Categorygithub.com/mewrev/pe
modulepackage
0.0.0-20210119092948-3616b5d5cac2
Repository: https://github.com/mewrev/pe.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
11
Dependents
4
Files
1.2k SLOC

# README

WIP

This project is a work in progress. The implementation is incomplete and subject to change. The documentation can be inaccurate.

pe

Build Status Coverage Status GoDoc

The pe project implements access to the Portable Executable (PE) file format.

Documentation

Documentation provided by GoDoc.

  • pe: implements access to the Portable Executable (PE) file format.

Public domain

The source code and any original content of this repository is hereby released into the public domain.

# Packages

No description provided by the author

# Functions

New returns a new File for accessing the PE binary of r.
Open returns a new File for accessing the PE binary at path.
ParseFPOData parses the given raw data structure as an FPO data structure.

# Constants

ArchAMD64 represents the x64 processor.
ArchI386 represents the Intel 386 and later processors.
ArchIA64 represents the Intel Itanium processor.
Architecture-specific data.
Base relocation table.
Bound import table.
Certificate table.
CLR header.
Debugging information.
Delay import descriptor.
Exception table.
Export table.
Global pointer register.
Import address table.
Import table.
Load configuration table.
Reserved.
Resource table.
Thread local storage (TLS) table.
DLLFlagCanDEP indicates that the image is compatible with data execution prevention (DEP).
DLLFlagCanRDS indicates that the image is remove desktop service (RDS) aware.
DLLFlagDynBase indicates that the DLL can be relocated at load time.
DLLFlagForceIntegrity forces code integrity checks.
DLLFlagNoBind specifies that the linker shouldn't bind the image.
DLLFlagNoIsolation indicates that the image shouldn't be isolated.
DLLFlagNoSEH indicates that the image doesn't use structured exception handling (SEH).
DLLFlagWDMDriver represents a Windows Driver Model (WDM) driver.
Flag32bit indicates that the computer supports 32-bit words.
FlagDLL indicates that the file is a dynamic link library (DLL).
FlagExecutable indicates that the file is executable.
FlagLargeAddr indicates that the application can handle addresses larger than 2 GB.
FlagNetCopyToSwap copies the file from the network to the swap before running it.
FlagNoDebug indicates that the file contains no debugging information.
FlagNoLineNums indicates that the file contains no line numbers.
FlagNoReloc indicates that the file contains no relocation information.
FlagNoSymTbl indicates that the file contains no symbol table.
FlagSystem indicates that the file is a system file.
FlagUniprocessor indicates that the file should only be run on a uniprocessor computer.
FlagUSBCopyToSwap copies the file from a usb device to the swap before running it.
FPO.
NonFPO.
Trap.
TSS.
Borland debugging information.
Reserved.
CodeView debugging information.
COFF debugging information (line numbers, symbol table, and string table).
Exception information.
Fixup information.
Frame pointer omission (FPO) information.
Miscellaneous information.
The mapping from an RVA in source image to an RVA in image.
The mapping from an RVA in image to an RVA in source image.
PE determinism or reproducibility.
Reserved.
Unknown value, ignored by all tools.
OptState32 represents a 32-bit executable image.
OptState64 represents a 64-bit executable image.
OptStateROM represents a ROM image.
SectFlagBSS indicates that the section contains uninitialized data.
SectFlagCode indicates that the section contains executable code.
SectFlagData indicates that the section contains initialized data.
SectFlagDeferSpecExc resets speculative exception handling bits in the TLB entries for this section.
SectFlagGPRef indicates that the section contains data referenced through the global pointer.
SectFlagLinkCOMDAT indicates that the section contains COMDAT data.
SectFlagLinkInfo indicates that the section contains comments or other information.
SectFlagLinkRemove indicates that the section will not become part of the image.
SectFlagMemDiscard indicates that the section memory can be discarded as needed.
SectFlagMemExec indicates that the section memory can be executed.
SectFlagMemNoCache indicates that the section memory cannot be cached.
SectFlagMemNoPage indicates that the section memory cannot be paged.
SectFlagMemRead indicates that the section memory can be read.
SectFlagMemShared indicates that the section memory can be shared.
SectFlagMemWrite indicates that the section memory can be written to.
SectFlagObjAlign1 aligns data on a 1-byte boundary.
SectFlagObjAlign1024 aligns data on a 1024-byte boundary.
SectFlagObjAlign128 aligns data on a 128-byte boundary.
SectFlagObjAlign16 aligns data on a 16-byte boundary.
SectFlagObjAlign2 aligns data on a 2-byte boundary.
SectFlagObjAlign2048 aligns data on a 2048-byte boundary.
SectFlagObjAlign256 aligns data on a 256-byte boundary.
SectFlagObjAlign32 aligns data on a 32-byte boundary.
SectFlagObjAlign4 aligns data on a 4-byte boundary.
SectFlagObjAlign4096 aligns data on a 4096-byte boundary.
SectFlagObjAlign512 aligns data on a 512-byte boundary.
SectFlagObjAlign64 aligns data on a 64-byte boundary.
SectFlagObjAlign8 aligns data on a 8-byte boundary.
SectFlagObjAlign8192 aligns data on a 8192-byte boundary.
SectFlagRelocsOverflow indicates that there are more relocations than can be represented by the 16-bit value in the section header.
SubsystemEFIApp represents an Extensible Firmware Interface (EFI) application.
SubsystemEFIBootDriver represents an EFI driver with boot services.
SubsystemEFIROM represents an EFI ROM image.
SubsystemEFIRuntimeDriver represents an EFI driver with run-time services.
SubsystemNative represents a device driver or native system process; no subsystem required.
SubsystemOS2CLI represents a OS/2 CLI subsystem.
SubsystemPOSIXCLI represents a POSIX CLI subsystem.
SubsystemUnknown represents an unknown subsystem.
SubsystemWinBootApp represents a boot application.
SubsystemWinCEGUI represents a Windows CE GUI subsystem.
SubsystemWinCLI represents a Window command line interface (CLI) subsystem.
SubsystemWinGUI represents a Windows graphical user interface (GUI) subsystem.
SubsystemXbox represents an Xbox system.

# Structs

A DataDirectory contains the location and size of various data structures.
A DOSHeader contains information about the executable environment of 16-bit DOS binaries.
File represents a Portable Executable (PE) file.
FileHeader represents a COFF file header.
FPOData represents the stack frame layout for a function on an x86 computer when frame pointer omission (FPO) optimization is used.
FPODataRaw represents the stack frame layout for a function on an x86 computer when frame pointer omission (FPO) optimization is used.
ImageDebugDirectory is a debugging information data directory.
OptHeader represents an optional header.
OptHeader32 represents a 32-bit optional header.
SectHeader represents a section header.

# Interfaces

ReadAtSeeker is the interface that wraps the basic ReadAt and Seek methods.

# Type aliases

Arch specifies the architecture of the computer.
DLLFlag is a bitfield which specifies the DLL characteristics of an image.
Flag is a bitfield which specifies the characteristics of an executable.
FrameType specifies the frame type of a function.
ImageDebugType specifies the format of the debugging information pointed to by the debug data directory.
OptState specifies the state of the image file.
SectFlag is a bitfield which specifies the characteristics of a section.
Subsystem specifies the subsystem required to run an image.
Time represents a time and date; measured in seconds since the Unix Epoch.