Package pe

import "debug/pe"
Overview
Index

Overview ▾

程序包pe实现了对PE(Microsoft Windows Portable可执行文件)文件的访问.

Constants

const (
    IMAGE_FILE_MACHINE_UNKNOWN   = 0x0
    IMAGE_FILE_MACHINE_AM33      = 0x1d3
    IMAGE_FILE_MACHINE_AMD64     = 0x8664
    IMAGE_FILE_MACHINE_ARM       = 0x1c0
    IMAGE_FILE_MACHINE_ARMNT     = 0x1c4
    IMAGE_FILE_MACHINE_ARM64     = 0xaa64
    IMAGE_FILE_MACHINE_EBC       = 0xebc
    IMAGE_FILE_MACHINE_I386      = 0x14c
    IMAGE_FILE_MACHINE_IA64      = 0x200
    IMAGE_FILE_MACHINE_M32R      = 0x9041
    IMAGE_FILE_MACHINE_MIPS16    = 0x266
    IMAGE_FILE_MACHINE_MIPSFPU   = 0x366
    IMAGE_FILE_MACHINE_MIPSFPU16 = 0x466
    IMAGE_FILE_MACHINE_POWERPC   = 0x1f0
    IMAGE_FILE_MACHINE_POWERPCFP = 0x1f1
    IMAGE_FILE_MACHINE_R4000     = 0x166
    IMAGE_FILE_MACHINE_SH3       = 0x1a2
    IMAGE_FILE_MACHINE_SH3DSP    = 0x1a3
    IMAGE_FILE_MACHINE_SH4       = 0x1a6
    IMAGE_FILE_MACHINE_SH5       = 0x1a8
    IMAGE_FILE_MACHINE_THUMB     = 0x1c2
    IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x169
)

IMAGE_DIRECTORY_ENTRY常数

const (
    IMAGE_DIRECTORY_ENTRY_EXPORT         = 0
    IMAGE_DIRECTORY_ENTRY_IMPORT         = 1
    IMAGE_DIRECTORY_ENTRY_RESOURCE       = 2
    IMAGE_DIRECTORY_ENTRY_EXCEPTION      = 3
    IMAGE_DIRECTORY_ENTRY_SECURITY       = 4
    IMAGE_DIRECTORY_ENTRY_BASERELOC      = 5
    IMAGE_DIRECTORY_ENTRY_DEBUG          = 6
    IMAGE_DIRECTORY_ENTRY_ARCHITECTURE   = 7
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR      = 8
    IMAGE_DIRECTORY_ENTRY_TLS            = 9
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG    = 10
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT   = 11
    IMAGE_DIRECTORY_ENTRY_IAT            = 12
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT   = 13
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14
)
const COFFSymbolSize = 18

type COFFSymbol 1.1

COFFSymbol表示单个COFF符号表记录.

type COFFSymbol struct {
    Name               [8]uint8
    Value              uint32
    SectionNumber      int16
    Type               uint16
    StorageClass       uint8
    NumberOfAuxSymbols uint8
}

func (*COFFSymbol) FullName 1.8

func (sym *COFFSymbol) FullName(st StringTable) (string, error)

FullName查找符号sym的真实名称. 通常,名称存储在sym.Name中,但是如果名称长于8个字符,则将其存储在COFF字符串表st中.

type DataDirectory 1.3

type DataDirectory struct {
    VirtualAddress uint32
    Size           uint32
}

type File

文件代表打开的PE文件.

type File struct {
    FileHeader
    OptionalHeader interface{} // of type *OptionalHeader32 or *OptionalHeader64; added in Go 1.3
    Sections       []*Section
    Symbols        []*Symbol    // COFF symbols with auxiliary symbol records removed; added in Go 1.1
    COFFSymbols    []COFFSymbol // all COFF symbols (including auxiliary symbol records); added in Go 1.8
    StringTable    StringTable // Go 1.8
    // contains filtered or unexported fields
}

func NewFile

func NewFile(r io.ReaderAt) (*File, error)

NewFile创建一个新文件,用于访问基础读取器中的PE二进制文件.

func Open

func Open(name string) (*File, error)

Open使用os.Open打开命名文件,并准备将其用作PE二进制文件.

func (*File) Close

func (f *File) Close() error

关闭关闭文件. 如果文件是使用NewFile而不是直接使用Open创建的,则Close无效.

func (*File) DWARF

func (f *File) DWARF() (*dwarf.Data, error)

func (*File) ImportedLibraries

func (f *File) ImportedLibraries() ([]string, error)

ImportedLibraries返回由二进制文件f引用的所有库的名称,这些库期望在动态链接时与二进制文件链接.

func (*File) ImportedSymbols

func (f *File) ImportedSymbols() ([]string, error)

ImportedSymbols返回二进制f引用的所有符号的名称,这些符号在动态加载时预计会被其他库满足. 它不返回弱符号.

func (*File) Section

func (f *File) Section(name string) *Section

Section返回具有给定名称的第一部分,如果不存在这样的部分,则返回nil.

type FileHeader

type FileHeader struct {
    Machine              uint16
    NumberOfSections     uint16
    TimeDateStamp        uint32
    PointerToSymbolTable uint32
    NumberOfSymbols      uint32
    SizeOfOptionalHeader uint16
    Characteristics      uint16
}

type FormatError

FormatError未使用. 保留该类型是为了兼容性.

type FormatError struct {
}

func (*FormatError) Error

func (e *FormatError) Error() string

type ImportDirectory

type ImportDirectory struct {
    OriginalFirstThunk uint32
    TimeDateStamp      uint32
    ForwarderChain     uint32
    Name               uint32
    FirstThunk         uint32
    // contains filtered or unexported fields
}

type OptionalHeader32 1.3

type OptionalHeader32 struct {
    Magic                       uint16
    MajorLinkerVersion          uint8
    MinorLinkerVersion          uint8
    SizeOfCode                  uint32
    SizeOfInitializedData       uint32
    SizeOfUninitializedData     uint32
    AddressOfEntryPoint         uint32
    BaseOfCode                  uint32
    BaseOfData                  uint32
    ImageBase                   uint32
    SectionAlignment            uint32
    FileAlignment               uint32
    MajorOperatingSystemVersion uint16
    MinorOperatingSystemVersion uint16
    MajorImageVersion           uint16
    MinorImageVersion           uint16
    MajorSubsystemVersion       uint16
    MinorSubsystemVersion       uint16
    Win32VersionValue           uint32
    SizeOfImage                 uint32
    SizeOfHeaders               uint32
    CheckSum                    uint32
    Subsystem                   uint16
    DllCharacteristics          uint16
    SizeOfStackReserve          uint32
    SizeOfStackCommit           uint32
    SizeOfHeapReserve           uint32
    SizeOfHeapCommit            uint32
    LoaderFlags                 uint32
    NumberOfRvaAndSizes         uint32
    DataDirectory               [16]DataDirectory
}

type OptionalHeader64 1.3

type OptionalHeader64 struct {
    Magic                       uint16
    MajorLinkerVersion          uint8
    MinorLinkerVersion          uint8
    SizeOfCode                  uint32
    SizeOfInitializedData       uint32
    SizeOfUninitializedData     uint32
    AddressOfEntryPoint         uint32
    BaseOfCode                  uint32
    ImageBase                   uint64
    SectionAlignment            uint32
    FileAlignment               uint32
    MajorOperatingSystemVersion uint16
    MinorOperatingSystemVersion uint16
    MajorImageVersion           uint16
    MinorImageVersion           uint16
    MajorSubsystemVersion       uint16
    MinorSubsystemVersion       uint16
    Win32VersionValue           uint32
    SizeOfImage                 uint32
    SizeOfHeaders               uint32
    CheckSum                    uint32
    Subsystem                   uint16
    DllCharacteristics          uint16
    SizeOfStackReserve          uint64
    SizeOfStackCommit           uint64
    SizeOfHeapReserve           uint64
    SizeOfHeapCommit            uint64
    LoaderFlags                 uint32
    NumberOfRvaAndSizes         uint32
    DataDirectory               [16]DataDirectory
}

type Reloc 1.8

重定位表示PE COFF重定位. 每个部分包含其自己的重定位列表.

type Reloc struct {
    VirtualAddress   uint32
    SymbolTableIndex uint32
    Type             uint16
}

type Section

该部分提供对PE COFF部分的访问.

type Section struct {
    SectionHeader
    Relocs []Reloc // Go 1.8

    // Embed ReaderAt for ReadAt method.
    // Do not embed SectionReader directly
    // to avoid having Read and Seek.
    // If a client wants Read and Seek it must use
    // Open() to avoid fighting over the seek offset
    // with other clients.
    io.ReaderAt
    // contains filtered or unexported fields
}

func (*Section) Data

func (s *Section) Data() ([]byte, error)

数据读取并返回PE部分s的内容.

func (*Section) Open

func (s *Section) Open() io.ReadSeeker

打开将返回一个新的ReadSeeker,其中将读取PE部分.

type SectionHeader

SectionHeader与SectionHeader32相似,其中Name字段替换为Go字符串.

type SectionHeader struct {
    Name                 string
    VirtualSize          uint32
    VirtualAddress       uint32
    Size                 uint32
    Offset               uint32
    PointerToRelocations uint32
    PointerToLineNumbers uint32
    NumberOfRelocations  uint16
    NumberOfLineNumbers  uint16
    Characteristics      uint32
}

type SectionHeader32

SectionHeader32代表真实的PE COFF段头.

type SectionHeader32 struct {
    Name                 [8]uint8
    VirtualSize          uint32
    VirtualAddress       uint32
    SizeOfRawData        uint32
    PointerToRawData     uint32
    PointerToRelocations uint32
    PointerToLineNumbers uint32
    NumberOfRelocations  uint16
    NumberOfLineNumbers  uint16
    Characteristics      uint32
}

type StringTable 1.8

StringTable是一个COFF字符串表.

type StringTable []byte

func (StringTable) String 1.8

func (st StringTable) String(start uint32) (string, error)

字符串从偏移开始处的COFF字符串表st中提取字符串.

type Symbol 1.1

Symbol类似于COFFSymbol,其中Name字段被Go字符串替换. Symbol也没有NumberOfAuxSymbols.

type Symbol struct {
    Name          string
    Value         uint32
    SectionNumber int16
    Type          uint16
    StorageClass  uint8
}

by  ICOPY.SITE