Documentation ¶
Index ¶
- Constants
- Variables
- func DebugPrint(fmt_str string, v ...interface{})
- func GetImports(nt_header *IMAGE_NT_HEADERS, rva_resolver *RVAResolver) []string
- func GetVersionInformation(nt_header *IMAGE_NT_HEADERS, rva_resolver *RVAResolver, resource_base int64) *ordereddict.Dict
- func IsInExportDir(dir *IMAGE_DATA_DIRECTORY, va uint32) bool
- func ParseArray_byte(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []byte
- func ParseArray_uint16(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []uint16
- func ParseArray_uint32(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []uint32
- func ParseArray_uint64(profile *PeProfile, reader io.ReaderAt, offset int64, count int) []uint64
- func ParseInt32(reader io.ReaderAt, offset int64) int32
- func ParseString(reader io.ReaderAt, offset int64, length int64) string
- func ParseTerminatedString(reader io.ReaderAt, offset int64) string
- func ParseTerminatedUTF16String(reader io.ReaderAt, offset int64) string
- func ParseUTF16String(reader io.ReaderAt, offset int64, length int64) string
- func ParseUint16(reader io.ReaderAt, offset int64) uint16
- func ParseUint32(reader io.ReaderAt, offset int64) uint32
- func ParseUint64(reader io.ReaderAt, offset int64) uint64
- func ParseUint8(reader io.ReaderAt, offset int64) byte
- func RoundUpToWordAlignment(offset int64) int64
- func UTF16BytesToUTF8(b []byte, o binary.ByteOrder) string
- type CV_RSDS_HEADER
- func (self *CV_RSDS_HEADER) Age() uint32
- func (self *CV_RSDS_HEADER) DebugString() string
- func (self *CV_RSDS_HEADER) Filename() string
- func (self *CV_RSDS_HEADER) GUID() *GUID
- func (self *CV_RSDS_HEADER) GUIDAge() string
- func (self *CV_RSDS_HEADER) Signature() string
- func (self *CV_RSDS_HEADER) Size() int
- type Enumeration
- type FileHeader
- type GUID
- type IMAGE_DATA_DIRECTORY
- type IMAGE_DEBUG_DIRECTORY
- type IMAGE_DOS_HEADER
- type IMAGE_EXPORT_DESCRIPTOR
- type IMAGE_EXPORT_DIRECTORY
- func (self *IMAGE_EXPORT_DIRECTORY) AddressOfFunctions() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) AddressOfNameOrdinals() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) AddressOfNames() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) Base() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) DLLName(rva_resolver *RVAResolver) string
- func (self *IMAGE_EXPORT_DIRECTORY) DebugString() string
- func (self *IMAGE_EXPORT_DIRECTORY) Name() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) NumberOfFunctions() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) NumberOfNames() uint32
- func (self *IMAGE_EXPORT_DIRECTORY) Size() int
- type IMAGE_FILE_HEADER
- func (self *IMAGE_FILE_HEADER) Characteristics() uint16
- func (self *IMAGE_FILE_HEADER) DebugString() string
- func (self *IMAGE_FILE_HEADER) Machine() *Enumeration
- func (self *IMAGE_FILE_HEADER) NumberOfSections() uint16
- func (self *IMAGE_FILE_HEADER) Size() int
- func (self *IMAGE_FILE_HEADER) SizeOfOptionalHeader() uint16
- func (self *IMAGE_FILE_HEADER) TimeDateStamp() *UnixTimeStamp
- func (self *IMAGE_FILE_HEADER) TimeDateStampRaw() uint32
- type IMAGE_IMPORT_BY_NAME
- type IMAGE_IMPORT_DESCRIPTOR
- func (self *IMAGE_IMPORT_DESCRIPTOR) Characteristics() uint32
- func (self *IMAGE_IMPORT_DESCRIPTOR) DLLName(rva_resolver *RVAResolver) string
- func (self *IMAGE_IMPORT_DESCRIPTOR) DebugString() string
- func (self *IMAGE_IMPORT_DESCRIPTOR) Functions32(rva_resolver *RVAResolver) []string
- func (self *IMAGE_IMPORT_DESCRIPTOR) Functions64(rva_resolver *RVAResolver) []string
- func (self *IMAGE_IMPORT_DESCRIPTOR) Name() uint32
- func (self *IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk() uint32
- func (self *IMAGE_IMPORT_DESCRIPTOR) Size() int
- type IMAGE_NT_HEADERS
- func (self *IMAGE_NT_HEADERS) DataDirectory(index int64) *IMAGE_DATA_DIRECTORY
- func (self *IMAGE_NT_HEADERS) DebugDirectory(rva_resolver *RVAResolver) *IMAGE_DEBUG_DIRECTORY
- func (self *IMAGE_NT_HEADERS) DebugString() string
- func (self *IMAGE_NT_HEADERS) ExportDirectory(rva_resolver *RVAResolver) *IMAGE_EXPORT_DIRECTORY
- func (self *IMAGE_NT_HEADERS) ExportTable(rva_resolver *RVAResolver) []*IMAGE_EXPORT_DESCRIPTOR
- func (self *IMAGE_NT_HEADERS) FileHeader() *IMAGE_FILE_HEADER
- func (self *IMAGE_NT_HEADERS) ImportDirectory(rva_resolver *RVAResolver) []*IMAGE_IMPORT_DESCRIPTOR
- func (self *IMAGE_NT_HEADERS) OptionalHeader() *IMAGE_OPTIONAL_HEADER
- func (self *IMAGE_NT_HEADERS) RSDS(rva_resolver *RVAResolver) *CV_RSDS_HEADER
- func (self *IMAGE_NT_HEADERS) RealOptionalHeader() (*IMAGE_OPTIONAL_HEADER, *IMAGE_OPTIONAL_HEADER64)
- func (self *IMAGE_NT_HEADERS) ResourceDirectory(rva_resolver *RVAResolver) *IMAGE_RESOURCE_DIRECTORY
- func (self *IMAGE_NT_HEADERS) SectionByName(name string) *IMAGE_SECTION_HEADER
- func (self *IMAGE_NT_HEADERS) Sections() []*IMAGE_SECTION_HEADER
- func (self *IMAGE_NT_HEADERS) Signature() uint32
- func (self *IMAGE_NT_HEADERS) Size() int
- type IMAGE_OPTIONAL_HEADER
- type IMAGE_OPTIONAL_HEADER64
- type IMAGE_RESOURCE_DATA_ENTRY
- type IMAGE_RESOURCE_DIRECTORY
- func (self *IMAGE_RESOURCE_DIRECTORY) DebugString() string
- func (self *IMAGE_RESOURCE_DIRECTORY) Entries() []*IMAGE_RESOURCE_DIRECTORY_ENTRY
- func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries() uint16
- func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries() uint16
- func (self *IMAGE_RESOURCE_DIRECTORY) Size() int
- type IMAGE_RESOURCE_DIRECTORY_ENTRY
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory() uint64
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DebugString() string
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString() uint64
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset() uint64
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString(resource_base int64) string
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData() uint64
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory() uint64
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Size() int
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse(resource_base int64) []*IMAGE_RESOURCE_DATA_ENTRY
- func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Type() *Enumeration
- type IMAGE_SECTION_HEADER
- func (self *IMAGE_SECTION_HEADER) Characteristics() uint32
- func (self *IMAGE_SECTION_HEADER) Data() io.ReaderAt
- func (self *IMAGE_SECTION_HEADER) DebugString() string
- func (self *IMAGE_SECTION_HEADER) Name() string
- func (self *IMAGE_SECTION_HEADER) Permissions() string
- func (self *IMAGE_SECTION_HEADER) PointerToRawData() uint32
- func (self *IMAGE_SECTION_HEADER) Size() int
- func (self *IMAGE_SECTION_HEADER) SizeOfRawData() uint32
- func (self *IMAGE_SECTION_HEADER) VirtualAddress() uint32
- type IMAGE_THUNK_DATA32
- func (self *IMAGE_THUNK_DATA32) AddressOfData() uint32
- func (self *IMAGE_THUNK_DATA32) DebugString() string
- func (self *IMAGE_THUNK_DATA32) ForwarderString() uint32
- func (self *IMAGE_THUNK_DATA32) Function() uint32
- func (self *IMAGE_THUNK_DATA32) Ordinal() uint32
- func (self *IMAGE_THUNK_DATA32) Size() int
- type IMAGE_THUNK_DATA64
- func (self *IMAGE_THUNK_DATA64) AddressOfData() uint64
- func (self *IMAGE_THUNK_DATA64) DebugString() string
- func (self *IMAGE_THUNK_DATA64) ForwarderString() uint64
- func (self *IMAGE_THUNK_DATA64) Function() uint64
- func (self *IMAGE_THUNK_DATA64) Ordinal() uint64
- func (self *IMAGE_THUNK_DATA64) Size() int
- type MESSAGE_RESOURCE_BLOCK
- func (self *MESSAGE_RESOURCE_BLOCK) DebugString() string
- func (self *MESSAGE_RESOURCE_BLOCK) HighId() uint32
- func (self *MESSAGE_RESOURCE_BLOCK) LowId() uint32
- func (self *MESSAGE_RESOURCE_BLOCK) Messages() []*Message
- func (self *MESSAGE_RESOURCE_BLOCK) OffsetToEntries() uint32
- func (self *MESSAGE_RESOURCE_BLOCK) Size() int
- type MESSAGE_RESOURCE_DATA
- type MESSAGE_RESOURCE_ENTRY
- func (self *MESSAGE_RESOURCE_ENTRY) DebugString() string
- func (self *MESSAGE_RESOURCE_ENTRY) Flags() uint16
- func (self *MESSAGE_RESOURCE_ENTRY) Length() uint16
- func (self *MESSAGE_RESOURCE_ENTRY) Message() string
- func (self *MESSAGE_RESOURCE_ENTRY) Size() int
- func (self *MESSAGE_RESOURCE_ENTRY) Text() string
- type Message
- type OffsetReader
- type PEFile
- type PeProfile
- func (self *PeProfile) CV_RSDS_HEADER(reader io.ReaderAt, offset int64) *CV_RSDS_HEADER
- func (self *PeProfile) GUID(reader io.ReaderAt, offset int64) *GUID
- func (self *PeProfile) IMAGE_DATA_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DATA_DIRECTORY
- func (self *PeProfile) IMAGE_DEBUG_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DEBUG_DIRECTORY
- func (self *PeProfile) IMAGE_DOS_HEADER(reader io.ReaderAt, offset int64) *IMAGE_DOS_HEADER
- func (self *PeProfile) IMAGE_EXPORT_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_EXPORT_DIRECTORY
- func (self *PeProfile) IMAGE_FILE_HEADER(reader io.ReaderAt, offset int64) *IMAGE_FILE_HEADER
- func (self *PeProfile) IMAGE_IMPORT_BY_NAME(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_BY_NAME
- func (self *PeProfile) IMAGE_IMPORT_DESCRIPTOR(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_DESCRIPTOR
- func (self *PeProfile) IMAGE_NT_HEADERS(reader io.ReaderAt, offset int64) *IMAGE_NT_HEADERS
- func (self *PeProfile) IMAGE_OPTIONAL_HEADER(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER
- func (self *PeProfile) IMAGE_OPTIONAL_HEADER64(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER64
- func (self *PeProfile) IMAGE_RESOURCE_DATA_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DATA_ENTRY
- func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY
- func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY_ENTRY
- func (self *PeProfile) IMAGE_SECTION_HEADER(reader io.ReaderAt, offset int64) *IMAGE_SECTION_HEADER
- func (self *PeProfile) IMAGE_THUNK_DATA32(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA32
- func (self *PeProfile) IMAGE_THUNK_DATA64(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA64
- func (self *PeProfile) MESSAGE_RESOURCE_BLOCK(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_BLOCK
- func (self *PeProfile) MESSAGE_RESOURCE_DATA(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_DATA
- func (self *PeProfile) MESSAGE_RESOURCE_ENTRY(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_ENTRY
- func (self *PeProfile) PrefixedString(reader io.ReaderAt, offset int64) *PrefixedString
- func (self *PeProfile) ResourceString(reader io.ReaderAt, offset int64) *ResourceString
- func (self *PeProfile) StringFileInfo(reader io.ReaderAt, offset int64) *StringFileInfo
- func (self *PeProfile) StringTable(reader io.ReaderAt, offset int64) *StringTable
- func (self *PeProfile) TagVS_FIXEDFILEINFO(reader io.ReaderAt, offset int64) *TagVS_FIXEDFILEINFO
- func (self *PeProfile) UnixTimeStamp(reader io.ReaderAt, offset int64) *UnixTimeStamp
- func (self *PeProfile) VS_VERSIONINFO(reader io.ReaderAt, offset int64) *VS_VERSIONINFO
- type PrefixedString
- type RVAResolver
- type ResourceString
- func (self *ResourceString) DebugString() string
- func (self *ResourceString) Key() string
- func (self *ResourceString) Length() uint16
- func (self *ResourceString) Size() int
- func (self *ResourceString) Type() uint16
- func (self *ResourceString) Value() string
- func (self *ResourceString) ValueLength() uint16
- type Run
- type Section
- type StringFileInfo
- func (self *StringFileInfo) DebugString() string
- func (self *StringFileInfo) Key() string
- func (self *StringFileInfo) Length() uint16
- func (self *StringFileInfo) Size() int
- func (self *StringFileInfo) StringTable() []*StringTable
- func (self *StringFileInfo) Type() uint16
- func (self *StringFileInfo) ValueLength() uint16
- type StringTable
- func (self *StringTable) DebugString() string
- func (self *StringTable) Key() string
- func (self *StringTable) Length() uint16
- func (self *StringTable) ResourceStrings() []*ResourceString
- func (self *StringTable) Size() int
- func (self *StringTable) Type() uint16
- func (self *StringTable) ValueLength() uint16
- type TagVS_FIXEDFILEINFO
- type UnixTimeStamp
- type VS_VERSIONINFO
- func (self *VS_VERSIONINFO) Children() []*StringFileInfo
- func (self *VS_VERSIONINFO) DebugString() string
- func (self *VS_VERSIONINFO) Length() uint16
- func (self *VS_VERSIONINFO) Size() int
- func (self *VS_VERSIONINFO) Type() *Enumeration
- func (self *VS_VERSIONINFO) Value() *TagVS_FIXEDFILEINFO
- func (self *VS_VERSIONINFO) ValueLength() uint16
Constants ¶
const ( IMAGE_DIRECTORY_ENTRY_DEBUG = 6 IMAGE_DIRECTORY_ENTRY_RESOURCE = 2 )
const (
IMAGE_DIRECTORY_ENTRY_EXPORT = 0
)
const (
IMAGE_DIRECTORY_ENTRY_IMPORT = 1
)
Variables ¶
var (
PE_DEBUG *bool
)
Functions ¶
func DebugPrint ¶
func DebugPrint(fmt_str string, v ...interface{})
func GetImports ¶
func GetImports(nt_header *IMAGE_NT_HEADERS, rva_resolver *RVAResolver) []string
func GetVersionInformation ¶
func GetVersionInformation( nt_header *IMAGE_NT_HEADERS, rva_resolver *RVAResolver, resource_base int64) *ordereddict.Dict
func IsInExportDir ¶ added in v0.1.2
func IsInExportDir(dir *IMAGE_DATA_DIRECTORY, va uint32) bool
Is the virtual address within the export directory.
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-edata-section-image-only Each entry in the export address table is a field that uses one of two formats in the following table. If the address specified is not within the export section (as defined by the address and length that are indicated in the optional header), the field is an export RVA, which is an actual address in code or data. Otherwise, the field is a forwarder RVA, which names a symbol in another DLL.
func ParseArray_byte ¶
func ParseArray_uint16 ¶ added in v0.1.2
func ParseArray_uint32 ¶ added in v0.1.2
func ParseArray_uint64 ¶ added in v0.1.2
func ParseUTF16String ¶
func RoundUpToWordAlignment ¶
Types ¶
type CV_RSDS_HEADER ¶
func (*CV_RSDS_HEADER) Age ¶
func (self *CV_RSDS_HEADER) Age() uint32
func (*CV_RSDS_HEADER) DebugString ¶ added in v0.1.2
func (self *CV_RSDS_HEADER) DebugString() string
func (*CV_RSDS_HEADER) Filename ¶
func (self *CV_RSDS_HEADER) Filename() string
func (*CV_RSDS_HEADER) GUID ¶
func (self *CV_RSDS_HEADER) GUID() *GUID
func (*CV_RSDS_HEADER) GUIDAge ¶
func (self *CV_RSDS_HEADER) GUIDAge() string
func (*CV_RSDS_HEADER) Signature ¶
func (self *CV_RSDS_HEADER) Signature() string
func (*CV_RSDS_HEADER) Size ¶
func (self *CV_RSDS_HEADER) Size() int
type Enumeration ¶
func (Enumeration) DebugString ¶
func (self Enumeration) DebugString() string
type FileHeader ¶ added in v0.1.2
type GUID ¶
func (*GUID) DebugString ¶ added in v0.1.2
type IMAGE_DATA_DIRECTORY ¶
func (*IMAGE_DATA_DIRECTORY) DebugString ¶ added in v0.1.2
func (self *IMAGE_DATA_DIRECTORY) DebugString() string
func (*IMAGE_DATA_DIRECTORY) DirSize ¶
func (self *IMAGE_DATA_DIRECTORY) DirSize() uint32
func (*IMAGE_DATA_DIRECTORY) Size ¶
func (self *IMAGE_DATA_DIRECTORY) Size() int
func (*IMAGE_DATA_DIRECTORY) VirtualAddress ¶
func (self *IMAGE_DATA_DIRECTORY) VirtualAddress() uint32
type IMAGE_DEBUG_DIRECTORY ¶
func (*IMAGE_DEBUG_DIRECTORY) AddressOfRawData ¶
func (self *IMAGE_DEBUG_DIRECTORY) AddressOfRawData() uint32
func (*IMAGE_DEBUG_DIRECTORY) DebugString ¶ added in v0.1.2
func (self *IMAGE_DEBUG_DIRECTORY) DebugString() string
func (*IMAGE_DEBUG_DIRECTORY) Size ¶
func (self *IMAGE_DEBUG_DIRECTORY) Size() int
func (*IMAGE_DEBUG_DIRECTORY) TimeDateStamp ¶
func (self *IMAGE_DEBUG_DIRECTORY) TimeDateStamp() *UnixTimeStamp
func (*IMAGE_DEBUG_DIRECTORY) Type ¶
func (self *IMAGE_DEBUG_DIRECTORY) Type() *Enumeration
type IMAGE_DOS_HEADER ¶
func (*IMAGE_DOS_HEADER) DebugString ¶ added in v0.1.2
func (self *IMAGE_DOS_HEADER) DebugString() string
func (*IMAGE_DOS_HEADER) E_lfanew ¶
func (self *IMAGE_DOS_HEADER) E_lfanew() int32
func (*IMAGE_DOS_HEADER) E_magic ¶
func (self *IMAGE_DOS_HEADER) E_magic() uint16
func (*IMAGE_DOS_HEADER) NTHeader ¶
func (self *IMAGE_DOS_HEADER) NTHeader() *IMAGE_NT_HEADERS
func (*IMAGE_DOS_HEADER) Size ¶
func (self *IMAGE_DOS_HEADER) Size() int
type IMAGE_EXPORT_DESCRIPTOR ¶ added in v0.1.2
type IMAGE_EXPORT_DIRECTORY ¶ added in v0.1.2
func (*IMAGE_EXPORT_DIRECTORY) AddressOfFunctions ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) AddressOfFunctions() uint32
func (*IMAGE_EXPORT_DIRECTORY) AddressOfNameOrdinals ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) AddressOfNameOrdinals() uint32
func (*IMAGE_EXPORT_DIRECTORY) AddressOfNames ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) AddressOfNames() uint32
func (*IMAGE_EXPORT_DIRECTORY) Base ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) Base() uint32
func (*IMAGE_EXPORT_DIRECTORY) DLLName ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) DLLName(rva_resolver *RVAResolver) string
func (*IMAGE_EXPORT_DIRECTORY) DebugString ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) DebugString() string
func (*IMAGE_EXPORT_DIRECTORY) Name ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) Name() uint32
func (*IMAGE_EXPORT_DIRECTORY) NumberOfFunctions ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) NumberOfFunctions() uint32
func (*IMAGE_EXPORT_DIRECTORY) NumberOfNames ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) NumberOfNames() uint32
func (*IMAGE_EXPORT_DIRECTORY) Size ¶ added in v0.1.2
func (self *IMAGE_EXPORT_DIRECTORY) Size() int
type IMAGE_FILE_HEADER ¶
func (*IMAGE_FILE_HEADER) Characteristics ¶ added in v0.1.2
func (self *IMAGE_FILE_HEADER) Characteristics() uint16
func (*IMAGE_FILE_HEADER) DebugString ¶ added in v0.1.2
func (self *IMAGE_FILE_HEADER) DebugString() string
func (*IMAGE_FILE_HEADER) Machine ¶
func (self *IMAGE_FILE_HEADER) Machine() *Enumeration
func (*IMAGE_FILE_HEADER) NumberOfSections ¶
func (self *IMAGE_FILE_HEADER) NumberOfSections() uint16
func (*IMAGE_FILE_HEADER) Size ¶
func (self *IMAGE_FILE_HEADER) Size() int
func (*IMAGE_FILE_HEADER) SizeOfOptionalHeader ¶
func (self *IMAGE_FILE_HEADER) SizeOfOptionalHeader() uint16
func (*IMAGE_FILE_HEADER) TimeDateStamp ¶
func (self *IMAGE_FILE_HEADER) TimeDateStamp() *UnixTimeStamp
func (*IMAGE_FILE_HEADER) TimeDateStampRaw ¶ added in v0.1.2
func (self *IMAGE_FILE_HEADER) TimeDateStampRaw() uint32
type IMAGE_IMPORT_BY_NAME ¶
func (*IMAGE_IMPORT_BY_NAME) DebugString ¶ added in v0.1.2
func (self *IMAGE_IMPORT_BY_NAME) DebugString() string
func (*IMAGE_IMPORT_BY_NAME) Name ¶
func (self *IMAGE_IMPORT_BY_NAME) Name() string
func (*IMAGE_IMPORT_BY_NAME) Size ¶
func (self *IMAGE_IMPORT_BY_NAME) Size() int
type IMAGE_IMPORT_DESCRIPTOR ¶
func (*IMAGE_IMPORT_DESCRIPTOR) Characteristics ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) Characteristics() uint32
func (*IMAGE_IMPORT_DESCRIPTOR) DLLName ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) DLLName(rva_resolver *RVAResolver) string
func (*IMAGE_IMPORT_DESCRIPTOR) DebugString ¶ added in v0.1.2
func (self *IMAGE_IMPORT_DESCRIPTOR) DebugString() string
func (*IMAGE_IMPORT_DESCRIPTOR) Functions32 ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) Functions32(rva_resolver *RVAResolver) []string
func (*IMAGE_IMPORT_DESCRIPTOR) Functions64 ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) Functions64(rva_resolver *RVAResolver) []string
func (*IMAGE_IMPORT_DESCRIPTOR) Name ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) Name() uint32
func (*IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) OriginalFirstThunk() uint32
func (*IMAGE_IMPORT_DESCRIPTOR) Size ¶
func (self *IMAGE_IMPORT_DESCRIPTOR) Size() int
type IMAGE_NT_HEADERS ¶
func (*IMAGE_NT_HEADERS) DataDirectory ¶
func (self *IMAGE_NT_HEADERS) DataDirectory(index int64) *IMAGE_DATA_DIRECTORY
func (*IMAGE_NT_HEADERS) DebugDirectory ¶
func (self *IMAGE_NT_HEADERS) DebugDirectory( rva_resolver *RVAResolver) *IMAGE_DEBUG_DIRECTORY
func (*IMAGE_NT_HEADERS) DebugString ¶ added in v0.1.2
func (self *IMAGE_NT_HEADERS) DebugString() string
func (*IMAGE_NT_HEADERS) ExportDirectory ¶ added in v0.1.2
func (self *IMAGE_NT_HEADERS) ExportDirectory( rva_resolver *RVAResolver) *IMAGE_EXPORT_DIRECTORY
func (*IMAGE_NT_HEADERS) ExportTable ¶ added in v0.1.2
func (self *IMAGE_NT_HEADERS) ExportTable( rva_resolver *RVAResolver) []*IMAGE_EXPORT_DESCRIPTOR
func (*IMAGE_NT_HEADERS) FileHeader ¶
func (self *IMAGE_NT_HEADERS) FileHeader() *IMAGE_FILE_HEADER
func (*IMAGE_NT_HEADERS) ImportDirectory ¶
func (self *IMAGE_NT_HEADERS) ImportDirectory( rva_resolver *RVAResolver) []*IMAGE_IMPORT_DESCRIPTOR
func (*IMAGE_NT_HEADERS) OptionalHeader ¶
func (self *IMAGE_NT_HEADERS) OptionalHeader() *IMAGE_OPTIONAL_HEADER
func (*IMAGE_NT_HEADERS) RSDS ¶
func (self *IMAGE_NT_HEADERS) RSDS( rva_resolver *RVAResolver) *CV_RSDS_HEADER
func (*IMAGE_NT_HEADERS) RealOptionalHeader ¶
func (self *IMAGE_NT_HEADERS) RealOptionalHeader() ( *IMAGE_OPTIONAL_HEADER, *IMAGE_OPTIONAL_HEADER64)
func (*IMAGE_NT_HEADERS) ResourceDirectory ¶
func (self *IMAGE_NT_HEADERS) ResourceDirectory( rva_resolver *RVAResolver) *IMAGE_RESOURCE_DIRECTORY
func (*IMAGE_NT_HEADERS) SectionByName ¶
func (self *IMAGE_NT_HEADERS) SectionByName(name string) *IMAGE_SECTION_HEADER
func (*IMAGE_NT_HEADERS) Sections ¶
func (self *IMAGE_NT_HEADERS) Sections() []*IMAGE_SECTION_HEADER
func (*IMAGE_NT_HEADERS) Signature ¶
func (self *IMAGE_NT_HEADERS) Signature() uint32
func (*IMAGE_NT_HEADERS) Size ¶
func (self *IMAGE_NT_HEADERS) Size() int
type IMAGE_OPTIONAL_HEADER ¶
func (*IMAGE_OPTIONAL_HEADER) DataDirectory ¶
func (self *IMAGE_OPTIONAL_HEADER) DataDirectory() []*IMAGE_DATA_DIRECTORY
func (*IMAGE_OPTIONAL_HEADER) DebugString ¶ added in v0.1.2
func (self *IMAGE_OPTIONAL_HEADER) DebugString() string
func (*IMAGE_OPTIONAL_HEADER) ImageBase ¶
func (self *IMAGE_OPTIONAL_HEADER) ImageBase() uint32
func (*IMAGE_OPTIONAL_HEADER) Magic ¶
func (self *IMAGE_OPTIONAL_HEADER) Magic() uint16
func (*IMAGE_OPTIONAL_HEADER) Size ¶
func (self *IMAGE_OPTIONAL_HEADER) Size() int
type IMAGE_OPTIONAL_HEADER64 ¶
func (*IMAGE_OPTIONAL_HEADER64) DataDirectory ¶
func (self *IMAGE_OPTIONAL_HEADER64) DataDirectory() []*IMAGE_DATA_DIRECTORY
func (*IMAGE_OPTIONAL_HEADER64) DebugString ¶ added in v0.1.2
func (self *IMAGE_OPTIONAL_HEADER64) DebugString() string
func (*IMAGE_OPTIONAL_HEADER64) ImageBase ¶
func (self *IMAGE_OPTIONAL_HEADER64) ImageBase() uint64
func (*IMAGE_OPTIONAL_HEADER64) Magic ¶
func (self *IMAGE_OPTIONAL_HEADER64) Magic() uint16
func (*IMAGE_OPTIONAL_HEADER64) Size ¶
func (self *IMAGE_OPTIONAL_HEADER64) Size() int
type IMAGE_RESOURCE_DATA_ENTRY ¶
func (*IMAGE_RESOURCE_DATA_ENTRY) CodePage ¶
func (self *IMAGE_RESOURCE_DATA_ENTRY) CodePage() uint32
func (*IMAGE_RESOURCE_DATA_ENTRY) DataSize ¶
func (self *IMAGE_RESOURCE_DATA_ENTRY) DataSize() uint32
func (*IMAGE_RESOURCE_DATA_ENTRY) DebugString ¶ added in v0.1.2
func (self *IMAGE_RESOURCE_DATA_ENTRY) DebugString() string
func (*IMAGE_RESOURCE_DATA_ENTRY) OffsetToData ¶
func (self *IMAGE_RESOURCE_DATA_ENTRY) OffsetToData() uint32
func (*IMAGE_RESOURCE_DATA_ENTRY) Size ¶
func (self *IMAGE_RESOURCE_DATA_ENTRY) Size() int
type IMAGE_RESOURCE_DIRECTORY ¶
func (*IMAGE_RESOURCE_DIRECTORY) DebugString ¶ added in v0.1.2
func (self *IMAGE_RESOURCE_DIRECTORY) DebugString() string
func (*IMAGE_RESOURCE_DIRECTORY) Entries ¶
func (self *IMAGE_RESOURCE_DIRECTORY) Entries() []*IMAGE_RESOURCE_DIRECTORY_ENTRY
func (*IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries ¶
func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfIdEntries() uint16
func (*IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries ¶
func (self *IMAGE_RESOURCE_DIRECTORY) NumberOfNamedEntries() uint16
func (*IMAGE_RESOURCE_DIRECTORY) Size ¶
func (self *IMAGE_RESOURCE_DIRECTORY) Size() int
type IMAGE_RESOURCE_DIRECTORY_ENTRY ¶
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DataIsDirectory() uint64
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) DebugString ¶ added in v0.1.2
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) DebugString() string
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameIsString() uint64
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameOffset() uint64
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) NameString( resource_base int64) string
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToData() uint64
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) OffsetToDirectory() uint64
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Size ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Size() int
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Traverse( resource_base int64) []*IMAGE_RESOURCE_DATA_ENTRY
func (*IMAGE_RESOURCE_DIRECTORY_ENTRY) Type ¶
func (self *IMAGE_RESOURCE_DIRECTORY_ENTRY) Type() *Enumeration
type IMAGE_SECTION_HEADER ¶
func (*IMAGE_SECTION_HEADER) Characteristics ¶
func (self *IMAGE_SECTION_HEADER) Characteristics() uint32
func (*IMAGE_SECTION_HEADER) Data ¶
func (self *IMAGE_SECTION_HEADER) Data() io.ReaderAt
func (*IMAGE_SECTION_HEADER) DebugString ¶ added in v0.1.2
func (self *IMAGE_SECTION_HEADER) DebugString() string
func (*IMAGE_SECTION_HEADER) Name ¶
func (self *IMAGE_SECTION_HEADER) Name() string
func (*IMAGE_SECTION_HEADER) Permissions ¶
func (self *IMAGE_SECTION_HEADER) Permissions() string
func (*IMAGE_SECTION_HEADER) PointerToRawData ¶
func (self *IMAGE_SECTION_HEADER) PointerToRawData() uint32
func (*IMAGE_SECTION_HEADER) Size ¶
func (self *IMAGE_SECTION_HEADER) Size() int
func (*IMAGE_SECTION_HEADER) SizeOfRawData ¶
func (self *IMAGE_SECTION_HEADER) SizeOfRawData() uint32
func (*IMAGE_SECTION_HEADER) VirtualAddress ¶
func (self *IMAGE_SECTION_HEADER) VirtualAddress() uint32
type IMAGE_THUNK_DATA32 ¶
func (*IMAGE_THUNK_DATA32) AddressOfData ¶
func (self *IMAGE_THUNK_DATA32) AddressOfData() uint32
func (*IMAGE_THUNK_DATA32) DebugString ¶ added in v0.1.2
func (self *IMAGE_THUNK_DATA32) DebugString() string
func (*IMAGE_THUNK_DATA32) ForwarderString ¶
func (self *IMAGE_THUNK_DATA32) ForwarderString() uint32
func (*IMAGE_THUNK_DATA32) Function ¶
func (self *IMAGE_THUNK_DATA32) Function() uint32
func (*IMAGE_THUNK_DATA32) Ordinal ¶
func (self *IMAGE_THUNK_DATA32) Ordinal() uint32
func (*IMAGE_THUNK_DATA32) Size ¶
func (self *IMAGE_THUNK_DATA32) Size() int
type IMAGE_THUNK_DATA64 ¶
func (*IMAGE_THUNK_DATA64) AddressOfData ¶
func (self *IMAGE_THUNK_DATA64) AddressOfData() uint64
func (*IMAGE_THUNK_DATA64) DebugString ¶ added in v0.1.2
func (self *IMAGE_THUNK_DATA64) DebugString() string
func (*IMAGE_THUNK_DATA64) ForwarderString ¶
func (self *IMAGE_THUNK_DATA64) ForwarderString() uint64
func (*IMAGE_THUNK_DATA64) Function ¶
func (self *IMAGE_THUNK_DATA64) Function() uint64
func (*IMAGE_THUNK_DATA64) Ordinal ¶
func (self *IMAGE_THUNK_DATA64) Ordinal() uint64
func (*IMAGE_THUNK_DATA64) Size ¶
func (self *IMAGE_THUNK_DATA64) Size() int
type MESSAGE_RESOURCE_BLOCK ¶ added in v0.1.2
func ParseArray_MESSAGE_RESOURCE_BLOCK ¶ added in v0.1.2
func (*MESSAGE_RESOURCE_BLOCK) DebugString ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_BLOCK) DebugString() string
func (*MESSAGE_RESOURCE_BLOCK) HighId ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_BLOCK) HighId() uint32
func (*MESSAGE_RESOURCE_BLOCK) LowId ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_BLOCK) LowId() uint32
func (*MESSAGE_RESOURCE_BLOCK) Messages ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_BLOCK) Messages() []*Message
Each block contains a list of entries.
func (*MESSAGE_RESOURCE_BLOCK) OffsetToEntries ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_BLOCK) OffsetToEntries() uint32
func (*MESSAGE_RESOURCE_BLOCK) Size ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_BLOCK) Size() int
type MESSAGE_RESOURCE_DATA ¶ added in v0.1.2
func (*MESSAGE_RESOURCE_DATA) Blocks ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_DATA) Blocks() []*MESSAGE_RESOURCE_BLOCK
func (*MESSAGE_RESOURCE_DATA) DebugString ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_DATA) DebugString() string
func (*MESSAGE_RESOURCE_DATA) Messages ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_DATA) Messages() []*Message
func (*MESSAGE_RESOURCE_DATA) NumberOfBlocks ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_DATA) NumberOfBlocks() uint32
func (*MESSAGE_RESOURCE_DATA) Size ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_DATA) Size() int
type MESSAGE_RESOURCE_ENTRY ¶ added in v0.1.2
func (*MESSAGE_RESOURCE_ENTRY) DebugString ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_ENTRY) DebugString() string
func (*MESSAGE_RESOURCE_ENTRY) Flags ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_ENTRY) Flags() uint16
func (*MESSAGE_RESOURCE_ENTRY) Length ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_ENTRY) Length() uint16
func (*MESSAGE_RESOURCE_ENTRY) Message ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_ENTRY) Message() string
func (*MESSAGE_RESOURCE_ENTRY) Size ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_ENTRY) Size() int
func (*MESSAGE_RESOURCE_ENTRY) Text ¶ added in v0.1.2
func (self *MESSAGE_RESOURCE_ENTRY) Text() string
type OffsetReader ¶
type OffsetReader struct {
// contains filtered or unexported fields
}
type PEFile ¶
type PEFile struct { NtHeader *IMAGE_NT_HEADERS // Used to resolve RVA to file offsets. RvaResolver *RVAResolver // The file offset to the resource section. ResourceBase int64 FileHeader FileHeader `json:"FileHeader"` GUIDAge string `json:"GUIDAge"` PDB string `json:"PDB"` Sections []*Section `json:"Sections"` // contains filtered or unexported fields }
func (*PEFile) GetMessages ¶ added in v0.1.2
func (*PEFile) ImpHash ¶ added in v0.1.2
Calculate the import table hash https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html
func (*PEFile) VersionInformation ¶
func (self *PEFile) VersionInformation() *ordereddict.Dict
type PeProfile ¶
type PeProfile struct { Off_CV_RSDS_HEADER_Signature int64 Off_CV_RSDS_HEADER_GUID int64 Off_CV_RSDS_HEADER_Age int64 Off_CV_RSDS_HEADER_Filename int64 Off_MESSAGE_RESOURCE_BLOCK_LowId int64 Off_MESSAGE_RESOURCE_BLOCK_HighId int64 Off_MESSAGE_RESOURCE_BLOCK_OffsetToEntries int64 Off_MESSAGE_RESOURCE_DATA_NumberOfBlocks int64 Off_MESSAGE_RESOURCE_DATA__Blocks int64 Off_MESSAGE_RESOURCE_ENTRY_Length int64 Off_MESSAGE_RESOURCE_ENTRY_Flags int64 Off_MESSAGE_RESOURCE_ENTRY_Text int64 Off_PrefixedString_Length int64 Off_PrefixedString__Buffer int64 Off_ResourceString_Length int64 Off_ResourceString_ValueLength int64 Off_ResourceString_Type int64 Off_ResourceString_Key int64 Off_StringFileInfo_Length int64 Off_StringFileInfo_ValueLength int64 Off_StringFileInfo_Type int64 Off_StringFileInfo_Key int64 Off_StringTable_Length int64 Off_StringTable_ValueLength int64 Off_StringTable_Type int64 Off_StringTable_Key int64 Off_VS_VERSIONINFO_Length int64 Off_VS_VERSIONINFO_ValueLength int64 Off_VS_VERSIONINFO_Type int64 Off_VS_VERSIONINFO_szKey int64 Off_GUID_Data1 int64 Off_GUID_Data2 int64 Off_GUID_Data3 int64 Off_GUID_Data4 int64 Off_IMAGE_DATA_DIRECTORY_DirSize int64 Off_IMAGE_DATA_DIRECTORY_VirtualAddress int64 Off_IMAGE_DEBUG_DIRECTORY_AddressOfRawData int64 Off_IMAGE_DEBUG_DIRECTORY_TimeDateStamp int64 Off_IMAGE_DEBUG_DIRECTORY_Type int64 Off_IMAGE_DOS_HEADER_E_lfanew int64 Off_IMAGE_DOS_HEADER_E_magic int64 Off_IMAGE_EXPORT_DIRECTORY_AddressOfFunctions int64 Off_IMAGE_EXPORT_DIRECTORY_AddressOfNameOrdinals int64 Off_IMAGE_EXPORT_DIRECTORY_AddressOfNames int64 Off_IMAGE_EXPORT_DIRECTORY_Base int64 Off_IMAGE_EXPORT_DIRECTORY_Name int64 Off_IMAGE_EXPORT_DIRECTORY_NumberOfFunctions int64 Off_IMAGE_EXPORT_DIRECTORY_NumberOfNames int64 Off_IMAGE_EXPORT_DIRECTORY_ordinals int64 Off_IMAGE_EXPORT_DIRECTORY_names int64 Off_IMAGE_EXPORT_DIRECTORY_funcs64 int64 Off_IMAGE_FILE_HEADER_Characteristics int64 Off_IMAGE_FILE_HEADER_Machine int64 Off_IMAGE_FILE_HEADER_NumberOfSections int64 Off_IMAGE_FILE_HEADER_SizeOfOptionalHeader int64 Off_IMAGE_FILE_HEADER_TimeDateStamp int64 Off_IMAGE_FILE_HEADER_TimeDateStampRaw int64 Off_IMAGE_IMPORT_BY_NAME_Name int64 Off_IMAGE_IMPORT_DESCRIPTOR_Characteristics int64 Off_IMAGE_IMPORT_DESCRIPTOR_Name int64 Off_IMAGE_IMPORT_DESCRIPTOR_OriginalFirstThunk int64 Off_IMAGE_NT_HEADERS_FileHeader int64 Off_IMAGE_NT_HEADERS_OptionalHeader int64 Off_IMAGE_NT_HEADERS_Signature int64 Off_IMAGE_OPTIONAL_HEADER_DataDirectory int64 Off_IMAGE_OPTIONAL_HEADER_ImageBase int64 Off_IMAGE_OPTIONAL_HEADER_Magic int64 Off_IMAGE_OPTIONAL_HEADER64_DataDirectory int64 Off_IMAGE_OPTIONAL_HEADER64_ImageBase int64 Off_IMAGE_OPTIONAL_HEADER64_Magic int64 Off_IMAGE_RESOURCE_DATA_ENTRY_OffsetToData int64 Off_IMAGE_RESOURCE_DATA_ENTRY_DataSize int64 Off_IMAGE_RESOURCE_DATA_ENTRY_CodePage int64 Off_IMAGE_RESOURCE_DIRECTORY_NumberOfIdEntries int64 Off_IMAGE_RESOURCE_DIRECTORY_NumberOfNamedEntries int64 Off_IMAGE_RESOURCE_DIRECTORY__Entries int64 Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_Type int64 Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_DataIsDirectory int64 Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_NameIsString int64 Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_NameOffset int64 Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_OffsetToData int64 Off_IMAGE_RESOURCE_DIRECTORY_ENTRY_OffsetToDirectory int64 Off_IMAGE_SECTION_HEADER_Characteristics int64 Off_IMAGE_SECTION_HEADER_Name int64 Off_IMAGE_SECTION_HEADER_PointerToRawData int64 Off_IMAGE_SECTION_HEADER_SizeOfRawData int64 Off_IMAGE_SECTION_HEADER_VirtualAddress int64 Off_IMAGE_THUNK_DATA32_AddressOfData int64 Off_IMAGE_THUNK_DATA32_ForwarderString int64 Off_IMAGE_THUNK_DATA32_Function int64 Off_IMAGE_THUNK_DATA32_Ordinal int64 Off_IMAGE_THUNK_DATA64_AddressOfData int64 Off_IMAGE_THUNK_DATA64_ForwarderString int64 Off_IMAGE_THUNK_DATA64_Function int64 Off_IMAGE_THUNK_DATA64_Ordinal int64 }
func NewPeProfile ¶
func NewPeProfile() *PeProfile
func (*PeProfile) CV_RSDS_HEADER ¶
func (self *PeProfile) CV_RSDS_HEADER(reader io.ReaderAt, offset int64) *CV_RSDS_HEADER
func (*PeProfile) IMAGE_DATA_DIRECTORY ¶
func (self *PeProfile) IMAGE_DATA_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DATA_DIRECTORY
func (*PeProfile) IMAGE_DEBUG_DIRECTORY ¶
func (self *PeProfile) IMAGE_DEBUG_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_DEBUG_DIRECTORY
func (*PeProfile) IMAGE_DOS_HEADER ¶
func (self *PeProfile) IMAGE_DOS_HEADER(reader io.ReaderAt, offset int64) *IMAGE_DOS_HEADER
func (*PeProfile) IMAGE_EXPORT_DIRECTORY ¶ added in v0.1.2
func (self *PeProfile) IMAGE_EXPORT_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_EXPORT_DIRECTORY
func (*PeProfile) IMAGE_FILE_HEADER ¶
func (self *PeProfile) IMAGE_FILE_HEADER(reader io.ReaderAt, offset int64) *IMAGE_FILE_HEADER
func (*PeProfile) IMAGE_IMPORT_BY_NAME ¶
func (self *PeProfile) IMAGE_IMPORT_BY_NAME(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_BY_NAME
func (*PeProfile) IMAGE_IMPORT_DESCRIPTOR ¶
func (self *PeProfile) IMAGE_IMPORT_DESCRIPTOR(reader io.ReaderAt, offset int64) *IMAGE_IMPORT_DESCRIPTOR
func (*PeProfile) IMAGE_NT_HEADERS ¶
func (self *PeProfile) IMAGE_NT_HEADERS(reader io.ReaderAt, offset int64) *IMAGE_NT_HEADERS
func (*PeProfile) IMAGE_OPTIONAL_HEADER ¶
func (self *PeProfile) IMAGE_OPTIONAL_HEADER(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER
func (*PeProfile) IMAGE_OPTIONAL_HEADER64 ¶
func (self *PeProfile) IMAGE_OPTIONAL_HEADER64(reader io.ReaderAt, offset int64) *IMAGE_OPTIONAL_HEADER64
func (*PeProfile) IMAGE_RESOURCE_DATA_ENTRY ¶
func (self *PeProfile) IMAGE_RESOURCE_DATA_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DATA_ENTRY
func (*PeProfile) IMAGE_RESOURCE_DIRECTORY ¶
func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY
func (*PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY ¶
func (self *PeProfile) IMAGE_RESOURCE_DIRECTORY_ENTRY(reader io.ReaderAt, offset int64) *IMAGE_RESOURCE_DIRECTORY_ENTRY
func (*PeProfile) IMAGE_SECTION_HEADER ¶
func (self *PeProfile) IMAGE_SECTION_HEADER(reader io.ReaderAt, offset int64) *IMAGE_SECTION_HEADER
func (*PeProfile) IMAGE_THUNK_DATA32 ¶
func (self *PeProfile) IMAGE_THUNK_DATA32(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA32
func (*PeProfile) IMAGE_THUNK_DATA64 ¶
func (self *PeProfile) IMAGE_THUNK_DATA64(reader io.ReaderAt, offset int64) *IMAGE_THUNK_DATA64
func (*PeProfile) MESSAGE_RESOURCE_BLOCK ¶ added in v0.1.2
func (self *PeProfile) MESSAGE_RESOURCE_BLOCK(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_BLOCK
func (*PeProfile) MESSAGE_RESOURCE_DATA ¶ added in v0.1.2
func (self *PeProfile) MESSAGE_RESOURCE_DATA(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_DATA
func (*PeProfile) MESSAGE_RESOURCE_ENTRY ¶ added in v0.1.2
func (self *PeProfile) MESSAGE_RESOURCE_ENTRY(reader io.ReaderAt, offset int64) *MESSAGE_RESOURCE_ENTRY
func (*PeProfile) PrefixedString ¶
func (self *PeProfile) PrefixedString(reader io.ReaderAt, offset int64) *PrefixedString
func (*PeProfile) ResourceString ¶
func (self *PeProfile) ResourceString(reader io.ReaderAt, offset int64) *ResourceString
func (*PeProfile) StringFileInfo ¶
func (self *PeProfile) StringFileInfo(reader io.ReaderAt, offset int64) *StringFileInfo
func (*PeProfile) StringTable ¶
func (self *PeProfile) StringTable(reader io.ReaderAt, offset int64) *StringTable
func (*PeProfile) TagVS_FIXEDFILEINFO ¶
func (self *PeProfile) TagVS_FIXEDFILEINFO(reader io.ReaderAt, offset int64) *TagVS_FIXEDFILEINFO
func (*PeProfile) UnixTimeStamp ¶
func (self *PeProfile) UnixTimeStamp(reader io.ReaderAt, offset int64) *UnixTimeStamp
func (*PeProfile) VS_VERSIONINFO ¶
func (self *PeProfile) VS_VERSIONINFO(reader io.ReaderAt, offset int64) *VS_VERSIONINFO
type PrefixedString ¶
func (*PrefixedString) DebugString ¶ added in v0.1.2
func (self *PrefixedString) DebugString() string
func (*PrefixedString) Length ¶
func (self *PrefixedString) Length() uint16
func (*PrefixedString) Size ¶
func (self *PrefixedString) Size() int
func (*PrefixedString) String ¶
func (self *PrefixedString) String() string
A prefixed string contains a length followed by the UTF16 string.
type RVAResolver ¶
type RVAResolver struct { // For now very simple O(n) search. Runs []*Run }
func NewRVAResolver ¶
func NewRVAResolver(header *IMAGE_NT_HEADERS) *RVAResolver
func (*RVAResolver) GetFileAddress ¶
func (self *RVAResolver) GetFileAddress(offset uint32) uint32
type ResourceString ¶
func (*ResourceString) DebugString ¶ added in v0.1.2
func (self *ResourceString) DebugString() string
func (*ResourceString) Key ¶
func (self *ResourceString) Key() string
func (*ResourceString) Length ¶
func (self *ResourceString) Length() uint16
func (*ResourceString) Size ¶
func (self *ResourceString) Size() int
func (*ResourceString) Type ¶
func (self *ResourceString) Type() uint16
func (*ResourceString) Value ¶
func (self *ResourceString) Value() string
func (*ResourceString) ValueLength ¶
func (self *ResourceString) ValueLength() uint16
type Run ¶
An RVA resolver maps a VirtualAddress to a file physical address. When the physical file is mapped into memory, sections in the file are mapped at different memory addresses. Internally the PE file contains pointers to those virtual addresses. This means we need to convert these pointers to mapped memory back into the file so we can read their data. The RVAResolver is responsible for this - it is populated from the header's sections.
type StringFileInfo ¶
func (*StringFileInfo) DebugString ¶ added in v0.1.2
func (self *StringFileInfo) DebugString() string
func (*StringFileInfo) Key ¶
func (self *StringFileInfo) Key() string
func (*StringFileInfo) Length ¶
func (self *StringFileInfo) Length() uint16
func (*StringFileInfo) Size ¶
func (self *StringFileInfo) Size() int
func (*StringFileInfo) StringTable ¶
func (self *StringFileInfo) StringTable() []*StringTable
func (*StringFileInfo) Type ¶
func (self *StringFileInfo) Type() uint16
func (*StringFileInfo) ValueLength ¶
func (self *StringFileInfo) ValueLength() uint16
type StringTable ¶
func (*StringTable) DebugString ¶ added in v0.1.2
func (self *StringTable) DebugString() string
func (*StringTable) Key ¶
func (self *StringTable) Key() string
func (*StringTable) Length ¶
func (self *StringTable) Length() uint16
func (*StringTable) ResourceStrings ¶
func (self *StringTable) ResourceStrings() []*ResourceString
func (*StringTable) Size ¶
func (self *StringTable) Size() int
func (*StringTable) Type ¶
func (self *StringTable) Type() uint16
func (*StringTable) ValueLength ¶
func (self *StringTable) ValueLength() uint16
type TagVS_FIXEDFILEINFO ¶
func (*TagVS_FIXEDFILEINFO) DebugString ¶ added in v0.1.2
func (self *TagVS_FIXEDFILEINFO) DebugString() string
func (*TagVS_FIXEDFILEINFO) Size ¶
func (self *TagVS_FIXEDFILEINFO) Size() int
type UnixTimeStamp ¶
func (*UnixTimeStamp) DebugString ¶
func (self *UnixTimeStamp) DebugString() string
func (*UnixTimeStamp) String ¶
func (self *UnixTimeStamp) String() string
type VS_VERSIONINFO ¶
func (*VS_VERSIONINFO) Children ¶
func (self *VS_VERSIONINFO) Children() []*StringFileInfo
func (*VS_VERSIONINFO) DebugString ¶ added in v0.1.2
func (self *VS_VERSIONINFO) DebugString() string
func (*VS_VERSIONINFO) Length ¶
func (self *VS_VERSIONINFO) Length() uint16
func (*VS_VERSIONINFO) Size ¶
func (self *VS_VERSIONINFO) Size() int
func (*VS_VERSIONINFO) Type ¶
func (self *VS_VERSIONINFO) Type() *Enumeration
func (*VS_VERSIONINFO) Value ¶
func (self *VS_VERSIONINFO) Value() *TagVS_FIXEDFILEINFO
func (*VS_VERSIONINFO) ValueLength ¶
func (self *VS_VERSIONINFO) ValueLength() uint16