Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DataDirectory ¶
type DataDirectory struct {
/// <summary>
/// The relative virtual address of the table.
/// </summary>
VirtualAddress uint32
/// <summary>
/// The size of the table, in bytes.
/// </summary>
Size uint32
}
/ <summary> / Represents the data directory <see href="https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_image_data_directory">here</see> / </summary>
type DataSectionFlags ¶
type DataSectionFlags uint32
For Enum like formatting.
const ( /// <summary> /// Reserved for future use. /// </summary> TypeReg DataSectionFlags = 0x00000000 /// <summary> /// Reserved for future use. /// </summary> TypeDsect DataSectionFlags = 0x00000001 /// <summary> /// Reserved for future use. /// </summary> TypeNoLoad DataSectionFlags = 0x00000002 /// <summary> /// Reserved for future use. /// </summary> TypeGroup DataSectionFlags = 0x00000004 /// <summary> /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files. /// </summary> TypeNoPadded DataSectionFlags = 0x00000008 /// <summary> /// Reserved for future use. /// </summary> TypeCopy DataSectionFlags = 0x00000010 /// <summary> /// The section contains executable code. /// </summary> ContentCode DataSectionFlags = 0x00000020 /// <summary> /// The section contains initialized data. /// </summary> ContentInitializedData DataSectionFlags = 0x00000040 /// <summary> /// The section contains uninitialized data. /// </summary> ContentUninitializedData DataSectionFlags = 0x00000080 /// <summary> /// Reserved for future use. /// </summary> LinkOther DataSectionFlags = 0x00000100 /// <summary> /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only. /// </summary> LinkInfo DataSectionFlags = 0x00000200 /// <summary> /// Reserved for future use. /// </summary> TypeOver DataSectionFlags = 0x00000400 /// <summary> /// The section will not become part of the image. This is valid only for object files. /// </summary> LinkRemove DataSectionFlags = 0x00000800 /// <summary> /// The section contains COMDAT data. For more information see section 5.5.6 COMDAT Sections (Object Only). This is valid only for object files. /// </summary> LinkComDat DataSectionFlags = 0x00001000 /// <summary> /// Reset speculative exceptions handling bits in the TLB entries for this section. /// </summary> NoDeferSpecExceptions DataSectionFlags = 0x00004000 /// <summary> /// The section contains data referenced through the global pointer (GP). /// </summary> RelativeGP DataSectionFlags = 0x00008000 /// <summary> /// Reserved for future use. /// </summary> MemPurgeable DataSectionFlags = 0x00020000 /// <summary> /// Reserved for future use. /// </summary> Memory16Bit DataSectionFlags = 0x00020000 /// <summary> /// Reserved for future use. /// </summary> MemoryLocked DataSectionFlags = 0x00040000 /// <summary> /// Reserved for future use. /// </summary> MemoryPreload DataSectionFlags = 0x00080000 /// <summary> /// Align data on a 1-byte boundary. Valid only for object files. /// </summary> Align1Bytes DataSectionFlags = 0x00100000 /// <summary> /// Align data on a 2-byte boundary. Valid only for object files. /// </summary> Align2Bytes DataSectionFlags = 0x00200000 /// <summary> /// Align data on a 4-byte boundary. Valid only for object files. /// </summary> Align4Bytes DataSectionFlags = 0x00300000 /// <summary> /// Align data on an 8-byte boundary. Valid only for object files. /// </summary> Align8Bytes DataSectionFlags = 0x00400000 /// <summary> /// Align data on a 16-byte boundary. Valid only for object files. /// </summary> Align16Bytes DataSectionFlags = 0x00500000 /// <summary> /// Align data on a 32-byte boundary. Valid only for object files. /// </summary> Align32Bytes DataSectionFlags = 0x00600000 /// <summary> /// Align data on a 64-byte boundary. Valid only for object files. /// </summary> Align64Bytes DataSectionFlags = 0x00700000 /// <summary> /// Align data on a 128-byte boundary. Valid only for object files. /// </summary> Align128Bytes DataSectionFlags = 0x00800000 /// <summary> /// Align data on a 256-byte boundary. Valid only for object files. /// </summary> Align256Bytes DataSectionFlags = 0x00900000 /// <summary> /// Align data on a 512-byte boundary. Valid only for object files. /// </summary> Align512Bytes DataSectionFlags = 0x00A00000 /// <summary> /// Align data on a 1024-byte boundary. Valid only for object files. /// </summary> Align1024Bytes DataSectionFlags = 0x00B00000 /// <summary> /// Align data on a 2048-byte boundary. Valid only for object files. /// </summary> Align2048Bytes DataSectionFlags = 0x00C00000 /// <summary> /// Align data on a 4096-byte boundary. Valid only for object files. /// </summary> Align4096Bytes DataSectionFlags = 0x00D00000 /// <summary> /// Align data on an 8192-byte boundary. Valid only for object files. /// </summary> Align8192Bytes DataSectionFlags = 0x00E00000 /// <summary> /// The section contains extended relocations. /// </summary> LinkExtendedRelocationOverflow DataSectionFlags = 0x01000000 /// <summary> /// The section can be discarded as needed. /// </summary> MemoryDiscardable DataSectionFlags = 0x02000000 /// <summary> /// The section cannot be cached. /// </summary> MemoryNotCached DataSectionFlags = 0x04000000 /// <summary> /// The section is not pageable. /// </summary> MemoryNotPaged DataSectionFlags = 0x08000000 /// The section can be shared in memory. /// </summary> MemoryShared DataSectionFlags = 0x10000000 /// <summary> /// The section can be executed as code. /// </summary> MemoryExecute DataSectionFlags = 0x20000000 /// <summary> /// The section can be read. /// </summary> MemoryRead DataSectionFlags = 0x40000000 /// <summary> /// The section can be written to. /// </summary> MemoryWrite DataSectionFlags = 0x80000000 )
type FileHeader ¶
type FileHeader struct {
/// <summary>
/// The architecture type of the computer. An image file can only be run on the specified computer or a system that emulates the specified computer. This member can be one of the following values.
/// </summary>
Machine uint16
/// <summary>
/// The number of sections. This indicates the size of the section table, which immediately follows the headers. Note that the Windows loader limits the number of sections to 96.
/// </summary>
NumberOfSections uint16
/// <summary>
/// The low 32 bits of the time stamp of the image. This represents the date and time the image was created by the linker.
/// The value is represented in the number of seconds elapsed since midnight (00:00:00), January 1, 1970, Universal Coordinated Time, according to the system clock.
/// </summary>
TimeDateStamp uint32
/// <summary>
/// The offset of the symbol table, in bytes, or zero if no COFF symbol table exists.
/// </summary>
PointerForSymbolTable uint32
/// <summary>
/// The number of symbols in the symbol table.
/// </summary>
NumberOfSymbols uint32
/// <summary>
/// The size of the optional header, in bytes. This value should be 0 for object files.
/// </summary>
SizeOfOptionalHeader uint16
/// <summary>
/// The characteristics of the image. This member can be one or more of the following values.
/// </summary>
Characteristics uint16
}
/ <summary> / Represents the IMAGE_FILE_HEADER structure from <see href="https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_image_file_header">here</see> / </summary>
func (*FileHeader) Is32Bit ¶
func (fileHeader *FileHeader) Is32Bit() bool
determines if a PE is based around 32x architecture.
func (*FileHeader) IsExe ¶
func (fileHeader *FileHeader) IsExe() bool
determines if a PE is a valid EXE
type OptionalHeader32 ¶
type OptionalHeader32 struct {
/// <summary>
/// The state of the image file. This member can be one of the following values.
/// </summary>
Magic uint16
/// <summary>
/// The major version number of the linker.
/// </summary>
MajorLinkerVersion uint8
/// <summary>
/// The minor version number of the linker.
/// </summary>
MinorLinkerVersion uint8
/// <summary>
/// The size of the code section, in bytes, or the sum of all such sections if there are multiple code sections.
/// </summary>
SizeOfCode uint32
/// <summary>
/// The size of the initialized data section, in bytes, or the sum of all such sections if there are multiple initialized data sections.
/// </summary>
SizeOfInitializedData uint32
/// <summary>
/// The size of the uninitialized data section, in bytes, or the sum of all such sections if there are multiple uninitialized data sections.
/// </summary>
SizeOfUninitializedData uint32
/// <summary>
/// A pointer to the entry point function, relative to the image base address.
/// For executable files, this is the starting address. For device drivers, this is the address of the initialization function.
/// The entry point function is optional for DLLs. When no entry point is present, this member is zero.
/// </summary>
AddressOfEntryPoint uint32
/// <summary>
/// A pointer to the beginning of the code section, relative to the image base.
/// </summary>
BaseOfCode uint32
/// <summary>
/// A pointer to the beginning of the data section, relative to the image base.
/// </summary>
BaseOfData uint32
/// <summary>
/// The preferred address of the first byte of the image when it is loaded in memory.
// This value is a multiple of 64K bytes. The default value for DLLs is 0x10000000.
// The default value for applications is 0x00400000, except on Windows CE where it is 0x00010000.
/// </summary>
ImageBase uint32
/// <summary>
/// The alignment of sections loaded in memory, in bytes.
// This value must be greater than or equal to the FileAlignment member.
// The default value is the page size for the system.
/// </summary>
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint32
SizeOfStackCommit uint32
SizeOfHeapReserve uint32
SizeOfHeapCommit uint32
LoaderFlags uint32
NumberOfRvaAndSizes uint32
ExportTable DataDirectory
ImportTable DataDirectory
ResourceTable DataDirectory
ExceptionTable DataDirectory
CertificateTable DataDirectory
BaseRelocationTable DataDirectory
Debug DataDirectory
Architecture DataDirectory
GlobalPtr DataDirectory
TLSTable DataDirectory
LoadConfigTable DataDirectory
BoundImport DataDirectory
IAT DataDirectory
DelayImportDescriptor DataDirectory
CLRRuntimeHeader DataDirectory
Reserved DataDirectory
}
/ <summary> / Represents the IMAGE_OPTIONAL_HEADER32 structure format <see href="https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-_image_optional_header">HERE</see> / </summary>
type OptionalHeader64 ¶
type OptionalHeader64 struct {
Magic uint16
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
BaseOfData uint32
ImageBase uint64
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint64
SizeOfStackCommit uint64
SizeOfHeapReserve uint64
SizeOfHeapCommit uint64
LoaderFlags uint32
NumberOfRvaAndSizes uint32
ExportTable DataDirectory
ImportTable DataDirectory
ResourceTable DataDirectory
ExceptionTable DataDirectory
CertificateTable DataDirectory
BaseRelocationTable DataDirectory
Debug DataDirectory
Architecture DataDirectory
GlobalPtr DataDirectory
TLSTable DataDirectory
LoadConfigTable DataDirectory
BoundImport DataDirectory
IAT DataDirectory
DelayImportDescriptor DataDirectory
CLRRuntimeHeader DataDirectory
Reserved DataDirectory
}
/ <summary> / Represents the IMAGE_OPTIONAL_HEADER64 structure format <see href="https://docs.microsoft.com/en-us/windows/desktop/api/winnt/ns-winnt-image_optional_header64">HERE</see> / </summary>
type PortableExecutable ¶
type PortableExecutable struct {
//The contents of the loaded file.
Contents []byte
//The offset to the certificates table.
AttrCertOffset int
//The offset to the size of the certificates.
CertSizeOffset int
//The embedded X509Certificate (DER).
Asn1Data []byte
//Any extra data, if any.
AppendedTag []byte
//The decoded DER data.
X509Certificate *X509Certificate
}
PortableExecutable represents a PE binary.
type SectionHeader ¶
type SectionHeader struct {
Name [8]byte
VirtualSize uint32
VirtualAddress uint32
SizeOfRawData uint32
PointerToRawData uint32
PointerToRelocations uint32
PointerToLinenumbers uint32
NumberOfRelocations uint16
NumberOfLinenumbers uint16
Characteristics DataSectionFlags
}
/ <summary> / Represents the IMAGE_SECTION_HEADER PE section / </summary>
type X509Certificate ¶
type X509Certificate struct {
Type asn1.ObjectIdentifier
PKCS7 struct {
Version int
Digests asn1.RawValue
ContentInfo asn1.RawValue
Certificates []asn1.RawValue `asn1:"tag:0, optional, set"`
SignerInfos asn1.RawValue
} `asn1:"explicit, tag:0"`
}
Represents the structure of an X509Certificate. We are able to use this struct to easily marshal to and from DER encoding.
Source Files
Click to show internal directories.
Click to hide internal directories.