⌂ | ←

Quick Navigation

Constants & Variables
Type Aliases
Structs
Functions

pe

Imports

Imports #

"encoding/binary"
"errors"
"fmt"
"internal/saferio"
"io"
"unsafe"
"bytes"
"compress/zlib"
"debug/dwarf"
"encoding/binary"
"errors"
"fmt"
"io"
"os"
"strings"
"encoding/binary"
"fmt"
"internal/saferio"
"io"
"strconv"
"bytes"
"encoding/binary"
"fmt"
"internal/saferio"
"io"

Constants & Variables

COFFSymbolSize const #

const COFFSymbolSize = 18

IMAGE_COMDAT_SELECT_ANY const #

These constants make up the possible values for the 'Selection' field in an AuxFormat5.

const IMAGE_COMDAT_SELECT_ANY = 2

IMAGE_COMDAT_SELECT_ASSOCIATIVE const #

These constants make up the possible values for the 'Selection' field in an AuxFormat5.

const IMAGE_COMDAT_SELECT_ASSOCIATIVE = 5

IMAGE_COMDAT_SELECT_EXACT_MATCH const #

These constants make up the possible values for the 'Selection' field in an AuxFormat5.

const IMAGE_COMDAT_SELECT_EXACT_MATCH = 4

IMAGE_COMDAT_SELECT_LARGEST const #

These constants make up the possible values for the 'Selection' field in an AuxFormat5.

const IMAGE_COMDAT_SELECT_LARGEST = 6

IMAGE_COMDAT_SELECT_NODUPLICATES const #

These constants make up the possible values for the 'Selection' field in an AuxFormat5.

const IMAGE_COMDAT_SELECT_NODUPLICATES = 1

IMAGE_COMDAT_SELECT_SAME_SIZE const #

These constants make up the possible values for the 'Selection' field in an AuxFormat5.

const IMAGE_COMDAT_SELECT_SAME_SIZE = 3

IMAGE_DIRECTORY_ENTRY_ARCHITECTURE const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7

IMAGE_DIRECTORY_ENTRY_BASERELOC const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_BASERELOC = 5

IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11

IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14

IMAGE_DIRECTORY_ENTRY_DEBUG const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_DEBUG = 6

IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13

IMAGE_DIRECTORY_ENTRY_EXCEPTION const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3

IMAGE_DIRECTORY_ENTRY_EXPORT const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_EXPORT = 0

IMAGE_DIRECTORY_ENTRY_GLOBALPTR const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8

IMAGE_DIRECTORY_ENTRY_IAT const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_IAT = 12

IMAGE_DIRECTORY_ENTRY_IMPORT const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_IMPORT = 1

IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10

IMAGE_DIRECTORY_ENTRY_RESOURCE const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_RESOURCE = 2

IMAGE_DIRECTORY_ENTRY_SECURITY const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_SECURITY = 4

IMAGE_DIRECTORY_ENTRY_TLS const #

IMAGE_DIRECTORY_ENTRY constants

const IMAGE_DIRECTORY_ENTRY_TLS = 9

IMAGE_DLLCHARACTERISTICS_APPCONTAINER const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080

IMAGE_DLLCHARACTERISTICS_GUARD_CF const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020

IMAGE_DLLCHARACTERISTICS_NO_BIND const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200

IMAGE_DLLCHARACTERISTICS_NO_SEH const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400

IMAGE_DLLCHARACTERISTICS_NX_COMPAT const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER const #

OptionalHeader64.DllCharacteristics and OptionalHeader32.DllCharacteristics values. These can be combined together.

const IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000

IMAGE_FILE_32BIT_MACHINE const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_32BIT_MACHINE = 0x0100

IMAGE_FILE_AGGRESIVE_WS_TRIM const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_AGGRESIVE_WS_TRIM = 0x0010

IMAGE_FILE_BYTES_REVERSED_HI const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_BYTES_REVERSED_HI = 0x8000

IMAGE_FILE_BYTES_REVERSED_LO const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_BYTES_REVERSED_LO = 0x0080

IMAGE_FILE_DEBUG_STRIPPED const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_DEBUG_STRIPPED = 0x0200

IMAGE_FILE_DLL const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_DLL = 0x2000

IMAGE_FILE_EXECUTABLE_IMAGE const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002

IMAGE_FILE_LARGE_ADDRESS_AWARE const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020

IMAGE_FILE_LINE_NUMS_STRIPPED const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004

IMAGE_FILE_LOCAL_SYMS_STRIPPED const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008

IMAGE_FILE_MACHINE_AM33 const #

const IMAGE_FILE_MACHINE_AM33 = 0x1d3

IMAGE_FILE_MACHINE_AMD64 const #

const IMAGE_FILE_MACHINE_AMD64 = 0x8664

IMAGE_FILE_MACHINE_ARM const #

const IMAGE_FILE_MACHINE_ARM = 0x1c0

IMAGE_FILE_MACHINE_ARM64 const #

const IMAGE_FILE_MACHINE_ARM64 = 0xaa64

IMAGE_FILE_MACHINE_ARMNT const #

const IMAGE_FILE_MACHINE_ARMNT = 0x1c4

IMAGE_FILE_MACHINE_EBC const #

const IMAGE_FILE_MACHINE_EBC = 0xebc

IMAGE_FILE_MACHINE_I386 const #

const IMAGE_FILE_MACHINE_I386 = 0x14c

IMAGE_FILE_MACHINE_IA64 const #

const IMAGE_FILE_MACHINE_IA64 = 0x200

IMAGE_FILE_MACHINE_LOONGARCH32 const #

const IMAGE_FILE_MACHINE_LOONGARCH32 = 0x6232

IMAGE_FILE_MACHINE_LOONGARCH64 const #

const IMAGE_FILE_MACHINE_LOONGARCH64 = 0x6264

IMAGE_FILE_MACHINE_M32R const #

const IMAGE_FILE_MACHINE_M32R = 0x9041

IMAGE_FILE_MACHINE_MIPS16 const #

const IMAGE_FILE_MACHINE_MIPS16 = 0x266

IMAGE_FILE_MACHINE_MIPSFPU const #

const IMAGE_FILE_MACHINE_MIPSFPU = 0x366

IMAGE_FILE_MACHINE_MIPSFPU16 const #

const IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466

IMAGE_FILE_MACHINE_POWERPC const #

const IMAGE_FILE_MACHINE_POWERPC = 0x1f0

IMAGE_FILE_MACHINE_POWERPCFP const #

const IMAGE_FILE_MACHINE_POWERPCFP = 0x1f1

IMAGE_FILE_MACHINE_R4000 const #

const IMAGE_FILE_MACHINE_R4000 = 0x166

IMAGE_FILE_MACHINE_RISCV128 const #

const IMAGE_FILE_MACHINE_RISCV128 = 0x5128

IMAGE_FILE_MACHINE_RISCV32 const #

const IMAGE_FILE_MACHINE_RISCV32 = 0x5032

IMAGE_FILE_MACHINE_RISCV64 const #

const IMAGE_FILE_MACHINE_RISCV64 = 0x5064

IMAGE_FILE_MACHINE_SH3 const #

const IMAGE_FILE_MACHINE_SH3 = 0x1a2

IMAGE_FILE_MACHINE_SH3DSP const #

const IMAGE_FILE_MACHINE_SH3DSP = 0x1a3

IMAGE_FILE_MACHINE_SH4 const #

const IMAGE_FILE_MACHINE_SH4 = 0x1a6

IMAGE_FILE_MACHINE_SH5 const #

const IMAGE_FILE_MACHINE_SH5 = 0x1a8

IMAGE_FILE_MACHINE_THUMB const #

const IMAGE_FILE_MACHINE_THUMB = 0x1c2

IMAGE_FILE_MACHINE_UNKNOWN const #

const IMAGE_FILE_MACHINE_UNKNOWN = 0x0

IMAGE_FILE_MACHINE_WCEMIPSV2 const #

const IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169

IMAGE_FILE_NET_RUN_FROM_SWAP const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800

IMAGE_FILE_RELOCS_STRIPPED const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_RELOCS_STRIPPED = 0x0001

IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400

IMAGE_FILE_SYSTEM const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_SYSTEM = 0x1000

IMAGE_FILE_UP_SYSTEM_ONLY const #

Values of IMAGE_FILE_HEADER.Characteristics. These can be combined together.

const IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000

IMAGE_SCN_CNT_CODE const #

Section characteristics flags.

const IMAGE_SCN_CNT_CODE = 0x00000020

IMAGE_SCN_CNT_INITIALIZED_DATA const #

Section characteristics flags.

const IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040

IMAGE_SCN_CNT_UNINITIALIZED_DATA const #

Section characteristics flags.

const IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080

IMAGE_SCN_LNK_COMDAT const #

Section characteristics flags.

const IMAGE_SCN_LNK_COMDAT = 0x00001000

IMAGE_SCN_MEM_DISCARDABLE const #

Section characteristics flags.

const IMAGE_SCN_MEM_DISCARDABLE = 0x02000000

IMAGE_SCN_MEM_EXECUTE const #

Section characteristics flags.

const IMAGE_SCN_MEM_EXECUTE = 0x20000000

IMAGE_SCN_MEM_READ const #

Section characteristics flags.

const IMAGE_SCN_MEM_READ = 0x40000000

IMAGE_SCN_MEM_WRITE const #

Section characteristics flags.

const IMAGE_SCN_MEM_WRITE = 0x80000000

IMAGE_SUBSYSTEM_EFI_APPLICATION const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_EFI_APPLICATION = 10

IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11

IMAGE_SUBSYSTEM_EFI_ROM const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_EFI_ROM = 13

IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12

IMAGE_SUBSYSTEM_NATIVE const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_NATIVE = 1

IMAGE_SUBSYSTEM_NATIVE_WINDOWS const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8

IMAGE_SUBSYSTEM_OS2_CUI const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_OS2_CUI = 5

IMAGE_SUBSYSTEM_POSIX_CUI const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_POSIX_CUI = 7

IMAGE_SUBSYSTEM_UNKNOWN const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_UNKNOWN = 0

IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16

IMAGE_SUBSYSTEM_WINDOWS_CE_GUI const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9

IMAGE_SUBSYSTEM_WINDOWS_CUI const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_WINDOWS_CUI = 3

IMAGE_SUBSYSTEM_WINDOWS_GUI const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_WINDOWS_GUI = 2

IMAGE_SUBSYSTEM_XBOX const #

OptionalHeader64.Subsystem and OptionalHeader32.Subsystem values.

const IMAGE_SUBSYSTEM_XBOX = 14

Type Aliases

StringTable type #

StringTable is a COFF string table.

type StringTable []byte

Structs

COFFSymbol struct #

COFFSymbol represents single COFF symbol table record.

type COFFSymbol struct {
Name [8]uint8
Value uint32
SectionNumber int16
Type uint16
StorageClass uint8
NumberOfAuxSymbols uint8
}

COFFSymbolAuxFormat5 struct #

COFFSymbolAuxFormat5 describes the expected form of an aux symbol attached to a section definition symbol. The PE format defines a number of different aux symbol formats: format 1 for function definitions, format 2 for .be and .ef symbols, and so on. Format 5 holds extra info associated with a section definition, including number of relocations + line numbers, as well as COMDAT info. See https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-format-5-section-definitions for more on what's going on here.

type COFFSymbolAuxFormat5 struct {
Size uint32
NumRelocs uint16
NumLineNumbers uint16
Checksum uint32
SecNum uint16
Selection uint8
_ [3]uint8
}

DataDirectory struct #

type DataDirectory struct {
VirtualAddress uint32
Size uint32
}

File struct #

A File represents an open PE file.

type File struct {
FileHeader
OptionalHeader any
Sections []*Section
Symbols []*Symbol
COFFSymbols []COFFSymbol
StringTable StringTable
closer io.Closer
}

FileHeader struct #

type FileHeader struct {
Machine uint16
NumberOfSections uint16
TimeDateStamp uint32
PointerToSymbolTable uint32
NumberOfSymbols uint32
SizeOfOptionalHeader uint16
Characteristics uint16
}

FormatError struct #

FormatError is unused. The type is retained for compatibility.

type FormatError struct {

}

ImportDirectory struct #

type ImportDirectory struct {
OriginalFirstThunk uint32
TimeDateStamp uint32
ForwarderChain uint32
Name uint32
FirstThunk uint32
dll string
}

OptionalHeader32 struct #

type OptionalHeader32 struct {
Magic uint16
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
BaseOfData uint32
ImageBase uint32
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint32
SizeOfStackCommit uint32
SizeOfHeapReserve uint32
SizeOfHeapCommit uint32
LoaderFlags uint32
NumberOfRvaAndSizes uint32
DataDirectory [16]DataDirectory
}

OptionalHeader64 struct #

type OptionalHeader64 struct {
Magic uint16
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
ImageBase uint64
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem uint16
DllCharacteristics uint16
SizeOfStackReserve uint64
SizeOfStackCommit uint64
SizeOfHeapReserve uint64
SizeOfHeapCommit uint64
LoaderFlags uint32
NumberOfRvaAndSizes uint32
DataDirectory [16]DataDirectory
}

Reloc struct #

Reloc represents a PE COFF relocation. Each section contains its own relocation list.

type Reloc struct {
VirtualAddress uint32
SymbolTableIndex uint32
Type uint16
}

Section struct #

Section provides access to PE COFF section.

type Section struct {
SectionHeader
Relocs []Reloc
io.ReaderAt
sr *io.SectionReader
}

SectionHeader struct #

SectionHeader is similar to [SectionHeader32] with Name field replaced by Go string.

type SectionHeader struct {
Name string
VirtualSize uint32
VirtualAddress uint32
Size uint32
Offset uint32
PointerToRelocations uint32
PointerToLineNumbers uint32
NumberOfRelocations uint16
NumberOfLineNumbers uint16
Characteristics uint32
}

SectionHeader32 struct #

SectionHeader32 represents real PE COFF section header.

type SectionHeader32 struct {
Name [8]uint8
VirtualSize uint32
VirtualAddress uint32
SizeOfRawData uint32
PointerToRawData uint32
PointerToRelocations uint32
PointerToLineNumbers uint32
NumberOfRelocations uint16
NumberOfLineNumbers uint16
Characteristics uint32
}

Symbol struct #

Symbol is similar to [COFFSymbol] with Name field replaced by Go string. Symbol also does not have NumberOfAuxSymbols.

type Symbol struct {
Name string
Value uint32
SectionNumber int16
Type uint16
StorageClass uint8
}

nobitsSectionReader struct #

type nobitsSectionReader struct {

}

Functions

COFFSymbolReadSectionDefAux method #

COFFSymbolReadSectionDefAux returns a blob of auxiliary information (including COMDAT info) for a section definition symbol. Here 'idx' is the index of a section symbol in the main [COFFSymbol] array for the File. Return value is a pointer to the appropriate aux symbol struct. For more info, see: auxiliary symbols: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-symbol-records COMDAT sections: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#comdat-sections-object-only auxiliary info for section definitions: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-format-5-section-definitions

func (f *File) COFFSymbolReadSectionDefAux(idx int) (*COFFSymbolAuxFormat5, error)

Close method #

Close closes the [File]. If the [File] was created using [NewFile] directly instead of [Open], Close has no effect.

func (f *File) Close() error

DWARF method #

func (f *File) DWARF() (*dwarf.Data, error)

Data method #

Data reads and returns the contents of the PE section s. If s.Offset is 0, the section has no contents, and Data will always return a non-nil error.

func (s *Section) Data() ([]byte, error)

Error method #

func (e *FormatError) Error() string

FullName method #

FullName finds real name of symbol sym. Normally name is stored in sym.Name, but if it is longer then 8 characters, it is stored in COFF string table st instead.

func (sym *COFFSymbol) FullName(st StringTable) (string, error)

ImportedLibraries method #

ImportedLibraries returns the names of all libraries referred to by the binary f that are expected to be linked with the binary at dynamic link time.

func (f *File) ImportedLibraries() ([]string, error)

ImportedSymbols method #

ImportedSymbols returns the names of all symbols referred to by the binary f that are expected to be satisfied by other libraries at dynamic load time. It does not return weak symbols.

func (f *File) ImportedSymbols() ([]string, error)

NewFile function #

NewFile creates a new [File] for accessing a PE binary in an underlying reader.

func NewFile(r io.ReaderAt) (*File, error)

Open function #

Open opens the named file using [os.Open] and prepares it for use as a PE binary.

func Open(name string) (*File, error)

Open method #

Open returns a new ReadSeeker reading the PE section s. If s.Offset is 0, the section has no contents, and all calls to the returned reader will return a non-nil error.

func (s *Section) Open() io.ReadSeeker

ReadAt method #

func (*nobitsSectionReader) ReadAt(p []byte, off int64) (n int, err error)

Section method #

Section returns the first section with the given name, or nil if no such section exists.

func (f *File) Section(name string) *Section

String method #

String extracts string from COFF string table st at offset start.

func (st StringTable) String(start uint32) (string, error)

cstring function #

cstring converts ASCII byte sequence b to string. It stops once it finds 0 or reaches end of b.

func cstring(b []byte) string

fullName method #

fullName finds real name of section sh. Normally name is stored in sh.Name, but if it is longer then 8 characters, it is stored in COFF string table st instead.

func (sh *SectionHeader32) fullName(st StringTable) (string, error)

getString function #

getString extracts a string from symbol string table.

func getString(section []byte, start int) (string, bool)

isSymNameOffset function #

isSymNameOffset checks symbol name if it is encoded as offset into string table.

func isSymNameOffset(name [8]byte) (bool, uint32)

readCOFFSymbols function #

readCOFFSymbols reads in the symbol table for a PE file, returning a slice of COFFSymbol objects. The PE format includes both primary symbols (whose fields are described by COFFSymbol above) and auxiliary symbols; all symbols are 18 bytes in size. The auxiliary symbols for a given primary symbol are placed following it in the array, e.g. ... k+0: regular sym k k+1: 1st aux symbol for k k+2: 2nd aux symbol for k k+3: regular sym k+3 k+4: 1st aux symbol for k+3 k+5: regular sym k+5 k+6: regular sym k+6 The PE format allows for several possible aux symbol formats. For more info see: https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#auxiliary-symbol-records At the moment this package only provides APIs for looking at aux symbols of format 5 (associated with section definition symbols).

func readCOFFSymbols(fh *FileHeader, r io.ReadSeeker) ([]COFFSymbol, error)

readDataDirectories function #

readDataDirectories accepts an io.ReadSeeker pointing to data directories in the PE file, its size and number of data directories as seen in optional header. It parses the given size of bytes and returns given number of data directories.

func readDataDirectories(r io.ReadSeeker, sz uint16, n uint32) ([]DataDirectory, error)

readOptionalHeader function #

readOptionalHeader accepts an io.ReadSeeker pointing to optional header in the PE file and its size as seen in the file header. It parses the given size of bytes and returns optional header. It infers whether the bytes being parsed refer to 32 bit or 64 bit version of optional header.

func readOptionalHeader(r io.ReadSeeker, sz uint16) (any, error)

readRelocs function #

func readRelocs(sh *SectionHeader, r io.ReadSeeker) ([]Reloc, error)

readStringTable function #

func readStringTable(fh *FileHeader, r io.ReadSeeker) (StringTable, error)

removeAuxSymbols function #

func removeAuxSymbols(allsyms []COFFSymbol, st StringTable) ([]*Symbol, error)

Generated with Arrow