Class which represents the PE OptionalHeader structure. More...
#include <OptionalHeader.hpp>
Public Types | |
| enum class | DLL_CHARACTERISTICS : size_t { HIGH_ENTROPY_VA = 0x0020 , DYNAMIC_BASE = 0x0040 , FORCE_INTEGRITY = 0x0080 , NX_COMPAT = 0x0100 , NO_ISOLATION = 0x0200 , NO_SEH = 0x0400 , NO_BIND = 0x0800 , APPCONTAINER = 0x1000 , WDM_DRIVER = 0x2000 , GUARD_CF = 0x4000 , TERMINAL_SERVER_AWARE = 0x8000 } |
| enum class | SUBSYSTEM : size_t { UNKNOWN = 0 , NATIVE = 1 , WINDOWS_GUI = 2 , WINDOWS_CUI = 3 , OS2_CUI = 5 , POSIX_CUI = 7 , NATIVE_WINDOWS = 8 , WINDOWS_CE_GUI = 9 , EFI_APPLICATION = 10 , EFI_BOOT_SERVICE_DRIVER = 11 , EFI_RUNTIME_DRIVER = 12 , EFI_ROM = 13 , XBOX = 14 , WINDOWS_BOOT_APPLICATION = 16 } |
 Public Types inherited from LIEF::Object | |
| template<class T > | |
| using | output_t = add_pointer_t<decay_t<T>> |
| template<class T > | |
| using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Public Member Functions | |
| OptionalHeader (const details::pe32_optional_header &header) | |
| OptionalHeader (const details::pe64_optional_header &header) | |
| ~OptionalHeader () override=default | |
| OptionalHeader & | operator= (const OptionalHeader &)=default |
| OptionalHeader (const OptionalHeader &)=default | |
| PE_TYPE | magic () const |
Magic bytes: either PE32 or PE32+ for 64-bits PE files. | |
| uint8_t | major_linker_version () const |
| The linker major version. | |
| uint8_t | minor_linker_version () const |
| The linker minor version. | |
| uint32_t | sizeof_code () const |
The size of the code .text section or the sum of all the sections that contain code (i.e. PE::Section with the flag Section::CHARACTERISTICS::CNT_CODE) | |
| uint32_t | sizeof_initialized_data () const |
The size of the initialized data which are usually located in the .data section. If the initialized data are split across multiple sections, it is the sum of the sections. | |
| uint32_t | sizeof_uninitialized_data () const |
The size of the uninitialized data which are usually located in the .bss section. If the uninitialized data are split across multiple sections, it is the sum of the sections. | |
| uint32_t | addressof_entrypoint () const |
| The address of the entry point relative to the image base when the executable file is loaded into memory. For program images, this is the starting address. For device drivers, this is the address of the initialization function. | |
| uint32_t | baseof_code () const |
| Address relative to the imagebase where the binary's code starts. | |
| uint32_t | baseof_data () const |
| Address relative to the imagebase where the binary's data starts. | |
| uint64_t | imagebase () const |
| The preferred base address when mapping the binary in memory. | |
| uint32_t | section_alignment () const |
| The alignment (in bytes) of sections when they are loaded into memory. | |
| uint32_t | file_alignment () const |
| The section's file alignment. This value must be a power of 2 between 512 and 64K. The default value is usually 512. | |
| uint16_t | major_operating_system_version () const |
| The major version number of the required operating system. | |
| uint16_t | minor_operating_system_version () const |
| The minor version number of the required operating system. | |
| uint16_t | major_image_version () const |
| The major version number of the image. | |
| uint16_t | minor_image_version () const |
| The minor version number of the image. | |
| uint16_t | major_subsystem_version () const |
| The major version number of the subsystem. | |
| uint16_t | minor_subsystem_version () const |
| The minor version number of the subsystem. | |
| uint32_t | win32_version_value () const |
| According to the official PE specifications, this value is reserved and should be 0. | |
| uint32_t | sizeof_image () const |
| The size (in bytes) of the image, including all headers, as the image is loaded in memory. | |
| uint32_t | sizeof_headers () const |
| Size of the DosHeader + PE Header + Section headers rounded up to a multiple of the file_alignment. | |
| uint32_t | checksum () const |
The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. | |
| SUBSYSTEM | subsystem () const |
| Target subsystem like Driver, XBox, Windows GUI, ... | |
| uint32_t | dll_characteristics () const |
Some characteristics of the underlying binary like the support of the PIE. The prefix dll comes from the official PE specifications but these characteristics are also used for executables | |
| uint64_t | sizeof_stack_reserve () const |
| Size of the stack to reserve when loading the PE binary. | |
| uint64_t | sizeof_stack_commit () const |
| Size of the stack to commit. | |
| uint64_t | sizeof_heap_reserve () const |
| Size of the heap to reserve when loading the PE binary. | |
| uint64_t | sizeof_heap_commit () const |
| Size of the heap to commit. | |
| uint32_t | loader_flags () const |
| According to the PE specifications, this value is reserved and should be 0. | |
| uint32_t | numberof_rva_and_size () const |
| The number of DataDirectory that follow this header. | |
| bool | has (DLL_CHARACTERISTICS c) const |
| Check if the given DLL_CHARACTERISTICS is included in the dll_characteristics. | |
| std::vector< DLL_CHARACTERISTICS > | dll_characteristics_list () const |
| Return the list of the dll_characteristics as an std::set of DLL_CHARACTERISTICS. | |
| void | add (DLL_CHARACTERISTICS c) |
| Add a DLL_CHARACTERISTICS to the current characteristics. | |
| void | remove (DLL_CHARACTERISTICS c) |
| Remove a DLL_CHARACTERISTICS from the current characteristics. | |
| void | magic (PE_TYPE magic) |
| void | major_linker_version (uint8_t value) |
| void | minor_linker_version (uint8_t value) |
| void | sizeof_code (uint32_t value) |
| void | sizeof_initialized_data (uint32_t value) |
| void | sizeof_uninitialized_data (uint32_t value) |
| void | addressof_entrypoint (uint32_t value) |
| void | baseof_code (uint32_t value) |
| void | baseof_data (uint32_t value) |
| void | imagebase (uint64_t value) |
| void | section_alignment (uint32_t value) |
| void | file_alignment (uint32_t value) |
| void | major_operating_system_version (uint16_t value) |
| void | minor_operating_system_version (uint16_t value) |
| void | major_image_version (uint16_t value) |
| void | minor_image_version (uint16_t value) |
| void | major_subsystem_version (uint16_t value) |
| void | minor_subsystem_version (uint16_t value) |
| void | win32_version_value (uint32_t value) |
| void | sizeof_image (uint32_t value) |
| void | sizeof_headers (uint32_t value) |
| void | checksum (uint32_t value) |
| void | subsystem (SUBSYSTEM value) |
| void | dll_characteristics (uint32_t value) |
| void | sizeof_stack_reserve (uint64_t value) |
| void | sizeof_stack_commit (uint64_t value) |
| void | sizeof_heap_reserve (uint64_t value) |
| void | sizeof_heap_commit (uint64_t value) |
| void | loader_flags (uint32_t value) |
| void | numberof_rva_and_size (uint32_t value) |
| void | accept (Visitor &visitor) const override |
| OptionalHeader & | operator+= (DLL_CHARACTERISTICS c) |
| OptionalHeader & | operator-= (DLL_CHARACTERISTICS c) |
| Public Member Functions inherited from LIEF::Object | |
| Object () | |
| Object (const Object &other) | |
| Object & | operator= (const Object &other) |
| template<class T > | |
| output_t< T > | as () |
| template<class T > | |
| output_const_t< T > | as () const |
| virtual bool | operator== (const Object &other) const |
| virtual bool | operator!= (const Object &other) const |
| virtual | ~Object () |
Static Public Member Functions | |
| static OptionalHeader | create (PE_TYPE type) |
Detailed Description
Class which represents the PE OptionalHeader structure.
Note that the term optional comes from the COFF specifications but this header is mandatory for a PE binary.
Member Enumeration Documentation
◆ DLL_CHARACTERISTICS
|
strong |
◆ SUBSYSTEM
|
strong |
Constructor & Destructor Documentation
◆ OptionalHeader() [1/3]
| LIEF::PE::OptionalHeader::OptionalHeader | ( | const details::pe32_optional_header & | header | ) |
◆ OptionalHeader() [2/3]
| LIEF::PE::OptionalHeader::OptionalHeader | ( | const details::pe64_optional_header & | header | ) |
◆ ~OptionalHeader()
|
overridedefault |
◆ OptionalHeader() [3/3]
|
default |
Member Function Documentation
◆ accept()
|
overridevirtual |
Implements LIEF::Object.
◆ add()
|
inline |
Add a DLL_CHARACTERISTICS to the current characteristics.
◆ addressof_entrypoint() [1/2]
|
inline |
The address of the entry point relative to the image base when the executable file is loaded into memory. For program images, this is the starting address. For device drivers, this is the address of the initialization function.
An entry point is optional for DLLs. When no entry point is present, this field must be zero.
◆ addressof_entrypoint() [2/2]
|
inline |
◆ baseof_code() [1/2]
|
inline |
Address relative to the imagebase where the binary's code starts.
◆ baseof_code() [2/2]
|
inline |
◆ baseof_data() [1/2]
|
inline |
Address relative to the imagebase where the binary's data starts.
- Warning
- This value is not present for PE64 files
◆ baseof_data() [2/2]
|
inline |
◆ checksum() [1/2]
|
inline |
The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL.
The following are checked for validation at load time all drivers, any DLL loaded at boot time, and any DLL that is loaded into a critical Windows process.
◆ checksum() [2/2]
|
inline |
◆ create()
|
static |
◆ dll_characteristics() [1/2]
|
inline |
Some characteristics of the underlying binary like the support of the PIE. The prefix dll comes from the official PE specifications but these characteristics are also used for executables
◆ dll_characteristics() [2/2]
|
inline |
◆ dll_characteristics_list()
| std::vector< DLL_CHARACTERISTICS > LIEF::PE::OptionalHeader::dll_characteristics_list | ( | ) | const |
Return the list of the dll_characteristics as an std::set of DLL_CHARACTERISTICS.
◆ file_alignment() [1/2]
|
inline |
The section's file alignment. This value must be a power of 2 between 512 and 64K. The default value is usually 512.
◆ file_alignment() [2/2]
|
inline |
◆ has()
|
inline |
Check if the given DLL_CHARACTERISTICS is included in the dll_characteristics.
◆ imagebase() [1/2]
|
inline |
The preferred base address when mapping the binary in memory.
◆ imagebase() [2/2]
|
inline |
◆ loader_flags() [1/2]
|
inline |
According to the PE specifications, this value is reserved and should be 0.
◆ loader_flags() [2/2]
|
inline |
◆ magic() [1/2]
|
inline |
Magic bytes: either PE32 or PE32+ for 64-bits PE files.
◆ magic() [2/2]
|
inline |
◆ major_image_version() [1/2]
|
inline |
The major version number of the image.
◆ major_image_version() [2/2]
|
inline |
◆ major_linker_version() [1/2]
|
inline |
The linker major version.
◆ major_linker_version() [2/2]
|
inline |
◆ major_operating_system_version() [1/2]
|
inline |
The major version number of the required operating system.
◆ major_operating_system_version() [2/2]
|
inline |
◆ major_subsystem_version() [1/2]
|
inline |
The major version number of the subsystem.
◆ major_subsystem_version() [2/2]
|
inline |
◆ minor_image_version() [1/2]
|
inline |
The minor version number of the image.
◆ minor_image_version() [2/2]
|
inline |
◆ minor_linker_version() [1/2]
|
inline |
The linker minor version.
◆ minor_linker_version() [2/2]
|
inline |
◆ minor_operating_system_version() [1/2]
|
inline |
The minor version number of the required operating system.
◆ minor_operating_system_version() [2/2]
|
inline |
◆ minor_subsystem_version() [1/2]
|
inline |
The minor version number of the subsystem.
◆ minor_subsystem_version() [2/2]
|
inline |
◆ numberof_rva_and_size() [1/2]
|
inline |
The number of DataDirectory that follow this header.
◆ numberof_rva_and_size() [2/2]
|
inline |
◆ operator+=()
|
inline |
◆ operator-=()
|
inline |
◆ operator=()
|
default |
◆ remove()
|
inline |
Remove a DLL_CHARACTERISTICS from the current characteristics.
◆ section_alignment() [1/2]
|
inline |
The alignment (in bytes) of sections when they are loaded into memory.
It must be greater than or equal to file_alignment and the default is the page size for the architecture.
◆ section_alignment() [2/2]
|
inline |
◆ sizeof_code() [1/2]
|
inline |
The size of the code .text section or the sum of all the sections that contain code (i.e. PE::Section with the flag Section::CHARACTERISTICS::CNT_CODE)
◆ sizeof_code() [2/2]
|
inline |
◆ sizeof_headers() [1/2]
|
inline |
◆ sizeof_headers() [2/2]
|
inline |
◆ sizeof_heap_commit() [1/2]
|
inline |
Size of the heap to commit.
◆ sizeof_heap_commit() [2/2]
|
inline |
◆ sizeof_heap_reserve() [1/2]
|
inline |
Size of the heap to reserve when loading the PE binary.
◆ sizeof_heap_reserve() [2/2]
|
inline |
◆ sizeof_image() [1/2]
|
inline |
The size (in bytes) of the image, including all headers, as the image is loaded in memory.
It must be a multiple of section_alignment and should match Binary::virtual_size
◆ sizeof_image() [2/2]
|
inline |
◆ sizeof_initialized_data() [1/2]
|
inline |
The size of the initialized data which are usually located in the .data section. If the initialized data are split across multiple sections, it is the sum of the sections.
The sections associated with the initialized data are usually identified with the flag Section::CHARACTERISTICS::CNT_INITIALIZED_DATA
◆ sizeof_initialized_data() [2/2]
|
inline |
◆ sizeof_stack_commit() [1/2]
|
inline |
Size of the stack to commit.
◆ sizeof_stack_commit() [2/2]
|
inline |
◆ sizeof_stack_reserve() [1/2]
|
inline |
Size of the stack to reserve when loading the PE binary.
Only OptionalHeader::sizeof_stack_commit is committed, the rest is made available one page at a time until the reserve size is reached.
◆ sizeof_stack_reserve() [2/2]
|
inline |
◆ sizeof_uninitialized_data() [1/2]
|
inline |
The size of the uninitialized data which are usually located in the .bss section. If the uninitialized data are split across multiple sections, it is the sum of the sections.
The sections associated with the uninitialized data are usually identified with the flag Section::CHARACTERISTICS::CNT_UNINITIALIZED_DATA
◆ sizeof_uninitialized_data() [2/2]
|
inline |
◆ subsystem() [1/2]
|
inline |
Target subsystem like Driver, XBox, Windows GUI, ...
◆ subsystem() [2/2]
|
inline |
◆ win32_version_value() [1/2]
|
inline |
According to the official PE specifications, this value is reserved and should be 0.
◆ win32_version_value() [2/2]
|
inline |
The documentation for this class was generated from the following file:
Generated by
1.13.0