pe package - debug/pe - Go Packages
Package pe implements access to PE (Microsoft Windows Portable Executable) files.
Security ΒΆ
This package is not designed to be hardened against adversarial inputs, and is outside the scope of https://go.dev/security/policy. In particular, only basic validation is done when parsing object files. As such, care should be taken when parsing untrusted inputs, as parsing malformed files may consume significant resources, or cause panics.
- Constants
- type COFFSymbol
- type COFFSymbolAuxFormat5
- type DataDirectory
- type File
- func (f *File) COFFSymbolReadSectionDefAux(idx int) (*COFFSymbolAuxFormat5, error)
- func (f *File) Close() error
- func (f *File) DWARF() (*dwarf.Data, error)
- func (f *File) ImportedLibraries() ([]string, error)
- func (f *File) ImportedSymbols() ([]string, error)
- func (f *File) Section(name string) *Section
- type FileHeader
- type FormatError
- type ImportDirectory
- type OptionalHeader32
- type OptionalHeader64
- type Reloc
- type Section
- type SectionHeader
- type SectionHeader32
- type StringTable
- type Symbol
const ( IMAGE_FILE_MACHINE_UNKNOWN = 0x0 IMAGE_FILE_MACHINE_AM33 = 0x1d3 IMAGE_FILE_MACHINE_AMD64 = 0x8664 IMAGE_FILE_MACHINE_ARM = 0x1c0 IMAGE_FILE_MACHINE_ARMNT = 0x1c4 IMAGE_FILE_MACHINE_ARM64 = 0xaa64 IMAGE_FILE_MACHINE_EBC = 0xebc IMAGE_FILE_MACHINE_I386 = 0x14c IMAGE_FILE_MACHINE_IA64 = 0x200 IMAGE_FILE_MACHINE_LOONGARCH32 = 0x6232 IMAGE_FILE_MACHINE_LOONGARCH64 = 0x6264 IMAGE_FILE_MACHINE_M32R = 0x9041 IMAGE_FILE_MACHINE_MIPS16 = 0x266 IMAGE_FILE_MACHINE_MIPSFPU = 0x366 IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466 IMAGE_FILE_MACHINE_POWERPC = 0x1f0 IMAGE_FILE_MACHINE_POWERPCFP = 0x1f1 IMAGE_FILE_MACHINE_R4000 = 0x166 IMAGE_FILE_MACHINE_SH3 = 0x1a2 IMAGE_FILE_MACHINE_SH3DSP = 0x1a3 IMAGE_FILE_MACHINE_SH4 = 0x1a6 IMAGE_FILE_MACHINE_SH5 = 0x1a8 IMAGE_FILE_MACHINE_THUMB = 0x1c2 IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169 IMAGE_FILE_MACHINE_RISCV32 = 0x5032 IMAGE_FILE_MACHINE_RISCV64 = 0x5064 IMAGE_FILE_MACHINE_RISCV128 = 0x5128 )
const ( IMAGE_DIRECTORY_ENTRY_EXPORT = 0 IMAGE_DIRECTORY_ENTRY_IMPORT = 1 IMAGE_DIRECTORY_ENTRY_RESOURCE = 2 IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3 IMAGE_DIRECTORY_ENTRY_SECURITY = 4 IMAGE_DIRECTORY_ENTRY_BASERELOC = 5 IMAGE_DIRECTORY_ENTRY_DEBUG = 6 IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7 IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8 IMAGE_DIRECTORY_ENTRY_TLS = 9 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11 IMAGE_DIRECTORY_ENTRY_IAT = 12 IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14 )
IMAGE_DIRECTORY_ENTRY constants
const ( IMAGE_FILE_RELOCS_STRIPPED = 0x0001 IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002 IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004 IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008 IMAGE_FILE_AGGRESIVE_WS_TRIM = 0x0010 IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020 IMAGE_FILE_BYTES_REVERSED_LO = 0x0080 IMAGE_FILE_32BIT_MACHINE = 0x0100 IMAGE_FILE_DEBUG_STRIPPED = 0x0200 IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400 IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800 IMAGE_FILE_SYSTEM = 0x1000 IMAGE_FILE_DLL = 0x2000 IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000 IMAGE_FILE_BYTES_REVERSED_HI = 0x8000 )
Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.
const ( IMAGE_SUBSYSTEM_UNKNOWN = 0 IMAGE_SUBSYSTEM_NATIVE = 1 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3 IMAGE_SUBSYSTEM_OS2_CUI = 5 IMAGE_SUBSYSTEM_POSIX_CUI = 7 IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9 IMAGE_SUBSYSTEM_EFI_APPLICATION = 10 IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11 IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12 IMAGE_SUBSYSTEM_EFI_ROM = 13 IMAGE_SUBSYSTEM_XBOX = 14 IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16 )
OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.
const ( IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020 IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040 IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080 IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100 IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200 IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400 IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800 IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000 IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000 IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000 IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000 )
OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.
const ( IMAGE_SCN_CNT_CODE = 0x00000020 IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040 IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080 IMAGE_SCN_LNK_COMDAT = 0x00001000 IMAGE_SCN_MEM_DISCARDABLE = 0x02000000 IMAGE_SCN_MEM_EXECUTE = 0x20000000 IMAGE_SCN_MEM_READ = 0x40000000 IMAGE_SCN_MEM_WRITE = 0x80000000 )
Section characteristics flags.
const ( IMAGE_COMDAT_SELECT_NODUPLICATES = 1 IMAGE_COMDAT_SELECT_ANY = 2 IMAGE_COMDAT_SELECT_SAME_SIZE = 3 IMAGE_COMDAT_SELECT_EXACT_MATCH = 4 IMAGE_COMDAT_SELECT_ASSOCIATIVE = 5 IMAGE_COMDAT_SELECT_LARGEST = 6 )
These constants make up the possible values for the 'Selection' field in an AuxFormat5.
This section is empty.
This section is empty.
COFFSymbol represents single COFF symbol table record.
FullName finds real name of symbol sym. Normally name is stored in sym.Name, but if it is longer then 8 characters, it is stored in COFF string table st instead.
COFFSymbolAuxFormat5 describes the expected form of an aux symbol attached to a section definition symbol. The PE format defines a number of different aux symbol formats: format 1 for function definitions, format 2 for .be and .ef symbols, and so on. Format 5 holds extra info associated with a section definition, including number of relocations + line numbers, as well as COMDAT info. See https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-format-5-section-definitions for more on what's going on here.
type File struct {
Sections []*Section
Symbols []*Symbol
COFFSymbols []COFFSymbol
StringTable StringTable
}
A File represents an open PE file.
NewFile creates a new File for accessing a PE binary in an underlying reader.
Open opens the named file using os.Open and prepares it for use as a PE binary.
Close closes the File. If the File was created using NewFile directly instead of Open, Close has no effect.
ImportedLibraries returns the names of all libraries referred to by the binary f that are expected to be linked with the binary at dynamic link time.
ImportedSymbols returns the names of all symbols referred to by the binary f that are expected to be satisfied by other libraries at dynamic load time. It does not return weak symbols.
Section returns the first section with the given name, or nil if no such section exists.
type FileHeader struct {
}
type FormatError struct {
}
FormatError is unused. The type is retained for compatibility.
type OptionalHeader32 struct {
NumberOfRvaAndSizes uint32
}
type OptionalHeader64 struct {
NumberOfRvaAndSizes uint32
}
Reloc represents a PE COFF relocation. Each section contains its own relocation list.
Section provides access to PE COFF section.
Data reads and returns the contents of the PE section s.
If s.Offset is 0, the section has no contents, and Data will always return a non-nil error.
Open returns a new ReadSeeker reading the PE section s.
If s.Offset is 0, the section has no contents, and all calls to the returned reader will return a non-nil error.
type SectionHeader struct {
}
SectionHeader is similar to SectionHeader32 with Name field replaced by Go string.
type SectionHeader32 struct {
}
SectionHeader32 represents real PE COFF section header.
StringTable is a COFF string table.
String extracts string from COFF string table st at offset start.
Symbol is similar to COFFSymbol with Name field replaced by Go string. Symbol also does not have NumberOfAuxSymbols.