Documentation
¶
Index ¶
- Constants
- Variables
- func AlignDownUInt32(x, align uint32) uint32
- func AlignDownUInt64(x, align uint64) uint64
- func AlignUpUInt32(x, align uint32) uint32
- func AlignUpUInt64(x, align uint64) uint64
- func BTYPE(t uint16) uint16
- func DECREF(x uint16) uint16
- func EmptyStruct(iface interface{}) bool
- func INCREF(x uint16) uint16
- func ISARY(t uint16) bool
- func ISFCN(t uint16) bool
- func ISPTR(t uint16) bool
- func ISTAG(c int8) bool
- func MaxInt(x, y int) int
- func MaxInt32(x, y int32) int32
- func MaxUInt32(x, y uint32) uint32
- func MemsetRepeat(a []byte, v byte)
- func MinInt(x, y int) int
- func MinInt32(x, y int32) int32
- func MinUInt32(x, y uint32) uint32
- func OrdLookup(libname string, ord uint64, makeName bool) string
- func PowerOfTwo(val uint32) bool
- func SetFlags(flagMap map[string]bool, charMap map[string]uint32, flags uint32)
- type BaseRelocation
- type BaseRelocationEntry
- type BoundForwarderRef
- type BoundImportDescriptor
- type ByVAddr
- type CvInfoPdb20
- type CvInfoPdb70
- type DataDirectory
- type DebugDirectory
- type DelayImportDescriptor
- type DosHeader
- type ExportData
- type ExportDirectory
- type FileHeader
- type GUID
- type ImageBaseRelocation
- type ImageBaseRelocationEntry
- type ImageBoundForwarderRef
- type ImageBoundImportDescriptor
- type ImageDataDirectory
- type ImageDebugDirectory
- type ImageDelayImportDescriptor
- type ImageDosHeader
- type ImageExportDirectory
- type ImageFileHeader
- type ImageImportDescriptor
- type ImageLoadConfigDirectory32
- type ImageLoadConfigDirectory64
- type ImageNTHeader
- type ImageOptionalHeader32
- type ImageOptionalHeader64
- type ImageRelocation
- type ImageResourceDataEntry
- type ImageResourceDirectory
- type ImageResourceDirectoryEntry
- type ImageSectionHeader
- type ImageSymbol
- type ImageTLSDirectory32
- type ImageTLSDirectory64
- type ImageThunkData32
- type ImageThunkData64
- type ImportData32
- type ImportData64
- type ImportDescriptor
- type LoadConfigDirectory32
- type LoadConfigDirectory64
- type NTHeader
- type OMFSignature
- type OptionalHeader32
- type OptionalHeader64
- type PEFile
- type Relocation
- type ResourceDataEntry
- type ResourceDirectory
- type ResourceDirectoryEntry
- type SectionHeader
- type String
- type StringD
- type StringFileInfo
- type StringFileInfoD
- type Symbol
- type TLSDirectory32
- type TLSDirectory64
- type ThunkData32
- type ThunkData64
- type VSFixedFileInfo
- type VSFixedfileinfo
- type VSStringTable
- type VSStringTableD
- type VSVersionInfo
- type Var
- type VarD
- type VersionInfoBlock
Constants ¶
View Source
const ( IMAGE_DOS_SIGNATURE = 0x5A4D IMAGE_DOSZM_SIGNATURE = 0x4D5A IMAGE_NE_SIGNATURE = 0x454E IMAGE_LE_SIGNATURE = 0x454C IMAGE_LX_SIGNATURE = 0x584C IMAGE_TE_SIGNATURE = 0x5A56 // Terse Executables have a 'VZ' signature IMAGE_NT_SIGNATURE = 0x00004550 SIZEOF_PE_SIGNATURE = 4 IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16 IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10b IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20b IMAGE_ROM_OPTIONAL_HDR_MAGIC = 0x107 IMAGE_FILE_ALIGNMENT_HARDCODED_VALUE = 0x200 IMAGE_ORDINAL_FLAG = uint32(0x80000000) IMAGE_ORDINAL_FLAG64 = uint64(0x8000000000000000) IMAGE_SIZEOF_SHORT_NAME = 8 IMAGE_SIZEOF_SECTION_HEADER = 40 IMAGE_SIZEOF_FILE_HEADER = 20 // 0x14 IMAGE_SIZEOF_SYMBOL = 18 IMAGE_SIZEOF_SYMBOL_EX = 20 IMAGE_SIZEOF_RELOCATION = 10 )
View Source
const ( IMAGE_SYM_UNDEFINED = int16(0) // Symbol is undefined or is common. IMAGE_SYM_ABSOLUTE = int16(-1) // Symbol is an absolute value. IMAGE_SYM_DEBUG = int16(-2) // Symbol is a special debug item. IMAGE_SYM_SECTION_MAX = 0xFEFF // Values 0xFF00-0xFFFF are special IMAGE_SYM_SECTION_MAX_EX = math.MaxInt32 // Type (fundamental) values. IMAGE_SYM_TYPE_NULL = 0x0000 // no type. IMAGE_SYM_TYPE_VOID = 0x0001 // IMAGE_SYM_TYPE_CHAR = 0x0002 // type character. IMAGE_SYM_TYPE_SHORT = 0x0003 // type short integer. IMAGE_SYM_TYPE_INT = 0x0004 // IMAGE_SYM_TYPE_LONG = 0x0005 // IMAGE_SYM_TYPE_FLOAT = 0x0006 // IMAGE_SYM_TYPE_DOUBLE = 0x0007 // IMAGE_SYM_TYPE_STRUCT = 0x0008 // IMAGE_SYM_TYPE_UNION = 0x0009 // IMAGE_SYM_TYPE_ENUM = 0x000A // enumeration. IMAGE_SYM_TYPE_MOE = 0x000B // member of enumeration. IMAGE_SYM_TYPE_BYTE = 0x000C // IMAGE_SYM_TYPE_WORD = 0x000D // IMAGE_SYM_TYPE_UINT = 0x000E // IMAGE_SYM_TYPE_DWORD = 0x000F // IMAGE_SYM_TYPE_PCODE = 0x8000 // // Type (derived) values. IMAGE_SYM_DTYPE_NULL = 0 // no derived type. IMAGE_SYM_DTYPE_POINTER = 1 // pointer. IMAGE_SYM_DTYPE_FUNCTION = 2 // function. IMAGE_SYM_DTYPE_ARRAY = 3 // array. // Storage classes. IMAGE_SYM_CLASS_END_OF_FUNCTION = 0xFF IMAGE_SYM_CLASS_NULL = 0x00 IMAGE_SYM_CLASS_AUTOMATIC = 0x01 IMAGE_SYM_CLASS_EXTERNAL = 0x02 IMAGE_SYM_CLASS_STATIC = 0x03 IMAGE_SYM_CLASS_REGISTER = 0x04 IMAGE_SYM_CLASS_EXTERNAL_DEF = 0x05 IMAGE_SYM_CLASS_LABEL = 0x06 IMAGE_SYM_CLASS_UNDEFINED_LABEL = 0x07 IMAGE_SYM_CLASS_MEMBER_OF_STRUCT = 0x08 IMAGE_SYM_CLASS_ARGUMENT = 0x09 IMAGE_SYM_CLASS_STRUCT_TAG = 0x0A IMAGE_SYM_CLASS_MEMBER_OF_UNION = 0x0B IMAGE_SYM_CLASS_UNION_TAG = 0x0C IMAGE_SYM_CLASS_TYPE_DEFINITION = 0x0D IMAGE_SYM_CLASS_UNDEFINED_STATIC = 0x0E IMAGE_SYM_CLASS_ENUM_TAG = 0x0F IMAGE_SYM_CLASS_MEMBER_OF_ENUM = 0x10 IMAGE_SYM_CLASS_REGISTER_PARAM = 0x11 IMAGE_SYM_CLASS_BIT_FIELD = 0x12 IMAGE_SYM_CLASS_FAR_EXTERNAL = 0x44 IMAGE_SYM_CLASS_BLOCK = 0x64 IMAGE_SYM_CLASS_FUNCTION = 0x65 IMAGE_SYM_CLASS_END_OF_STRUCT = 0x66 IMAGE_SYM_CLASS_FILE = 0x67 IMAGE_SYM_CLASS_SECTION = 0x68 IMAGE_SYM_CLASS_WEAK_EXTERNAL = 0x69 IMAGE_SYM_CLASS_CLR_TOKEN = 0x6B // type packing constants N_BTMASK = 0x000F N_TMASK = 0x0030 N_TMASK1 = 0x00C0 N_TMASK2 = 0x00F0 N_BTSHFT = 4 N_TSHIFT = 2 )
Section values.
Symbols have a section number of the section in which they are defined. Otherwise, section numbers have the following meanings:
View Source
const ( IMAGE_FILE_RELOCS_STRIPPED = 0x0001 // Relocation info stripped from file. IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002 // File is executable (i.e. no unresolved external references). IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004 // Line nunbers stripped from file. IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008 // Local symbols stripped from file. IMAGE_FILE_AGGRESIVE_WS_TRIM = 0x0010 // Aggressively trim working set IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020 // App can handle >2gb addresses. IMAGE_FILE_16BIT_MACHINE = 0x0040 // 16 bit machine. IMAGE_FILE_BYTES_REVERSED_LO = 0x0080 // Bytes of machine word are reversed. IMAGE_FILE_32BIT_MACHINE = 0x0100 // 32 bit word machine. IMAGE_FILE_DEBUG_STRIPPED = 0x0200 // Debugging info stripped from file in .DBG file IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400 // If Image is on removable media, copy and run from the swap file. IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800 // If Image is on Net, copy and run from the swap file. IMAGE_FILE_SYSTEM = 0x1000 // System File. IMAGE_FILE_DLL = 0x2000 // File is a DLL. IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000 // File should only be run on a UP machine IMAGE_FILE_BYTES_REVERSED_HI = 0x8000 // Bytes of machine word are reversed. )
Image Characteristic Constants
View Source
const ( IMAGE_SUBSYSTEM_UNKNOWN = 0 // Unknown subsystem. IMAGE_SUBSYSTEM_NATIVE = 1 // Image doesn't require a subsystem. IMAGE_SUBSYSTEM_WINDOWS_GUI = 2 // Image runs in the Windows GUI subsystem. IMAGE_SUBSYSTEM_WINDOWS_CUI = 3 // Image runs in the Windows character subsystem. IMAGE_SUBSYSTEM_OS2_CUI = 5 // image runs in the OS/2 character subsystem. IMAGE_SUBSYSTEM_POSIX_CUI = 7 // image runs in the Posix character subsystem. IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8 // image is a native Win9x driver. IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9 // Image runs in the Windows CE subsystem. IMAGE_SUBSYSTEM_EFI_APPLICATION = 10 // Extensible Firmware Interface (EFI) application. IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11 // EFI driver with boot services. IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12 // EFI driver with run-time services. IMAGE_SUBSYSTEM_EFI_ROM = 13 // EFI ROM image. IMAGE_SUBSYSTEM_XBOX = 14 // Xbox system. IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16 // Boot application. )
Subsystem Values
View Source
const ( // IMAGE_LIBRARY_PROCESS_INIT = 0x0001 // Reserved. // IMAGE_LIBRARY_PROCESS_TERM = 0x0002 // Reserved. // IMAGE_LIBRARY_THREAD_INIT = 0x0004 // Reserved. // IMAGE_LIBRARY_THREAD_TERM = 0x0008 // Reserved. IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020 // Image can handle a high entropy 64-bit virtual address space. IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040 // DLL can move. IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080 // Code Integrity Image IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100 // Image is NX compatible IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200 // Image understands isolation and doesn't want it IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400 // Image does not use SEH. No SE handler may reside in this image IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800 // Do not bind this image. IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000 // Image should execute in an AppContainer IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000 // Driver uses WDM model IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000 // Image supports Control Flow Guard. IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000 // The image is terminal server aware. )
DllCharacteristics Entries
View Source
const ( IMAGE_DIRECTORY_ENTRY_EXPORT = 0 IMAGE_DIRECTORY_ENTRY_IMPORT = 1 IMAGE_DIRECTORY_ENTRY_RESOURCE = 2 IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3 IMAGE_DIRECTORY_ENTRY_SECURITY = 4 IMAGE_DIRECTORY_ENTRY_BASERELOC = 5 IMAGE_DIRECTORY_ENTRY_DEBUG = 6 IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7 IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8 IMAGE_DIRECTORY_ENTRY_TLS = 9 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11 IMAGE_DIRECTORY_ENTRY_IAT = 12 IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14 IMAGE_DIRECTORY_ENTRY_RESERVED = 15 )
IMAGE_DIRECTORY_ENTRY Constants
View Source
const ( IMAGE_SCN_TYPE_REG = 0x00000000 // Reserved. IMAGE_SCN_TYPE_DSECT = 0x00000001 // Reserved. IMAGE_SCN_TYPE_NOLOAD = 0x00000002 // Reserved. IMAGE_SCN_TYPE_GROUP = 0x00000004 // Reserved. IMAGE_SCN_TYPE_NO_PAD = 0x00000008 // Reserved. IMAGE_SCN_TYPE_COPY = 0x00000010 // Reserved. IMAGE_SCN_CNT_CODE = 0x00000020 // Section contains code. IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040 // Section contains initialized data. IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080 // Section contains uninitialized data. IMAGE_SCN_LNK_OTHER = 0x00000100 // Reserved. IMAGE_SCN_LNK_INFO = 0x00000200 // Section contains comments or some other type of information. IMAGE_SCN_LNK_OVER = 0x00000400 // Reserved. IMAGE_SCN_LNK_REMOVE = 0x00000800 // Section contents will not become part of image. IMAGE_SCN_LNK_COMDAT = 0x00001000 // Section contents comdat. // = 0x00002000 // Reserved. IMAGE_SCN_MEM_PROTECTED_OBSOLETE = 0x00004000 IMAGE_SCN_NO_DEFER_SPEC_EXC = 0x00004000 // Reset speculative exceptions handling bits in the TLB entries for this section. IMAGE_SCN_GPREL = 0x00008000 // The section contains data referenced through the global pointer (GP). IMAGE_SCN_MEM_FARDATA = 0x00008000 // IMAGE_SCN_MEM_SYSHEAP_OBSOLETE = 0x00010000 IMAGE_SCN_MEM_PURGEABLE = 0x00020000 // Reserved for future use. IMAGE_SCN_MEM_16BIT = 0x00020000 // Reserved for future use. IMAGE_SCN_MEM_LOCKED = 0x00040000 // Reserved for future use. IMAGE_SCN_MEM_PRELOAD = 0x00080000 // Reserved for future use. IMAGE_SCN_ALIGN_1BYTES = 0x00100000 // Align data on a 1-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_2BYTES = 0x00200000 // Align data on a 2-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_4BYTES = 0x00300000 // Align data on a 4-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_8BYTES = 0x00400000 // Align data on an 8-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_16BYTES = 0x00500000 // Align data on a 16-byte boundary. Valid only for object files. Default alignment if no others are specified. IMAGE_SCN_ALIGN_32BYTES = 0x00600000 // Align data on a 32-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_64BYTES = 0x00700000 // Align data on a 64-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_128BYTES = 0x00800000 // Align data on a 128-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_256BYTES = 0x00900000 // Align data on a 256-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_512BYTES = 0x00A00000 // Align data on a 512-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000 // Align data on a 1024-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000 // Align data on a 2048-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000 // Align data on a 4096-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000 // Align data on an 8192-byte boundary. Valid only for object files. IMAGE_SCN_ALIGN_MASK = 0x00F00000 // Align mask. IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000 // Section contains extended relocations. IMAGE_SCN_MEM_DISCARDABLE = 0x02000000 // Section can be discarded. IMAGE_SCN_MEM_NOT_CACHED = 0x04000000 // Section is not cachable. IMAGE_SCN_MEM_NOT_PAGED = 0x08000000 // Section is not pageable. IMAGE_SCN_MEM_SHARED = 0x10000000 // Section is shareable. IMAGE_SCN_MEM_EXECUTE = 0x20000000 // Section is executable. IMAGE_SCN_MEM_READ = 0x40000000 // Section is readable. IMAGE_SCN_MEM_WRITE = 0x80000000 // Section is writeable. )
Section Characteristic Constants
View Source
const ( IMAGE_DEBUG_MISC_EXENAME = 1 IMAGE_DEBUG_TYPE_UNKNOWN = 0 IMAGE_DEBUG_TYPE_COFF = 1 IMAGE_DEBUG_TYPE_CODEVIEW = 2 IMAGE_DEBUG_TYPE_FPO = 3 IMAGE_DEBUG_TYPE_MISC = 4 IMAGE_DEBUG_TYPE_EXCEPTION = 5 IMAGE_DEBUG_TYPE_FIXUP = 6 IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7 IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8 IMAGE_DEBUG_TYPE_BORLAND = 9 IMAGE_DEBUG_TYPE_RESERVED10 = 10 IMAGE_DEBUG_TYPE_CLSID = 11 IMAGE_DEBUG_TYPE_VC_FEATURE = 12 IMAGE_DEBUG_TYPE_POGO = 13 )
Debug Type Constants
View Source
const ( CV_PDB_70_SIGNATUE = 0x53445352 CV_PDB_20_SIGNATUE = 0x3031424E )
CodeView Signatures
View Source
const ( IMAGE_FILE_MACHINE_UNKNOWN = 0x0 IMAGE_FILE_MACHINE_AM33 = 0x1d3 IMAGE_FILE_MACHINE_AMD64 = 0x8664 IMAGE_FILE_MACHINE_ARM = 0x1c0 IMAGE_FILE_MACHINE_ARMNT = 0x1c4 IMAGE_FILE_MACHINE_ARM64 = 0xaa64 IMAGE_FILE_MACHINE_EBC = 0xebc IMAGE_FILE_MACHINE_I386 = 0x14c IMAGE_FILE_MACHINE_ALPHA = 0x184 IMAGE_FILE_MACHINE_ALPHA64 = 0x284 IMAGE_FILE_MACHINE_AXP64 = IMAGE_FILE_MACHINE_ALPHA64 IMAGE_FILE_MACHINE_IA64 = 0x200 IMAGE_FILE_MACHINE_M32R = 0x9041 IMAGE_FILE_MACHINE_MIPS16 = 0x266 IMAGE_FILE_MACHINE_MIPSFPU = 0x366 IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466 IMAGE_FILE_MACHINE_TRICORE = 0x520 IMAGE_FILE_MACHINE_CEF = 0xcef IMAGE_FILE_MACHINE_POWERPC = 0x1f0 IMAGE_FILE_MACHINE_POWERPCFP = 0x1f1 IMAGE_FILE_MACHINE_R4000 = 0x166 IMAGE_FILE_MACHINE_SH3 = 0x1a2 IMAGE_FILE_MACHINE_SH3DSP = 0x1a3 IMAGE_FILE_MACHINE_SH3E = 0x1a4 IMAGE_FILE_MACHINE_SH4 = 0x1a6 IMAGE_FILE_MACHINE_SH5 = 0x1a8 IMAGE_FILE_MACHINE_THUMB = 0x1c2 IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169 IMAGE_FILE_MACHINE_CEE = 0xc0ee )
IMAGE_FILE_MACHINE Types
View Source
const ( IMAGE_REL_BASED_ABSOLUTE = 0 IMAGE_REL_BASED_HIGH = 1 IMAGE_REL_BASED_LOW = 2 IMAGE_REL_BASED_HIGHLOW = 3 IMAGE_REL_BASED_HIGHADJ = 4 IMAGE_REL_BASED_MACHINE_SPECIFIC_5 = 5 // IMAGE_REL_BASED_MIPS_JMPADDR until W7 IMAGE_REL_BASED_RESERVED = 6 // IMAGE_REL_BASED_SECTION until W7 IMAGE_REL_BASED_MACHINE_SPECIFIC_7 = 7 // IMAGE_REL_BASED_REL32 until W7 IMAGE_REL_BASED_MACHINE_SPECIFIC_8 = 8 // 8 has always been rejected, historically IMAGE_REL_BASED_MACHINE_SPECIFIC_9 = 9 // IMAGE_REL_BASED_MIPS_JMPADDR16 or IMAGE_REL_BASED_IA64_IMM64 IMAGE_REL_BASED_DIR64 = 10 IMAGE_REL_BASED_HIGH3ADJ = 11 )
View Source
const ( IMAGE_REL_I386_ABSOLUTE = 0x0000 // Reference is absolute, no relocation is necessary IMAGE_REL_I386_DIR16 = 0x0001 // Direct 16-bit reference to the symbols virtual address IMAGE_REL_I386_REL16 = 0x0002 // PC-relative 16-bit reference to the symbols virtual address IMAGE_REL_I386_DIR32 = 0x0006 // Direct 32-bit reference to the symbols virtual address IMAGE_REL_I386_DIR32NB = 0x0007 // Direct 32-bit reference to the symbols virtual address, base not included IMAGE_REL_I386_SEG12 = 0x0009 // Direct 16-bit reference to the segment-selector bits of a 32-bit virtual address IMAGE_REL_I386_SECTION = 0x000A IMAGE_REL_I386_SECREL = 0x000B IMAGE_REL_I386_TOKEN = 0x000C // clr token IMAGE_REL_I386_SECREL7 = 0x000D // 7 bit offset from base of section containing target IMAGE_REL_I386_REL32 = 0x0014 // PC-relative 32-bit reference to the symbols virtual address )
I386 relocation types.
View Source
const ( IMAGE_REL_AMD64_ABSOLUTE = 0x0000 // Reference is absolute, no relocation is necessary IMAGE_REL_AMD64_ADDR64 = 0x0001 // 64-bit address (VA). IMAGE_REL_AMD64_ADDR32 = 0x0002 // 32-bit address (VA). IMAGE_REL_AMD64_ADDR32NB = 0x0003 // 32-bit address w/o image base (RVA). IMAGE_REL_AMD64_REL32 = 0x0004 // 32-bit relative address from byte following reloc IMAGE_REL_AMD64_REL32_1 = 0x0005 // 32-bit relative address from byte distance 1 from reloc IMAGE_REL_AMD64_REL32_2 = 0x0006 // 32-bit relative address from byte distance 2 from reloc IMAGE_REL_AMD64_REL32_3 = 0x0007 // 32-bit relative address from byte distance 3 from reloc IMAGE_REL_AMD64_REL32_4 = 0x0008 // 32-bit relative address from byte distance 4 from reloc IMAGE_REL_AMD64_REL32_5 = 0x0009 // 32-bit relative address from byte distance 5 from reloc IMAGE_REL_AMD64_SECTION = 0x000A // Section index IMAGE_REL_AMD64_SECREL = 0x000B // 32 bit offset from base of section containing target IMAGE_REL_AMD64_SECREL7 = 0x000C // 7 bit unsigned offset from base of section containing target IMAGE_REL_AMD64_TOKEN = 0x000D // 32 bit metadata token IMAGE_REL_AMD64_SREL32 = 0x000E // 32 bit signed span-dependent value emitted into object IMAGE_REL_AMD64_PAIR = 0x000F IMAGE_REL_AMD64_SSPAN32 = 0x0010 // 32 bit signed span-dependent value applied at link time )
x64 relocations
View Source
const (
MAX_STRING_LENGTH = 0x100000 // 2^20
)
This will set a maximum length of a string to be retrieved from the file. It's there to prevent loading massive amounts of data from memory mapped files. Strings longer than 1MB should be rather rare.
Variables ¶
View Source
var DebugTypes = map[string]uint32{ "IMAGE_DEBUG_TYPE_UNKNOWN": IMAGE_DEBUG_TYPE_UNKNOWN, "IMAGE_DEBUG_TYPE_COFF": IMAGE_DEBUG_TYPE_COFF, "IMAGE_DEBUG_TYPE_CODEVIEW": IMAGE_DEBUG_TYPE_CODEVIEW, "IMAGE_DEBUG_TYPE_FPO": IMAGE_DEBUG_TYPE_FPO, "IMAGE_DEBUG_TYPE_MISC": IMAGE_DEBUG_TYPE_MISC, "IMAGE_DEBUG_TYPE_EXCEPTION": IMAGE_DEBUG_TYPE_EXCEPTION, "IMAGE_DEBUG_TYPE_FIXUP": IMAGE_DEBUG_TYPE_FIXUP, "IMAGE_DEBUG_TYPE_OMAP_TO_SRC": IMAGE_DEBUG_TYPE_OMAP_TO_SRC, "IMAGE_DEBUG_TYPE_OMAP_FROM_SRC": IMAGE_DEBUG_TYPE_OMAP_FROM_SRC, "IMAGE_DEBUG_TYPE_BORLAND": IMAGE_DEBUG_TYPE_BORLAND, "IMAGE_DEBUG_TYPE_RESERVED10": IMAGE_DEBUG_TYPE_RESERVED10, "IMAGE_DEBUG_TYPE_CLSID": IMAGE_DEBUG_TYPE_CLSID, }
View Source
var DirectoryEntryTypes = map[uint32]string{ IMAGE_DIRECTORY_ENTRY_EXPORT: "IMAGE_DIRECTORY_ENTRY_EXPORT", IMAGE_DIRECTORY_ENTRY_IMPORT: "IMAGE_DIRECTORY_ENTRY_IMPORT", IMAGE_DIRECTORY_ENTRY_RESOURCE: "IMAGE_DIRECTORY_ENTRY_RESOURCE", IMAGE_DIRECTORY_ENTRY_EXCEPTION: "IMAGE_DIRECTORY_ENTRY_EXCEPTION", IMAGE_DIRECTORY_ENTRY_SECURITY: "IMAGE_DIRECTORY_ENTRY_SECURITY", IMAGE_DIRECTORY_ENTRY_BASERELOC: "IMAGE_DIRECTORY_ENTRY_BASERELOC", IMAGE_DIRECTORY_ENTRY_DEBUG: "IMAGE_DIRECTORY_ENTRY_DEBUG", IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: "IMAGE_DIRECTORY_ENTRY_ARCHITECTURE", IMAGE_DIRECTORY_ENTRY_GLOBALPTR: "IMAGE_DIRECTORY_ENTRY_GLOBALPTR", IMAGE_DIRECTORY_ENTRY_TLS: "IMAGE_DIRECTORY_ENTRY_TLS", IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG", IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT", IMAGE_DIRECTORY_ENTRY_IAT: "IMAGE_DIRECTORY_ENTRY_IAT", IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT", IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR", IMAGE_DIRECTORY_ENTRY_RESERVED: "IMAGE_DIRECTORY_ENTRY_RESERVED", }
View Source
var DllCharacteristics = map[string]uint32{ "IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA": IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA, "IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE": IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE, "IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY": IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY, "IMAGE_DLLCHARACTERISTICS_NX_COMPAT": IMAGE_DLLCHARACTERISTICS_NX_COMPAT, "IMAGE_DLLCHARACTERISTICS_NO_ISOLATION": IMAGE_DLLCHARACTERISTICS_NO_ISOLATION, "IMAGE_DLLCHARACTERISTICS_NO_SEH": IMAGE_DLLCHARACTERISTICS_NO_SEH, "IMAGE_DLLCHARACTERISTICS_NO_BIND": IMAGE_DLLCHARACTERISTICS_NO_BIND, "IMAGE_DLLCHARACTERISTICS_APPCONTAINER": IMAGE_DLLCHARACTERISTICS_APPCONTAINER, "IMAGE_DLLCHARACTERISTICS_WDM_DRIVER": IMAGE_DLLCHARACTERISTICS_WDM_DRIVER, "IMAGE_DLLCHARACTERISTICS_GUARD_CF": IMAGE_DLLCHARACTERISTICS_GUARD_CF, "IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE": IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE, }
View Source
var ImageCharacteristics = map[string]uint32{ "IMAGE_FILE_RELOCS_STRIPPED": IMAGE_FILE_RELOCS_STRIPPED, "IMAGE_FILE_EXECUTABLE_IMAGE": IMAGE_FILE_EXECUTABLE_IMAGE, "IMAGE_FILE_LINE_NUMS_STRIPPED": IMAGE_FILE_LINE_NUMS_STRIPPED, "IMAGE_FILE_LOCAL_SYMS_STRIPPED": IMAGE_FILE_LOCAL_SYMS_STRIPPED, "IMAGE_FILE_AGGRESIVE_WS_TRIM": IMAGE_FILE_AGGRESIVE_WS_TRIM, "IMAGE_FILE_LARGE_ADDRESS_AWARE": IMAGE_FILE_LARGE_ADDRESS_AWARE, "IMAGE_FILE_16BIT_MACHINE": IMAGE_FILE_16BIT_MACHINE, "IMAGE_FILE_BYTES_REVERSED_LO": IMAGE_FILE_BYTES_REVERSED_LO, "IMAGE_FILE_32BIT_MACHINE": IMAGE_FILE_32BIT_MACHINE, "IMAGE_FILE_DEBUG_STRIPPED": IMAGE_FILE_DEBUG_STRIPPED, "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP": IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, "IMAGE_FILE_NET_RUN_FROM_SWAP": IMAGE_FILE_NET_RUN_FROM_SWAP, "IMAGE_FILE_SYSTEM": IMAGE_FILE_SYSTEM, "IMAGE_FILE_DLL": IMAGE_FILE_DLL, "IMAGE_FILE_UP_SYSTEM_ONLY": IMAGE_FILE_UP_SYSTEM_ONLY, "IMAGE_FILE_BYTES_REVERSED_HI": IMAGE_FILE_BYTES_REVERSED_HI, }
View Source
var Lang = map[string]uint32{
"LANG_NEUTRAL": 0x00,
"LANG_INVARIANT": 0x7f,
"LANG_AFRIKAANS": 0x36,
"LANG_ALBANIAN": 0x1c,
"LANG_ARABIC": 0x01,
"LANG_ARMENIAN": 0x2b,
"LANG_ASSAMESE": 0x4d,
"LANG_AZERI": 0x2c,
"LANG_BASQUE": 0x2d,
"LANG_BELARUSIAN": 0x23,
"LANG_BENGALI": 0x45,
"LANG_BULGARIAN": 0x02,
"LANG_CATALAN": 0x03,
"LANG_CHINESE": 0x04,
"LANG_CROATIAN": 0x1a,
"LANG_CZECH": 0x05,
"LANG_DANISH": 0x06,
"LANG_DIVEHI": 0x65,
"LANG_DUTCH": 0x13,
"LANG_ENGLISH": 0x09,
"LANG_ESTONIAN": 0x25,
"LANG_FAEROESE": 0x38,
"LANG_FARSI": 0x29,
"LANG_FINNISH": 0x0b,
"LANG_FRENCH": 0x0c,
"LANG_GALICIAN": 0x56,
"LANG_GEORGIAN": 0x37,
"LANG_GERMAN": 0x07,
"LANG_GREEK": 0x08,
"LANG_GUJARATI": 0x47,
"LANG_HEBREW": 0x0d,
"LANG_HINDI": 0x39,
"LANG_HUNGARIAN": 0x0e,
"LANG_ICELANDIC": 0x0f,
"LANG_INDONESIAN": 0x21,
"LANG_ITALIAN": 0x10,
"LANG_JAPANESE": 0x11,
"LANG_KANNADA": 0x4b,
"LANG_KASHMIRI": 0x60,
"LANG_KAZAK": 0x3f,
"LANG_KONKANI": 0x57,
"LANG_KOREAN": 0x12,
"LANG_KYRGYZ": 0x40,
"LANG_LATVIAN": 0x26,
"LANG_LITHUANIAN": 0x27,
"LANG_MACEDONIAN": 0x2f,
"LANG_MALAY": 0x3e,
"LANG_MALAYALAM": 0x4c,
"LANG_MANIPURI": 0x58,
"LANG_MARATHI": 0x4e,
"LANG_MONGOLIAN": 0x50,
"LANG_NEPALI": 0x61,
"LANG_NORWEGIAN": 0x14,
"LANG_ORIYA": 0x48,
"LANG_POLISH": 0x15,
"LANG_PORTUGUESE": 0x16,
"LANG_PUNJABI": 0x46,
"LANG_ROMANIAN": 0x18,
"LANG_RUSSIAN": 0x19,
"LANG_SANSKRIT": 0x4f,
"LANG_SERBIAN": 0x1a,
"LANG_SINDHI": 0x59,
"LANG_SLOVAK": 0x1b,
"LANG_SLOVENIAN": 0x24,
"LANG_SPANISH": 0x0a,
"LANG_SWAHILI": 0x41,
"LANG_SWEDISH": 0x1d,
"LANG_SYRIAC": 0x5a,
"LANG_TAMIL": 0x49,
"LANG_TATAR": 0x44,
"LANG_TELUGU": 0x4a,
"LANG_THAI": 0x1e,
"LANG_TURKISH": 0x1f,
"LANG_UKRAINIAN": 0x22,
"LANG_URDU": 0x20,
"LANG_UZBEK": 0x43,
"LANG_VIETNAMESE": 0x2a,
"LANG_GAELIC": 0x3c,
"LANG_MALTESE": 0x3a,
"LANG_MAORI": 0x28,
"LANG_RHAETO_ROMANCE": 0x17,
"LANG_SAAMI": 0x3b,
"LANG_SORBIAN": 0x2e,
"LANG_SUTU": 0x30,
"LANG_TSONGA": 0x31,
"LANG_TSWANA": 0x32,
"LANG_VENDA": 0x33,
"LANG_XHOSA": 0x34,
"LANG_ZULU": 0x35,
"LANG_ESPERANTO": 0x8f,
"LANG_WALON": 0x90,
"LANG_CORNISH": 0x91,
"LANG_WELSH": 0x92,
"LANG_BRETON": 0x93,
}
Language definitions
View Source
var MachineTypes = map[string]uint32{ "IMAGE_FILE_MACHINE_UNKNOWN": IMAGE_FILE_MACHINE_UNKNOWN, "IMAGE_FILE_MACHINE_I386": IMAGE_FILE_MACHINE_I386, "IMAGE_FILE_MACHINE_ALPHA": IMAGE_FILE_MACHINE_ALPHA, "IMAGE_FILE_MACHINE_SH3": IMAGE_FILE_MACHINE_SH3, "IMAGE_FILE_MACHINE_SH3DSP": IMAGE_FILE_MACHINE_SH3DSP, "IMAGE_FILE_MACHINE_SH3E": IMAGE_FILE_MACHINE_SH3E, "IMAGE_FILE_MACHINE_SH4": IMAGE_FILE_MACHINE_SH4, "IMAGE_FILE_MACHINE_SH5": IMAGE_FILE_MACHINE_SH5, "IMAGE_FILE_MACHINE_ARM": IMAGE_FILE_MACHINE_ARM, "IMAGE_FILE_MACHINE_THUMB": IMAGE_FILE_MACHINE_THUMB, "IMAGE_FILE_MACHINE_ARMNT": IMAGE_FILE_MACHINE_ARMNT, "IMAGE_FILE_MACHINE_AM33": IMAGE_FILE_MACHINE_AM33, "IMAGE_FILE_MACHINE_POWERPC": IMAGE_FILE_MACHINE_POWERPC, "IMAGE_FILE_MACHINE_POWERPCFP": IMAGE_FILE_MACHINE_POWERPCFP, "IMAGE_FILE_MACHINE_IA64": IMAGE_FILE_MACHINE_IA64, "IMAGE_FILE_MACHINE_MIPS16": IMAGE_FILE_MACHINE_MIPS16, "IMAGE_FILE_MACHINE_ALPHA64": IMAGE_FILE_MACHINE_ALPHA64, "IMAGE_FILE_MACHINE_AXP64": IMAGE_FILE_MACHINE_AXP64, "IMAGE_FILE_MACHINE_MIPSFPU": IMAGE_FILE_MACHINE_MIPSFPU, "IMAGE_FILE_MACHINE_MIPSFPU16": IMAGE_FILE_MACHINE_MIPSFPU16, "IMAGE_FILE_MACHINE_TRICORE": IMAGE_FILE_MACHINE_TRICORE, "IMAGE_FILE_MACHINE_CEF": IMAGE_FILE_MACHINE_CEF, "IMAGE_FILE_MACHINE_EBC": IMAGE_FILE_MACHINE_EBC, "IMAGE_FILE_MACHINE_AMD64": IMAGE_FILE_MACHINE_AMD64, "IMAGE_FILE_MACHINE_M32R": IMAGE_FILE_MACHINE_M32R, "IMAGE_FILE_MACHINE_CEE": IMAGE_FILE_MACHINE_CEE, "IMAGE_FILE_MACHINE_WCEMIPSV2": IMAGE_FILE_MACHINE_WCEMIPSV2, }
View Source
var Oleaut32OrdNames = map[uint64]string{}/* 398 elements not displayed */
View Source
var OrdNames = map[string]map[uint64]string{ "ws2_32.dll": Ws232OrdNames, "wsock32.dll": Ws232OrdNames, "oleaut32.dll": Oleaut32OrdNames, }
View Source
var RelocationTypes = map[uint16]string{ IMAGE_REL_BASED_ABSOLUTE: "IMAGE_REL_BASED_ABSOLUTE", IMAGE_REL_BASED_HIGH: "IMAGE_REL_BASED_HIGH", IMAGE_REL_BASED_LOW: "IMAGE_REL_BASED_LOW", IMAGE_REL_BASED_HIGHLOW: "IMAGE_REL_BASED_HIGHLOW", IMAGE_REL_BASED_HIGHADJ: "IMAGE_REL_BASED_HIGHADJ", IMAGE_REL_BASED_MACHINE_SPECIFIC_5: "IMAGE_REL_BASED_MIPS_JMPADDR", IMAGE_REL_BASED_RESERVED: "IMAGE_REL_BASED_SECTION", IMAGE_REL_BASED_MACHINE_SPECIFIC_7: "IMAGE_REL_BASED_REL", IMAGE_REL_BASED_MACHINE_SPECIFIC_9: "IMAGE_REL_BASED_MACHINE_SPECIFIC_9", IMAGE_REL_BASED_DIR64: "IMAGE_REL_BASED_DIR64", IMAGE_REL_BASED_HIGH3ADJ: "IMAGE_REL_BASED_HIGH3ADJ", }
View Source
var RelocationTypesI386 = map[uint16]string{ IMAGE_REL_I386_ABSOLUTE: "IMAGE_REL_I386_ABSOLUTE", IMAGE_REL_I386_DIR16: "IMAGE_REL_I386_DIR16", IMAGE_REL_I386_REL16: "IMAGE_REL_I386_REL16", IMAGE_REL_I386_DIR32: "IMAGE_REL_I386_DIR32", IMAGE_REL_I386_DIR32NB: "IMAGE_REL_I386_DIR32NB", IMAGE_REL_I386_SEG12: "IMAGE_REL_I386_SEG12", IMAGE_REL_I386_SECTION: "IMAGE_REL_I386_SECTION", IMAGE_REL_I386_SECREL: "IMAGE_REL_I386_SECREL", IMAGE_REL_I386_TOKEN: "IMAGE_REL_I386_TOKEN", IMAGE_REL_I386_SECREL7: "IMAGE_REL_I386_SECREL7", IMAGE_REL_I386_REL32: "IMAGE_REL_I386_REL32", }
View Source
var RelocationTypesX64 = map[uint16]string{ IMAGE_REL_AMD64_ABSOLUTE: "IMAGE_REL_AMD64_ABSOLUTE", IMAGE_REL_AMD64_ADDR64: "IMAGE_REL_AMD64_ADDR64", IMAGE_REL_AMD64_ADDR32: "IMAGE_REL_AMD64_ADDR32", IMAGE_REL_AMD64_ADDR32NB: "IMAGE_REL_AMD64_ADDR32NB", IMAGE_REL_AMD64_REL32: "IMAGE_REL_AMD64_REL32", IMAGE_REL_AMD64_REL32_1: "IMAGE_REL_AMD64_REL32_1", IMAGE_REL_AMD64_REL32_2: "IMAGE_REL_AMD64_REL32_2", IMAGE_REL_AMD64_REL32_3: "IMAGE_REL_AMD64_REL32_3", IMAGE_REL_AMD64_REL32_4: "IMAGE_REL_AMD64_REL32_4", IMAGE_REL_AMD64_REL32_5: "IMAGE_REL_AMD64_REL32_5", IMAGE_REL_AMD64_SECTION: "IMAGE_REL_AMD64_SECTION", }
View Source
var ResourceType = map[string]uint32{
"RT_CURSOR": 1,
"RT_BITMAP": 2,
"RT_ICON": 3,
"RT_MENU": 4,
"RT_DIALOG": 5,
"RT_STRING": 6,
"RT_FONTDIR": 7,
"RT_FONT": 8,
"RT_ACCELERATOR": 9,
"RT_RCDATA": 10,
"RT_MESSAGETABLE": 11,
"RT_GROUP_CURSOR": 12,
"RT_GROUP_ICON": 14,
"RT_VERSION": 16,
"RT_DLGINCLUDE": 17,
"RT_PLUGPLAY": 19,
"RT_VXD": 20,
"RT_ANICURSOR": 21,
"RT_ANIICON": 22,
"RT_HTML": 23,
"RT_MANIFEST": 24,
}
Resource types
View Source
var SectionCharacteristics = map[string]uint32{ "IMAGE_SCN_TYPE_REG": IMAGE_SCN_TYPE_REG, "IMAGE_SCN_TYPE_DSECT": IMAGE_SCN_TYPE_DSECT, "IMAGE_SCN_TYPE_NOLOAD": IMAGE_SCN_TYPE_NOLOAD, "IMAGE_SCN_TYPE_GROUP": IMAGE_SCN_TYPE_GROUP, "IMAGE_SCN_TYPE_NO_PAD": IMAGE_SCN_TYPE_NO_PAD, "IMAGE_SCN_TYPE_COPY": IMAGE_SCN_TYPE_COPY, "IMAGE_SCN_CNT_CODE": IMAGE_SCN_CNT_CODE, "IMAGE_SCN_CNT_INITIALIZED_DATA": IMAGE_SCN_CNT_INITIALIZED_DATA, "IMAGE_SCN_CNT_UNINITIALIZED_DATA": IMAGE_SCN_CNT_UNINITIALIZED_DATA, "IMAGE_SCN_LNK_OTHER": IMAGE_SCN_LNK_OTHER, "IMAGE_SCN_LNK_INFO": IMAGE_SCN_LNK_INFO, "IMAGE_SCN_LNK_OVER": IMAGE_SCN_LNK_OVER, "IMAGE_SCN_LNK_REMOVE": IMAGE_SCN_LNK_REMOVE, "IMAGE_SCN_LNK_COMDAT": IMAGE_SCN_LNK_COMDAT, "IMAGE_SCN_MEM_PROTECTED": IMAGE_SCN_MEM_PROTECTED_OBSOLETE, "IMAGE_SCN_NO_DEFER_SPEC_EXC": IMAGE_SCN_NO_DEFER_SPEC_EXC, "IMAGE_SCN_GPREL": IMAGE_SCN_GPREL, "IMAGE_SCN_MEM_FARDATA": IMAGE_SCN_MEM_FARDATA, "IMAGE_SCN_MEM_SYSHEAP": IMAGE_SCN_MEM_SYSHEAP_OBSOLETE, "IMAGE_SCN_MEM_PURGEABLE": IMAGE_SCN_MEM_PURGEABLE, "IMAGE_SCN_MEM_16BIT": IMAGE_SCN_MEM_16BIT, "IMAGE_SCN_MEM_LOCKED": IMAGE_SCN_MEM_LOCKED, "IMAGE_SCN_MEM_PRELOAD": IMAGE_SCN_MEM_PRELOAD, "IMAGE_SCN_ALIGN_1BYTES": IMAGE_SCN_ALIGN_1BYTES, "IMAGE_SCN_ALIGN_2BYTES": IMAGE_SCN_ALIGN_2BYTES, "IMAGE_SCN_ALIGN_4BYTES": IMAGE_SCN_ALIGN_4BYTES, "IMAGE_SCN_ALIGN_8BYTES": IMAGE_SCN_ALIGN_8BYTES, "IMAGE_SCN_ALIGN_16BYTES": IMAGE_SCN_ALIGN_16BYTES, "IMAGE_SCN_ALIGN_32BYTES": IMAGE_SCN_ALIGN_32BYTES, "IMAGE_SCN_ALIGN_64BYTES": IMAGE_SCN_ALIGN_64BYTES, "IMAGE_SCN_ALIGN_128BYTES": IMAGE_SCN_ALIGN_128BYTES, "IMAGE_SCN_ALIGN_256BYTES": IMAGE_SCN_ALIGN_256BYTES, "IMAGE_SCN_ALIGN_512BYTES": IMAGE_SCN_ALIGN_512BYTES, "IMAGE_SCN_ALIGN_1024BYTES": IMAGE_SCN_ALIGN_1024BYTES, "IMAGE_SCN_ALIGN_2048BYTES": IMAGE_SCN_ALIGN_2048BYTES, "IMAGE_SCN_ALIGN_4096BYTES": IMAGE_SCN_ALIGN_4096BYTES, "IMAGE_SCN_ALIGN_8192BYTES": IMAGE_SCN_ALIGN_8192BYTES, "IMAGE_SCN_ALIGN_MASK": IMAGE_SCN_ALIGN_MASK, "IMAGE_SCN_LNK_NRELOC_OVFL": IMAGE_SCN_LNK_NRELOC_OVFL, "IMAGE_SCN_MEM_DISCARDABLE": IMAGE_SCN_MEM_DISCARDABLE, "IMAGE_SCN_MEM_NOT_CACHED": IMAGE_SCN_MEM_NOT_CACHED, "IMAGE_SCN_MEM_NOT_PAGED": IMAGE_SCN_MEM_NOT_PAGED, "IMAGE_SCN_MEM_SHARED": IMAGE_SCN_MEM_SHARED, "IMAGE_SCN_MEM_EXECUTE": IMAGE_SCN_MEM_EXECUTE, "IMAGE_SCN_MEM_READ": IMAGE_SCN_MEM_READ, "IMAGE_SCN_MEM_WRITE": IMAGE_SCN_MEM_WRITE, }
View Source
var Sublang = map[string]uint32{}/* 103 elements not displayed */
Sublanguage definitions
View Source
var SubsystemTypes = map[string]uint32{ "IMAGE_SUBSYSTEM_UNKNOWN": IMAGE_SUBSYSTEM_UNKNOWN, "IMAGE_SUBSYSTEM_NATIVE": IMAGE_SUBSYSTEM_NATIVE, "IMAGE_SUBSYSTEM_WINDOWS_GUI": IMAGE_SUBSYSTEM_WINDOWS_GUI, "IMAGE_SUBSYSTEM_WINDOWS_CUI": IMAGE_SUBSYSTEM_WINDOWS_CUI, "IMAGE_SUBSYSTEM_OS2_CUI": IMAGE_SUBSYSTEM_OS2_CUI, "IMAGE_SUBSYSTEM_POSIX_CUI": IMAGE_SUBSYSTEM_POSIX_CUI, "IMAGE_SUBSYSTEM_NATIVE_WINDOWS": IMAGE_SUBSYSTEM_NATIVE_WINDOWS, "IMAGE_SUBSYSTEM_WINDOWS_CE_GUI": IMAGE_SUBSYSTEM_WINDOWS_CE_GUI, "IMAGE_SUBSYSTEM_EFI_APPLICATION": IMAGE_SUBSYSTEM_EFI_APPLICATION, "IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER": IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER, "IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER": IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER, "IMAGE_SUBSYSTEM_EFI_ROM": IMAGE_SUBSYSTEM_EFI_ROM, "IMAGE_SUBSYSTEM_XBOX": IMAGE_SUBSYSTEM_XBOX, "IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION": IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION, }
View Source
var Ws232OrdNames = map[uint64]string{}/* 117 elements not displayed */
Functions ¶
func AlignDownUInt32 ¶
func AlignDownUInt64 ¶
func AlignUpUInt32 ¶
func AlignUpUInt64 ¶
func EmptyStruct ¶
func EmptyStruct(iface interface{}) bool
func MemsetRepeat ¶
Types ¶
type BaseRelocation ¶
type BaseRelocation struct {
ImageBaseRelocation
// contains filtered or unexported fields
}
func NewBaseRelocation ¶
func NewBaseRelocation(fileOffset int) (header *BaseRelocation)
func (*BaseRelocation) String ¶
func (r *BaseRelocation) String() string
type BaseRelocationEntry ¶
type BaseRelocationEntry struct {
ImageBaseRelocationEntry
// contains filtered or unexported fields
}
func NewBaseRelocationEntry ¶
func NewBaseRelocationEntry(fileOffset int) (header *BaseRelocationEntry)
func (*BaseRelocationEntry) String ¶
func (r *BaseRelocationEntry) String() string
type BoundForwarderRef ¶
type BoundForwarderRef struct {
ImageBoundForwarderRef
// contains filtered or unexported fields
}
func NewBoundForwarderRef ¶
func NewBoundForwarderRef(fileOffset int) (header *BoundForwarderRef)
func (*BoundForwarderRef) String ¶
func (r *BoundForwarderRef) String() string
type BoundImportDescriptor ¶
type BoundImportDescriptor struct {
ImageBoundImportDescriptor
// contains filtered or unexported fields
}
func NewBoundImportDescriptor ¶
func NewBoundImportDescriptor(fileOffset int) (header *BoundImportDescriptor)
func (*BoundImportDescriptor) String ¶
func (d *BoundImportDescriptor) String() string
type ByVAddr ¶
type ByVAddr []*SectionHeader
type CvInfoPdb20 ¶
type CvInfoPdb70 ¶
type DataDirectory ¶
type DataDirectory struct {
ImageDataDirectory
Name string
// contains filtered or unexported fields
}
func NewDataDirectory ¶
func NewDataDirectory(fileOffset int) (header *DataDirectory)
func (*DataDirectory) String ¶
func (d *DataDirectory) String() string
type DebugDirectory ¶
type DebugDirectory struct {
ImageDebugDirectory
RawData []byte
SymbolName []byte
InfoPdb70 *CvInfoPdb70
InfoPdb20 *CvInfoPdb20
// contains filtered or unexported fields
}
func NewDebugDirectory ¶
func NewDebugDirectory(fileOffset int) (header *DebugDirectory)
func (*DebugDirectory) String ¶
func (d *DebugDirectory) String() string
type DelayImportDescriptor ¶
type DelayImportDescriptor struct {
ImageDelayImportDescriptor
// contains filtered or unexported fields
}
func NewDelayImportDescriptor ¶
func NewDelayImportDescriptor(fileOffset int) (header *DelayImportDescriptor)
func (*DelayImportDescriptor) String ¶
func (d *DelayImportDescriptor) String() string
type DosHeader ¶
type DosHeader struct {
ImageDosHeader
// contains filtered or unexported fields
}
func NewDosHeader ¶
type ExportData ¶
type ExportData struct {
Ordinal uint16
OrdinalOffset int
Address uint32
AddressOffset int
Name []byte //
NameOffset int //
Forwarder []byte
ForwarderOffset int
}
func (ExportData) String ¶
func (e ExportData) String() string
type ExportDirectory ¶
type ExportDirectory struct {
ImageExportDirectory
Exports []*ExportData
// contains filtered or unexported fields
}
func NewExportDirectory ¶
func NewExportDirectory(fileOffset int) (header *ExportDirectory)
func (*ExportDirectory) String ¶
func (d *ExportDirectory) String() string
type FileHeader ¶
type FileHeader struct {
ImageFileHeader
// contains filtered or unexported fields
}
func NewFileHeader ¶
func NewFileHeader(fileOffset int) (header *FileHeader)
func (*FileHeader) String ¶
func (f *FileHeader) String() string
type GUID ¶
GUID represents a GUID/UUID. It has the same structure as golang.org/x/sys/windows.GUID, without the need for golang.org/x/sys/windows as a dependency to allow compilation on linux. It is also so that it can be used with functions expecting that type. It is defined as its own type so that stringification and marshaling can be supported. The representation matches that used by native Windows code.
func GuidFromArray ¶
FromArray constructs a GUID from a big-endian encoding array of 16 bytes.
func GuidFromString ¶
FromString parses a string containing a GUID and returns the GUID. The only format currently supported is the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` format.
func GuidFromWindowsArray ¶
FromWindowsArray constructs a GUID from a Windows encoding array of bytes.
func (GUID) MarshalText ¶
MarshalText returns the textual representation of the GUID.
func (GUID) ToArray ¶
ToArray returns an array of 16 bytes representing the GUID in big-endian encoding.
func (GUID) ToString ¶
ToString returns a string representation of the value of this instance of the Guid structure. A single format specifier can be used to indicate how to format the value of this Guid. The format parameter can be "N", "D", "B", "P", or "X". If format is an empty string (""), "D" is used.
func (GUID) ToWindowsArray ¶
ToWindowsArray returns an array of 16 bytes representing the GUID in Windows encoding.
func (*GUID) UnmarshalText ¶
UnmarshalText takes the textual representation of a GUID, and unmarhals it into this GUID.
type ImageBaseRelocation ¶
BaseRelocation
type ImageBaseRelocationEntry ¶
type ImageBaseRelocationEntry struct {
Data uint16
}
BaseRelocationEntry
type ImageBoundForwarderRef ¶
BoundForwarderRef
type ImageBoundImportDescriptor ¶
type ImageBoundImportDescriptor struct {
TimeDateStamp uint32
OffsetModuleName uint16
NumberOfModuleForwarderRefs uint16
}
BoundImportDescriptor
type ImageDataDirectory ¶
Data directory
type ImageDebugDirectory ¶
type ImageDebugDirectory struct {
Characteristics uint32
TimeDateStamp uint32
MajorVersion uint16
MinorVersion uint16
Type uint32
SizeOfData uint32
AddressOfRawData uint32
PointerToRawData uint32
}
DebugDirectory
type ImageDelayImportDescriptor ¶
type ImageDelayImportDescriptor struct {
DIgrAttrs uint32
DIszName uint32
DIphmod uint32
DIpIAT uint32
DIpINT uint32
DIpBoundIAT uint32
DIpUnloadIAT uint32
DIdwTimeStamp uint32
}
Delay Import Descriptor
type ImageDosHeader ¶
type ImageDosHeader struct {
E_magic uint16
E_cblp uint16
E_cp uint16
E_crlc uint16
E_cparhd uint16
E_minalloc uint16
E_maxalloc uint16
E_ss uint16
E_sp uint16
E_csum uint16
E_ip uint16
E_cs uint16
E_lfarlc uint16
E_ovno uint16
E_res [8]uint8
E_oemid uint16
E_oeminfo uint16
E_res2 [20]uint8
E_lfanew uint32
}
DOS Header noinspection GoSnakeCaseUsage
type ImageExportDirectory ¶
type ImageExportDirectory struct {
Characteristics uint32
TimeDateStamp uint32
MajorVersion uint16
MinorVersion uint16
Name uint32
Base uint32
NumberOfFunctions uint32
NumberOfNames uint32
AddressOfFunctions uint32
AddressOfNames uint32
AddressOfNameOrdinals uint32
}
Export Directory
type ImageFileHeader ¶
type ImageFileHeader struct {
Machine uint16
NumberOfSections uint16
TimeDateStamp uint32
PointerToSymbolTable uint32
NumberOfSymbols uint32
SizeOfOptionalHeader uint16
Characteristics uint16
}
File Header
type ImageImportDescriptor ¶
type ImageImportDescriptor struct {
Characteristics uint32
TimeDateStamp uint32
ForwarderChain uint32
Name uint32
FirstThunk uint32
}
Image Import Descriptor
type ImageLoadConfigDirectory32 ¶
type ImageLoadConfigDirectory32 struct {
Size uint32
TimeDateStamp uint32
MajorVersion uint16
MinorVersion uint16
GlobalFlagsClear uint32
GlobalFlagsSet uint32
CriticalSectionDefaultTimeout uint32
DeCommitFreeBlockThreshold uint32
DeCommitTotalFreeThreshold uint32
LockPrefixTable uint32
MaximumAllocationSize uint32
VirtualMemoryThreshold uint32
ProcessHeapFlags uint32
ProcessAffinityMask uint32
CSDVersion uint16
Reserved1 uint16
EditList uint32
SecurityCookie uint32
SEHandlerTable uint32
SEHandlerCount uint32
GuardCFCheckFunctionPointer uint32
Reserved2 uint32
GuardCFFunctionTable uint32
GuardCFFunctionCount uint32
GuardFlags uint32
}
LoadConfigDirectory
type ImageLoadConfigDirectory64 ¶
type ImageLoadConfigDirectory64 struct {
Size uint32
TimeDateStamp uint32
MajorVersion uint16
MinorVersion uint16
GlobalFlagsClear uint32
GlobalFlagsSet uint32
CriticalSectionDefaultTimeout uint32
DeCommitFreeBlockThreshold uint64
DeCommitTotalFreeThreshold uint64
LockPrefixTable uint64
MaximumAllocationSize uint64
VirtualMemoryThreshold uint64
ProcessAffinityMask uint64
ProcessHeapFlags uint32
CSDVersion uint16
Reserved1 uint16
EditList uint64
SecurityCookie uint64
SEHandlerTable uint64
SEHandlerCount uint64
GuardCFCheckFunctionPointer uint64
Reserved2 uint64
GuardCFFunctionTable uint64
GuardCFFunctionCount uint64
GuardFlags uint32
}
LoadConfigDirectory64
type ImageNTHeader ¶
type ImageNTHeader struct {
Signature uint32
}
type ImageOptionalHeader32 ¶
type ImageOptionalHeader32 struct {
Magic uint16
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
BaseOfData uint32
ImageBase uint32
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Reserved1 uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint32
SizeOfStackCommit uint32
SizeOfHeapReserve uint32
SizeOfHeapCommit uint32
LoaderFlags uint32
NumberOfRvaAndSizes uint32
}
Optional Header
type ImageOptionalHeader64 ¶
type ImageOptionalHeader64 struct {
Magic uint16
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
BaseOfData uint32
ImageBase uint32
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Reserved1 uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint64 // Different after this point, specific checks needed
SizeOfStackCommit uint64
SizeOfHeapReserve uint64
SizeOfHeapCommit uint64
LoaderFlags uint32
NumberOfRvaAndSizes uint32
}
type ImageRelocation ¶
Image Relocations
type ImageResourceDataEntry ¶
type ImageResourceDataEntry struct {
OffsetToData uint32 // Offset to the data of the resource.
Size uint32 // Size of the resource data.
CodePage uint32 // Code page.
Reserved uint32 // Reserved for use by the operating system.
}
Resource Data Entry
type ImageResourceDirectory ¶
type ImageResourceDirectory struct {
Characteristics uint32
TimeDateStamp uint32
MajorVersion uint16
MinorVersion uint16
NumberOfNamedEntries uint16
NumberOfIdEntries uint16
}
Resource Directory
type ImageResourceDirectoryEntry ¶
Resource Directory Entry
type ImageSectionHeader ¶
type ImageSectionHeader struct {
Name [IMAGE_SIZEOF_SHORT_NAME]uint8
Misc_VirtualSize_PhysicalAddress uint32
VirtualAddress uint32
SizeOfRawData uint32
PointerToRawData uint32
PointerToRelocations uint32
PointerToLinenumbers uint32
NumberOfRelocations uint16
NumberOfLinenumbers uint16
Characteristics uint32
}
noinspection GoSnakeCaseUsage
type ImageSymbol ¶
type ImageSymbol struct {
ShortName [IMAGE_SIZEOF_SHORT_NAME]uint8 // if low 32bits 0 name is in string table at offset given by high 32bits.
Value uint32
SectionNumber int16
Type uint16
StorageClass int8
NumberOfAuxSymbols int8
}
Image Symbol Table
type ImageTLSDirectory32 ¶
type ImageTLSDirectory32 struct {
StartAddressOfRawData uint32
EndAddressOfRawData uint32
AddressOfIndex uint32
AddressOfCallBacks uint32
SizeOfZeroFill uint32
Characteristics uint32
}
TLSDirectory
type ImageTLSDirectory64 ¶
type ImageTLSDirectory64 struct {
StartAddressOfRawData uint64
EndAddressOfRawData uint64
AddressOfIndex uint64
AddressOfCallBacks uint64
SizeOfZeroFill uint32
Characteristics uint32
}
TLSDirectory64
type ImportData32 ¶
type ImportData32 struct {
StructTable *ThunkData32
StructIat *ThunkData32
ImportByOrdinal bool
Ordinal uint32
OrdinalOffset int
Hint uint16
Name []byte
NameOffset int
Bound uint32
Address uint32
HintNameTableRva uint32
ThunkOffset int
ThunkRva uint32
}
func (ImportData32) String ¶
func (d ImportData32) String() string
type ImportData64 ¶
type ImportData64 struct {
StructTable *ThunkData64
StructIat *ThunkData64
ImportByOrdinal bool
Ordinal uint64
OrdinalOffset uint64
Hint uint16
Name []byte
NameOffset uint64
Bound uint64
Address uint64
HintNameTableRva uint64
ThunkOffset uint64
ThunkRva uint64
}
func (ImportData64) String ¶
func (d ImportData64) String() string
type ImportDescriptor ¶
type ImportDescriptor struct {
ImageImportDescriptor
Module []byte
Imports []*ImportData32
Imports64 []*ImportData64
// contains filtered or unexported fields
}
func NewImportDescriptor ¶
func NewImportDescriptor(fileOffset int) (header *ImportDescriptor)
func (*ImportDescriptor) String ¶
func (d *ImportDescriptor) String() string
type LoadConfigDirectory32 ¶
type LoadConfigDirectory32 struct {
ImageLoadConfigDirectory32
// contains filtered or unexported fields
}
func NewLoadConfigDirectory32 ¶
func NewLoadConfigDirectory32(fileOffset int) (header *LoadConfigDirectory32)
func (*LoadConfigDirectory32) String ¶
func (l *LoadConfigDirectory32) String() string
type LoadConfigDirectory64 ¶
type LoadConfigDirectory64 struct {
ImageLoadConfigDirectory64
// contains filtered or unexported fields
}
func NewLoadConfigDirectory64 ¶
func NewLoadConfigDirectory64(fileOffset int) (header *LoadConfigDirectory64)
func (*LoadConfigDirectory64) String ¶
func (l *LoadConfigDirectory64) String() string
type NTHeader ¶
type NTHeader struct {
ImageNTHeader
// contains filtered or unexported fields
}
func NewNTHeader ¶
type OMFSignature ¶
CodeView Debug OMF signature. The signature at the end of the file is a negative offset from the end of the file to another signature. At the negative offset (base address) is another signature whose filepos field points to the first OMFDirHeader in a chain of directories. The NB05 signature is used by the link utility to indicated a completely unpacked file. The NB06 signature is used by ilink to indicate that the executable has had CodeView information from an incremental link appended to the executable. The NB08 signature is used by cvpack to indicate that the CodeView Debug OMF has been packed. CodeView will only process executables with the NB08 signature.
type OptionalHeader32 ¶
type OptionalHeader32 struct {
ImageOptionalHeader32
DataDirs map[string]*DataDirectory
// contains filtered or unexported fields
}
func NewOptionalHeader32 ¶
func NewOptionalHeader32(fileOffset int) (header *OptionalHeader32)
func (*OptionalHeader32) String ¶
func (o *OptionalHeader32) String() string
type OptionalHeader64 ¶
type OptionalHeader64 struct {
ImageOptionalHeader64
DataDirs map[string]*DataDirectory
// contains filtered or unexported fields
}
func NewOptionalHeader64 ¶
func NewOptionalHeader64(fileOffset int) (header *OptionalHeader64)
func (*OptionalHeader64) String ¶
func (o *OptionalHeader64) String() string
type PEFile ¶
type PEFile struct {
DosHeader *DosHeader
NTHeader *NTHeader
FileHeader *FileHeader
OptionalHeader *OptionalHeader32
OptionalHeader64 *OptionalHeader64
StringTableOffset int
StringTable []byte
SymbolTable []*Symbol
Sections []*SectionHeader
ImportDescriptors []*ImportDescriptor
ExportDirectory *ExportDirectory
DebugDirectories []*DebugDirectory
// contains filtered or unexported fields
}
The representation of the PEFile with some helpful abstractions
func (*PEFile) GetRawData ¶
func (*PEFile) GetRawDataSize ¶
type Relocation ¶
type Relocation struct {
ImageRelocation
Symbol *Symbol
// contains filtered or unexported fields
}
func NewRelocation ¶
func NewRelocation(fileOffset int) (header *Relocation)
type ResourceDataEntry ¶
type ResourceDataEntry struct {
ImageResourceDataEntry
// contains filtered or unexported fields
}
func NewResourceDataEntry ¶
func NewResourceDataEntry(fileOffset int) (header *ResourceDataEntry)
func (*ResourceDataEntry) String ¶
func (r *ResourceDataEntry) String() string
type ResourceDirectory ¶
type ResourceDirectory struct {
ImageResourceDirectory
// contains filtered or unexported fields
}
func NewResourceDirectory ¶
func NewResourceDirectory(fileOffset int) (header *ResourceDirectory)
func (*ResourceDirectory) String ¶
func (r *ResourceDirectory) String() string
type ResourceDirectoryEntry ¶
type ResourceDirectoryEntry struct {
ImageResourceDirectoryEntry
// contains filtered or unexported fields
}
func NewResourceDirectoryEntry ¶
func NewResourceDirectoryEntry(fileOffset int) (header *ResourceDirectoryEntry)
func (*ResourceDirectoryEntry) String ¶
func (r *ResourceDirectoryEntry) String() string
type SectionHeader ¶
type SectionHeader struct {
ImageSectionHeader
RawData []byte
Relocations []*Relocation
// contains filtered or unexported fields
}
func NewSectionHeader ¶
func NewSectionHeader(fileOffset int) (header *SectionHeader)
func (*SectionHeader) String ¶
func (s *SectionHeader) String() string
type StringFileInfo ¶
type StringFileInfo struct {
Data StringFileInfoD
// contains filtered or unexported fields
}
func NewStringFileInfo ¶
func NewStringFileInfo(fileOffset int) (header *StringFileInfo)
func (*StringFileInfo) String ¶
func (s *StringFileInfo) String() string
type StringFileInfoD ¶
StringFileInfo
type Symbol ¶
type Symbol struct {
ImageSymbol
Name string
// contains filtered or unexported fields
}
type TLSDirectory32 ¶
type TLSDirectory32 struct {
ImageTLSDirectory32
// contains filtered or unexported fields
}
func NewTLSDirectory ¶
func NewTLSDirectory(fileOffset int) (header *TLSDirectory32)
func (*TLSDirectory32) String ¶
func (t *TLSDirectory32) String() string
type TLSDirectory64 ¶
type TLSDirectory64 struct {
ImageTLSDirectory64
// contains filtered or unexported fields
}
func NewTLSDirectory64 ¶
func NewTLSDirectory64(fileOffset int) (header *TLSDirectory64)
func (*TLSDirectory64) String ¶
func (t *TLSDirectory64) String() string
type ThunkData32 ¶
type ThunkData32 struct {
ImageThunkData32
// contains filtered or unexported fields
}
func NewThunkData32 ¶
func NewThunkData32(fileOffset int) (header *ThunkData32)
func (*ThunkData32) String ¶
func (d *ThunkData32) String() string
type ThunkData64 ¶
type ThunkData64 struct {
ImageThunkData64
// contains filtered or unexported fields
}
func NewThunkData64 ¶
func NewThunkData64(fileOffset int) (header *ThunkData64)
func (*ThunkData64) String ¶
func (d *ThunkData64) String() string
type VSFixedFileInfo ¶
type VSFixedFileInfo struct {
VSFixedfileinfo
// contains filtered or unexported fields
}
func NewVSFixedFileInfo ¶
func NewVSFixedFileInfo(fileOffset int) (header *VSFixedFileInfo)
func (*VSFixedFileInfo) String ¶
func (v *VSFixedFileInfo) String() string
type VSFixedfileinfo ¶
type VSFixedfileinfo struct {
Signature uint32 // e.g. 0xfeef04bd
StrucVersion uint32 // e.g. 0x00000042 = "0.42"
FileVersionMS uint32 // e.g. 0x00030075 = "3.75"
FileVersionLS uint32 // e.g. 0x00000031 = "0.31"
ProductVersionMS uint32 // e.g. 0x00030010 = "3.10"
ProductVersionLS uint32 // e.g. 0x00000031 = "0.31"
FileFlagsMask uint32 // = 0x3F for version "0.42"
FileFlags uint32 // e.g. VFF_DEBUG | VFF_PRERELEASE
FileOS uint32 // e.g. VOS_DOS_WINDOWS16
FileType uint32 // e.g. VFT_DRIVER
FileSubtype uint32 // e.g. VFT2_DRV_KEYBOARD
FileDateMS uint32 // e.g. 0
FileDateLS uint32 // e.g. 0
}
VSFixedFileInfo
type VSStringTable ¶
type VSStringTable struct {
Data VSStringTableD
// contains filtered or unexported fields
}
func NewStringTable ¶
func NewStringTable(fileOffset int) (header *VSStringTable)
func (*VSStringTable) String ¶
func (s *VSStringTable) String() string
type VSStringTableD ¶
VSStringTable
type VSVersionInfo ¶
type VSVersionInfo struct {
VersionInfoBlock
// contains filtered or unexported fields
}
func NewVSVersionInfo ¶
func NewVSVersionInfo(fileOffset int) (header *VSVersionInfo)
func (*VSVersionInfo) String ¶
func (v *VSVersionInfo) String() string
type VersionInfoBlock ¶
type VersionInfoBlock struct {
Length uint16 // Length of this block (doesn't include padding)
ValueLength uint16 // Value length (if any)
Type uint16 // Value type (0 = binary, 1 = text)
}
VS Version Info
Source Files
Click to show internal directories.
Click to hide internal directories.