Class that represents the PE header (which follows the DosHeader) More...

#include <Header.hpp>

Inheritance diagram for LIEF::PE::Header:

Collaboration diagram for LIEF::PE::Header:

Public Types
enum class	MACHINE_TYPES { UNKNOWN = 0x0 , ALPHA = 0x184 , ALPHA64 = 0x284 , AM33 = 0x1D3 , AMD64 = 0x8664 , ARM = 0x1C0 , ARMNT = 0x1C4 , ARM64 = 0xAA64 , EBC = 0xEBC , I386 = 0x14C , IA64 = 0x200 , LOONGARCH32 = 0x6232 , LOONGARCH64 = 0x6264 , M32R = 0x9041 , MIPS16 = 0x266 , MIPSFPU = 0x366 , MIPSFPU16 = 0x466 , POWERPC = 0x1F0 , POWERPCFP = 0x1F1 , POWERPCBE = 0x1F2 , R4000 = 0x166 , RISCV32 = 0x5032 , RISCV64 = 0x5064 , RISCV128 = 0x5128 , SH3 = 0x1A2 , SH3DSP = 0x1A3 , SH4 = 0x1A6 , SH5 = 0x1A8 , THUMB = 0x1C2 , WCEMIPSV2 = 0x169 , ARM64EC = 0xa641 , ARM64X = 0xa64e , CHPE_X86 = 0x3a64 }

enum class	CHARACTERISTICS { NONE = 0x0000 , RELOCS_STRIPPED = 0x0001 , EXECUTABLE_IMAGE = 0x0002 , LINE_NUMS_STRIPPED = 0x0004 , LOCAL_SYMS_STRIPPED = 0x0008 , AGGRESSIVE_WS_TRIM = 0x0010 , LARGE_ADDRESS_AWARE = 0x0020 , BYTES_REVERSED_LO = 0x0080 , NEED_32BIT_MACHINE = 0x0100 , DEBUG_STRIPPED = 0x0200 , REMOVABLE_RUN_FROM_SWAP = 0x0400 , NET_RUN_FROM_SWAP = 0x0800 , SYSTEM = 0x1000 , DLL = 0x2000 , UP_SYSTEM_ONLY = 0x4000 , BYTES_REVERSED_HI = 0x8000 }

using	signature_t = std::array<uint8_t, 4>

Public Types inherited from LIEF::Object
template<class T >
using	output_t = add_pointer_t<decay_t<T>>

template<class T >
using	output_const_t = add_pointer_t<add_const_t<decay_t<T>>>

Public Member Functions
	Header (const details::pe_header &header)

	~Header () override=default

Header &	operator= (const Header &)=default

	Header (const Header &)=default

const signature_t &	signature () const
	Signature (or magic byte) of the header. It must be: `PE\0\0`

MACHINE_TYPES	machine () const
	The targeted machine architecture like ARM, x86, AMD64, ...

uint16_t	numberof_sections () const
	The number of sections in the binary.

uint32_t	time_date_stamp () const
	The low 32 bits of the number of seconds since January 1, 1970. It indicates when the file was created.

uint32_t	pointerto_symbol_table () const
	The offset of the COFF symbol table.

uint32_t	numberof_symbols () const
	The number of entries in the symbol table. This data can be used to locate the string table which immediately follows the symbol table.

uint16_t	sizeof_optional_header () const
	Size of the OptionalHeader AND the data directories which follows this header.

uint32_t	characteristics () const
	Characteristics of the binary like whether it is a DLL or an executable.

bool	has_characteristic (CHARACTERISTICS c) const
	Check if the given CHARACTERISTICS is present.

std::vector< CHARACTERISTICS >	characteristics_list () const
	The list of the CHARACTERISTICS.

void	machine (MACHINE_TYPES type)

void	numberof_sections (uint16_t nb)

void	time_date_stamp (uint32_t timestamp)

void	pointerto_symbol_table (uint32_t ptr)

void	numberof_symbols (uint32_t nb)

void	sizeof_optional_header (uint16_t size)

void	characteristics (uint32_t characteristics)

void	signature (const signature_t &sig)

void	add_characteristic (CHARACTERISTICS c)

void	remove_characteristic (CHARACTERISTICS c)

void	accept (Visitor &visitor) const override

Public Member Functions inherited from LIEF::Object
	Object ()

	Object (const Object &other)

Object &	operator= (const Object &other)

template<class T >
output_t< T >	as ()

template<class T >
output_const_t< T >	as () const

virtual bool	operator== (const Object &other) const

virtual bool	operator!= (const Object &other) const

virtual	~Object ()

Static Public Member Functions
static bool	is_known_machine (uint16_t machine)

static bool	is_arm (MACHINE_TYPES ty)

static bool	is_riscv (MACHINE_TYPES ty)

static bool	is_loonarch (MACHINE_TYPES ty)

static bool	is_arm64 (MACHINE_TYPES ty)

static bool	is_thumb (MACHINE_TYPES ty)

static bool	x86 (MACHINE_TYPES ty)

static bool	x86_64 (MACHINE_TYPES ty)

static bool	is_mips (MACHINE_TYPES ty)

static bool	is_ppc (MACHINE_TYPES ty)

static Header	create (PE_TYPE type)

Detailed Description

Class that represents the PE header (which follows the DosHeader)

Member Typedef Documentation

◆ signature_t

using LIEF::PE::Header::signature_t = std::array<uint8_t, 4>

Member Enumeration Documentation

◆ CHARACTERISTICS

enum class LIEF::PE::Header::CHARACTERISTICS

strong

Enumerator
NONE
RELOCS_STRIPPED	The file does not contain base relocations and must be loaded at its preferred base. If this cannot be done, the loader will error.
EXECUTABLE_IMAGE	File is executable (i.e. no unresolved externel references).
LINE_NUMS_STRIPPED	COFF line numbers have been stripped. This is deprecated and should be 0
LOCAL_SYMS_STRIPPED	COFF symbol table entries for local symbols have been removed. This is deprecated and should be 0.
AGGRESSIVE_WS_TRIM	Aggressively trim working set. This is deprecated and must be 0.
LARGE_ADDRESS_AWARE	Image can handle > 2GiB addresses.
BYTES_REVERSED_LO	Little endian: the LSB precedes the MSB in memory. This is deprecated and should be 0.
NEED_32BIT_MACHINE	Machine is based on a 32bit word architecture.
DEBUG_STRIPPED	Debugging info has been removed.
REMOVABLE_RUN_FROM_SWAP	If the image is on removable media, fully load it and copy it to swap.
NET_RUN_FROM_SWAP	If the image is on network media, fully load it and copy it to swap.
SYSTEM	The image file is a system file, not a user program.
DLL	The image file is a DLL.
UP_SYSTEM_ONLY	This file should only be run on a uniprocessor machine.
BYTES_REVERSED_HI	Big endian: the MSB precedes the LSB in memory. This is deprecated

◆ MACHINE_TYPES

enum class LIEF::PE::Header::MACHINE_TYPES

strong

Enumerator
UNKNOWN
ALPHA	Alpha AXP, 32-bit address space
ALPHA64	Alpha AXP, 64-bit address space
AM33	Matsushita AM33
AMD64	AMD x64
ARM	ARM little endian
ARMNT	ARMv7 Thumb mode only
ARM64	ARMv8 in 64-bits mode
EBC	EFI byte code
I386	Intel 386 or later
IA64	Intel Itanium processor family
LOONGARCH32	LoongArch 32-bit processor family
LOONGARCH64	LoongArch 64-bit processor family
M32R	Mitsubishi M32R little endian
MIPS16	MIPS16
MIPSFPU	MIPS with FPU
MIPSFPU16	MIPS16 with FPU
POWERPC	Power PC little endian
POWERPCFP	Power PC with floating point
POWERPCBE	Power PC big endian
R4000	MIPS with little endian
RISCV32	RISC-V 32-bit address space
RISCV64	RISC-V 64-bit address space
RISCV128	RISC-V 128-bit address space
SH3	Hitachi SH3
SH3DSP	Hitachi SH3 DSP
SH4	Hitachi SH4
SH5	Hitachi SH5
THUMB	ARM or Thumb
WCEMIPSV2	MIPS little-endian WCE v2
ARM64EC
ARM64X
CHPE_X86

Constructor & Destructor Documentation

◆ Header() [1/2]

LIEF::PE::Header::Header ( const details::pe_header & header )

◆ ~Header()

LIEF::PE::Header::~Header ( )

overridedefault

◆ Header() [2/2]

LIEF::PE::Header::Header ( const Header & )

default

Member Function Documentation

◆ accept()

void LIEF::PE::Header::accept ( Visitor & visitor ) const

overridevirtual

Implements LIEF::Object.

◆ add_characteristic()

void LIEF::PE::Header::add_characteristic ( CHARACTERISTICS c )

inline

◆ characteristics() [1/2]

uint32_t LIEF::PE::Header::characteristics ( ) const

inline

Characteristics of the binary like whether it is a DLL or an executable.

◆ characteristics() [2/2]

void LIEF::PE::Header::characteristics ( uint32_t characteristics )

inline

◆ characteristics_list()

std::vector< CHARACTERISTICS > LIEF::PE::Header::characteristics_list ( ) const

The list of the CHARACTERISTICS.

◆ create()

static Header LIEF::PE::Header::create ( PE_TYPE type )

static

◆ has_characteristic()

bool LIEF::PE::Header::has_characteristic ( CHARACTERISTICS c ) const

inline

Check if the given CHARACTERISTICS is present.

◆ is_arm()

static bool LIEF::PE::Header::is_arm ( MACHINE_TYPES ty )

inlinestatic

◆ is_arm64()

static bool LIEF::PE::Header::is_arm64 ( MACHINE_TYPES ty )

inlinestatic

◆ is_known_machine()

static bool LIEF::PE::Header::is_known_machine ( uint16_t machine )

static

◆ is_loonarch()

static bool LIEF::PE::Header::is_loonarch ( MACHINE_TYPES ty )

inlinestatic

◆ is_mips()

static bool LIEF::PE::Header::is_mips ( MACHINE_TYPES ty )

inlinestatic

◆ is_ppc()

static bool LIEF::PE::Header::is_ppc ( MACHINE_TYPES ty )

inlinestatic

◆ is_riscv()

static bool LIEF::PE::Header::is_riscv ( MACHINE_TYPES ty )

inlinestatic

◆ is_thumb()

static bool LIEF::PE::Header::is_thumb ( MACHINE_TYPES ty )

inlinestatic

◆ machine() [1/2]

MACHINE_TYPES LIEF::PE::Header::machine ( ) const

inline

The targeted machine architecture like ARM, x86, AMD64, ...

◆ machine() [2/2]

void LIEF::PE::Header::machine ( MACHINE_TYPES type )

inline

◆ numberof_sections() [1/2]

uint16_t LIEF::PE::Header::numberof_sections ( ) const

inline

The number of sections in the binary.

◆ numberof_sections() [2/2]

void LIEF::PE::Header::numberof_sections ( uint16_t nb )

inline

◆ numberof_symbols() [1/2]

uint32_t LIEF::PE::Header::numberof_symbols ( ) const

inline

The number of entries in the symbol table. This data can be used to locate the string table which immediately follows the symbol table.

This value should be zero for an image because COFF debugging information is deprecated.

◆ numberof_symbols() [2/2]

void LIEF::PE::Header::numberof_symbols ( uint32_t nb )

inline

◆ operator=()

Header & LIEF::PE::Header::operator= ( const Header & )

default

◆ pointerto_symbol_table() [1/2]

uint32_t LIEF::PE::Header::pointerto_symbol_table ( ) const

inline

The offset of the COFF symbol table.

This value should be zero for an image because COFF debugging information is deprecated.

◆ pointerto_symbol_table() [2/2]

void LIEF::PE::Header::pointerto_symbol_table ( uint32_t ptr )

inline

◆ remove_characteristic()

void LIEF::PE::Header::remove_characteristic ( CHARACTERISTICS c )

inline

◆ signature() [1/2]

const signature_t & LIEF::PE::Header::signature ( ) const

inline

Signature (or magic byte) of the header. It must be: PE\0\0

◆ signature() [2/2]

void LIEF::PE::Header::signature ( const signature_t & sig )

inline

◆ sizeof_optional_header() [1/2]

uint16_t LIEF::PE::Header::sizeof_optional_header ( ) const

inline

Size of the OptionalHeader AND the data directories which follows this header.

This value is equivalent to: sizeof(pe_optional_header) + NB_DATA_DIR * sizeof(data_directory)

This size should be either:

0xE0 (224) for a PE32 (32 bits)
0xF0 (240) for a PE32+ (64 bits)

◆ sizeof_optional_header() [2/2]

void LIEF::PE::Header::sizeof_optional_header ( uint16_t size )

inline

◆ time_date_stamp() [1/2]

uint32_t LIEF::PE::Header::time_date_stamp ( ) const

inline

The low 32 bits of the number of seconds since January 1, 1970. It indicates when the file was created.

◆ time_date_stamp() [2/2]

void LIEF::PE::Header::time_date_stamp ( uint32_t timestamp )

inline

◆ x86()

static bool LIEF::PE::Header::x86 ( MACHINE_TYPES ty )

inlinestatic

◆ x86_64()

static bool LIEF::PE::Header::x86_64 ( MACHINE_TYPES ty )

inlinestatic

The documentation for this class was generated from the following file:

PE/Header.hpp

Public Types

Public Member Functions

Static Public Member Functions

Detailed Description

Member Typedef Documentation

◆ signature_t

Member Enumeration Documentation

◆ CHARACTERISTICS

◆ MACHINE_TYPES

Constructor & Destructor Documentation

◆ Header() [1/2]

◆ ~Header()

◆ Header() [2/2]

Member Function Documentation

◆ accept()

◆ add_characteristic()

◆ characteristics() [1/2]

◆ characteristics() [2/2]

◆ characteristics_list()

◆ create()

◆ has_characteristic()

◆ is_arm()

◆ is_arm64()

◆ is_known_machine()

◆ is_loonarch()

◆ is_mips()

◆ is_ppc()

◆ is_riscv()

◆ is_thumb()

◆ machine() [1/2]

◆ machine() [2/2]

◆ numberof_sections() [1/2]

◆ numberof_sections() [2/2]

◆ numberof_symbols() [1/2]

◆ numberof_symbols() [2/2]

◆ operator=()

◆ pointerto_symbol_table() [1/2]

◆ pointerto_symbol_table() [2/2]

◆ remove_characteristic()

◆ signature() [1/2]

◆ signature() [2/2]

◆ sizeof_optional_header() [1/2]

◆ sizeof_optional_header() [2/2]

◆ time_date_stamp() [1/2]

◆ time_date_stamp() [2/2]

◆ x86()

◆ x86_64()