LIEF::PE::Binary Class Reference
Class which represents a PE binary This is the main interface to manage and modify a PE executable. More...
#include <Binary.hpp>
Inheritance diagram for LIEF::PE::Binary:
Collaboration diagram for LIEF::PE::Binary:
Public Types | |
| using | sections_t = std::vector<std::unique_ptr<Section>> |
| Internal container for storing PE's Section. | |
| using | it_sections = ref_iterator<sections_t&, Section*> |
| Iterator that outputs Section& object. | |
| using | it_const_sections = const_ref_iterator<const sections_t&, const Section*> |
| Iterator that outputs const Section& object. | |
| using | data_directories_t = std::vector<std::unique_ptr<DataDirectory>> |
| Internal container for storing PE's DataDirectory. | |
| using | it_data_directories = ref_iterator<data_directories_t&, DataDirectory*> |
| Iterator that outputs DataDirectory&. | |
| using | it_const_data_directories = const_ref_iterator<const data_directories_t&, const DataDirectory*> |
| Iterator that outputs const DataDirectory&. | |
| using | relocations_t = std::vector<std::unique_ptr<Relocation>> |
| Internal container for storing PE's Relocation. | |
| using | it_relocations = ref_iterator<relocations_t&, Relocation*> |
| Iterator that outputs Relocation&. | |
| using | it_const_relocations = const_ref_iterator<const relocations_t&, const Relocation*> |
| Iterator that outputs const Relocation&. | |
| using | imports_t = std::vector<std::unique_ptr<Import>> |
| Internal container for storing PE's Import. | |
| using | it_imports = ref_iterator<imports_t&, Import*> |
| Iterator that output Import&. | |
| using | it_const_imports = const_ref_iterator<const imports_t&, const Import*> |
| Iterator that outputs const Import&. | |
| using | delay_imports_t = std::vector<std::unique_ptr<DelayImport>> |
| Internal container for storing PE's DelayImport. | |
| using | it_delay_imports = ref_iterator<delay_imports_t&, DelayImport*> |
| Iterator that output DelayImport&. | |
| using | it_const_delay_imports = const_ref_iterator<const delay_imports_t&, const DelayImport*> |
| Iterator that outputs const DelayImport&. | |
| using | debug_entries_t = std::vector<std::unique_ptr<Debug>> |
| Internal container for storing Debug information. | |
| using | it_debug_entries = ref_iterator<debug_entries_t&, Debug*> |
| Iterator that outputs Debug&. | |
| using | it_const_debug_entries = const_ref_iterator<const debug_entries_t&, const Debug*> |
| Iterator that outputs const Debug&. | |
| using | symbols_t = std::vector<std::unique_ptr<COFF::Symbol>> |
| Internal container for storing COFF Symbols. | |
| using | it_symbols = ref_iterator<symbols_t&, COFF::Symbol*> |
| Iterator that outputs Symbol&. | |
| using | it_const_symbols = const_ref_iterator<const symbols_t&, const COFF::Symbol*> |
| Iterator that outputs const Symbol&. | |
| using | strings_table_t = std::vector<COFF::String> |
| Internal container for storing strings. | |
| using | it_strings_table = ref_iterator<strings_table_t&> |
| Iterator that outputs COFF::String&. | |
| using | it_const_strings_table = const_ref_iterator<const strings_table_t&> |
| Iterator that outputs const COFF::String&. | |
| using | signatures_t = std::vector<Signature> |
| Internal container for storing PE's authenticode Signature. | |
| using | it_signatures = ref_iterator<signatures_t&> |
| Iterator that outputs Signature&. | |
| using | it_const_signatures = const_ref_iterator<const signatures_t&> |
| Iterator that outputs const Signature&. | |
| using | exceptions_t = std::vector<std::unique_ptr<ExceptionInfo>> |
| Internal container for storing runtime function associated with exceptions. | |
| using | it_exceptions = ref_iterator<exceptions_t&, ExceptionInfo*> |
| Iterator that outputs ExceptionInfo&. | |
| using | it_const_exceptions = const_ref_iterator<const exceptions_t&, const ExceptionInfo*> |
| Iterator that outputs const ExceptionInfo&. | |
| Public Types inherited from LIEF::Binary | |
| enum class | VA_TYPES { AUTO = 0 , RVA = 1 , VA = 2 } |
| Enumeration of virtual address types used for patching and memory access. More... | |
| enum | FORMATS { UNKNOWN = 0 , ELF , PE , MACHO , OAT } |
| using | functions_t = std::vector<Function> |
| using | sections_t = std::vector<Section*> |
| Internal container. | |
| using | it_sections = ref_iterator<sections_t> |
| Iterator that outputs LIEF::Section&. | |
| using | it_const_sections = const_ref_iterator<sections_t> |
| Iterator that outputs const LIEF::Section&. | |
| using | symbols_t = std::vector<Symbol*> |
| Internal container. | |
| using | it_symbols = ref_iterator<symbols_t> |
| Iterator that outputs LIEF::Symbol&. | |
| using | it_const_symbols = const_ref_iterator<symbols_t> |
| Iterator that outputs const LIEF::Symbol&. | |
| using | relocations_t = std::vector<Relocation*> |
| Internal container. | |
| using | it_relocations = ref_iterator<relocations_t> |
| Iterator that outputs LIEF::Relocation&. | |
| using | it_const_relocations = const_ref_iterator<relocations_t> |
| Iterator that outputs const LIEF::Relocation&. | |
| using | instructions_it = iterator_range<assembly::Instruction::Iterator> |
| Instruction iterator. | |
| Public Types inherited from LIEF::Object | |
| template<class T> | |
| using | output_t = add_pointer_t<decay_t<T>> |
| template<class T> | |
| using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Public Member Functions | |
| Binary () | |
| ~Binary () override | |
| PE_TYPE | type () const |
| Return PE32 or PE32+. | |
| uint64_t | rva_to_offset (uint64_t RVA) const |
| Convert a Relative Virtual Address into an offset. | |
| uint64_t | va_to_offset (uint64_t VA) const |
| Convert the absolute virtual address into an offset. | |
| result< uint64_t > | offset_to_virtual_address (uint64_t offset, uint64_t slide=0) const override |
| Convert the given offset into a virtual address. | |
| uint64_t | imagebase () const override |
| Return binary's imagebase. 0 if not relevant. | |
| Section * | section_from_offset (uint64_t offset) |
| Find the section associated that encompasses the given offset. | |
| const Section * | section_from_offset (uint64_t offset) const |
| Section * | section_from_rva (uint64_t virtual_address) |
| Find the section associated that encompasses the given RVA. | |
| const Section * | section_from_rva (uint64_t virtual_address) const |
| it_sections | sections () |
| Return an iterator over the PE's Section. | |
| it_const_sections | sections () const |
| DosHeader & | dos_header () |
| Return a reference to the PE::DosHeader object. | |
| const DosHeader & | dos_header () const |
| Header & | header () |
| Return a reference to the PE::Header object. | |
| const Header & | header () const |
| OptionalHeader & | optional_header () |
| Header that follows the header(). It is named optional from the COFF specfication but it is mandatory in a PE file. | |
| const OptionalHeader & | optional_header () const |
| uint32_t | compute_checksum () const |
| Re-compute the value of OptionalHeader::checksum. If both values do not match, it could mean that the binary has been modified after the compilation. | |
| uint64_t | virtual_size () const override |
| Compute the binary's virtual size. It should match OptionalHeader::sizeof_image. | |
| uint32_t | sizeof_headers () const |
| Compute the size of all the headers. | |
| TLS * | tls () |
| Return a reference to the TLS object. | |
| const TLS * | tls () const |
| TLS & | tls (const TLS &tls) |
| Set a TLS object in the current Binary. | |
| bool | has_tls () const |
| Check if the current binary has a TLS object. | |
| void | remove_tls () |
| Remove the TLS from the binary. | |
| bool | has_imports () const |
| Check if the current binary contains imports. | |
| bool | has_signatures () const |
| Check if the current binary contains signatures. | |
| bool | has_exports () const |
| Check if the current binary has exports. | |
| bool | has_resources () const |
| Check if the current binary has resources. | |
| bool | has_exceptions () const |
| Check if the current binary has exceptions. | |
| bool | has_relocations () const |
| Check if the current binary has relocations. | |
| bool | has_debug () const |
| Check if the current binary contains debug information. | |
| bool | has_configuration () const |
| Check if the current binary has a load configuration. | |
| bool | is_reproducible_build () const |
| Check if the current binary is reproducible build, replacing timestamps by a compile hash. | |
| it_const_signatures | signatures () const |
| Return an iterator over the Signature object(s) if the binary is signed. | |
| it_signatures | signatures () |
| Signature::VERIFICATION_FLAGS | verify_signature (Signature::VERIFICATION_CHECKS checks=Signature::VERIFICATION_CHECKS::DEFAULT) const |
| Verify the binary against the embedded signature(s) (if any) First, it checks that the embedded signatures are correct (c.f. Signature::check) and then, it checks that the authentihash matches ContentInfo::digest. | |
| Signature::VERIFICATION_FLAGS | verify_signature (const Signature &sig, Signature::VERIFICATION_CHECKS checks=Signature::VERIFICATION_CHECKS::DEFAULT) const |
| Verify the binary with the Signature object provided in the first parameter. It can be used to verify a detached signature: | |
| std::vector< uint8_t > | authentihash (ALGORITHMS algo) const |
| Compute the authentihash according to the algorithm provided in the first parameter. | |
| Export * | get_export () |
| Return the Export object. | |
| const Export * | get_export () const |
| Export & | set_export (const Export &export_table) |
| it_symbols | symbols () |
| Return binary Symbols. | |
| it_const_symbols | symbols () const |
| it_const_strings_table | coff_string_table () const |
| Iterator over the strings located in the COFF string table. | |
| it_strings_table | coff_string_table () |
| COFF::String * | find_coff_string (uint32_t offset) |
| Try to find the COFF string at the given offset in the COFF string table. | |
| const COFF::String * | find_coff_string (uint32_t offset) const |
| ResourceNode * | resources () |
| Return resources as a tree or a nullptr if there is no resources. | |
| const ResourceNode * | resources () const |
| ResourceNode * | set_resources (const ResourceNode &root) |
| Change or set the current resource tree with the new one provided in parameter. | |
| ResourceNode * | set_resources (std::unique_ptr< ResourceNode > root) |
| result< ResourcesManager > | resources_manager () const |
| Return the ResourcesManager (class to manage resources more easily than the tree one). | |
| Section * | get_section (const std::string &name) |
| Return binary's section from its name. If the secion can't be found, return a nullptr. | |
| const Section * | get_section (const std::string &name) const |
| const Section * | import_section () const |
| Return the section associated with import table or a nullptr if the binary does not have an import table. | |
| Section * | import_section () |
| void | remove_section (const std::string &name, bool clear=false) override |
| Delete the section with the given name. | |
| void | remove (const Section §ion, bool clear=false) |
| Remove the given section. | |
| Section * | add_section (const Section §ion) |
| Add a section to the binary and return the section added. | |
| it_relocations | relocations () |
| Return an iterator over the PE's Relocation. | |
| it_const_relocations | relocations () const |
| Relocation & | add_relocation (const Relocation &relocation) |
| Add a new PE Relocation. | |
| void | remove_all_relocations () |
| Remove all the relocations. | |
| it_data_directories | data_directories () |
| Return an iterator over the DataDirectory present in the Binary. | |
| it_const_data_directories | data_directories () const |
| DataDirectory * | data_directory (DataDirectory::TYPES type) |
| Return the DataDirectory with the given type (or index). | |
| const DataDirectory * | data_directory (DataDirectory::TYPES type) const |
| bool | has (DataDirectory::TYPES type) const |
| Check if the current binary has the given DataDirectory::TYPES. | |
| it_debug_entries | debug () |
| Return an iterator over the Debug entries. | |
| it_const_debug_entries | debug () const |
| Debug * | add_debug_info (const Debug &entry) |
| Add a new debug entry. | |
| bool | remove_debug (const Debug &entry) |
| Remove a specific debug entry. | |
| bool | clear_debug () |
| Remove all debug info from the binary. | |
| const CodeViewPDB * | codeview_pdb () const |
| Return the CodeViewPDB object if present. | |
| const LoadConfiguration * | load_configuration () const |
| Retrun the LoadConfiguration object or a nullptr if the binary does not use the LoadConfiguration. | |
| LoadConfiguration * | load_configuration () |
| span< const uint8_t > | overlay () const |
| Return the overlay content. | |
| span< uint8_t > | overlay () |
| uint64_t | overlay_offset () const |
| Return the original overlay offset. | |
| span< const uint8_t > | dos_stub () const |
| Return the DOS stub content. | |
| span< uint8_t > | dos_stub () |
| void | dos_stub (std::vector< uint8_t > content) |
| Update the DOS stub content. | |
| RichHeader * | rich_header () |
| Return a reference to the RichHeader object. | |
| const RichHeader * | rich_header () const |
| void | rich_header (const RichHeader &rich_header) |
| Set a RichHeader object in the current Binary. | |
| bool | has_rich_header () const |
| Check if the current binary has a RichHeader object. | |
| it_imports | imports () |
| Return an iterator over the binary imports. | |
| it_const_imports | imports () const |
| Import * | get_import (const std::string &import_name) |
| Return the Import matching the provided name (case sensitive). | |
| const Import * | get_import (const std::string &import_name) const |
| bool | has_import (const std::string &import_name) const |
| True if the binary imports the given library name | |
| bool | has_delay_imports () const |
| Check if the current binary contains delay imports. | |
| it_delay_imports | delay_imports () |
| Return an iterator over the binary's delay imports. | |
| it_const_delay_imports | delay_imports () const |
| DelayImport * | get_delay_import (const std::string &import_name) |
| Returns the DelayImport matching the given name. If it can't be found, it returns a nullptr. | |
| const DelayImport * | get_delay_import (const std::string &import_name) const |
| bool | has_delay_import (const std::string &import_name) const |
| True if the binary delay-imports the given library name | |
| Import & | add_import (const std::string &name, int32_t pos=-1) |
| Add an imported library (i.e. DLL) to the binary. | |
| bool | remove_import (const std::string &name) |
| Remove the imported library with the given name. | |
| void | remove_all_imports () |
| Remove all libraries in the binary. | |
| std::unique_ptr< Builder > | write (const std::string &filename) |
| Reconstruct the binary object and write the raw PE in filename. | |
| std::unique_ptr< Builder > | write (const std::string &filename, const Builder::config_t &config) |
| Reconstruct the binary object with the given configuration and write it in filename. | |
| std::unique_ptr< Builder > | write (std::ostream &os) |
| Reconstruct the binary object and write the raw PE in os stream. | |
| std::unique_ptr< Builder > | write (std::ostream &os, const Builder::config_t &config) |
| void | accept (Visitor &visitor) const override |
| Method so that a visitor can visit us. | |
| void | patch_address (uint64_t address, const std::vector< uint8_t > &patch_value, VA_TYPES addr_type=VA_TYPES::AUTO) override |
Patch the content at virtual address address with patch_value. | |
| void | patch_address (uint64_t address, uint64_t patch_value, size_t size=sizeof(uint64_t), VA_TYPES addr_type=VA_TYPES::AUTO) override |
| Patch the address with the given value. | |
| void | fill_address (uint64_t address, size_t size, uint8_t value=0, VA_TYPES addr_type=VA_TYPES::AUTO) |
| Fill the content at the provided with a fixed value. | |
| span< const uint8_t > | get_content_from_virtual_address (uint64_t virtual_address, uint64_t size, Binary::VA_TYPES addr_type=Binary::VA_TYPES::AUTO) const override |
| Return the content located at the provided virtual address. | |
| uint64_t | entrypoint () const override |
| Return the binary's entrypoint (It is the same value as OptionalHeader::addressof_entrypoint. | |
| bool | is_pie () const override |
| Check if the binary is position independent. | |
| bool | has_nx () const override |
| Check if the binary uses NX protection. | |
| uint64_t | last_section_offset () const |
| DataDirectory * | export_dir () |
| Return the data directory associated with the export table. | |
| const DataDirectory * | export_dir () const |
| DataDirectory * | import_dir () |
| Return the data directory associated with the import table. | |
| const DataDirectory * | import_dir () const |
| DataDirectory * | rsrc_dir () |
| Return the data directory associated with the resources tree. | |
| const DataDirectory * | rsrc_dir () const |
| DataDirectory * | exceptions_dir () |
| Return the data directory associated with the exceptions. | |
| const DataDirectory * | exceptions_dir () const |
| DataDirectory * | cert_dir () |
| Return the data directory associated with the certificate table (authenticode). | |
| const DataDirectory * | cert_dir () const |
| DataDirectory * | relocation_dir () |
| Return the data directory associated with the relocation table. | |
| const DataDirectory * | relocation_dir () const |
| DataDirectory * | debug_dir () |
| Return the data directory associated with the debug table. | |
| const DataDirectory * | debug_dir () const |
| DataDirectory * | tls_dir () |
| Return the data directory associated with TLS. | |
| const DataDirectory * | tls_dir () const |
| DataDirectory * | load_config_dir () |
| Return the data directory associated with the load config. | |
| const DataDirectory * | load_config_dir () const |
| DataDirectory * | iat_dir () |
| Return the data directory associated with the IAT. | |
| const DataDirectory * | iat_dir () const |
| DataDirectory * | delay_dir () |
| Return the data directory associated with delayed imports. | |
| const DataDirectory * | delay_dir () const |
| LIEF::Binary::functions_t | ctor_functions () const override |
| Return the list of the binary constructors. | |
| LIEF::Binary::functions_t | functions () const |
| All functions found in the binary | |
| LIEF::Binary::functions_t | exception_functions () const |
| Functions found in the Exception table directory. | |
| it_exceptions | exceptions () |
| Iterator over the exception (_RUNTIME_FUNCTION) functions. | |
| it_const_exceptions | exceptions () const |
| ExceptionInfo * | find_exception_at (uint32_t rva) |
| Try to find the exception info at the given RVA. | |
| const ExceptionInfo * | find_exception_at (uint32_t rva) const |
| bool | is_arm64ec () const |
| True if this binary is compiled in ARM64EC mode (emulation compatible). | |
| bool | is_arm64x () const |
| True if this binary is compiled in ARM64X mode (contains both ARM64 and ARM64EC code). | |
| const Binary * | nested_pe_binary () const |
| If the current binary contains dynamic relocations (e.g. LIEF::PE::DynamicFixupARM64X), this function returns the relocated view of the current PE. | |
| Binary * | nested_pe_binary () |
| result< uint64_t > | get_function_address (const std::string &name) const override |
| Attempt to resolve the address of the function specified by name. | |
| std::ostream & | print (std::ostream &os) const override |
| Public Member Functions inherited from LIEF::Binary | |
| Binary () | |
| Binary (FORMATS fmt) | |
| ~Binary () override | |
| Binary & | operator= (const Binary &)=delete |
| Binary (const Binary &)=delete | |
| FORMATS | format () const |
| Executable format (ELF, PE, Mach-O) of the underlying binary. | |
| Header | header () const |
| Return the abstract header of the binary. | |
| it_symbols | symbols () |
| Return an iterator over the abstracted symbols in which the elements can be modified. | |
| it_const_symbols | symbols () const |
| Return an iterator over the abstracted symbols in which the elements can't be modified. | |
| bool | has_symbol (const std::string &name) const |
| Check if a Symbol with the given name exists. | |
| const Symbol * | get_symbol (const std::string &name) const |
| Return the Symbol with the given name If the symbol does not exist, return a nullptr. | |
| Symbol * | get_symbol (const std::string &name) |
| it_sections | sections () |
| Return an iterator over the binary's sections (LIEF::Section). | |
| it_const_sections | sections () const |
| it_relocations | relocations () |
| Return an iterator over the binary relocation (LIEF::Relocation). | |
| it_const_relocations | relocations () const |
| uint64_t | original_size () const |
| Binary's original size. | |
| functions_t | exported_functions () const |
| Return the functions exported by the binary. | |
| std::vector< std::string > | imported_libraries () const |
| Return libraries which are imported by the binary. | |
| functions_t | imported_functions () const |
| Return functions imported by the binary. | |
| std::vector< uint64_t > | xref (uint64_t address) const |
| template<class T> | |
| LIEF::result< T > | get_int_from_virtual_address (uint64_t va, VA_TYPES addr_type=VA_TYPES::AUTO) const |
| Get the integer value at the given virtual address. | |
| void | original_size (uint64_t size) |
| Change binary's original size. | |
| DebugInfo * | debug_info () const |
| Return the debug info if present. It can be either a LIEF::dwarf::DebugInfo or a LIEF::pdb::DebugInfo. | |
| instructions_it | disassemble (uint64_t address, size_t size) const |
| Disassemble code starting at the given virtual address and with the given size. | |
| instructions_it | disassemble (uint64_t address) const |
| Disassemble code starting at the given virtual address. | |
| instructions_it | disassemble (const std::string &function) const |
| Disassemble code for the given symbol name. | |
| instructions_it | disassemble (const uint8_t *buffer, size_t size, uint64_t address=0) const |
| Disassemble code provided by the given buffer at the specified address parameter. | |
| instructions_it | disassemble (const std::vector< uint8_t > &buffer, uint64_t address=0) const |
| Disassemble code provided by the given vector of bytes at the specified address parameter. | |
| instructions_it | disassemble (LIEF::span< const uint8_t > buffer, uint64_t address=0) const |
| instructions_it | disassemble (LIEF::span< uint8_t > buffer, uint64_t address=0) const |
| std::vector< uint8_t > | assemble (uint64_t address, const std::string &Asm, assembly::AssemblerConfig &config=assembly::AssemblerConfig::default_config()) |
| Assemble and patch the provided assembly code at the specified address. | |
| std::vector< uint8_t > | assemble (uint64_t address, const llvm::MCInst &inst) |
| Assemble and patch the address with the given LLVM MCInst. | |
| std::vector< uint8_t > | assemble (uint64_t address, const std::vector< llvm::MCInst > &insts) |
| Assemble and patch the address with the given LLVM MCInst. | |
| virtual uint64_t | page_size () const |
| Get the default memory page size according to the architecture and the format of the current binary. | |
| DebugInfo * | load_debug_info (const std::string &path) |
| Load and associate an external debug file (e.g., DWARF or PDB) with this binary. | |
| Public Member Functions inherited from LIEF::Object | |
| Object () | |
| Object (const Object &other) | |
| Object & | operator= (const Object &other) |
| Object (Object &&other) noexcept=default | |
| Object & | operator= (Object &&other) noexcept=default |
| template<class T> | |
| output_t< T > | as () |
| template<class T> | |
| output_const_t< T > | as () const |
| virtual bool | operator== (const Object &other) const |
| virtual bool | operator!= (const Object &other) const |
| virtual | ~Object () |
Static Public Member Functions | |
| static bool | classof (const LIEF::Binary *bin) |
Detailed Description
Member Typedef Documentation
◆ data_directories_t
| using LIEF::PE::Binary::data_directories_t = std::vector<std::unique_ptr<DataDirectory>> |
Internal container for storing PE's DataDirectory.
◆ debug_entries_t
| using LIEF::PE::Binary::debug_entries_t = std::vector<std::unique_ptr<Debug>> |
Internal container for storing Debug information.
◆ delay_imports_t
| using LIEF::PE::Binary::delay_imports_t = std::vector<std::unique_ptr<DelayImport>> |
Internal container for storing PE's DelayImport.
◆ exceptions_t
| using LIEF::PE::Binary::exceptions_t = std::vector<std::unique_ptr<ExceptionInfo>> |
Internal container for storing runtime function associated with exceptions.
◆ imports_t
| using LIEF::PE::Binary::imports_t = std::vector<std::unique_ptr<Import>> |
◆ it_const_data_directories
| using LIEF::PE::Binary::it_const_data_directories = const_ref_iterator<const data_directories_t&, const DataDirectory*> |
Iterator that outputs const DataDirectory&.
◆ it_const_debug_entries
| using LIEF::PE::Binary::it_const_debug_entries = const_ref_iterator<const debug_entries_t&, const Debug*> |
Iterator that outputs const Debug&.
◆ it_const_delay_imports
| using LIEF::PE::Binary::it_const_delay_imports = const_ref_iterator<const delay_imports_t&, const DelayImport*> |
Iterator that outputs const DelayImport&.
◆ it_const_exceptions
| using LIEF::PE::Binary::it_const_exceptions = const_ref_iterator<const exceptions_t&, const ExceptionInfo*> |
Iterator that outputs const ExceptionInfo&.
◆ it_const_imports
| using LIEF::PE::Binary::it_const_imports = const_ref_iterator<const imports_t&, const Import*> |
Iterator that outputs const Import&.
◆ it_const_relocations
| using LIEF::PE::Binary::it_const_relocations = const_ref_iterator<const relocations_t&, const Relocation*> |
Iterator that outputs const Relocation&.
◆ it_const_sections
| using LIEF::PE::Binary::it_const_sections = const_ref_iterator<const sections_t&, const Section*> |
Iterator that outputs const Section& object.
◆ it_const_signatures
| using LIEF::PE::Binary::it_const_signatures = const_ref_iterator<const signatures_t&> |
Iterator that outputs const Signature&.
◆ it_const_strings_table
Iterator that outputs const COFF::String&.
◆ it_const_symbols
| using LIEF::PE::Binary::it_const_symbols = const_ref_iterator<const symbols_t&, const COFF::Symbol*> |
Iterator that outputs const Symbol&.
◆ it_data_directories
Iterator that outputs DataDirectory&.
◆ it_debug_entries
Iterator that outputs Debug&.
◆ it_delay_imports
Iterator that output DelayImport&.
◆ it_exceptions
Iterator that outputs ExceptionInfo&.
◆ it_imports
| using LIEF::PE::Binary::it_imports = ref_iterator<imports_t&, Import*> |
Iterator that output Import&.
◆ it_relocations
Iterator that outputs Relocation&.
◆ it_sections
| using LIEF::PE::Binary::it_sections = ref_iterator<sections_t&, Section*> |
Iterator that outputs Section& object.
◆ it_signatures
Iterator that outputs Signature&.
◆ it_strings_table
Iterator that outputs COFF::String&.
◆ it_symbols
Iterator that outputs Symbol&.
◆ relocations_t
| using LIEF::PE::Binary::relocations_t = std::vector<std::unique_ptr<Relocation>> |
Internal container for storing PE's Relocation.
◆ sections_t
| using LIEF::PE::Binary::sections_t = std::vector<std::unique_ptr<Section>> |
◆ signatures_t
| using LIEF::PE::Binary::signatures_t = std::vector<Signature> |
◆ strings_table_t
| using LIEF::PE::Binary::strings_table_t = std::vector<COFF::String> |
Internal container for storing strings.
◆ symbols_t
| using LIEF::PE::Binary::symbols_t = std::vector<std::unique_ptr<COFF::Symbol>> |
Internal container for storing COFF Symbols.
Constructor & Destructor Documentation
◆ Binary()
| LIEF::PE::Binary::Binary | ( | ) |
◆ ~Binary()
|
override |
Member Function Documentation
◆ accept()
|
overridevirtual |
Method so that a visitor can visit us.
Reimplemented from LIEF::Binary.
◆ add_debug_info()
◆ add_import()
|
inline |
Add an imported library (i.e. DLL) to the binary.
The second parameter pos defines where to insert the import. If negative (default), the import is appended to the end of the list.
◆ add_relocation()
| Relocation & LIEF::PE::Binary::add_relocation | ( | const Relocation & | relocation | ) |
Add a new PE Relocation.
◆ add_section()
Add a section to the binary and return the section added.
◆ authentihash()
| std::vector< uint8_t > LIEF::PE::Binary::authentihash | ( | ALGORITHMS | algo | ) | const |
Compute the authentihash according to the algorithm provided in the first parameter.
◆ cert_dir() [1/2]
|
inline |
Return the data directory associated with the certificate table (authenticode).
References LIEF::PE::DataDirectory::CERTIFICATE_TABLE, and data_directory().
◆ cert_dir() [2/2]
|
inline |
References LIEF::PE::DataDirectory::CERTIFICATE_TABLE, and data_directory().
◆ classof()
|
inlinestatic |
References LIEF::Binary::format(), and LIEF::Binary::PE.
◆ clear_debug()
| bool LIEF::PE::Binary::clear_debug | ( | ) |
Remove all debug info from the binary.
◆ codeview_pdb()
| const CodeViewPDB * LIEF::PE::Binary::codeview_pdb | ( | ) | const |
Return the CodeViewPDB object if present.
◆ coff_string_table() [1/2]
|
inline |
◆ coff_string_table() [2/2]
|
inline |
Iterator over the strings located in the COFF string table.
◆ compute_checksum()
| uint32_t LIEF::PE::Binary::compute_checksum | ( | ) | const |
Re-compute the value of OptionalHeader::checksum. If both values do not match, it could mean that the binary has been modified after the compilation.
This value is computed by LIEF for the current binary object.
◆ ctor_functions()
|
overridevirtual |
Return the list of the binary constructors.
In a PE file, we consider a constructors as a callback in the TLS object
Implements LIEF::Binary.
◆ data_directories() [1/2]
|
inline |
Return an iterator over the DataDirectory present in the Binary.
◆ data_directories() [2/2]
|
inline |
◆ data_directory() [1/2]
|
inline |
Return the DataDirectory with the given type (or index).
References Binary(), and type().
Referenced by cert_dir(), cert_dir(), debug_dir(), debug_dir(), delay_dir(), delay_dir(), exceptions_dir(), exceptions_dir(), export_dir(), export_dir(), has(), iat_dir(), iat_dir(), import_dir(), import_dir(), load_config_dir(), load_config_dir(), relocation_dir(), relocation_dir(), rsrc_dir(), rsrc_dir(), tls_dir(), and tls_dir().
◆ data_directory() [2/2]
| const DataDirectory * LIEF::PE::Binary::data_directory | ( | DataDirectory::TYPES | type | ) | const |
References type().
◆ debug() [1/2]
|
inline |
Return an iterator over the Debug entries.
◆ debug() [2/2]
|
inline |
◆ debug_dir() [1/2]
|
inline |
Return the data directory associated with the debug table.
References data_directory(), and LIEF::PE::DataDirectory::DEBUG_DIR.
◆ debug_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::DEBUG_DIR.
◆ delay_dir() [1/2]
|
inline |
Return the data directory associated with delayed imports.
References data_directory(), and LIEF::PE::DataDirectory::DELAY_IMPORT_DESCRIPTOR.
◆ delay_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::DELAY_IMPORT_DESCRIPTOR.
◆ delay_imports() [1/2]
|
inline |
Return an iterator over the binary's delay imports.
◆ delay_imports() [2/2]
|
inline |
◆ dos_header() [1/2]
|
inline |
Return a reference to the PE::DosHeader object.
◆ dos_header() [2/2]
|
inline |
◆ dos_stub() [1/3]
|
inline |
◆ dos_stub() [2/3]
|
inline |
Return the DOS stub content.
◆ dos_stub() [3/3]
|
inline |
Update the DOS stub content.
◆ entrypoint()
|
inlineoverridevirtual |
Return the binary's entrypoint (It is the same value as OptionalHeader::addressof_entrypoint.
Implements LIEF::Binary.
◆ exception_functions()
| LIEF::Binary::functions_t LIEF::PE::Binary::exception_functions | ( | ) | const |
Functions found in the Exception table directory.
◆ exceptions() [1/2]
|
inline |
Iterator over the exception (_RUNTIME_FUNCTION) functions.
- Warning
- This function requires that the option LIEF::PE::ParserConfig::parse_exceptions was turned on (default is false) when parsing the binary
◆ exceptions() [2/2]
|
inline |
◆ exceptions_dir() [1/2]
|
inline |
Return the data directory associated with the exceptions.
References data_directory(), and LIEF::PE::DataDirectory::EXCEPTION_TABLE.
Referenced by has_exceptions().
◆ exceptions_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::EXCEPTION_TABLE.
◆ export_dir() [1/2]
|
inline |
Return the data directory associated with the export table.
References data_directory(), and LIEF::PE::DataDirectory::EXPORT_TABLE.
◆ export_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::EXPORT_TABLE.
◆ fill_address()
| void LIEF::PE::Binary::fill_address | ( | uint64_t | address, |
| size_t | size, | ||
| uint8_t | value = 0, | ||
| VA_TYPES | addr_type = VA_TYPES::AUTO ) |
Fill the content at the provided with a fixed value.
References LIEF::Binary::AUTO.
◆ find_coff_string() [1/2]
|
inline |
Try to find the COFF string at the given offset in the COFF string table.
- Warning
- This offset must include the first 4 bytes holding the size of the table. Hence, the first string starts a the offset 4.
Referenced by find_coff_string().
◆ find_coff_string() [2/2]
|
inline |
References Binary(), and find_coff_string().
◆ find_exception_at() [1/2]
| ExceptionInfo * LIEF::PE::Binary::find_exception_at | ( | uint32_t | rva | ) |
Try to find the exception info at the given RVA.
- Warning
- This function requires that the option LIEF::PE::ParserConfig::parse_exceptions was turned on (default is false) when parsing the binary
Referenced by find_exception_at().
◆ find_exception_at() [2/2]
|
inline |
References Binary(), and find_exception_at().
◆ functions()
| LIEF::Binary::functions_t LIEF::PE::Binary::functions | ( | ) | const |
All functions found in the binary
◆ get_content_from_virtual_address()
|
overridevirtual |
Return the content located at the provided virtual address.
- Parameters
-
[in] virtual_address Virtual address of the data to retrieve [in] size Size in bytes of the data to retrieve [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
References LIEF::Binary::AUTO.
◆ get_delay_import() [1/2]
|
inline |
Returns the DelayImport matching the given name. If it can't be found, it returns a nullptr.
References Binary().
Referenced by has_delay_import().
◆ get_delay_import() [2/2]
| const DelayImport * LIEF::PE::Binary::get_delay_import | ( | const std::string & | import_name | ) | const |
◆ get_export() [1/2]
◆ get_export() [2/2]
|
inline |
◆ get_function_address()
|
overridevirtual |
Attempt to resolve the address of the function specified by name.
Reimplemented from LIEF::Binary.
◆ get_import() [1/2]
|
inline |
Return the Import matching the provided name (case sensitive).
If the import can't be found, it returns a nullptr
References Binary().
Referenced by has_import().
◆ get_import() [2/2]
| const Import * LIEF::PE::Binary::get_import | ( | const std::string & | import_name | ) | const |
◆ get_section() [1/2]
|
inline |
◆ get_section() [2/2]
| const Section * LIEF::PE::Binary::get_section | ( | const std::string & | name | ) | const |
◆ has()
|
inline |
Check if the current binary has the given DataDirectory::TYPES.
References data_directory(), and type().
◆ has_configuration()
|
inline |
Check if the current binary has a load configuration.
◆ has_debug()
|
inline |
Check if the current binary contains debug information.
◆ has_delay_import()
|
inline |
True if the binary delay-imports the given library name
References get_delay_import().
◆ has_delay_imports()
|
inline |
Check if the current binary contains delay imports.
◆ has_exceptions()
|
inline |
Check if the current binary has exceptions.
References exceptions_dir().
◆ has_exports()
|
inline |
Check if the current binary has exports.
- See also
- Export
◆ has_import()
|
inline |
True if the binary imports the given library name
References get_import().
◆ has_imports()
|
inline |
Check if the current binary contains imports.
- See also
- Import
◆ has_nx()
|
inlineoverridevirtual |
Check if the binary uses NX protection.
Implements LIEF::Binary.
References LIEF::PE::OptionalHeader::NX_COMPAT.
◆ has_relocations()
|
inline |
Check if the current binary has relocations.
- See also
- Relocation
◆ has_resources()
|
inline |
Check if the current binary has resources.
◆ has_rich_header()
|
inline |
Check if the current binary has a RichHeader object.
◆ has_signatures()
|
inline |
Check if the current binary contains signatures.
- See also
- signatures
◆ has_tls()
|
inline |
Check if the current binary has a TLS object.
◆ header() [1/2]
|
inline |
Return a reference to the PE::Header object.
◆ header() [2/2]
|
inline |
◆ iat_dir() [1/2]
|
inline |
Return the data directory associated with the IAT.
References data_directory(), and LIEF::PE::DataDirectory::IAT.
◆ iat_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::IAT.
◆ imagebase()
|
inlineoverridevirtual |
Return binary's imagebase. 0 if not relevant.
The value is the same as those returned by OptionalHeader::imagebase
Implements LIEF::Binary.
References optional_header().
◆ import_dir() [1/2]
|
inline |
Return the data directory associated with the import table.
References data_directory(), and LIEF::PE::DataDirectory::IMPORT_TABLE.
◆ import_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::IMPORT_TABLE.
◆ import_section() [1/2]
◆ import_section() [2/2]
| const Section * LIEF::PE::Binary::import_section | ( | ) | const |
Return the section associated with import table or a nullptr if the binary does not have an import table.
◆ imports() [1/2]
|
inline |
Return an iterator over the binary imports.
◆ imports() [2/2]
|
inline |
◆ is_arm64ec()
| bool LIEF::PE::Binary::is_arm64ec | ( | ) | const |
True if this binary is compiled in ARM64EC mode (emulation compatible).
◆ is_arm64x()
| bool LIEF::PE::Binary::is_arm64x | ( | ) | const |
True if this binary is compiled in ARM64X mode (contains both ARM64 and ARM64EC code).
◆ is_pie()
|
inlineoverridevirtual |
Check if the binary is position independent.
Implements LIEF::Binary.
References LIEF::PE::OptionalHeader::DYNAMIC_BASE.
◆ is_reproducible_build()
| bool LIEF::PE::Binary::is_reproducible_build | ( | ) | const |
Check if the current binary is reproducible build, replacing timestamps by a compile hash.
- See also
- Repro
◆ last_section_offset()
| uint64_t LIEF::PE::Binary::last_section_offset | ( | ) | const |
◆ load_config_dir() [1/2]
|
inline |
Return the data directory associated with the load config.
References data_directory(), and LIEF::PE::DataDirectory::LOAD_CONFIG_TABLE.
◆ load_config_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::LOAD_CONFIG_TABLE.
◆ load_configuration() [1/2]
|
inline |
◆ load_configuration() [2/2]
|
inline |
Retrun the LoadConfiguration object or a nullptr if the binary does not use the LoadConfiguration.
◆ nested_pe_binary() [1/2]
◆ nested_pe_binary() [2/2]
|
inline |
If the current binary contains dynamic relocations (e.g. LIEF::PE::DynamicFixupARM64X), this function returns the relocated view of the current PE.
This can be used to get the alternative PE binary, targeting a different architectures.
- Warning
- This function requires that the option LIEF::PE::ParserConfig::parse_arm64x_binary was turned on (default is false) when parsing the binary
References Binary().
◆ offset_to_virtual_address()
|
overridevirtual |
Convert the given offset into a virtual address.
- Parameters
-
[in] offset The offset to convert. [in] slide If not 0, it will replace the default base address (if any)
Implements LIEF::Binary.
◆ optional_header() [1/2]
|
inline |
Header that follows the header(). It is named optional from the COFF specfication but it is mandatory in a PE file.
Referenced by imagebase(), and va_to_offset().
◆ optional_header() [2/2]
|
inline |
◆ overlay() [1/2]
|
inline |
◆ overlay() [2/2]
|
inline |
Return the overlay content.
◆ overlay_offset()
|
inline |
Return the original overlay offset.
◆ patch_address() [1/2]
|
overridevirtual |
Patch the content at virtual address address with patch_value.
- Parameters
-
[in] address Address to patch [in] patch_value Patch to apply [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
References LIEF::Binary::AUTO.
◆ patch_address() [2/2]
|
overridevirtual |
Patch the address with the given value.
- Parameters
-
[in] address Address to patch [in] patch_value Patch to apply [in] size Size of the value in bytes (1, 2, ... 8) [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
References LIEF::Binary::AUTO.
◆ print()
|
overridevirtual |
Reimplemented from LIEF::Binary.
References LIEF_LOCAL.
◆ relocation_dir() [1/2]
|
inline |
Return the data directory associated with the relocation table.
References LIEF::PE::DataDirectory::BASE_RELOCATION_TABLE, and data_directory().
◆ relocation_dir() [2/2]
|
inline |
References LIEF::PE::DataDirectory::BASE_RELOCATION_TABLE, and data_directory().
◆ relocations() [1/2]
|
inline |
Return an iterator over the PE's Relocation.
◆ relocations() [2/2]
|
inline |
◆ remove()
| void LIEF::PE::Binary::remove | ( | const Section & | section, |
| bool | clear = false ) |
Remove the given section.
- See also
- remove_section
◆ remove_all_imports()
|
inline |
Remove all libraries in the binary.
◆ remove_all_relocations()
| void LIEF::PE::Binary::remove_all_relocations | ( | ) |
Remove all the relocations.
◆ remove_debug()
| bool LIEF::PE::Binary::remove_debug | ( | const Debug & | entry | ) |
Remove a specific debug entry.
◆ remove_import()
| bool LIEF::PE::Binary::remove_import | ( | const std::string & | name | ) |
Remove the imported library with the given name.
Return true if the deletion succeed, false otherwise.
◆ remove_section()
|
overridevirtual |
Delete the section with the given name.
- Parameters
-
[in] name Name of section to delete [in] clear if true clear the section's content with 0 before removing (default: false)
Implements LIEF::Binary.
◆ remove_tls()
| void LIEF::PE::Binary::remove_tls | ( | ) |
Remove the TLS from the binary.
◆ resources() [1/2]
|
inline |
Return resources as a tree or a nullptr if there is no resources.
◆ resources() [2/2]
|
inline |
◆ resources_manager()
| result< ResourcesManager > LIEF::PE::Binary::resources_manager | ( | ) | const |
Return the ResourcesManager (class to manage resources more easily than the tree one).
◆ rich_header() [1/3]
|
inline |
Return a reference to the RichHeader object.
Referenced by rich_header().
◆ rich_header() [2/3]
|
inline |
◆ rich_header() [3/3]
| void LIEF::PE::Binary::rich_header | ( | const RichHeader & | rich_header | ) |
Set a RichHeader object in the current Binary.
References rich_header().
◆ rsrc_dir() [1/2]
|
inline |
Return the data directory associated with the resources tree.
References data_directory(), and LIEF::PE::DataDirectory::RESOURCE_TABLE.
◆ rsrc_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::RESOURCE_TABLE.
◆ rva_to_offset()
| uint64_t LIEF::PE::Binary::rva_to_offset | ( | uint64_t | RVA | ) | const |
Convert a Relative Virtual Address into an offset.
The conversion is performed by looking for the section that encompasses the provided RVA.
Referenced by va_to_offset().
◆ section_from_offset() [1/2]
|
inline |
Find the section associated that encompasses the given offset.
If no section can be found, return a nullptr
References Binary().
◆ section_from_offset() [2/2]
| const Section * LIEF::PE::Binary::section_from_offset | ( | uint64_t | offset | ) | const |
◆ section_from_rva() [1/2]
|
inline |
Find the section associated that encompasses the given RVA.
If no section can be found, return a nullptr
References Binary().
◆ section_from_rva() [2/2]
| const Section * LIEF::PE::Binary::section_from_rva | ( | uint64_t | virtual_address | ) | const |
◆ sections() [1/2]
|
inline |
◆ sections() [2/2]
|
inline |
◆ set_export()
◆ set_resources() [1/2]
| ResourceNode * LIEF::PE::Binary::set_resources | ( | const ResourceNode & | root | ) |
Change or set the current resource tree with the new one provided in parameter.
◆ set_resources() [2/2]
| ResourceNode * LIEF::PE::Binary::set_resources | ( | std::unique_ptr< ResourceNode > | root | ) |
◆ signatures() [1/2]
|
inline |
◆ signatures() [2/2]
|
inline |
Return an iterator over the Signature object(s) if the binary is signed.
◆ sizeof_headers()
| uint32_t LIEF::PE::Binary::sizeof_headers | ( | ) | const |
Compute the size of all the headers.
◆ symbols() [1/2]
|
inline |
Return binary Symbols.
◆ symbols() [2/2]
|
inline |
◆ tls() [1/3]
◆ tls() [2/3]
|
inline |
◆ tls() [3/3]
◆ tls_dir() [1/2]
|
inline |
Return the data directory associated with TLS.
References data_directory(), and LIEF::PE::DataDirectory::TLS_TABLE.
◆ tls_dir() [2/2]
|
inline |
References data_directory(), and LIEF::PE::DataDirectory::TLS_TABLE.
◆ type()
|
inline |
Return PE32 or PE32+.
Referenced by data_directory(), data_directory(), and has().
◆ va_to_offset()
|
inline |
Convert the absolute virtual address into an offset.
- See also
- rva_to_offset
References optional_header(), and rva_to_offset().
◆ verify_signature() [1/2]
| Signature::VERIFICATION_FLAGS LIEF::PE::Binary::verify_signature | ( | const Signature & | sig, |
| Signature::VERIFICATION_CHECKS | checks = Signature::VERIFICATION_CHECKS::DEFAULT ) const |
Verify the binary with the Signature object provided in the first parameter. It can be used to verify a detached signature:
if (detached) {
binary->verify_signature(detached.value());
}
static result< Signature > parse(std::vector< uint8_t > data, bool skip_header=false)
Parse a PKCS #7 signature given a raw blob.
References LIEF::PE::Signature::DEFAULT.
◆ verify_signature() [2/2]
| Signature::VERIFICATION_FLAGS LIEF::PE::Binary::verify_signature | ( | Signature::VERIFICATION_CHECKS | checks = Signature::VERIFICATION_CHECKS::DEFAULT | ) | const |
Verify the binary against the embedded signature(s) (if any) First, it checks that the embedded signatures are correct (c.f. Signature::check) and then, it checks that the authentihash matches ContentInfo::digest.
One can tweak the verification process with the Signature::VERIFICATION_CHECKS flags
- See also
- LIEF::PE::Signature::check
References LIEF::PE::Signature::DEFAULT.
◆ virtual_size()
|
overridevirtual |
Compute the binary's virtual size. It should match OptionalHeader::sizeof_image.
Reimplemented from LIEF::Binary.
◆ write() [1/4]
|
inline |
◆ write() [2/4]
| std::unique_ptr< Builder > LIEF::PE::Binary::write | ( | const std::string & | filename, |
| const Builder::config_t & | config ) |
Reconstruct the binary object with the given configuration and write it in filename.
◆ write() [3/4]
|
inline |
◆ write() [4/4]
| std::unique_ptr< Builder > LIEF::PE::Binary::write | ( | std::ostream & | os, |
| const Builder::config_t & | config ) |
The documentation for this class was generated from the following file:
Generated by
1.17.0