentihashSha1() []byte

func (*File) AuthentihashSha256 

func (f *File) AuthentihashSha256() []byte

func (*File) AuthentihashSha512 

func (f *File) AuthentihashSha512() []byte

func (*File) Close 

func (f *File) Close() error

func (*File) GetByte 

func (f *File) GetByte(index int) (byte, error)

func (*File) GetData 

func (f *File) GetData(rva, length uint32) ([]byte, error)

func (*File) GetOverlay 

func (f *File) GetOverlay() *io.SectionReader

func (*File) GetSize 

func (f *File) GetSize() uint32

func (*File) GetStringFromData 

func (f *File) GetStringFromData(offset uint32, data []byte) []byte

func (*File) ImpHash 

func (f *File) ImpHash() (string, error)

ImpHash calculates the import hash.

func (*File) NextHeaderAddr 

func (f *File) NextHeaderAddr(section *Section) uint32

func (*File) ReadUint16 

func (f *File) ReadUint16(offset uint32) (uint16, error)

ReadUint16 read a uint16 from a buffer.

func (*File) ReadUint32 

func (f *File) ReadUint32(offset uint32) (uint32, error)

ReadUint32 read a uint32 from a buffer.

func (*File) RichHeaderChecksum 

func (f *File) RichHeaderChecksum() uint32

func (*File) RichHeaderHash 

func (f *File) RichHeaderHash() string

func (*File) Section 

func (f *File) Section(name string) *Section

func (*File) SectionContains 

func (f *File) SectionContains(rva uint32, section *Section) bool

type FileHeader 

type FileHeader struct {
	Machine              uint16
	NumberOfSections     uint16
	TimeDateStamp        uint32
	PointerToSymbolTable uint32
	NumberOfSymbols      uint32
	SizeOfOptionalHeader uint16
	Characteristics      uint16
}

type ImageDelayImportDirectory 

type ImageDelayImportDirectory struct {
	Attributes                 uint32
	Name                       uint32
	ModuleHandleRVA            uint32
	ImportAddressTableRVA      uint32
	ImportNameTableRVA         uint32
	BoundImportAddressTableRVA uint32
	UnloadInformationTableRVA  uint32
	TimeDateStamp              uint32
}

type ImageImportDirectory 

type ImageImportDirectory struct {
	OriginalFirstThunk uint32
	TimeDateStamp      uint32
	ForwarderChain     uint32
	Name               uint32
	FirstThunk         uint32
}

type ImageResourceDataEntry 

type ImageResourceDataEntry struct {
	OffsetToData uint32
	Size         uint32
	CodePage     uint32
	Reserved     uint32
}

type ImageResourceDirectory 

type ImageResourceDirectory struct {
	Characteristics      uint32
	TimeDateStamp        uint32
	MajorVersion         uint16
	MinorVersion         uint16
	NumberOfNamedEntries uint16
	NumberOfIDEntries    uint16
}

type ImageResourceDirectoryEntry 

type ImageResourceDirectoryEntry struct {
	Name         uint32
	OffsetToData uint32
}

type ImageThunkData32 

type ImageThunkData32 struct {
	AddressOfData uint32
}

type ImageThunkData64 

type ImageThunkData64 struct {
	AddressOfData uint64
}

type Import 

type Import struct {
	Offset     uint32
	Name       string
	Functions  []*ImportFunction
	Descriptor ImageImportDirectory
}

type ImportFunction 

type ImportFunction struct {
	Name               string
	Hint               uint16
	ByOrdinal          bool
	Ordinal            uint32
	OriginalThunkValue uint64
	ThunkValue         uint64
	ThunkRVA           uint32
	OriginalThunkRVA   uint32
}

type LargestOffsetAndSize 

type LargestOffsetAndSize struct {
	// contains filtered or unexported fields
}

type NtHeader 

type NtHeader struct {
	Signature      uint32
	FileHeader     FileHeader
	OptionalHeader any // of type *OptionalHeader32 or *OptionalHeader64
}

type OptionalHeader32 

type OptionalHeader32 struct {
	Magic                       uint16
	MajorLinkerVersion          uint8
	MinorLinkerVersion          uint8
	SizeOfCode                  uint32
	SizeOfInitializedData       uint32
	SizeOfUninitializedData     uint32
	AddressOfEntryPoint         uint32
	BaseOfCode                  uint32
	BaseOfData                  uint32
	ImageBase                   uint32
	SectionAlignment            uint32
	FileAlignment               uint32
	MajorOperatingSystemVersion uint16
	MinorOperatingSystemVersion uint16
	MajorImageVersion           uint16
	MinorImageVersion           uint16
	MajorSubsystemVersion       uint16
	MinorSubsystemVersion       uint16
	Win32VersionValue           uint32
	SizeOfImage                 uint32
	SizeOfHeaders               uint32
	CheckSum                    uint32
	Subsystem                   uint16
	DllCharacteristics          uint16
	SizeOfStackReserve          uint32
	SizeOfStackCommit           uint32
	SizeOfHeapReserve           uint32
	SizeOfHeapCommit            uint32
	LoaderFlags                 uint32
	NumberOfRvaAndSizes         uint32
	DataDirectory               [16]DataDirectory
}

type OptionalHeader64 

type OptionalHeader64 struct {
	Magic                       uint16
	MajorLinkerVersion          uint8
	MinorLinkerVersion          uint8
	SizeOfCode                  uint32
	SizeOfInitializedData       uint32
	SizeOfUninitializedData     uint32
	AddressOfEntryPoint         uint32
	BaseOfCode                  uint32
	ImageBase                   uint64
	SectionAlignment            uint32
	FileAlignment               uint32
	MajorOperatingSystemVersion uint16
	MinorOperatingSystemVersion uint16
	MajorImageVersion           uint16
	MinorImageVersion           uint16
	MajorSubsystemVersion       uint16
	MinorSubsystemVersion       uint16
	Win32VersionValue           uint32
	SizeOfImage                 uint32
	SizeOfHeaders               uint32
	CheckSum                    uint32
	Subsystem                   uint16
	DllCharacteristics          uint16
	SizeOfStackReserve          uint64
	SizeOfStackCommit           uint64
	SizeOfHeapReserve           uint64
	SizeOfHeapCommit            uint64
	LoaderFlags                 uint32
	NumberOfRvaAndSizes         uint32
	DataDirectory               [16]DataDirectory
}

type Range 

type Range struct {
	Start uint32
	End   uint32
}

type ReLoc 

type ReLoc struct {
	VirtualAddress   uint32
	SymbolTableIndex uint32
	Type             uint16
}

type RelRange 

type RelRange struct {
	Start  uint32
	Length uint32
}

type ResourceDataEntry 

type ResourceDataEntry struct {
	Struct  ImageResourceDataEntry
	Lang    uint32
	SubLang uint32
}

type ResourceDirectory 

type ResourceDirectory struct {
	Struct  ImageResourceDirectory
	Entries []ResourceDirectoryEntry
}

type ResourceDirectoryEntry 

type ResourceDirectoryEntry struct {
	Struct    ImageResourceDirectoryEntry
	Name      string
	ID        uint32
	Directory ResourceDirectory
	Data      ResourceDataEntry
}

type ResourceType 

type ResourceType uint32
const (
	RtCursor       ResourceType = 1
	RtBitmap       ResourceType = 2
	RtIcon         ResourceType = 3
	RtMenu         ResourceType = 4
	RtDialog       ResourceType = 5
	RtString       ResourceType = 6
	RtFontDir      ResourceType = 7
	RtFont         ResourceType = 8
	RtAccelerator  ResourceType = 9
	RtRcdata       ResourceType = 10
	RtMessageTable ResourceType = 11
	RtGroupCursor  ResourceType = 12
	RtGroupIcon    ResourceType = 14
	RtVersion      ResourceType = 16
	RtDlgInclude   ResourceType = 17
	RtPlugPlay     ResourceType = 19
	RtVxd          ResourceType = 20
	RtAniCursor    ResourceType = 21
	RtAniIcon      ResourceType = 22
	RtHtml         ResourceType = 23
	RtManifest     ResourceType = 24
)

func (ResourceType) String 

func (r ResourceType) String() string

type RichHeader 

type RichHeader struct {
	XorKey     uint32
	CompIDs    []CompID
	DansOffset int
	Raw        []byte
}

type Section 

type Section struct {
	SectionHeader
	ReLocs []ReLoc

	io.ReaderAt
	// contains filtered or unexported fields
}

func (*Section) Data 

func (s *Section) Data() ([]byte, error)

Data reads and returns the contents of the PE section s.

func (*Section) Entropy 

func (s *Section) Entropy() float64

func (*Section) Flags 

func (s *Section) Flags() (flags string)

func (*Section) GetData 

func (s *Section) GetData(start, length uint32, f *File) []byte

func (*Section) MD5 

func (s *Section) MD5() string

func (*Section) Open 

func (s *Section) Open() io.ReadSeeker

Open returns a new ReadSeeker reading the PE section s.

type SectionHeader 

type SectionHeader struct {
	Name                 string
	VirtualSize          uint32
	VirtualAddress       uint32
	Size                 uint32
	Offset               uint32
	PointerToRelocations uint32
	PointerToLineNumbers uint32
	NumberOfRelocations  uint16
	NumberOfLineNumbers  uint16
	Characteristics      uint32
}

type SectionHeader32 

type SectionHeader32 struct {
	Name                 [8]uint8
	VirtualSize          uint32
	VirtualAddress       uint32
	SizeOfRawData        uint32
	PointerToRawData     uint32
	PointerToRelocations uint32
	PointerToLineNumbers uint32
	NumberOfRelocations  uint16
	NumberOfLineNumbers  uint16
	Characteristics      uint32
}

type StringTable 

type StringTable []byte

StringTable is a COFF string table.

func (StringTable) String 

func (st StringTable) String(start uint32) (string, error)

String extracts string from COFF string table st at offset start.

type Symbol 

type Symbol struct {
	Name          string
	Value         uint32
	SectionNumber int16
	Type          uint16
	StorageClass  uint8
}

Symbol is similar to COFFSymbol with Name field replaced by Go string. Symbol also does not have NumberOfAuxSymbols.

type ThunkData32 

type ThunkData32 struct {
	ImageThunkData ImageThunkData32
	Offset         uint32
}

type ThunkData64 

type ThunkData64 struct {
	ImageThunkData ImageThunkData64
	Offset         uint32
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.