LIEF: Library to Instrument Executable Formats Version 0.16.0
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | List of all members
LIEF::PE::Header Class Reference

Class that represents the PE header (which follows the DosHeader) More...

#include <Header.hpp>

Inheritance diagram for LIEF::PE::Header:
Inheritance graph
[legend]
Collaboration diagram for LIEF::PE::Header:
Collaboration graph
[legend]

Public Types

enum class  MACHINE_TYPES {
  UNKNOWN = 0x0 , AM33 = 0x1D3 , AMD64 = 0x8664 , ARM = 0x1C0 ,
  ARMNT = 0x1C4 , ARM64 = 0xAA64 , EBC = 0xEBC , I386 = 0x14C ,
  IA64 = 0x200 , M32R = 0x9041 , MIPS16 = 0x266 , MIPSFPU = 0x366 ,
  MIPSFPU16 = 0x466 , POWERPC = 0x1F0 , POWERPCFP = 0x1F1 , POWERPCBE = 0x1F2 ,
  R4000 = 0x166 , RISCV32 = 0x5032 , RISCV64 = 0x5064 , RISCV128 = 0x5128 ,
  SH3 = 0x1A2 , SH3DSP = 0x1A3 , SH4 = 0x1A6 , SH5 = 0x1A8 ,
  THUMB = 0x1C2 , WCEMIPSV2 = 0x169
}
 
enum class  CHARACTERISTICS {
  NONE = 0x0000 , RELOCS_STRIPPED = 0x0001 , EXECUTABLE_IMAGE = 0x0002 , LINE_NUMS_STRIPPED = 0x0004 ,
  LOCAL_SYMS_STRIPPED = 0x0008 , AGGRESSIVE_WS_TRIM = 0x0010 , LARGE_ADDRESS_AWARE = 0x0020 , BYTES_REVERSED_LO = 0x0080 ,
  NEED_32BIT_MACHINE = 0x0100 , DEBUG_STRIPPED = 0x0200 , REMOVABLE_RUN_FROM_SWAP = 0x0400 , NET_RUN_FROM_SWAP = 0x0800 ,
  SYSTEM = 0x1000 , DLL = 0x2000 , UP_SYSTEM_ONLY = 0x4000 , BYTES_REVERSED_HI = 0x8000
}
 
using signature_t = std::array<uint8_t, 4>
 
- Public Types inherited from LIEF::Object
template<class T >
using output_t = add_pointer_t<decay_t<T>>
 
template<class T >
using output_const_t = add_pointer_t<add_const_t<decay_t<T>>>
 

Public Member Functions

 Header (const details::pe_header &header)
 
 ~Header () override=default
 
Headeroperator= (const Header &)=default
 
 Header (const Header &)=default
 
const signature_tsignature () const
 Signature (or magic byte) of the header. It must be: PE\0\0
 
MACHINE_TYPES machine () const
 The targeted machine architecture like ARM, x86, AMD64, ...
 
uint16_t numberof_sections () const
 The number of sections in the binary.
 
uint32_t time_date_stamp () const
 The low 32 bits of the number of seconds since January 1, 1970. It indicates when the file was created.
 
uint32_t pointerto_symbol_table () const
 The offset of the COFF symbol table.
 
uint32_t numberof_symbols () const
 The number of entries in the symbol table. This data can be used to locate the string table which immediately follows the symbol table.
 
uint16_t sizeof_optional_header () const
 Size of the OptionalHeader AND the data directories which follows this header.
 
uint32_t characteristics () const
 Characteristics of the binary like whether it is a DLL or an executable.
 
bool has_characteristic (CHARACTERISTICS c) const
 Check if the given CHARACTERISTICS is present.
 
std::vector< CHARACTERISTICScharacteristics_list () const
 The list of the CHARACTERISTICS.
 
void machine (MACHINE_TYPES type)
 
void numberof_sections (uint16_t nb)
 
void time_date_stamp (uint32_t timestamp)
 
void pointerto_symbol_table (uint32_t ptr)
 
void numberof_symbols (uint32_t nb)
 
void sizeof_optional_header (uint16_t size)
 
void characteristics (uint32_t characteristics)
 
void signature (const signature_t &sig)
 
void add_characteristic (CHARACTERISTICS c)
 
void remove_characteristic (CHARACTERISTICS c)
 
void accept (Visitor &visitor) const override
 
- Public Member Functions inherited from LIEF::Object
 Object ()
 
 Object (const Object &other)
 
Objectoperator= (const Object &other)
 
template<class T >
output_t< T > as ()
 
template<class T >
output_const_t< T > as () const
 
virtual bool operator== (const Object &other) const
 
virtual bool operator!= (const Object &other) const
 
virtual ~Object ()
 

Static Public Member Functions

static Header create (PE_TYPE type)
 

Detailed Description

Class that represents the PE header (which follows the DosHeader)

Member Typedef Documentation

◆ signature_t

using LIEF::PE::Header::signature_t = std::array<uint8_t, 4>

Member Enumeration Documentation

◆ CHARACTERISTICS

enum class LIEF::PE::Header::CHARACTERISTICS
strong
Enumerator
NONE 
RELOCS_STRIPPED 

The file does not contain base relocations and must be loaded at its preferred base. If this cannot be done, the loader will error.

EXECUTABLE_IMAGE 

File is executable (i.e. no unresolved externel references).

LINE_NUMS_STRIPPED 

COFF line numbers have been stripped. This is deprecated and should be 0

LOCAL_SYMS_STRIPPED 

COFF symbol table entries for local symbols have been removed. This is deprecated and should be 0.

AGGRESSIVE_WS_TRIM 

Aggressively trim working set. This is deprecated and must be 0.

LARGE_ADDRESS_AWARE 

Image can handle > 2GiB addresses.

BYTES_REVERSED_LO 

Little endian: the LSB precedes the MSB in memory. This is deprecated and should be 0.

NEED_32BIT_MACHINE 

Machine is based on a 32bit word architecture.

DEBUG_STRIPPED 

Debugging info has been removed.

REMOVABLE_RUN_FROM_SWAP 

If the image is on removable media, fully load it and copy it to swap.

NET_RUN_FROM_SWAP 

If the image is on network media, fully load it and copy it to swap.

SYSTEM 

The image file is a system file, not a user program.

DLL 

The image file is a DLL.

UP_SYSTEM_ONLY 

This file should only be run on a uniprocessor machine.

BYTES_REVERSED_HI 

Big endian: the MSB precedes the LSB in memory. This is deprecated

◆ MACHINE_TYPES

enum class LIEF::PE::Header::MACHINE_TYPES
strong
Enumerator
UNKNOWN 
AM33 

Matsushita AM33

AMD64 

AMD x64

ARM 

ARM little endian

ARMNT 

ARMv7 Thumb mode only

ARM64 

ARMv8 in 64-bits mode

EBC 

EFI byte code

I386 

Intel 386 or later

IA64 

Intel Itanium processor family

M32R 

Mitsubishi M32R little endian

MIPS16 

MIPS16

MIPSFPU 

MIPS with FPU

MIPSFPU16 

MIPS16 with FPU

POWERPC 

Power PC little endian

POWERPCFP 

Power PC with floating point

POWERPCBE 

Power PC big endian

R4000 

MIPS with little endian

RISCV32 

RISC-V 32-bit address space

RISCV64 

RISC-V 64-bit address space

RISCV128 

RISC-V 128-bit address space

SH3 

Hitachi SH3

SH3DSP 

Hitachi SH3 DSP

SH4 

Hitachi SH4

SH5 

Hitachi SH5

THUMB 

ARM or Thumb

WCEMIPSV2 

MIPS little-endian WCE v2

Constructor & Destructor Documentation

◆ Header() [1/2]

LIEF::PE::Header::Header ( const details::pe_header & header)

◆ ~Header()

LIEF::PE::Header::~Header ( )
overridedefault

◆ Header() [2/2]

LIEF::PE::Header::Header ( const Header & )
default

Member Function Documentation

◆ accept()

void LIEF::PE::Header::accept ( Visitor & visitor) const
overridevirtual

Implements LIEF::Object.

◆ add_characteristic()

void LIEF::PE::Header::add_characteristic ( CHARACTERISTICS c)
inline

◆ characteristics() [1/2]

uint32_t LIEF::PE::Header::characteristics ( ) const
inline

Characteristics of the binary like whether it is a DLL or an executable.

◆ characteristics() [2/2]

void LIEF::PE::Header::characteristics ( uint32_t characteristics)
inline

◆ characteristics_list()

std::vector< CHARACTERISTICS > LIEF::PE::Header::characteristics_list ( ) const

The list of the CHARACTERISTICS.

◆ create()

static Header LIEF::PE::Header::create ( PE_TYPE type)
static

◆ has_characteristic()

bool LIEF::PE::Header::has_characteristic ( CHARACTERISTICS c) const
inline

Check if the given CHARACTERISTICS is present.

◆ machine() [1/2]

MACHINE_TYPES LIEF::PE::Header::machine ( ) const
inline

The targeted machine architecture like ARM, x86, AMD64, ...

◆ machine() [2/2]

void LIEF::PE::Header::machine ( MACHINE_TYPES type)
inline

◆ numberof_sections() [1/2]

uint16_t LIEF::PE::Header::numberof_sections ( ) const
inline

The number of sections in the binary.

◆ numberof_sections() [2/2]

void LIEF::PE::Header::numberof_sections ( uint16_t nb)
inline

◆ numberof_symbols() [1/2]

uint32_t LIEF::PE::Header::numberof_symbols ( ) const
inline

The number of entries in the symbol table. This data can be used to locate the string table which immediately follows the symbol table.

This value should be zero for an image because COFF debugging information is deprecated.

◆ numberof_symbols() [2/2]

void LIEF::PE::Header::numberof_symbols ( uint32_t nb)
inline

◆ operator=()

Header & LIEF::PE::Header::operator= ( const Header & )
default

◆ pointerto_symbol_table() [1/2]

uint32_t LIEF::PE::Header::pointerto_symbol_table ( ) const
inline

The offset of the COFF symbol table.

This value should be zero for an image because COFF debugging information is deprecated.

◆ pointerto_symbol_table() [2/2]

void LIEF::PE::Header::pointerto_symbol_table ( uint32_t ptr)
inline

◆ remove_characteristic()

void LIEF::PE::Header::remove_characteristic ( CHARACTERISTICS c)
inline

◆ signature() [1/2]

const signature_t & LIEF::PE::Header::signature ( ) const
inline

Signature (or magic byte) of the header. It must be: PE\0\0

◆ signature() [2/2]

void LIEF::PE::Header::signature ( const signature_t & sig)
inline

◆ sizeof_optional_header() [1/2]

uint16_t LIEF::PE::Header::sizeof_optional_header ( ) const
inline

Size of the OptionalHeader AND the data directories which follows this header.

This value is equivalent to: sizeof(pe_optional_header) + NB_DATA_DIR * sizeof(data_directory)

This size should be either:

  • 0xE0 (224) for a PE32 (32 bits)
  • 0xF0 (240) for a PE32+ (64 bits)

◆ sizeof_optional_header() [2/2]

void LIEF::PE::Header::sizeof_optional_header ( uint16_t size)
inline

◆ time_date_stamp() [1/2]

uint32_t LIEF::PE::Header::time_date_stamp ( ) const
inline

The low 32 bits of the number of seconds since January 1, 1970. It indicates when the file was created.

◆ time_date_stamp() [2/2]

void LIEF::PE::Header::time_date_stamp ( uint32_t timestamp)
inline
The documentation for this class was generated from the following file:
Generated by doxygen 1.13.0