pe

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2021 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package pe contains different facilities for dealing with Portable Executable specifics and digging out valuable insights from it.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddFlags 

func AddFlags(flags *pflag.FlagSet)

AddFlags registers persistent flags.

Types

type Config 

type Config struct {
	Enabled        bool     `json:"pe.enabled" yaml:"pe.enabled"`
	ReadResources  bool     `json:"pe.read-resources" yaml:"pe.read-resources"`
	ReadSymbols    bool     `json:"pe.read-symbols" yaml:"pe.read-symbols"`
	ReadSections   bool     `json:"pe.read-sections" yaml:"pe.read-sections"`
	ExcludedImages []string `json:"pe.excluded-images" yaml:"pe.excluded-images"`
}

Config stores the preferences that dictate the behaviour of the PE reader.

func (*Config) InitFromViper 

func (c *Config) InitFromViper(v *viper.Viper)

InitFromViper initializes PE config from Viper.

type PE 

type PE struct {
	// NumberOfSections designates the total number of sections found withing the binary.
	NumberOfSections uint16 `json:"nsections"`
	// NumberOfSymbols represents the total number of symbols.
	NumberOfSymbols uint32 `json:"nsymbols"`
	// ImageBase designates the base address of the process' image.
	ImageBase string `json:"image_base"`
	// Entrypoint is the address of the entry point function.
	EntryPoint string `json:"entry_point"`
	// LinkTime represents the time that the image was created by the linker.
	LinkTime time.Time `json:"link_time"`
	// Sections contains all distinct sections and their metadata.
	Sections []Sec `json:"sections"`
	// Symbols contains the list of imported symbols.
	Symbols []string `json:"symbols"`
	// Imports contains the imported libraries.
	Imports []string `json:"imports"`
	// VersionResources holds the version resources
	VersionResources map[string]string `json:"resources"`
}

PE contains various headers that identifies the format and characteristics of the executable files.

func NewFromKcap 

func NewFromKcap(b []byte) (*PE, error)

NewFromKcap restores the PE metadata from the byte stream.

func (*PE) Marshal 

func (pe *PE) Marshal() []byte

Marshal dumps the PE metadata to binary stream.

func (*PE) Section 

func (pe *PE) Section(s string) *Sec

Section returns the section with specified name.

func (PE) String 

func (pe PE) String() string

String returns the string representation of the PE metadata.

func (*PE) Unmarshal 

func (pe *PE) Unmarshal(b []byte) error

Unmarshal recovers the PE metadata from the byte stream.

type Reader 

type Reader interface {
	// Read is the main method that reads the PE metadata for the specified image file.
	Read(filename string) (*PE, error)
	// FindSectionByRVA gets the section containing the given address.
	FindSectionByRVA(rva uint32) (*pe.Section, error)
	// FindOffsetByRVA returns the file offset that maps to the given RVA.
	FindOffsetByRVA(rva uint32) (int64, error)
}

Reader is the interface for PE (Portable Executable) format metadata parsing. The stdlib debug/pe package underpins the core functionality of the reader, but additionally, it provides numerous methods for reading resources, strings, IAT directories and other information that is not offered by the standard library package.

func NewReader 

func NewReader(config Config) Reader

NewReader builds a new instance of the PE reader.

type Sec 

type Sec struct {
	Name    string
	Size    uint32
	Entropy float64
	Md5     string
}

Sec contains the section attributes.

func (Sec) String 

func (s Sec) String() string

String returns the stirng representation of the section.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.