peinfo

package
v0.0.0-...-66c1c33 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2021 License: BSD-2-Clause, MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	WIN_CERT_REVISION_1_0 = 0x0100
	WIN_CERT_REVISION_2_0 = 0x0200

	WIN_CERT_TYPE_X509             = 0x0001
	WIN_CERT_TYPE_PKCS_SIGNED_DATA = 0x0002
	WIN_CERT_TYPE_RESERVED_1       = 0x0003
	WIN_CERT_TYPE_TS_STACK_SIGNED  = 0x0004
)
View Source 
const HTTP_TIMEOUT = 15
View Source 
const (
	RT_VERSION = 16
)

Variables

View Source 
var FileOS = map[uint32]string{
	0x00001: "Win16",
	0x00002: "PM-16",
	0x00003: "PM-32",
	0x00004: "Win32",
	0x10000: "DOS",
	0x20000: "OS/2 16-bit",
	0x30000: "OS/2 32-bit",
	0x40000: "Windows NT",
	0x10001: "Windows 16-bit",
	0x10004: "Windows 32-bit",
	0x20002: "OS/2 16-bit PM-16",
	0x30003: "OS/2 32-bit PM-32",
	0x40004: "Windows NT 32-bit",
}

Functions

This section is empty.

Types

type CertDetails 

type CertDetails struct {
	Length          uint32
	Revision        uint16
	CertificateType uint16
	DER             []byte
}

type ConfigT 

type ConfigT struct {
	FileName    string
	OSFile      *os.File
	PEFile      *pe.File
	ExtractCert bool
	Verbose     bool
	RootCertDir string
}

func Initialize 

func Initialize(filePath string, verbose bool, rootCertDir string, extractCert bool) (ConfigT, error)

Initialize returns the config for execution

func (*ConfigT) FindDataDirectory 

func (cfg *ConfigT) FindDataDirectory(imageDirectoryEntryType int) (idd ImageDirectoryT)

FindDataDirectory

func (*ConfigT) FindVerInfoOffset 

func (cfg *ConfigT) FindVerInfoOffset(fileOffset int64, sectionOffset uint32, sectionVirtualAddress uint32) (verInfoOffset int64, len uint32, err error)

func (*ConfigT) GetCharacteristics 

func (cfg *ConfigT) GetCharacteristics() []string

GetCharacteristics returns a list of PE characteristics

func (*ConfigT) GetImageSubSystem 

func (cfg *ConfigT) GetImageSubSystem() string

func (*ConfigT) GetPEType 

func (cfg *ConfigT) GetPEType() string

func (*ConfigT) GetTimeDateStamp 

func (cfg *ConfigT) GetTimeDateStamp() string

GetTimeDateStamp returns the date-time stamp in the PE's header

func (*ConfigT) GetVersionInfo 

func (cfg *ConfigT) GetVersionInfo() (vi map[string]string, keys []string, err error)

func (*ConfigT) HeaderMagic 

func (cfg *ConfigT) HeaderMagic() uint16

func (*ConfigT) Tell 

func (cfg *ConfigT) Tell() int64

Tell is a wrapper for Seek()

func (*ConfigT) VerifyCert 

func (cfg *ConfigT) VerifyCert(validateExpiredChain bool) (cert *x509.Certificate, details pkcs7.CertDetails, err error)

type ImageDirectoryT 

type ImageDirectoryT struct {
	Type           int
	VirtualAddress uint32
	Size           uint32
	ImageBase      uint64
}

type ResourceDirectoryD 

type ResourceDirectoryD struct {
	Characteristics      uint32
	TimeDateStamp        uint32
	MajorVersion         uint16
	MinorVersion         uint16
	NumberOfNamedEntries uint16
	NumberOfIdEntries    uint16
}

type ResourceDirectoryEntry 

type ResourceDirectoryEntry struct {
	Name         uint32
	OffsetToData uint32
}

type ResourceDirectoryEntryNamed 

type ResourceDirectoryEntryNamed struct {
	Name         uint32
	OffsetToData uint32
}

type VS_FIXEDFILEINFO 

type VS_FIXEDFILEINFO struct {
	DwSignature        uint32
	DwStrucVersion     uint32
	DwFileVersionMS    uint32
	DwFileVersionLS    uint32
	DwProductVersionMS uint32
	DwProductVersionLS uint32
	DwFileFlagsMask    uint32
	DwFileFlags        uint32
	DwFileOS           uint32
	DwFileType         uint32
	DwFileSubtype      uint32
	DwFileDateMS       uint32
	DwFileDateLS       uint32
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.