LIEF::PE Namespace Reference
Namespace related to the LIEF's PE module. More...
Namespaces | |
| namespace | details |
| namespace | unwind_aarch64 |
| This namespace wraps code related to PE-ARM64 unwinding code. | |
| namespace | unwind_x64 |
| This namespace wraps code related to PE-x64 unwinding code. | |
Classes | |
| class | Attribute |
| Interface over PKCS #7 attribute. More... | |
| class | Binary |
| Class which represents a PE binary This is the main interface to manage and modify a PE executable. More... | |
| class | Builder |
| Class that is used to rebuild a raw PE binary from a PE::Binary object. More... | |
| class | CHPEMetadata |
| Base class for any Compiled Hybrid Portable Executable (CHPE) metadata. More... | |
| class | CHPEMetadataARM64 |
| This class represents hybrid metadata for ARM64EC or ARM64X. More... | |
| class | CHPEMetadataX86 |
| This class represents hybrid metadata for X86. More... | |
| class | CodeIntegrity |
| class | CodeView |
Interface for the (generic) Debug CodeView (IMAGE_DEBUG_TYPE_CODEVIEW) More... | |
| class | CodeViewPDB |
| CodeView PDB specialization. More... | |
| class | ContentInfo |
| class | ContentType |
Interface over the structure described by the OID 1.2.840.113549.1.9.3 (PKCS #9) More... | |
| class | DataDirectory |
| Class that represents a PE data directory entry. More... | |
| class | Debug |
| This class represents a generic entry in the debug data directory. For known types, this class is extended to provide a dedicated API (see: CodeCodeView) More... | |
| class | DelayImport |
| Class that represents a PE delayed import. More... | |
| class | DelayImportEntry |
| Class that represents an entry (i.e. an import) in the delay import table (DelayImport). More... | |
| class | DosHeader |
| Class which represents the DosHeader, the first structure presents at the beginning of a PE file. More... | |
| class | DynamicFixup |
| This is the base class for any fixups located in DynamicRelocation. More... | |
| class | DynamicFixupARM64Kernel |
This class wraps fixups associated with the (special) symbol value: IMAGE_DYNAMIC_RELOCATION_ARM64_KERNEL_IMPORT_CALL_TRANSFER (8). More... | |
| class | DynamicFixupARM64X |
This class represents IMAGE_DYNAMIC_RELOCATION_ARM64X More... | |
| class | DynamicFixupControlTransfer |
This class wraps fixups associated with the (special) symbol value: IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER (3). More... | |
| class | DynamicFixupGeneric |
| This class represents a generic entry where fixups are regular relocations (LIEF::PE::Relocation) More... | |
| class | DynamicFixupUnknown |
| This class represents an special dynamic relocation where the format of the fixups is not supported by LIEF. More... | |
| class | DynamicRelocation |
This is the base class for any IMAGE_DYNAMIC_RELOCATION32, IMAGE_DYNAMIC_RELOCATION32_V2, IMAGE_DYNAMIC_RELOCATION64, IMAGE_DYNAMIC_RELOCATION64_V2 dynamic relocations. More... | |
| class | DynamicRelocationV1 |
This class represents a dynamic relocation (IMAGE_DYNAMIC_RELOCATION32 or IMAGE_DYNAMIC_RELOCATION64) More... | |
| class | DynamicRelocationV2 |
This class represents a dynamic relocation (IMAGE_DYNAMIC_RELOCATION64_V2 or IMAGE_DYNAMIC_RELOCATION32_V2) More... | |
| class | EnclaveConfiguration |
| This class represents the enclave configuration. More... | |
| class | EnclaveImport |
| Defines an entry in the array of images that an enclave can import. More... | |
| class | ExceptionInfo |
| This class is the base class for any exception or runtime function entry. More... | |
| class | ExDllCharacteristics |
This class represents the IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS debug entry. More... | |
| class | Export |
| Class which represents a PE Export. More... | |
| class | ExportEntry |
| Class which represents a PE Export entry (cf. PE::Export) More... | |
| class | Factory |
| This factory is used to create PE from scratch. More... | |
| class | FPO |
This class represents the IMAGE_DEBUG_TYPE_FPO debug entry. More... | |
| class | FunctionOverride |
This class represents IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE More... | |
| class | FunctionOverrideInfo |
| class | GenericContent |
| class | GenericType |
| Interface over an attribute for which the internal structure is not supported by LIEF. More... | |
| class | Hash |
| Class which implements a visitor to compute a deterministic hash for LIEF PE objects. More... | |
| class | Header |
| Class that represents the PE header (which follows the DosHeader) More... | |
| class | Import |
| Class that represents a PE import. More... | |
| class | ImportEntry |
| Class that represents an entry (i.e. an import) in the import table (Import). More... | |
| class | LoadConfiguration |
This class represents the load configuration data associated with the IMAGE_LOAD_CONFIG_DIRECTORY. More... | |
| class | MsCounterSign |
| This class exposes the MS Counter Signature attribute. More... | |
| class | MsManifestBinaryID |
Interface over the structure described by the OID 1.3.6.1.4.1.311.10.3.28 (szOID_PLATFORM_MANIFEST_BINARY_ID) More... | |
| class | MsSpcNestedSignature |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.4.1 More... | |
| class | MsSpcStatementType |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.1.11 More... | |
| class | OptionalHeader |
| Class which represents the PE OptionalHeader structure. More... | |
| class | Parser |
| Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used to get a LIEF::PE::Binary. More... | |
| struct | ParserConfig |
| This structure is used to tweak the PE Parser (PE::Parser) More... | |
| class | PDBChecksum |
| This class represents the PDB Checksum debug entry which is essentially an array of bytes representing the checksum of the PDB content. More... | |
| class | PKCS9AtSequenceNumber |
Interface over the structure described by the OID 1.2.840.113549.1.9.25.4 (PKCS #9) More... | |
| class | PKCS9CounterSignature |
Interface over the structure described by the OID 1.2.840.113549.1.9.6 (PKCS #9) More... | |
| class | PKCS9MessageDigest |
Interface over the structure described by the OID 1.2.840.113549.1.9.4 (PKCS #9) More... | |
| class | PKCS9SigningTime |
Interface over the structure described by the OID 1.2.840.113549.1.9.5 (PKCS #9) More... | |
| class | PKCS9TSTInfo |
Interface over the structure described by the OID 1.2.840.113549.1.9.16.1.4 (PKCS #9) More... | |
| class | Pogo |
This class represents a Profile Guided Optimization entry from the debug directory (IMAGE_DEBUG_TYPE_POGO). More... | |
| class | PogoEntry |
| class | Relocation |
Class which represents the Base Relocation Block We usually find this structure in the .reloc section. More... | |
| class | RelocationEntry |
| Class which represents an entry of the PE relocation table. More... | |
| class | Repro |
This class represents a reproducible build entry from the debug directory. (IMAGE_DEBUG_TYPE_REPRO). This entry is usually generated with the undocumented /Brepro linker flag. More... | |
| class | ResourceAccelerator |
| class | ResourceData |
| Class which represents a Data Node in the PE resources tree. More... | |
| class | ResourceDialog |
| This class is the base class for either a regular (legacy) Dialog or an extended Dialog. These different kinds of Dialogs are documented by MS at the following addresses: More... | |
| class | ResourceDialogExtended |
| Implementation for the new extended dialogbox format. More... | |
| class | ResourceDialogRegular |
| Implementation for a regular/legacy dialog box. More... | |
| class | ResourceDirectory |
| class | ResourceIcon |
| class | ResourceNode |
| Class which represents a Node in the resource tree. More... | |
| class | ResourcesManager |
| The Resource Manager provides an enhanced API to manipulate the resource tree. More... | |
| class | ResourceStringFileInfo |
Representation of the StringFileInfo structure. More... | |
| class | ResourceStringTable |
This class represents the StringTable structure. This structure can be seen as a dictionary of key, values with key and values defined a utf-16 string. More... | |
| class | ResourceVar |
| This class represents an element of the ResourceVarFileInfo structure It typically contains a list of language and code page identifier pairs that the version of the application or DLL supports. More... | |
| class | ResourceVarFileInfo |
Representation of the VarFileInfo structure. More... | |
| class | ResourceVersion |
Representation of the data associated with the RT_VERSION entry. More... | |
| class | RichEntry |
| Class which represents an entry associated to the RichHeader. More... | |
| class | RichHeader |
| Class which represents the not-so-documented rich header. More... | |
| class | RsaInfo |
| Object that wraps a RSA key. More... | |
| class | RuntimeFunctionAArch64 |
This class represents an entry in the exception table (.pdata section) for the AArch64 architecture. More... | |
| class | RuntimeFunctionX64 |
This class represents an entry in the exception table (.pdata section) for the x86-64 architecture. More... | |
| class | Section |
| Class which represents a PE section. More... | |
| class | Signature |
| Main interface for the PKCS #7 signature scheme. More... | |
| class | SignatureParser |
| class | SignerInfo |
| class | SigningCertificateV2 |
| SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL }. More... | |
| class | SpcIndirectData |
| class | SpcRelaxedPeMarkerCheck |
| class | SpcSpOpusInfo |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.1.12 More... | |
| class | TLS |
| Class which represents the PE Thread Local Storage. More... | |
| class | VCFeature |
This class represents the IMAGE_DEBUG_TYPE_VC_FEATURE debug entry. More... | |
| class | VolatileMetadata |
This class represents volatile metadata which can be enabled at link time with /volatileMetadata. More... | |
| class | x509 |
| Interface over a x509 certificate. More... | |
Typedefs | |
| using | oid_t = std::string |
Enumerations | |
| enum class | CODE_PAGES : uint32_t { IBM037 = 37 , IBM437 = 437 , IBM500 = 500 , ASMO_708 = 708 , DOS_720 = 720 , IBM737 = 737 , IBM775 = 775 , IBM850 = 850 , IBM852 = 852 , IBM855 = 855 , IBM857 = 857 , IBM00858 = 858 , IBM860 = 860 , IBM861 = 861 , DOS_862 = 862 , IBM863 = 863 , IBM864 = 864 , IBM865 = 865 , CP866 = 866 , IBM869 = 869 , IBM870 = 870 , WINDOWS_874 = 874 , CP875 = 875 , SHIFT_JIS = 932 , GB2312 = 936 , KS_C_5601_1987 = 949 , BIG5 = 950 , IBM1026 = 1026 , IBM01047 = 1047 , IBM01140 = 1140 , IBM01141 = 1141 , IBM01142 = 1142 , IBM01143 = 1143 , IBM01144 = 1144 , IBM01145 = 1145 , IBM01146 = 1146 , IBM01147 = 1147 , IBM01148 = 1148 , IBM01149 = 1149 , UTF_16 = 1200 , UNICODEFFFE = 1201 , WINDOWS_1250 = 1250 , WINDOWS_1251 = 1251 , WINDOWS_1252 = 1252 , WINDOWS_1253 = 1253 , WINDOWS_1254 = 1254 , WINDOWS_1255 = 1255 , WINDOWS_1256 = 1256 , WINDOWS_1257 = 1257 , WINDOWS_1258 = 1258 , JOHAB = 1361 , MACINTOSH = 10000 , X_MAC_JAPANESE = 10001 , X_MAC_CHINESETRAD = 10002 , X_MAC_KOREAN = 10003 , X_MAC_ARABIC = 10004 , X_MAC_HEBREW = 10005 , X_MAC_GREEK = 10006 , X_MAC_CYRILLIC = 10007 , X_MAC_CHINESESIMP = 10008 , X_MAC_ROMANIAN = 10010 , X_MAC_UKRAINIAN = 10017 , X_MAC_THAI = 10021 , X_MAC_CE = 10029 , X_MAC_ICELANDIC = 10079 , X_MAC_TURKISH = 10081 , X_MAC_CROATIAN = 10082 , UTF_32 = 12000 , UTF_32BE = 12001 , X_CHINESE_CNS = 20000 , X_CP20001 = 20001 , X_CHINESE_ETEN = 20002 , X_CP20003 = 20003 , X_CP20004 = 20004 , X_CP20005 = 20005 , X_IA5 = 20105 , X_IA5_GERMAN = 20106 , X_IA5_SWEDISH = 20107 , X_IA5_NORWEGIAN = 20108 , US_ASCII = 20127 , X_CP20261 = 20261 , X_CP20269 = 20269 , IBM273 = 20273 , IBM277 = 20277 , IBM278 = 20278 , IBM280 = 20280 , IBM284 = 20284 , IBM285 = 20285 , IBM290 = 20290 , IBM297 = 20297 , IBM420 = 20420 , IBM423 = 20423 , IBM424 = 20424 , X_EBCDIC_KOREANEXTENDED = 20833 , IBM_THAI = 20838 , KOI8_R = 20866 , IBM871 = 20871 , IBM880 = 20880 , IBM905 = 20905 , IBM00924 = 20924 , EUC_JP_JIS = 20932 , X_CP20936 = 20936 , X_CP20949 = 20949 , CP1025 = 21025 , KOI8_U = 21866 , ISO_8859_1 = 28591 , ISO_8859_2 = 28592 , ISO_8859_3 = 28593 , ISO_8859_4 = 28594 , ISO_8859_5 = 28595 , ISO_8859_6 = 28596 , ISO_8859_7 = 28597 , ISO_8859_8 = 28598 , ISO_8859_9 = 28599 , ISO_8859_13 = 28603 , ISO_8859_15 = 28605 , X_EUROPA = 29001 , ISO_8859_8_I = 38598 , ISO_2022_JP = 50220 , CSISO2022JP = 50221 , ISO_2022_JP_JIS = 50222 , ISO_2022_KR = 50225 , X_CP50227 = 50227 , EUC_JP = 51932 , EUC_CN = 51936 , EUC_KR = 51949 , HZ_GB_2312 = 52936 , GB18030 = 54936 , X_ISCII_DE = 57002 , X_ISCII_BE = 57003 , X_ISCII_TA = 57004 , X_ISCII_TE = 57005 , X_ISCII_AS = 57006 , X_ISCII_OR = 57007 , X_ISCII_KA = 57008 , X_ISCII_MA = 57009 , X_ISCII_GU = 57010 , X_ISCII_PA = 57011 , UTF_7 = 65000 , UTF_8 = 65001 } |
| Code page from https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers. More... | |
| enum class | PE_TYPE : uint16_t { PE32 = 0x10b , PE32_PLUS = 0x20b } |
| enum class | ALGORITHMS : uint32_t { UNKNOWN = 0 , SHA_512 , SHA_384 , SHA_256 , SHA_1 , MD5 , MD4 , MD2 , RSA , EC , MD5_RSA , SHA1_DSA , SHA1_RSA , SHA_256_RSA , SHA_384_RSA , SHA_512_RSA , SHA1_ECDSA , SHA_256_ECDSA , SHA_384_ECDSA , SHA_512_ECDSA } |
| Cryptography algorithms. More... | |
| enum class | ACCELERATOR_CODES : uint32_t { LBUTTON = 0x01 , RBUTTON = 0x02 , CANCEL = 0x03 , MBUTTON = 0x04 , XBUTTON1_K = 0x05 , XBUTTON2_K = 0x06 , BACK = 0x08 , TAB = 0x09 , CLEAR = 0x0C , RETURN = 0x0D , SHIFT = 0x10 , CONTROL = 0x11 , MENU = 0x12 , PAUSE = 0x13 , CAPITAL = 0x14 , KANA = 0x15 , IME_ON = 0x16 , JUNJA = 0x17 , FINAL = 0x18 , KANJI = 0x19 , IME_OFF = 0x1A , ESCAPE = 0x1B , CONVERT = 0x1C , NONCONVERT = 0x1D , ACCEPT = 0x1E , MODECHANGE = 0x1F , SPACE = 0x20 , PRIOR = 0x21 , NEXT = 0x22 , END = 0x23 , HOME = 0x24 , LEFT = 0x25 , UP = 0x26 , RIGHT = 0x27 , DOWN = 0x28 , SELECT = 0x29 , PRINT = 0x2A , EXECUTE = 0x2B , SNAPSHOT = 0x2C , INSERT = 0x2D , DELETE_K = 0x2E , HELP = 0x2F , NUM_0 = 0x30 , NUM_1 = 0x31 , NUM_2 = 0x32 , NUM_3 = 0x33 , NUM_4 = 0x34 , NUM_5 = 0x35 , NUM_6 = 0x36 , NUM_7 = 0x37 , NUM_8 = 0x38 , NUM_9 = 0x39 , A = 0x41 , B = 0x42 , C = 0x43 , D = 0x44 , E = 0x45 , F = 0x46 , G = 0x47 , H = 0x48 , I = 0x49 , J = 0x4A , K = 0x4B , L = 0x4C , M = 0x4D , N = 0x4E , O = 0x4F , P = 0x50 , Q = 0x51 , R = 0x52 , S = 0x53 , T = 0x54 , U = 0x55 , V = 0x56 , W = 0x57 , X = 0x58 , Y = 0x59 , Z = 0x5A , LWIN = 0x5B , RWIN = 0x5C , APPS = 0x5D , SLEEP = 0x5F , NUMPAD0 = 0x60 , NUMPAD1 = 0x61 , NUMPAD2 = 0x62 , NUMPAD3 = 0x63 , NUMPAD4 = 0x64 , NUMPAD5 = 0x65 , NUMPAD6 = 0x66 , NUMPAD7 = 0x67 , NUMPAD8 = 0x68 , NUMPAD9 = 0x69 , MULTIPLY = 0x6A , ADD = 0x6B , SEPARATOR = 0x6C , SUBTRACT = 0x6D , DECIMAL = 0x6E , DIVIDE = 0x6F , F1 = 0x70 , F2 = 0x71 , F3 = 0x72 , F4 = 0x73 , F5 = 0x74 , F6 = 0x75 , F7 = 0x76 , F8 = 0x77 , F9 = 0x78 , F10 = 0x79 , F11 = 0x7A , F12 = 0x7B , F13 = 0x7C , F14 = 0x7D , F15 = 0x7E , F16 = 0x7F , F17 = 0x80 , F18 = 0x81 , F19 = 0x82 , F20 = 0x83 , F21 = 0x84 , F22 = 0x85 , F23 = 0x86 , F24 = 0x87 , NUMLOCK = 0x90 , SCROLL = 0x91 , LSHIFT = 0xA0 , RSHIFT = 0xA1 , LCONTROL = 0xA2 , RCONTROL = 0xA3 , LMENU = 0xA4 , RMENU = 0xA5 , BROWSER_BACK = 0xA6 , BROWSER_FORWARD = 0xA7 , BROWSER_REFRESH = 0xA8 , BROWSER_STOP = 0xA9 , BROWSER_SEARCH = 0xAA , BROWSER_FAVORITES = 0xAB , BROWSER_HOME = 0xAC , VOLUME_MUTE = 0xAD , VOLUME_DOWN = 0xAE , VOLUME_UP = 0xAF , MEDIA_NEXT_TRACK = 0xB0 , MEDIA_PREV_TRACK = 0xB1 , MEDIA_STOP = 0xB2 , MEDIA_PLAY_PAUSE = 0xB3 , LAUNCH_MAIL = 0xB4 , LAUNCH_MEDIA_SELECT = 0xB5 , LAUNCH_APP1 = 0xB6 , LAUNCH_APP2 = 0xB7 , OEM_1 = 0xBA , OEM_PLUS = 0xBB , OEM_COMMA = 0xBC , OEM_MINUS = 0xBD , OEM_PERIOD = 0xBE , OEM_2 = 0xBF , OEM_4 = 0xDB , OEM_5 = 0xDC , OEM_6 = 0xDD , OEM_7 = 0xDE , OEM_8 = 0xDF , OEM_102 = 0xE2 , PROCESSKEY = 0xE5 , PACKET = 0xE7 , ATTN = 0xF6 , CRSEL = 0xF7 , EXSEL = 0xF8 , EREOF = 0xF9 , PLAY = 0xFA , ZOOM = 0xFB , NONAME = 0xFC , PA1 = 0xFD , OEM_CLEAR = 0xFE } |
| From https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes. More... | |
| enum class | RESOURCE_LANGS { NEUTRAL = 0x00 , INVARIANT = 0x7f , AFRIKAANS = 0x36 , ALBANIAN = 0x1c , ARABIC = 0x01 , ARMENIAN = 0x2b , ASSAMESE = 0x4d , AZERI = 0x2c , BASQUE = 0x2d , BELARUSIAN = 0x23 , BANGLA = 0x45 , BULGARIAN = 0x02 , CATALAN = 0x03 , CHINESE = 0x04 , CROATIAN = 0x1a , BOSNIAN = 0x1a , CZECH = 0x05 , DANISH = 0x06 , DIVEHI = 0x65 , DUTCH = 0x13 , ENGLISH = 0x09 , ESTONIAN = 0x25 , FAEROESE = 0x38 , FARSI = 0x29 , FINNISH = 0x0b , FRENCH = 0x0c , GALICIAN = 0x56 , GEORGIAN = 0x37 , GERMAN = 0x07 , GREEK = 0x08 , GUJARATI = 0x47 , HEBREW = 0x0d , HINDI = 0x39 , HUNGARIAN = 0x0e , ICELANDIC = 0x0f , INDONESIAN = 0x21 , ITALIAN = 0x10 , JAPANESE = 0x11 , KANNADA = 0x4b , KASHMIRI = 0x60 , KAZAK = 0x3f , KONKANI = 0x57 , KOREAN = 0x12 , KYRGYZ = 0x40 , LATVIAN = 0x26 , LITHUANIAN = 0x27 , MACEDONIAN = 0x2f , MALAY = 0x3e , MALAYALAM = 0x4c , MANIPURI = 0x58 , MARATHI = 0x4e , MONGOLIAN = 0x50 , NEPALI = 0x61 , NORWEGIAN = 0x14 , ORIYA = 0x48 , POLISH = 0x15 , PORTUGUESE = 0x16 , PUNJABI = 0x46 , ROMANIAN = 0x18 , RUSSIAN = 0x19 , SANSKRIT = 0x4f , SERBIAN = 0x1a , SINDHI = 0x59 , SLOVAK = 0x1b , SLOVENIAN = 0x24 , SPANISH = 0x0a , SWAHILI = 0x41 , SWEDISH = 0x1d , SYRIAC = 0x5a , TAMIL = 0x49 , TATAR = 0x44 , TELUGU = 0x4a , THAI = 0x1e , TURKISH = 0x1f , UKRAINIAN = 0x22 , URDU = 0x20 , UZBEK = 0x43 , VIETNAMESE = 0x2a , GAELIC = 0x3c , MALTESE = 0x3a , MAORI = 0x28 , RHAETO_ROMANCE = 0x17 , SAMI = 0x3b , SORBIAN = 0x2e , SUTU = 0x30 , TSONGA = 0x31 , TSWANA = 0x32 , VENDA = 0x33 , XHOSA = 0x34 , ZULU = 0x35 , ESPERANTO = 0x8f , WALON = 0x90 , CORNISH = 0x91 , WELSH = 0x92 , BRETON = 0x93 , INUKTITUT = 0x5d , IRISH = 0x3C , LOWER_SORBIAN = 0x2E , PULAR = 0x67 , QUECHUA = 0x6B , TAMAZIGHT = 0x5F , TIGRINYA = 0x73 , VALENCIAN = 0x03 } |
| enum class | IMPHASH_MODE { DEFAULT = 0 , LIEF = DEFAULT , PEFILE , VT = PEFILE } |
| Enum to define the behavior of LIEF::PE::get_imphash. More... | |
Detailed Description
Typedef Documentation
◆ oid_t
| using LIEF::PE::oid_t = std::string |
Enumeration Type Documentation
◆ ACCELERATOR_CODES
|
strong |
From https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes.
◆ ALGORITHMS
|
strong |
◆ CODE_PAGES
|
strong |
Code page from https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers.
◆ IMPHASH_MODE
|
strong |
Enum to define the behavior of LIEF::PE::get_imphash.
| Enumerator | |
|---|---|
| DEFAULT | Default implementation |
| LIEF | Same as IMPHASH_MODE::DEFAULT |
| PEFILE | Use pefile algorithm |
| VT | Same as IMPHASH_MODE::PEFILE since Virus Total is using pefile |
◆ PE_TYPE
|
strong |
◆ RESOURCE_LANGS
|
strong |
Function Documentation
◆ algo_from_oid()
| ALGORITHMS LIEF::PE::algo_from_oid | ( | const std::string & | oid | ) |
◆ check_layout()
| bool LIEF::PE::check_layout | ( | const Binary & | bin, |
| std::string * | error_info = nullptr ) |
Check that the layout of the given Binary is correct from the Windows loader perspective.
◆ get_imphash()
| std::string LIEF::PE::get_imphash | ( | const Binary & | binary, |
| IMPHASH_MODE | mode = IMPHASH_MODE::DEFAULT ) |
Compute the hash of imported functions.
By default, it generates an hash with the following properties:
- Order agnostic
- Casse agnostic
- Ordinal (in some extent) agnostic
If one needs the same output as Virus Total (i.e. pefile), you can pass IMPHASH_MODE::PEFILE as second parameter.
- Warning
- The default algorithm used to compute the imphash value has some variations compared to Yara, pefile, VT implementation
References DEFAULT.
◆ get_type() [1/2]
if the input file is a PE one, return PE32 or PE32+
◆ get_type() [2/2]
◆ get_type_from_stream()
| result< PE_TYPE > LIEF::PE::get_type_from_stream | ( | BinaryStream & | stream | ) |
◆ is_pe() [1/3]
| bool LIEF::PE::is_pe | ( | BinaryStream & | stream | ) |
Check if the given stream wraps a PE binary.
◆ is_pe() [2/3]
| bool LIEF::PE::is_pe | ( | const std::string & | file | ) |
check if the file is a PE file
◆ is_pe() [3/3]
| bool LIEF::PE::is_pe | ( | const std::vector< uint8_t > & | raw | ) |
check if the raw data is a PE file
◆ oid_to_string()
| const char * LIEF::PE::oid_to_string | ( | const oid_t & | oid | ) |
Convert an OID to a human-readable string.
◆ resolve_ordinals()
| result< Import > LIEF::PE::resolve_ordinals | ( | const Import & | import, |
| bool | strict = false, | ||
| bool | use_std = false ) |
Take a PE::Import as entry and try to resolve imports by ordinal.
The strict boolean parameter enables to throw an LIEF::not_found exception if the ordinal can't be resolved. Otherwise it skips the entry.
- Parameters
-
[in] import Import to resolve [in] strict If set to true, throw an exception if the import can't be resolved[in] use_std If true, it will use the pefile look-up table for resolving imports
- Returns
- The PE::import resolved with PE::ImportEntry::name set
◆ to_json()
| std::string LIEF::PE::to_json | ( | const Object & | v | ) |
◆ to_string() [1/35]
| const char * LIEF::PE::to_string | ( | ACCELERATOR_CODES | code | ) |
◆ to_string() [2/35]
| const char * LIEF::PE::to_string | ( | ALGORITHMS | e | ) |
◆ to_string() [3/35]
| const char * LIEF::PE::to_string | ( | Attribute::TYPE | e | ) |
◆ to_string() [4/35]
| const char * LIEF::PE::to_string | ( | CHPEMetadataARM64::range_entry_t::TYPE | e | ) |
◆ to_string() [5/35]
| const char * LIEF::PE::to_string | ( | CODE_PAGES | e | ) |
Referenced by LIEF::COFF::to_string(), and LIEF::COFF::to_string().
◆ to_string() [6/35]
| const char * LIEF::PE::to_string | ( | CodeView::SIGNATURES | e | ) |
◆ to_string() [7/35]
| const char * LIEF::PE::to_string | ( | DataDirectory::TYPES | e | ) |
◆ to_string() [8/35]
| const char * LIEF::PE::to_string | ( | Debug::TYPES | e | ) |
◆ to_string() [9/35]
| const char * LIEF::PE::to_string | ( | DynamicRelocation::IMAGE_DYNAMIC_RELOCATION | e | ) |
◆ to_string() [10/35]
| const char * LIEF::PE::to_string | ( | EnclaveImport::TYPE | e | ) |
◆ to_string() [11/35]
| const char * LIEF::PE::to_string | ( | ExDllCharacteristics::CHARACTERISTICS | e | ) |
◆ to_string() [12/35]
| const char * LIEF::PE::to_string | ( | FPO::FRAME_TYPE | e | ) |
◆ to_string() [13/35]
| const char * LIEF::PE::to_string | ( | Header::CHARACTERISTICS | c | ) |
◆ to_string() [14/35]
| const char * LIEF::PE::to_string | ( | Header::MACHINE_TYPES | c | ) |
◆ to_string() [15/35]
| const char * LIEF::PE::to_string | ( | LoadConfiguration::IMAGE_GUARD | e | ) |
◆ to_string() [16/35]
| const char * LIEF::PE::to_string | ( | OptionalHeader::DLL_CHARACTERISTICS | ) |
◆ to_string() [17/35]
| const char * LIEF::PE::to_string | ( | OptionalHeader::SUBSYSTEM | ) |
◆ to_string() [18/35]
| const char * LIEF::PE::to_string | ( | PDBChecksum::HASH_ALGO | e | ) |
◆ to_string() [19/35]
| const char * LIEF::PE::to_string | ( | PE_TYPE | e | ) |
◆ to_string() [20/35]
| const char * LIEF::PE::to_string | ( | Pogo::SIGNATURES | e | ) |
◆ to_string() [21/35]
| const char * LIEF::PE::to_string | ( | RelocationEntry::BASE_TYPES | e | ) |
◆ to_string() [22/35]
| const char * LIEF::PE::to_string | ( | ResourceAccelerator::FLAGS | e | ) |
◆ to_string() [23/35]
| const char * LIEF::PE::to_string | ( | ResourceDialog::CONTROL_STYLES | s | ) |
◆ to_string() [24/35]
| const char * LIEF::PE::to_string | ( | ResourceDialog::DIALOG_STYLES | s | ) |
◆ to_string() [25/35]
| const char * LIEF::PE::to_string | ( | ResourceDialog::WINDOW_EXTENDED_STYLES | s | ) |
◆ to_string() [26/35]
| const char * LIEF::PE::to_string | ( | ResourceDialog::WINDOW_STYLES | s | ) |
◆ to_string() [27/35]
| const char * LIEF::PE::to_string | ( | ResourcesManager::TYPE | type | ) |
◆ to_string() [28/35]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::FILE_FLAGS | e | ) |
◆ to_string() [29/35]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::FILE_TYPE | e | ) |
◆ to_string() [30/35]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::FILE_TYPE_DETAILS | e | ) |
◆ to_string() [31/35]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::VERSION_OS | e | ) |
◆ to_string() [32/35]
| const char * LIEF::PE::to_string | ( | RuntimeFunctionX64::UNWIND_FLAGS | op | ) |
◆ to_string() [33/35]
| const char * LIEF::PE::to_string | ( | RuntimeFunctionX64::UNWIND_OPCODES | op | ) |
◆ to_string() [34/35]
| const char * LIEF::PE::to_string | ( | RuntimeFunctionX64::UNWIND_REG | op | ) |
◆ to_string() [35/35]
| const char * LIEF::PE::to_string | ( | Section::CHARACTERISTICS | e | ) |
Generated by
1.13.0