LIEF::PE::Binary Class Reference
Class which represents a PE binary This is the main interface to manage and modify a PE executable. More...
#include <Binary.hpp>
Inheritance diagram for LIEF::PE::Binary:
Collaboration diagram for LIEF::PE::Binary:
Public Types | |
| using | sections_t = std::vector<std::unique_ptr<Section>> |
| Internal container for storing PE's Section. | |
| using | it_sections = ref_iterator<sections_t&, Section*> |
| Iterator that outputs Section& object. | |
| using | it_const_sections = const_ref_iterator<const sections_t&, const Section*> |
| Iterator that outputs const Section& object. | |
| using | data_directories_t = std::vector<std::unique_ptr<DataDirectory>> |
| Internal container for storing PE's DataDirectory. | |
| using | it_data_directories = ref_iterator<data_directories_t&, DataDirectory*> |
| Iterator that outputs DataDirectory&. | |
| using | it_const_data_directories = const_ref_iterator<const data_directories_t&, const DataDirectory*> |
| Iterator that outputs const DataDirectory&. | |
| using | relocations_t = std::vector<std::unique_ptr<Relocation>> |
| Internal container for storing PE's Relocation. | |
| using | it_relocations = ref_iterator<relocations_t&, Relocation*> |
| Iterator that outputs Relocation&. | |
| using | it_const_relocations = const_ref_iterator<const relocations_t&, const Relocation*> |
| Iterator that outputs const Relocation&. | |
| using | imports_t = std::vector<Import> |
| Internal container for storing PE's Import. | |
| using | it_imports = ref_iterator<imports_t&> |
| Iterator that output Import&. | |
| using | it_const_imports = const_ref_iterator<const imports_t&> |
| Iterator that outputs const Import&. | |
| using | delay_imports_t = std::vector<DelayImport> |
| Internal container for storing PE's DelayImport. | |
| using | it_delay_imports = ref_iterator<delay_imports_t&> |
| Iterator that output DelayImport&. | |
| using | it_const_delay_imports = const_ref_iterator<const delay_imports_t&> |
| Iterator that outputs const DelayImport&. | |
| using | debug_entries_t = std::vector<std::unique_ptr<Debug>> |
| Internal container for storing Debug information. | |
| using | it_debug_entries = ref_iterator<debug_entries_t&, Debug*> |
| Iterator that outputs Debug&. | |
| using | it_const_debug_entries = const_ref_iterator<const debug_entries_t&, const Debug*> |
| Iterator that outputs const Debug&. | |
| using | symbols_t = std::vector<std::unique_ptr<Symbol>> |
| Internal container for storing COFF Symbols. | |
| using | it_symbols = ref_iterator<symbols_t&, Symbol*> |
| Iterator that outputs Symbol&. | |
| using | it_const_symbols = const_ref_iterator<const symbols_t&, const Symbol*> |
| Iterator that outputs const Symbol&. | |
| using | strings_table_t = std::vector<COFFString> |
| Internal container for storing strings. | |
| using | it_strings_table = ref_iterator<strings_table_t&> |
| Iterator that outputs std::string&. | |
| using | it_const_strings_table = const_ref_iterator<const strings_table_t&> |
| Iterator that outputs const std::string&. | |
| using | signatures_t = std::vector<Signature> |
| Internal container for storing PE's authenticode Signature. | |
| using | it_signatures = ref_iterator<signatures_t&> |
| Iterator that outputs Signature&. | |
| using | it_const_signatures = const_ref_iterator<const signatures_t&> |
| Iterator that outputs const Signature&. | |
| using | exceptions_t = std::vector<std::unique_ptr<ExceptionInfo>> |
| Internal container for storing runtime function associated with exceptions. | |
| using | it_exceptions = ref_iterator<exceptions_t&, ExceptionInfo*> |
| Iterator that outputs ExceptionInfo&. | |
| using | it_const_exceptions = const_ref_iterator<const exceptions_t&, const ExceptionInfo*> |
| Iterator that outputs const ExceptionInfo&. | |
 Public Types inherited from LIEF::Binary | |
| enum class | VA_TYPES { AUTO = 0 , RVA = 1 , VA = 2 } |
| Type of a virtual address. More... | |
| enum | FORMATS { UNKNOWN = 0 , ELF , PE , MACHO , OAT } |
| using | functions_t = std::vector<Function> |
| using | sections_t = std::vector<Section*> |
| Internal container. | |
| using | it_sections = ref_iterator<sections_t> |
| Iterator that outputs LIEF::Section&. | |
| using | it_const_sections = const_ref_iterator<sections_t> |
| Iterator that outputs const LIEF::Section&. | |
| using | symbols_t = std::vector<Symbol*> |
| Internal container. | |
| using | it_symbols = ref_iterator<symbols_t> |
| Iterator that outputs LIEF::Symbol&. | |
| using | it_const_symbols = const_ref_iterator<symbols_t> |
| Iterator that outputs const LIEF::Symbol&. | |
| using | relocations_t = std::vector<Relocation*> |
| Internal container. | |
| using | it_relocations = ref_iterator<relocations_t> |
| Iterator that outputs LIEF::Relocation&. | |
| using | it_const_relocations = const_ref_iterator<relocations_t> |
| Iterator that outputs const LIEF::Relocation&. | |
| using | instructions_it = iterator_range<assembly::Instruction::Iterator> |
| Instruction iterator. | |
| Public Types inherited from LIEF::Object | |
| template<class T > | |
| using | output_t = add_pointer_t<decay_t<T>> |
| template<class T > | |
| using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Public Member Functions | |
| Binary () | |
| ~Binary () override | |
| PE_TYPE | type () const |
Return PE32 or PE32+ | |
| uint64_t | rva_to_offset (uint64_t RVA) const |
| Convert a Relative Virtual Address into an offset. | |
| uint64_t | va_to_offset (uint64_t VA) const |
| Convert the absolute virtual address into an offset. | |
| result< uint64_t > | offset_to_virtual_address (uint64_t offset, uint64_t slide=0) const override |
| Convert the given offset into a virtual address. | |
| uint64_t | imagebase () const override |
Return binary's imagebase. 0 if not relevant. | |
| Section * | section_from_offset (uint64_t offset) |
| Find the section associated that encompasses the given offset. | |
| const Section * | section_from_offset (uint64_t offset) const |
| Section * | section_from_rva (uint64_t virtual_address) |
| Find the section associated that encompasses the given RVA. | |
| const Section * | section_from_rva (uint64_t virtual_address) const |
| it_sections | sections () |
| Return an iterator over the PE's Section. | |
| it_const_sections | sections () const |
| DosHeader & | dos_header () |
| Return a reference to the PE::DosHeader object. | |
| const DosHeader & | dos_header () const |
| Header & | header () |
| Return a reference to the PE::Header object. | |
| const Header & | header () const |
| OptionalHeader & | optional_header () |
| Header that follows the header(). It is named optional from the COFF specfication but it is mandatory in a PE file. | |
| const OptionalHeader & | optional_header () const |
| uint32_t | compute_checksum () const |
| Re-compute the value of OptionalHeader::checksum. If both values do not match, it could mean that the binary has been modified after the compilation. | |
| uint64_t | virtual_size () const |
| Compute the binary's virtual size. It should match OptionalHeader::sizeof_image. | |
| uint32_t | sizeof_headers () const |
| Compute the size of all the headers. | |
| TLS * | tls () |
| Return a reference to the TLS object. | |
| const TLS * | tls () const |
| TLS & | tls (const TLS &tls) |
| Set a TLS object in the current Binary. | |
| bool | has_tls () const |
| Check if the current binary has a TLS object. | |
| void | remove_tls () |
| Remove the TLS from the binary. | |
| bool | has_imports () const |
| Check if the current binary contains imports. | |
| bool | has_signatures () const |
| Check if the current binary contains signatures. | |
| bool | has_exports () const |
| Check if the current binary has exports. | |
| bool | has_resources () const |
| Check if the current binary has resources. | |
| bool | has_exceptions () const |
| Check if the current binary has exceptions. | |
| bool | has_relocations () const |
| Check if the current binary has relocations. | |
| bool | has_debug () const |
| Check if the current binary contains debug information. | |
| bool | has_configuration () const |
| Check if the current binary has a load configuration. | |
| bool | is_reproducible_build () const |
| Check if the current binary is reproducible build, replacing timestamps by a compile hash. | |
| it_const_signatures | signatures () const |
| Return an iterator over the Signature object(s) if the binary is signed. | |
| it_signatures | signatures () |
| Signature::VERIFICATION_FLAGS | verify_signature (Signature::VERIFICATION_CHECKS checks=Signature::VERIFICATION_CHECKS::DEFAULT) const |
| Verify the binary against the embedded signature(s) (if any) First, it checks that the embedded signatures are correct (c.f. Signature::check) and then, it checks that the authentihash matches ContentInfo::digest. | |
| Signature::VERIFICATION_FLAGS | verify_signature (const Signature &sig, Signature::VERIFICATION_CHECKS checks=Signature::VERIFICATION_CHECKS::DEFAULT) const |
| Verify the binary with the Signature object provided in the first parameter. It can be used to verify a detached signature: | |
| std::vector< uint8_t > | authentihash (ALGORITHMS algo) const |
| Compute the authentihash according to the algorithm provided in the first parameter. | |
| Export * | get_export () |
| Return the Export object. | |
| const Export * | get_export () const |
| Export & | set_export (const Export &export_table) |
| it_symbols | symbols () |
| Return binary Symbols. | |
| it_const_symbols | symbols () const |
| it_const_strings_table | coff_string_table () const |
| Iterator over the strings located in the COFF string table. | |
| it_strings_table | coff_string_table () |
| COFFString * | find_coff_string (uint32_t offset) |
| Try to find the COFF string at the given offset in the COFF string table. | |
| const COFFString * | find_coff_string (uint32_t offset) const |
| ResourceNode * | resources () |
| Return resources as a tree or a nullptr if there is no resources. | |
| const ResourceNode * | resources () const |
| ResourceNode * | set_resources (const ResourceNode &root) |
| Change or set the current resource tree with the new one provided in parameter. | |
| ResourceNode * | set_resources (std::unique_ptr< ResourceNode > root) |
| result< ResourcesManager > | resources_manager () const |
| Return the ResourcesManager (class to manage resources more easily than the tree one) | |
| Section * | get_section (const std::string &name) |
| Return binary's section from its name. If the secion can't be found, return a nullptr. | |
| const Section * | get_section (const std::string &name) const |
| const Section * | import_section () const |
| Return the section associated with import table or a nullptr if the binary does not have an import table. | |
| Section * | import_section () |
| void | remove_section (const std::string &name, bool clear=false) override |
| Delete the section with the given name. | |
| void | remove (const Section §ion, bool clear=false) |
| Remove the given section. | |
| Section * | add_section (const Section §ion) |
| Add a section to the binary and return the section added. | |
| it_relocations | relocations () |
| Return an iterator over the PE's Relocation. | |
| it_const_relocations | relocations () const |
| Relocation & | add_relocation (const Relocation &relocation) |
| Add a new PE Relocation. | |
| void | remove_all_relocations () |
| Remove all the relocations. | |
| it_data_directories | data_directories () |
| Return an iterator over the DataDirectory present in the Binary. | |
| it_const_data_directories | data_directories () const |
| DataDirectory * | data_directory (DataDirectory::TYPES type) |
| Return the DataDirectory with the given type (or index) | |
| const DataDirectory * | data_directory (DataDirectory::TYPES type) const |
| bool | has (DataDirectory::TYPES type) const |
| Check if the current binary has the given DataDirectory::TYPES. | |
| it_debug_entries | debug () |
| Return an iterator over the Debug entries. | |
| it_const_debug_entries | debug () const |
| Debug * | add_debug_info (const Debug &entry) |
| Add a new debug entry. | |
| bool | remove_debug (const Debug &entry) |
| Remove a specific debug entry. | |
| bool | clear_debug () |
| Remove all debug info from the binary. | |
| const CodeViewPDB * | codeview_pdb () const |
| Return the CodeViewPDB object if present. | |
| const LoadConfiguration * | load_configuration () const |
| Retrun the LoadConfiguration object or a nullptr if the binary does not use the LoadConfiguration. | |
| LoadConfiguration * | load_configuration () |
| span< const uint8_t > | overlay () const |
| Return the overlay content. | |
| span< uint8_t > | overlay () |
| uint64_t | overlay_offset () const |
| Return the original overlay offset. | |
| span< const uint8_t > | dos_stub () const |
| Return the DOS stub content. | |
| span< uint8_t > | dos_stub () |
| void | dos_stub (std::vector< uint8_t > content) |
| Update the DOS stub content. | |
| RichHeader * | rich_header () |
| Return a reference to the RichHeader object. | |
| const RichHeader * | rich_header () const |
| void | rich_header (const RichHeader &rich_header) |
| Set a RichHeader object in the current Binary. | |
| bool | has_rich_header () const |
| Check if the current binary has a RichHeader object. | |
| it_imports | imports () |
| Return an iterator over the binary imports. | |
| it_const_imports | imports () const |
| Import * | get_import (const std::string &import_name) |
| Return the Import matching the provided name (case sensitive) | |
| const Import * | get_import (const std::string &import_name) const |
| bool | has_import (const std::string &import_name) const |
True if the binary imports the given library name | |
| bool | has_delay_imports () const |
| Check if the current binary contains delay imports. | |
| it_delay_imports | delay_imports () |
| Return an iterator over the binary's delay imports. | |
| it_const_delay_imports | delay_imports () const |
| DelayImport * | get_delay_import (const std::string &import_name) |
| Returns the DelayImport matching the given name. If it can't be found, it returns a nullptr. | |
| const DelayImport * | get_delay_import (const std::string &import_name) const |
| bool | has_delay_import (const std::string &import_name) const |
True if the binary delay-imports the given library name | |
| Import & | add_import (const std::string &name) |
Add an imported library (i.e. DLL) to the binary. | |
| bool | remove_import (const std::string &name) |
Remove the imported library with the given name | |
| void | remove_all_imports () |
| Remove all libraries in the binary. | |
| std::unique_ptr< Builder > | write (const std::string &filename) |
Reconstruct the binary object and write the raw PE in filename | |
| std::unique_ptr< Builder > | write (const std::string &filename, const Builder::config_t &config) |
Reconstruct the binary object with the given configuration and write it in filename | |
| std::unique_ptr< Builder > | write (std::ostream &os) |
Reconstruct the binary object and write the raw PE in os stream. | |
| std::unique_ptr< Builder > | write (std::ostream &os, const Builder::config_t &config) |
| void | accept (Visitor &visitor) const override |
Method so that a visitor can visit us. | |
| void | patch_address (uint64_t address, const std::vector< uint8_t > &patch_value, VA_TYPES addr_type=VA_TYPES::AUTO) override |
Patch the content at virtual address address with patch_value. | |
| void | patch_address (uint64_t address, uint64_t patch_value, size_t size=sizeof(uint64_t), VA_TYPES addr_type=VA_TYPES::AUTO) override |
| Patch the address with the given value. | |
| void | fill_address (uint64_t address, size_t size, uint8_t value=0, VA_TYPES addr_type=VA_TYPES::AUTO) |
| Fill the content at the provided with a fixed value. | |
| span< const uint8_t > | get_content_from_virtual_address (uint64_t virtual_address, uint64_t size, Binary::VA_TYPES addr_type=Binary::VA_TYPES::AUTO) const override |
| Return the content located at the provided virtual address. | |
| uint64_t | entrypoint () const override |
| Return the binary's entrypoint (It is the same value as OptionalHeader::addressof_entrypoint. | |
| bool | is_pie () const override |
| Check if the binary is position independent. | |
| bool | has_nx () const override |
Check if the binary uses NX protection. | |
| uint64_t | last_section_offset () const |
| DataDirectory * | export_dir () |
| Return the data directory associated with the export table. | |
| const DataDirectory * | export_dir () const |
| DataDirectory * | import_dir () |
| Return the data directory associated with the import table. | |
| const DataDirectory * | import_dir () const |
| DataDirectory * | rsrc_dir () |
| Return the data directory associated with the resources tree. | |
| const DataDirectory * | rsrc_dir () const |
| DataDirectory * | exceptions_dir () |
| Return the data directory associated with the exceptions. | |
| const DataDirectory * | exceptions_dir () const |
| DataDirectory * | cert_dir () |
| Return the data directory associated with the certificate table (authenticode) | |
| const DataDirectory * | cert_dir () const |
| DataDirectory * | relocation_dir () |
| Return the data directory associated with the relocation table. | |
| const DataDirectory * | relocation_dir () const |
| DataDirectory * | debug_dir () |
| Return the data directory associated with the debug table. | |
| const DataDirectory * | debug_dir () const |
| DataDirectory * | tls_dir () |
| Return the data directory associated with TLS. | |
| const DataDirectory * | tls_dir () const |
| DataDirectory * | load_config_dir () |
| Return the data directory associated with the load config. | |
| const DataDirectory * | load_config_dir () const |
| DataDirectory * | iat_dir () |
| Return the data directory associated with the IAT. | |
| const DataDirectory * | iat_dir () const |
| DataDirectory * | delay_dir () |
| Return the data directory associated with delayed imports. | |
| const DataDirectory * | delay_dir () const |
| LIEF::Binary::functions_t | ctor_functions () const override |
| Return the list of the binary constructors. | |
| LIEF::Binary::functions_t | functions () const |
| All functions found in the binary | |
| LIEF::Binary::functions_t | exception_functions () const |
| Functions found in the Exception table directory. | |
| it_exceptions | exceptions () |
Iterator over the exception (_RUNTIME_FUNCTION) functions. | |
| it_const_exceptions | exceptions () const |
| ExceptionInfo * | find_exception_at (uint32_t rva) |
| Try to find the exception info at the given RVA. | |
| const ExceptionInfo * | find_exception_at (uint32_t rva) const |
| bool | is_arm64ec () const |
| True if this binary is compiled in ARM64EC mode (emulation compatible) | |
| bool | is_arm64x () const |
| True if this binary is compiled in ARM64X mode (contains both ARM64 and ARM64EC code) | |
| const Binary * | nested_pe_binary () const |
| If the current binary contains dynamic relocations (e.g. LIEF::PE::DynamicFixupARM64X), this function returns the relocated view of the current PE. | |
| Binary * | nested_pe_binary () |
| std::ostream & | print (std::ostream &os) const override |
| Public Member Functions inherited from LIEF::Binary | |
| Binary () | |
| Binary (FORMATS fmt) | |
| ~Binary () override | |
| Binary & | operator= (const Binary &)=delete |
| Binary (const Binary &)=delete | |
| FORMATS | format () const |
| Executable format (ELF, PE, Mach-O) of the underlying binary. | |
| Header | header () const |
| Return the abstract header of the binary. | |
| it_symbols | symbols () |
| Return an iterator over the abstracted symbols in which the elements can be modified. | |
| it_const_symbols | symbols () const |
| Return an iterator over the abstracted symbols in which the elements can't be modified. | |
| bool | has_symbol (const std::string &name) const |
| Check if a Symbol with the given name exists. | |
| const Symbol * | get_symbol (const std::string &name) const |
| Return the Symbol with the given name If the symbol does not exist, return a nullptr. | |
| Symbol * | get_symbol (const std::string &name) |
| it_sections | sections () |
| Return an iterator over the binary's sections (LIEF::Section) | |
| it_const_sections | sections () const |
| it_relocations | relocations () |
| Return an iterator over the binary relocation (LIEF::Relocation) | |
| it_const_relocations | relocations () const |
| uint64_t | original_size () const |
| Binary's original size. | |
| functions_t | exported_functions () const |
| Return the functions exported by the binary. | |
| std::vector< std::string > | imported_libraries () const |
| Return libraries which are imported by the binary. | |
| functions_t | imported_functions () const |
| Return functions imported by the binary. | |
| virtual result< uint64_t > | get_function_address (const std::string &func_name) const |
| Return the address of the given function name. | |
| std::vector< uint64_t > | xref (uint64_t address) const |
| template<class T > | |
| LIEF::result< T > | get_int_from_virtual_address (uint64_t va, VA_TYPES addr_type=VA_TYPES::AUTO) const |
| Get the integer value at the given virtual address. | |
| void | original_size (uint64_t size) |
| Change binary's original size. | |
| DebugInfo * | debug_info () const |
| Return the debug info if present. It can be either a LIEF::dwarf::DebugInfo or a LIEF::pdb::DebugInfo. | |
| instructions_it | disassemble (uint64_t address, size_t size) const |
| Disassemble code starting a the given virtual address and with the given size. | |
| instructions_it | disassemble (uint64_t address) const |
| Disassemble code starting a the given virtual address. | |
| instructions_it | disassemble (const std::string &function) const |
| Disassemble code for the given symbol name. | |
| instructions_it | disassemble (const uint8_t *buffer, size_t size, uint64_t address=0) const |
Disassemble code provided by the given buffer at the specified address parameter. | |
| instructions_it | disassemble (const std::vector< uint8_t > &buffer, uint64_t address=0) const |
Disassemble code provided by the given vector of bytes at the specified address parameter. | |
| instructions_it | disassemble (LIEF::span< const uint8_t > buffer, uint64_t address=0) const |
| instructions_it | disassemble (LIEF::span< uint8_t > buffer, uint64_t address=0) const |
| std::vector< uint8_t > | assemble (uint64_t address, const std::string &Asm) |
| Assemble and patch the provided assembly code at the specified address. | |
| Public Member Functions inherited from LIEF::Object | |
| Object () | |
| Object (const Object &other) | |
| Object & | operator= (const Object &other) |
| template<class T > | |
| output_t< T > | as () |
| template<class T > | |
| output_const_t< T > | as () const |
| virtual bool | operator== (const Object &other) const |
| virtual bool | operator!= (const Object &other) const |
| virtual | ~Object () |
Static Public Member Functions | |
| static bool | classof (const LIEF::Binary *bin) |
Detailed Description
Member Typedef Documentation
◆ data_directories_t
| using LIEF::PE::Binary::data_directories_t = std::vector<std::unique_ptr<DataDirectory>> |
Internal container for storing PE's DataDirectory.
◆ debug_entries_t
| using LIEF::PE::Binary::debug_entries_t = std::vector<std::unique_ptr<Debug>> |
Internal container for storing Debug information.
◆ delay_imports_t
| using LIEF::PE::Binary::delay_imports_t = std::vector<DelayImport> |
Internal container for storing PE's DelayImport.
◆ exceptions_t
| using LIEF::PE::Binary::exceptions_t = std::vector<std::unique_ptr<ExceptionInfo>> |
Internal container for storing runtime function associated with exceptions.
◆ imports_t
| using LIEF::PE::Binary::imports_t = std::vector<Import> |
◆ it_const_data_directories
| using LIEF::PE::Binary::it_const_data_directories = const_ref_iterator<const data_directories_t&, const DataDirectory*> |
Iterator that outputs const DataDirectory&.
◆ it_const_debug_entries
| using LIEF::PE::Binary::it_const_debug_entries = const_ref_iterator<const debug_entries_t&, const Debug*> |
Iterator that outputs const Debug&.
◆ it_const_delay_imports
Iterator that outputs const DelayImport&.
◆ it_const_exceptions
| using LIEF::PE::Binary::it_const_exceptions = const_ref_iterator<const exceptions_t&, const ExceptionInfo*> |
Iterator that outputs const ExceptionInfo&.
◆ it_const_imports
| using LIEF::PE::Binary::it_const_imports = const_ref_iterator<const imports_t&> |
Iterator that outputs const Import&.
◆ it_const_relocations
| using LIEF::PE::Binary::it_const_relocations = const_ref_iterator<const relocations_t&, const Relocation*> |
Iterator that outputs const Relocation&.
◆ it_const_sections
| using LIEF::PE::Binary::it_const_sections = const_ref_iterator<const sections_t&, const Section*> |
Iterator that outputs const Section& object.
◆ it_const_signatures
| using LIEF::PE::Binary::it_const_signatures = const_ref_iterator<const signatures_t&> |
Iterator that outputs const Signature&.
◆ it_const_strings_table
Iterator that outputs const std::string&.
◆ it_const_symbols
| using LIEF::PE::Binary::it_const_symbols = const_ref_iterator<const symbols_t&, const Symbol*> |
Iterator that outputs const Symbol&.
◆ it_data_directories
Iterator that outputs DataDirectory&.
◆ it_debug_entries
Iterator that outputs Debug&.
◆ it_delay_imports
Iterator that output DelayImport&.
◆ it_exceptions
Iterator that outputs ExceptionInfo&.
◆ it_imports
Iterator that output Import&.
◆ it_relocations
Iterator that outputs Relocation&.
◆ it_sections
| using LIEF::PE::Binary::it_sections = ref_iterator<sections_t&, Section*> |
Iterator that outputs Section& object.
◆ it_signatures
Iterator that outputs Signature&.
◆ it_strings_table
Iterator that outputs std::string&.
◆ it_symbols
| using LIEF::PE::Binary::it_symbols = ref_iterator<symbols_t&, Symbol*> |
Iterator that outputs Symbol&.
◆ relocations_t
| using LIEF::PE::Binary::relocations_t = std::vector<std::unique_ptr<Relocation>> |
Internal container for storing PE's Relocation.
◆ sections_t
| using LIEF::PE::Binary::sections_t = std::vector<std::unique_ptr<Section>> |
◆ signatures_t
| using LIEF::PE::Binary::signatures_t = std::vector<Signature> |
◆ strings_table_t
| using LIEF::PE::Binary::strings_table_t = std::vector<COFFString> |
Internal container for storing strings.
◆ symbols_t
| using LIEF::PE::Binary::symbols_t = std::vector<std::unique_ptr<Symbol>> |
Internal container for storing COFF Symbols.
Constructor & Destructor Documentation
◆ Binary()
| LIEF::PE::Binary::Binary | ( | ) |
◆ ~Binary()
|
override |
Member Function Documentation
◆ accept()
|
overridevirtual |
Method so that a visitor can visit us.
Reimplemented from LIEF::Binary.
◆ add_debug_info()
◆ add_import()
|
inline |
Add an imported library (i.e. DLL) to the binary.
◆ add_relocation()
| Relocation & LIEF::PE::Binary::add_relocation | ( | const Relocation & | relocation | ) |
Add a new PE Relocation.
◆ add_section()
Add a section to the binary and return the section added.
◆ authentihash()
| std::vector< uint8_t > LIEF::PE::Binary::authentihash | ( | ALGORITHMS | algo | ) | const |
Compute the authentihash according to the algorithm provided in the first parameter.
◆ cert_dir() [1/2]
|
inline |
Return the data directory associated with the certificate table (authenticode)
◆ cert_dir() [2/2]
|
inline |
◆ classof()
|
inlinestatic |
References LIEF::Binary::format().
◆ clear_debug()
| bool LIEF::PE::Binary::clear_debug | ( | ) |
Remove all debug info from the binary.
◆ codeview_pdb()
| const CodeViewPDB * LIEF::PE::Binary::codeview_pdb | ( | ) | const |
Return the CodeViewPDB object if present.
◆ coff_string_table() [1/2]
|
inline |
◆ coff_string_table() [2/2]
|
inline |
Iterator over the strings located in the COFF string table.
◆ compute_checksum()
| uint32_t LIEF::PE::Binary::compute_checksum | ( | ) | const |
Re-compute the value of OptionalHeader::checksum. If both values do not match, it could mean that the binary has been modified after the compilation.
This value is computed by LIEF for the current binary object.
◆ ctor_functions()
|
overridevirtual |
Return the list of the binary constructors.
In a PE file, we consider a constructors as a callback in the TLS object
Implements LIEF::Binary.
◆ data_directories() [1/2]
|
inline |
Return an iterator over the DataDirectory present in the Binary.
◆ data_directories() [2/2]
|
inline |
◆ data_directory() [1/2]
|
inline |
Return the DataDirectory with the given type (or index)
◆ data_directory() [2/2]
| const DataDirectory * LIEF::PE::Binary::data_directory | ( | DataDirectory::TYPES | type | ) | const |
◆ debug() [1/2]
|
inline |
Return an iterator over the Debug entries.
◆ debug() [2/2]
|
inline |
◆ debug_dir() [1/2]
|
inline |
Return the data directory associated with the debug table.
◆ debug_dir() [2/2]
|
inline |
◆ delay_dir() [1/2]
|
inline |
Return the data directory associated with delayed imports.
◆ delay_dir() [2/2]
|
inline |
◆ delay_imports() [1/2]
|
inline |
Return an iterator over the binary's delay imports.
◆ delay_imports() [2/2]
|
inline |
◆ dos_header() [1/2]
|
inline |
Return a reference to the PE::DosHeader object.
◆ dos_header() [2/2]
|
inline |
◆ dos_stub() [1/3]
|
inline |
◆ dos_stub() [2/3]
|
inline |
Return the DOS stub content.
◆ dos_stub() [3/3]
|
inline |
Update the DOS stub content.
◆ entrypoint()
|
inlineoverridevirtual |
Return the binary's entrypoint (It is the same value as OptionalHeader::addressof_entrypoint.
Implements LIEF::Binary.
◆ exception_functions()
| LIEF::Binary::functions_t LIEF::PE::Binary::exception_functions | ( | ) | const |
Functions found in the Exception table directory.
◆ exceptions() [1/2]
|
inline |
Iterator over the exception (_RUNTIME_FUNCTION) functions.
- Warning
- This function requires that the option LIEF::PE::ParserConfig::parse_exceptions was turned on (default is false) when parsing the binary
◆ exceptions() [2/2]
|
inline |
◆ exceptions_dir() [1/2]
|
inline |
Return the data directory associated with the exceptions.
◆ exceptions_dir() [2/2]
|
inline |
◆ export_dir() [1/2]
|
inline |
Return the data directory associated with the export table.
◆ export_dir() [2/2]
|
inline |
◆ fill_address()
| void LIEF::PE::Binary::fill_address | ( | uint64_t | address, |
| size_t | size, | ||
| uint8_t | value = 0, | ||
| VA_TYPES | addr_type = VA_TYPES::AUTO ) |
Fill the content at the provided with a fixed value.
◆ find_coff_string() [1/2]
|
inline |
Try to find the COFF string at the given offset in the COFF string table.
- Warning
- This offset must include the first 4 bytes holding the size of the table. Hence, the first string starts a the offset 4.
◆ find_coff_string() [2/2]
|
inline |
◆ find_exception_at() [1/2]
| ExceptionInfo * LIEF::PE::Binary::find_exception_at | ( | uint32_t | rva | ) |
Try to find the exception info at the given RVA.
- Warning
- This function requires that the option LIEF::PE::ParserConfig::parse_exceptions was turned on (default is false) when parsing the binary
◆ find_exception_at() [2/2]
|
inline |
◆ functions()
| LIEF::Binary::functions_t LIEF::PE::Binary::functions | ( | ) | const |
All functions found in the binary
◆ get_content_from_virtual_address()
|
overridevirtual |
Return the content located at the provided virtual address.
- Parameters
-
[in] virtual_address Virtual address of the data to retrieve [in] size Size in bytes of the data to retrieve [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
◆ get_delay_import() [1/2]
|
inline |
Returns the DelayImport matching the given name. If it can't be found, it returns a nullptr.
◆ get_delay_import() [2/2]
| const DelayImport * LIEF::PE::Binary::get_delay_import | ( | const std::string & | import_name | ) | const |
◆ get_export() [1/2]
◆ get_export() [2/2]
|
inline |
◆ get_import() [1/2]
|
inline |
Return the Import matching the provided name (case sensitive)
If the import can't be found, it returns a nullptr
◆ get_import() [2/2]
| const Import * LIEF::PE::Binary::get_import | ( | const std::string & | import_name | ) | const |
◆ get_section() [1/2]
|
inline |
Return binary's section from its name. If the secion can't be found, return a nullptr.
- Parameters
-
[in] name Name of the Section
◆ get_section() [2/2]
| const Section * LIEF::PE::Binary::get_section | ( | const std::string & | name | ) | const |
◆ has()
|
inline |
Check if the current binary has the given DataDirectory::TYPES.
◆ has_configuration()
|
inline |
Check if the current binary has a load configuration.
◆ has_debug()
|
inline |
Check if the current binary contains debug information.
◆ has_delay_import()
|
inline |
True if the binary delay-imports the given library name
◆ has_delay_imports()
|
inline |
Check if the current binary contains delay imports.
◆ has_exceptions()
|
inline |
Check if the current binary has exceptions.
◆ has_exports()
|
inline |
Check if the current binary has exports.
- See also
- Export
◆ has_import()
|
inline |
True if the binary imports the given library name
◆ has_imports()
|
inline |
Check if the current binary contains imports.
- See also
- Import
◆ has_nx()
|
inlineoverridevirtual |
Check if the binary uses NX protection.
Implements LIEF::Binary.
◆ has_relocations()
|
inline |
Check if the current binary has relocations.
- See also
- Relocation
◆ has_resources()
|
inline |
Check if the current binary has resources.
◆ has_rich_header()
|
inline |
Check if the current binary has a RichHeader object.
◆ has_signatures()
|
inline |
Check if the current binary contains signatures.
- See also
- signatures
◆ has_tls()
|
inline |
Check if the current binary has a TLS object.
◆ header() [1/2]
|
inline |
Return a reference to the PE::Header object.
◆ header() [2/2]
|
inline |
◆ iat_dir() [1/2]
|
inline |
Return the data directory associated with the IAT.
◆ iat_dir() [2/2]
|
inline |
◆ imagebase()
|
inlineoverridevirtual |
Return binary's imagebase. 0 if not relevant.
The value is the same as those returned by OptionalHeader::imagebase
Implements LIEF::Binary.
◆ import_dir() [1/2]
|
inline |
Return the data directory associated with the import table.
◆ import_dir() [2/2]
|
inline |
◆ import_section() [1/2]
|
inline |
◆ import_section() [2/2]
| const Section * LIEF::PE::Binary::import_section | ( | ) | const |
Return the section associated with import table or a nullptr if the binary does not have an import table.
◆ imports() [1/2]
|
inline |
Return an iterator over the binary imports.
◆ imports() [2/2]
|
inline |
◆ is_arm64ec()
| bool LIEF::PE::Binary::is_arm64ec | ( | ) | const |
True if this binary is compiled in ARM64EC mode (emulation compatible)
◆ is_arm64x()
| bool LIEF::PE::Binary::is_arm64x | ( | ) | const |
True if this binary is compiled in ARM64X mode (contains both ARM64 and ARM64EC code)
◆ is_pie()
|
inlineoverridevirtual |
Check if the binary is position independent.
Implements LIEF::Binary.
◆ is_reproducible_build()
| bool LIEF::PE::Binary::is_reproducible_build | ( | ) | const |
Check if the current binary is reproducible build, replacing timestamps by a compile hash.
- See also
- Repro
◆ last_section_offset()
| uint64_t LIEF::PE::Binary::last_section_offset | ( | ) | const |
◆ load_config_dir() [1/2]
|
inline |
Return the data directory associated with the load config.
◆ load_config_dir() [2/2]
|
inline |
◆ load_configuration() [1/2]
|
inline |
◆ load_configuration() [2/2]
|
inline |
Retrun the LoadConfiguration object or a nullptr if the binary does not use the LoadConfiguration.
◆ nested_pe_binary() [1/2]
|
inline |
◆ nested_pe_binary() [2/2]
|
inline |
If the current binary contains dynamic relocations (e.g. LIEF::PE::DynamicFixupARM64X), this function returns the relocated view of the current PE.
This can be used to get the alternative PE binary, targeting a different architectures.
- Warning
- This function requires that the option LIEF::PE::ParserConfig::parse_arm64x_binary was turned on (default is false) when parsing the binary
◆ offset_to_virtual_address()
|
overridevirtual |
Convert the given offset into a virtual address.
- Parameters
-
[in] offset The offset to convert. [in] slide If not 0, it will replace the default base address (if any)
Implements LIEF::Binary.
◆ optional_header() [1/2]
|
inline |
◆ optional_header() [2/2]
|
inline |
◆ overlay() [1/2]
|
inline |
◆ overlay() [2/2]
|
inline |
Return the overlay content.
◆ overlay_offset()
|
inline |
Return the original overlay offset.
◆ patch_address() [1/2]
|
overridevirtual |
Patch the content at virtual address address with patch_value.
- Parameters
-
[in] address Address to patch [in] patch_value Patch to apply [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
◆ patch_address() [2/2]
|
overridevirtual |
Patch the address with the given value.
- Parameters
-
[in] address Address to patch [in] patch_value Patch to apply [in] size Size of the value in bytes (1, 2, ... 8) [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
◆ print()
|
overridevirtual |
Reimplemented from LIEF::Binary.
◆ relocation_dir() [1/2]
|
inline |
Return the data directory associated with the relocation table.
◆ relocation_dir() [2/2]
|
inline |
◆ relocations() [1/2]
|
inline |
Return an iterator over the PE's Relocation.
◆ relocations() [2/2]
|
inline |
◆ remove()
| void LIEF::PE::Binary::remove | ( | const Section & | section, |
| bool | clear = false ) |
Remove the given section.
- See also
- remove_section
◆ remove_all_imports()
|
inline |
Remove all libraries in the binary.
◆ remove_all_relocations()
| void LIEF::PE::Binary::remove_all_relocations | ( | ) |
Remove all the relocations.
◆ remove_debug()
| bool LIEF::PE::Binary::remove_debug | ( | const Debug & | entry | ) |
Remove a specific debug entry.
◆ remove_import()
| bool LIEF::PE::Binary::remove_import | ( | const std::string & | name | ) |
Remove the imported library with the given name
Return true if the deletion succeed, false otherwise.
◆ remove_section()
|
overridevirtual |
Delete the section with the given name.
- Parameters
-
[in] name Name of section to delete [in] clear if trueclear the section's content with 0 before removing (default:false)
Implements LIEF::Binary.
◆ remove_tls()
| void LIEF::PE::Binary::remove_tls | ( | ) |
Remove the TLS from the binary.
◆ resources() [1/2]
|
inline |
Return resources as a tree or a nullptr if there is no resources.
◆ resources() [2/2]
|
inline |
◆ resources_manager()
| result< ResourcesManager > LIEF::PE::Binary::resources_manager | ( | ) | const |
Return the ResourcesManager (class to manage resources more easily than the tree one)
◆ rich_header() [1/3]
|
inline |
Return a reference to the RichHeader object.
◆ rich_header() [2/3]
|
inline |
◆ rich_header() [3/3]
| void LIEF::PE::Binary::rich_header | ( | const RichHeader & | rich_header | ) |
Set a RichHeader object in the current Binary.
◆ rsrc_dir() [1/2]
|
inline |
Return the data directory associated with the resources tree.
◆ rsrc_dir() [2/2]
|
inline |
◆ rva_to_offset()
| uint64_t LIEF::PE::Binary::rva_to_offset | ( | uint64_t | RVA | ) | const |
Convert a Relative Virtual Address into an offset.
The conversion is performed by looking for the section that encompasses the provided RVA.
◆ section_from_offset() [1/2]
|
inline |
Find the section associated that encompasses the given offset.
If no section can be found, return a nullptr
◆ section_from_offset() [2/2]
| const Section * LIEF::PE::Binary::section_from_offset | ( | uint64_t | offset | ) | const |
◆ section_from_rva() [1/2]
|
inline |
Find the section associated that encompasses the given RVA.
If no section can be found, return a nullptr
◆ section_from_rva() [2/2]
| const Section * LIEF::PE::Binary::section_from_rva | ( | uint64_t | virtual_address | ) | const |
◆ sections() [1/2]
|
inline |
◆ sections() [2/2]
|
inline |
◆ set_export()
◆ set_resources() [1/2]
| ResourceNode * LIEF::PE::Binary::set_resources | ( | const ResourceNode & | root | ) |
Change or set the current resource tree with the new one provided in parameter.
◆ set_resources() [2/2]
| ResourceNode * LIEF::PE::Binary::set_resources | ( | std::unique_ptr< ResourceNode > | root | ) |
◆ signatures() [1/2]
|
inline |
◆ signatures() [2/2]
|
inline |
Return an iterator over the Signature object(s) if the binary is signed.
◆ sizeof_headers()
| uint32_t LIEF::PE::Binary::sizeof_headers | ( | ) | const |
Compute the size of all the headers.
◆ symbols() [1/2]
|
inline |
Return binary Symbols.
◆ symbols() [2/2]
|
inline |
◆ tls() [1/3]
◆ tls() [2/3]
|
inline |
◆ tls() [3/3]
◆ tls_dir() [1/2]
|
inline |
Return the data directory associated with TLS.
◆ tls_dir() [2/2]
|
inline |
◆ type()
|
inline |
Return PE32 or PE32+
◆ va_to_offset()
|
inline |
Convert the absolute virtual address into an offset.
- See also
- rva_to_offset
◆ verify_signature() [1/2]
| Signature::VERIFICATION_FLAGS LIEF::PE::Binary::verify_signature | ( | const Signature & | sig, |
| Signature::VERIFICATION_CHECKS | checks = Signature::VERIFICATION_CHECKS::DEFAULT ) const |
Verify the binary with the Signature object provided in the first parameter. It can be used to verify a detached signature:
if (detached) {
binary->verify_signature(detached.value());
}
static result< Signature > parse(std::vector< uint8_t > data, bool skip_header=false)
Parse a PKCS #7 signature given a raw blob.
tl::expected< T, lief_errors > result
Wrapper that contains an Object (T) or an error.
Definition errors.hpp:75
◆ verify_signature() [2/2]
| Signature::VERIFICATION_FLAGS LIEF::PE::Binary::verify_signature | ( | Signature::VERIFICATION_CHECKS | checks = Signature::VERIFICATION_CHECKS::DEFAULT | ) | const |
Verify the binary against the embedded signature(s) (if any) First, it checks that the embedded signatures are correct (c.f. Signature::check) and then, it checks that the authentihash matches ContentInfo::digest.
One can tweak the verification process with the Signature::VERIFICATION_CHECKS flags
- See also
- LIEF::PE::Signature::check
◆ virtual_size()
| uint64_t LIEF::PE::Binary::virtual_size | ( | ) | const |
Compute the binary's virtual size. It should match OptionalHeader::sizeof_image.
◆ write() [1/4]
|
inline |
Reconstruct the binary object and write the raw PE in filename
◆ write() [2/4]
| std::unique_ptr< Builder > LIEF::PE::Binary::write | ( | const std::string & | filename, |
| const Builder::config_t & | config ) |
Reconstruct the binary object with the given configuration and write it in filename
◆ write() [3/4]
|
inline |
◆ write() [4/4]
| std::unique_ptr< Builder > LIEF::PE::Binary::write | ( | std::ostream & | os, |
| const Builder::config_t & | config ) |
The documentation for this class was generated from the following file:
Generated by
1.13.0