peinfo-go

module

v0.0.0-...-89d114c Latest Latest Go to latest Published: Nov 15, 2020 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/skillcoder/peinfo-go

Links

Open Source Insights

README ¶

peinfo-go

This is a PE (Portable Executable) parser written in GoLang. I wanted to learn more about the PE format, specifically how the certificates were stored. What better way is there than to write some code?

This is a work in progress and will continue to change.

This leverages the debug/pe package for parsing of the common headers/sections.

Current state:

Displays a few PE details
Examines the certificate
Finds Version Info struct
Displays imports

TODO:

~~Actually Parse Version Info struct (currently displayed as raw binary)~~
Re-write function for finding Version Info (currently written so I could better understand the structure)
Custom certificate stores

Example

[user:~/peinfo-go\ > ./peinfo-go /tmp/Autoruns/autorunsc64.exe
type: pe32+
Characteristics: [Executable]
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_CUI

Cert:
  subject: CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
  issuer: CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
  verified: false
  error: pkcs7: failed to verify certificate chain: x509: certificate signed by unknown authority

Version Info:
?�StringFileInfo�040904b0h$CompanyNameSysinternals - www.sysinternals.comZFileDescriptionAutostart program viewer,FileVersion13.94LInternalNameSysinternals Autorunsv)LegalCopyrightCopyright (C) 2002-2019 MarkOriginalFilenameautoruns.exeLProductNameSysinternals autoruns0ProductVersion13.94DVarFileInfo$Translation	�

Imports:
 - VerQueryValueW:VERSION.dll
 - GetFileVersionInfoW:VERSION.dll
 - GetFileVersionInfoSizeW:VERSION.dll
 - ImageList_ReplaceIcon:COMCTL32.dll
 ...

References

Directories ¶

Path	Synopsis
cmd
peinfo

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL