LIEF::PE Namespace Reference
Namespace related to the LIEF's PE module. More...
Namespaces | |
| namespace | details |
| namespace | unwind_aarch64 |
| This namespace wraps code related to PE-ARM64 unwinding code. | |
| namespace | unwind_x64 |
| This namespace wraps code related to PE-x64 unwinding code. | |
Classes | |
| class | Attribute |
| Interface over PKCS #7 attribute. More... | |
| class | AuxiliarybfAndefSymbol |
| class | AuxiliaryCLRToken |
| class | AuxiliaryFile |
| This auxiliary symbol represents a filename (auxiliary format 4) More... | |
| class | AuxiliaryFunctionDefinition |
| This auxiliary symbols marks the beginning of a function definition. More... | |
| class | AuxiliarySectionDefinition |
| This auxiliary symbol exposes information about the associated section. More... | |
| class | AuxiliarySymbol |
| Class that represents an auxiliary symbol. More... | |
| class | AuxiliaryWeakExternal |
"Weak externals" are a mechanism for object files that allows flexibility at link time. A module can contain an unresolved external symbol (sym1), but it can also include an auxiliary record that indicates that if sym1 is not present at link time, another external symbol (sym2) is used to resolve references instead. More... | |
| class | Binary |
| Class which represents a PE binary This is the main interface to manage and modify a PE executable. More... | |
| class | Builder |
| Class that is used to rebuild a raw PE binary from a PE::Binary object. More... | |
| class | CHPEMetadata |
| Base class for any Compiled Hybrid Portable Executable (CHPE) metadata. More... | |
| class | CHPEMetadataARM64 |
| This class represents hybrid metadata for ARM64EC or ARM64X. More... | |
| class | CHPEMetadataX86 |
| This class represents hybrid metadata for X86. More... | |
| class | CodeIntegrity |
| class | CodeView |
Interface for the (generic) Debug CodeView (IMAGE_DEBUG_TYPE_CODEVIEW) More... | |
| class | CodeViewPDB |
| CodeView PDB specialization. More... | |
| class | COFFString |
| This class represents a string located in the COFF string table. More... | |
| class | ContentInfo |
| class | ContentType |
Interface over the structure described by the OID 1.2.840.113549.1.9.3 (PKCS #9) More... | |
| class | DataDirectory |
| Class that represents a PE data directory entry. More... | |
| class | Debug |
| This class represents a generic entry in the debug data directory. For known types, this class is extended to provide a dedicated API (see: CodeCodeView) More... | |
| class | DelayImport |
| Class that represents a PE delayed import. More... | |
| class | DelayImportEntry |
| Class that represents an entry (i.e. an import) in the delay import table (DelayImport). More... | |
| class | DosHeader |
| Class which represents the DosHeader, the first structure presents at the beginning of a PE file. More... | |
| class | DynamicFixup |
| This is the base class for any fixups located in DynamicRelocation. More... | |
| class | DynamicFixupARM64Kernel |
This class wraps fixups associated with the (special) symbol value: IMAGE_DYNAMIC_RELOCATION_ARM64_KERNEL_IMPORT_CALL_TRANSFER (8). More... | |
| class | DynamicFixupARM64X |
This class represents IMAGE_DYNAMIC_RELOCATION_ARM64X More... | |
| class | DynamicFixupControlTransfer |
This class wraps fixups associated with the (special) symbol value: IMAGE_DYNAMIC_RELOCATION_GUARD_IMPORT_CONTROL_TRANSFER (3). More... | |
| class | DynamicFixupGeneric |
| This class represents a generic entry where fixups are regular relocations (LIEF::PE::Relocation) More... | |
| class | DynamicFixupUnknown |
| This class represents an special dynamic relocation where the format of the fixups is not supported by LIEF. More... | |
| class | DynamicRelocation |
This is the base class for any IMAGE_DYNAMIC_RELOCATION32, IMAGE_DYNAMIC_RELOCATION32_V2, IMAGE_DYNAMIC_RELOCATION64, IMAGE_DYNAMIC_RELOCATION64_V2 dynamic relocations. More... | |
| class | DynamicRelocationV1 |
This class represents a dynamic relocation (IMAGE_DYNAMIC_RELOCATION32 or IMAGE_DYNAMIC_RELOCATION64) More... | |
| class | DynamicRelocationV2 |
This class represents a dynamic relocation (IMAGE_DYNAMIC_RELOCATION64_V2 or IMAGE_DYNAMIC_RELOCATION32_V2) More... | |
| class | EnclaveConfiguration |
| This class represents the enclave configuration. More... | |
| class | EnclaveImport |
| Defines an entry in the array of images that an enclave can import. More... | |
| class | ExceptionInfo |
| This class is the base class for any exception or runtime function entry. More... | |
| class | ExDllCharacteristics |
This class represents the IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS debug entry. More... | |
| class | Export |
| Class which represents a PE Export. More... | |
| class | ExportEntry |
| Class which represents a PE Export entry (cf. PE::Export) More... | |
| class | Factory |
| This factory is used to create PE from scratch. More... | |
| class | FPO |
This class represents the IMAGE_DEBUG_TYPE_FPO debug entry. More... | |
| class | FunctionOverride |
This class represents IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE More... | |
| class | FunctionOverrideInfo |
| class | GenericContent |
| class | GenericType |
| Interface over an attribute for which the internal structure is not supported by LIEF. More... | |
| class | Hash |
| Class which implements a visitor to compute a deterministic hash for LIEF PE objects. More... | |
| class | Header |
| Class that represents the PE header (which follows the DosHeader) More... | |
| class | Import |
| Class that represents a PE import. More... | |
| class | ImportEntry |
| Class that represents an entry (i.e. an import) in the import table (Import). More... | |
| class | LoadConfiguration |
This class represents the load configuration data associated with the IMAGE_LOAD_CONFIG_DIRECTORY. More... | |
| class | MsCounterSign |
| This class exposes the MS Counter Signature attribute. More... | |
| class | MsManifestBinaryID |
Interface over the structure described by the OID 1.3.6.1.4.1.311.10.3.28 (szOID_PLATFORM_MANIFEST_BINARY_ID) More... | |
| class | MsSpcNestedSignature |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.4.1 More... | |
| class | MsSpcStatementType |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.1.11 More... | |
| class | OptionalHeader |
| Class which represents the PE OptionalHeader structure. More... | |
| class | Parser |
| Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used to get a LIEF::PE::Binary. More... | |
| struct | ParserConfig |
| This structure is used to tweak the PE Parser (PE::Parser) More... | |
| class | PDBChecksum |
| This class represents the PDB Checksum debug entry which is essentially an array of bytes representing the checksum of the PDB content. More... | |
| class | PKCS9AtSequenceNumber |
Interface over the structure described by the OID 1.2.840.113549.1.9.25.4 (PKCS #9) More... | |
| class | PKCS9CounterSignature |
Interface over the structure described by the OID 1.2.840.113549.1.9.6 (PKCS #9) More... | |
| class | PKCS9MessageDigest |
Interface over the structure described by the OID 1.2.840.113549.1.9.4 (PKCS #9) More... | |
| class | PKCS9SigningTime |
Interface over the structure described by the OID 1.2.840.113549.1.9.5 (PKCS #9) More... | |
| class | PKCS9TSTInfo |
Interface over the structure described by the OID 1.2.840.113549.1.9.16.1.4 (PKCS #9) More... | |
| class | Pogo |
This class represents a Profile Guided Optimization entry from the debug directory (IMAGE_DEBUG_TYPE_POGO). More... | |
| class | PogoEntry |
| class | Relocation |
Class which represents the Base Relocation Block We usually find this structure in the .reloc section. More... | |
| class | RelocationEntry |
| Class which represents an entry of the PE relocation table. More... | |
| class | Repro |
This class represents a reproducible build entry from the debug directory. (IMAGE_DEBUG_TYPE_REPRO). This entry is usually generated with the undocumented /Brepro linker flag. More... | |
| class | ResourceAccelerator |
| class | ResourceData |
| Class which represents a Data Node in the PE resources tree. More... | |
| class | ResourceDialog |
| This class is the base class for either a regular (legacy) Dialog or an extended Dialog. These different kinds of Dialogs are documented by MS at the following addresses: More... | |
| class | ResourceDialogExtended |
| Implementation for the new extended dialogbox format. More... | |
| class | ResourceDialogRegular |
| Implementation for a regular/legacy dialog box. More... | |
| class | ResourceDirectory |
| class | ResourceIcon |
| class | ResourceNode |
| Class which represents a Node in the resource tree. More... | |
| class | ResourcesManager |
| The Resource Manager provides an enhanced API to manipulate the resource tree. More... | |
| class | ResourceStringFileInfo |
Representation of the StringFileInfo structure. More... | |
| class | ResourceStringTable |
This class represents the StringTable structure. This structure can be seen as a dictionary of key, values with key and values defined a utf-16 string. More... | |
| class | ResourceVar |
| This class represents an element of the ResourceVarFileInfo structure It typically contains a list of language and code page identifier pairs that the version of the application or DLL supports. More... | |
| class | ResourceVarFileInfo |
Representation of the VarFileInfo structure. More... | |
| class | ResourceVersion |
Representation of the data associated with the RT_VERSION entry. More... | |
| class | RichEntry |
| Class which represents an entry associated to the RichHeader. More... | |
| class | RichHeader |
| Class which represents the not-so-documented rich header. More... | |
| class | RsaInfo |
| Object that wraps a RSA key. More... | |
| class | RuntimeFunctionAArch64 |
This class represents an entry in the exception table (.pdata section) for the AArch64 architecture. More... | |
| class | RuntimeFunctionX64 |
This class represents an entry in the exception table (.pdata section) for the x86-64 architecture. More... | |
| class | Section |
| Class which represents a PE section. More... | |
| class | Signature |
| Main interface for the PKCS #7 signature scheme. More... | |
| class | SignatureParser |
| class | SignerInfo |
| class | SigningCertificateV2 |
| SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL }. More... | |
| class | SpcIndirectData |
| class | SpcRelaxedPeMarkerCheck |
| class | SpcSpOpusInfo |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.1.12 More... | |
| class | Symbol |
| Class that represents a PE-COFF symbol. More... | |
| class | TLS |
| Class which represents the PE Thread Local Storage. More... | |
| class | VCFeature |
This class represents the IMAGE_DEBUG_TYPE_VC_FEATURE debug entry. More... | |
| class | VolatileMetadata |
This class represents volatile metadata which can be enabled at link time with /volatileMetadata. More... | |
| class | x509 |
| Interface over a x509 certificate. More... | |
Typedefs | |
| using | oid_t = std::string |
Enumerations | |
| enum class | CODE_PAGES : uint32_t { IBM037 = 37 , IBM437 = 437 , IBM500 = 500 , ASMO_708 = 708 , DOS_720 = 720 , IBM737 = 737 , IBM775 = 775 , IBM850 = 850 , IBM852 = 852 , IBM855 = 855 , IBM857 = 857 , IBM00858 = 858 , IBM860 = 860 , IBM861 = 861 , DOS_862 = 862 , IBM863 = 863 , IBM864 = 864 , IBM865 = 865 , CP866 = 866 , IBM869 = 869 , IBM870 = 870 , WINDOWS_874 = 874 , CP875 = 875 , SHIFT_JIS = 932 , GB2312 = 936 , KS_C_5601_1987 = 949 , BIG5 = 950 , IBM1026 = 1026 , IBM01047 = 1047 , IBM01140 = 1140 , IBM01141 = 1141 , IBM01142 = 1142 , IBM01143 = 1143 , IBM01144 = 1144 , IBM01145 = 1145 , IBM01146 = 1146 , IBM01147 = 1147 , IBM01148 = 1148 , IBM01149 = 1149 , UTF_16 = 1200 , UNICODEFFFE = 1201 , WINDOWS_1250 = 1250 , WINDOWS_1251 = 1251 , WINDOWS_1252 = 1252 , WINDOWS_1253 = 1253 , WINDOWS_1254 = 1254 , WINDOWS_1255 = 1255 , WINDOWS_1256 = 1256 , WINDOWS_1257 = 1257 , WINDOWS_1258 = 1258 , JOHAB = 1361 , MACINTOSH = 10000 , X_MAC_JAPANESE = 10001 , X_MAC_CHINESETRAD = 10002 , X_MAC_KOREAN = 10003 , X_MAC_ARABIC = 10004 , X_MAC_HEBREW = 10005 , X_MAC_GREEK = 10006 , X_MAC_CYRILLIC = 10007 , X_MAC_CHINESESIMP = 10008 , X_MAC_ROMANIAN = 10010 , X_MAC_UKRAINIAN = 10017 , X_MAC_THAI = 10021 , X_MAC_CE = 10029 , X_MAC_ICELANDIC = 10079 , X_MAC_TURKISH = 10081 , X_MAC_CROATIAN = 10082 , UTF_32 = 12000 , UTF_32BE = 12001 , X_CHINESE_CNS = 20000 , X_CP20001 = 20001 , X_CHINESE_ETEN = 20002 , X_CP20003 = 20003 , X_CP20004 = 20004 , X_CP20005 = 20005 , X_IA5 = 20105 , X_IA5_GERMAN = 20106 , X_IA5_SWEDISH = 20107 , X_IA5_NORWEGIAN = 20108 , US_ASCII = 20127 , X_CP20261 = 20261 , X_CP20269 = 20269 , IBM273 = 20273 , IBM277 = 20277 , IBM278 = 20278 , IBM280 = 20280 , IBM284 = 20284 , IBM285 = 20285 , IBM290 = 20290 , IBM297 = 20297 , IBM420 = 20420 , IBM423 = 20423 , IBM424 = 20424 , X_EBCDIC_KOREANEXTENDED = 20833 , IBM_THAI = 20838 , KOI8_R = 20866 , IBM871 = 20871 , IBM880 = 20880 , IBM905 = 20905 , IBM00924 = 20924 , EUC_JP_JIS = 20932 , X_CP20936 = 20936 , X_CP20949 = 20949 , CP1025 = 21025 , KOI8_U = 21866 , ISO_8859_1 = 28591 , ISO_8859_2 = 28592 , ISO_8859_3 = 28593 , ISO_8859_4 = 28594 , ISO_8859_5 = 28595 , ISO_8859_6 = 28596 , ISO_8859_7 = 28597 , ISO_8859_8 = 28598 , ISO_8859_9 = 28599 , ISO_8859_13 = 28603 , ISO_8859_15 = 28605 , X_EUROPA = 29001 , ISO_8859_8_I = 38598 , ISO_2022_JP = 50220 , CSISO2022JP = 50221 , ISO_2022_JP_JIS = 50222 , ISO_2022_KR = 50225 , X_CP50227 = 50227 , EUC_JP = 51932 , EUC_CN = 51936 , EUC_KR = 51949 , HZ_GB_2312 = 52936 , GB18030 = 54936 , X_ISCII_DE = 57002 , X_ISCII_BE = 57003 , X_ISCII_TA = 57004 , X_ISCII_TE = 57005 , X_ISCII_AS = 57006 , X_ISCII_OR = 57007 , X_ISCII_KA = 57008 , X_ISCII_MA = 57009 , X_ISCII_GU = 57010 , X_ISCII_PA = 57011 , UTF_7 = 65000 , UTF_8 = 65001 } |
| Code page from https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers. More... | |
| enum class | PE_TYPE : uint16_t { PE32 = 0x10b , PE32_PLUS = 0x20b } |
| enum class | ALGORITHMS : uint32_t { UNKNOWN = 0 , SHA_512 , SHA_384 , SHA_256 , SHA_1 , MD5 , MD4 , MD2 , RSA , EC , MD5_RSA , SHA1_DSA , SHA1_RSA , SHA_256_RSA , SHA_384_RSA , SHA_512_RSA , SHA1_ECDSA , SHA_256_ECDSA , SHA_384_ECDSA , SHA_512_ECDSA } |
| Cryptography algorithms. More... | |
| enum class | ACCELERATOR_CODES : uint32_t { LBUTTON = 0x01 , RBUTTON = 0x02 , CANCEL = 0x03 , MBUTTON = 0x04 , XBUTTON1_K = 0x05 , XBUTTON2_K = 0x06 , BACK = 0x08 , TAB = 0x09 , CLEAR = 0x0C , RETURN = 0x0D , SHIFT = 0x10 , CONTROL = 0x11 , MENU = 0x12 , PAUSE = 0x13 , CAPITAL = 0x14 , KANA = 0x15 , IME_ON = 0x16 , JUNJA = 0x17 , FINAL = 0x18 , KANJI = 0x19 , IME_OFF = 0x1A , ESCAPE = 0x1B , CONVERT = 0x1C , NONCONVERT = 0x1D , ACCEPT = 0x1E , MODECHANGE = 0x1F , SPACE = 0x20 , PRIOR = 0x21 , NEXT = 0x22 , END = 0x23 , HOME = 0x24 , LEFT = 0x25 , UP = 0x26 , RIGHT = 0x27 , DOWN = 0x28 , SELECT = 0x29 , PRINT = 0x2A , EXECUTE = 0x2B , SNAPSHOT = 0x2C , INSERT = 0x2D , DELETE_K = 0x2E , HELP = 0x2F , NUM_0 = 0x30 , NUM_1 = 0x31 , NUM_2 = 0x32 , NUM_3 = 0x33 , NUM_4 = 0x34 , NUM_5 = 0x35 , NUM_6 = 0x36 , NUM_7 = 0x37 , NUM_8 = 0x38 , NUM_9 = 0x39 , A = 0x41 , B = 0x42 , C = 0x43 , D = 0x44 , E = 0x45 , F = 0x46 , G = 0x47 , H = 0x48 , I = 0x49 , J = 0x4A , K = 0x4B , L = 0x4C , M = 0x4D , N = 0x4E , O = 0x4F , P = 0x50 , Q = 0x51 , R = 0x52 , S = 0x53 , T = 0x54 , U = 0x55 , V = 0x56 , W = 0x57 , X = 0x58 , Y = 0x59 , Z = 0x5A , LWIN = 0x5B , RWIN = 0x5C , APPS = 0x5D , SLEEP = 0x5F , NUMPAD0 = 0x60 , NUMPAD1 = 0x61 , NUMPAD2 = 0x62 , NUMPAD3 = 0x63 , NUMPAD4 = 0x64 , NUMPAD5 = 0x65 , NUMPAD6 = 0x66 , NUMPAD7 = 0x67 , NUMPAD8 = 0x68 , NUMPAD9 = 0x69 , MULTIPLY = 0x6A , ADD = 0x6B , SEPARATOR = 0x6C , SUBTRACT = 0x6D , DECIMAL = 0x6E , DIVIDE = 0x6F , F1 = 0x70 , F2 = 0x71 , F3 = 0x72 , F4 = 0x73 , F5 = 0x74 , F6 = 0x75 , F7 = 0x76 , F8 = 0x77 , F9 = 0x78 , F10 = 0x79 , F11 = 0x7A , F12 = 0x7B , F13 = 0x7C , F14 = 0x7D , F15 = 0x7E , F16 = 0x7F , F17 = 0x80 , F18 = 0x81 , F19 = 0x82 , F20 = 0x83 , F21 = 0x84 , F22 = 0x85 , F23 = 0x86 , F24 = 0x87 , NUMLOCK = 0x90 , SCROLL = 0x91 , LSHIFT = 0xA0 , RSHIFT = 0xA1 , LCONTROL = 0xA2 , RCONTROL = 0xA3 , LMENU = 0xA4 , RMENU = 0xA5 , BROWSER_BACK = 0xA6 , BROWSER_FORWARD = 0xA7 , BROWSER_REFRESH = 0xA8 , BROWSER_STOP = 0xA9 , BROWSER_SEARCH = 0xAA , BROWSER_FAVORITES = 0xAB , BROWSER_HOME = 0xAC , VOLUME_MUTE = 0xAD , VOLUME_DOWN = 0xAE , VOLUME_UP = 0xAF , MEDIA_NEXT_TRACK = 0xB0 , MEDIA_PREV_TRACK = 0xB1 , MEDIA_STOP = 0xB2 , MEDIA_PLAY_PAUSE = 0xB3 , LAUNCH_MAIL = 0xB4 , LAUNCH_MEDIA_SELECT = 0xB5 , LAUNCH_APP1 = 0xB6 , LAUNCH_APP2 = 0xB7 , OEM_1 = 0xBA , OEM_PLUS = 0xBB , OEM_COMMA = 0xBC , OEM_MINUS = 0xBD , OEM_PERIOD = 0xBE , OEM_2 = 0xBF , OEM_4 = 0xDB , OEM_5 = 0xDC , OEM_6 = 0xDD , OEM_7 = 0xDE , OEM_8 = 0xDF , OEM_102 = 0xE2 , PROCESSKEY = 0xE5 , PACKET = 0xE7 , ATTN = 0xF6 , CRSEL = 0xF7 , EXSEL = 0xF8 , EREOF = 0xF9 , PLAY = 0xFA , ZOOM = 0xFB , NONAME = 0xFC , PA1 = 0xFD , OEM_CLEAR = 0xFE } |
| From https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes. More... | |
| enum class | RESOURCE_LANGS { NEUTRAL = 0x00 , INVARIANT = 0x7f , AFRIKAANS = 0x36 , ALBANIAN = 0x1c , ARABIC = 0x01 , ARMENIAN = 0x2b , ASSAMESE = 0x4d , AZERI = 0x2c , BASQUE = 0x2d , BELARUSIAN = 0x23 , BANGLA = 0x45 , BULGARIAN = 0x02 , CATALAN = 0x03 , CHINESE = 0x04 , CROATIAN = 0x1a , BOSNIAN = 0x1a , CZECH = 0x05 , DANISH = 0x06 , DIVEHI = 0x65 , DUTCH = 0x13 , ENGLISH = 0x09 , ESTONIAN = 0x25 , FAEROESE = 0x38 , FARSI = 0x29 , FINNISH = 0x0b , FRENCH = 0x0c , GALICIAN = 0x56 , GEORGIAN = 0x37 , GERMAN = 0x07 , GREEK = 0x08 , GUJARATI = 0x47 , HEBREW = 0x0d , HINDI = 0x39 , HUNGARIAN = 0x0e , ICELANDIC = 0x0f , INDONESIAN = 0x21 , ITALIAN = 0x10 , JAPANESE = 0x11 , KANNADA = 0x4b , KASHMIRI = 0x60 , KAZAK = 0x3f , KONKANI = 0x57 , KOREAN = 0x12 , KYRGYZ = 0x40 , LATVIAN = 0x26 , LITHUANIAN = 0x27 , MACEDONIAN = 0x2f , MALAY = 0x3e , MALAYALAM = 0x4c , MANIPURI = 0x58 , MARATHI = 0x4e , MONGOLIAN = 0x50 , NEPALI = 0x61 , NORWEGIAN = 0x14 , ORIYA = 0x48 , POLISH = 0x15 , PORTUGUESE = 0x16 , PUNJABI = 0x46 , ROMANIAN = 0x18 , RUSSIAN = 0x19 , SANSKRIT = 0x4f , SERBIAN = 0x1a , SINDHI = 0x59 , SLOVAK = 0x1b , SLOVENIAN = 0x24 , SPANISH = 0x0a , SWAHILI = 0x41 , SWEDISH = 0x1d , SYRIAC = 0x5a , TAMIL = 0x49 , TATAR = 0x44 , TELUGU = 0x4a , THAI = 0x1e , TURKISH = 0x1f , UKRAINIAN = 0x22 , URDU = 0x20 , UZBEK = 0x43 , VIETNAMESE = 0x2a , GAELIC = 0x3c , MALTESE = 0x3a , MAORI = 0x28 , RHAETO_ROMANCE = 0x17 , SAMI = 0x3b , SORBIAN = 0x2e , SUTU = 0x30 , TSONGA = 0x31 , TSWANA = 0x32 , VENDA = 0x33 , XHOSA = 0x34 , ZULU = 0x35 , ESPERANTO = 0x8f , WALON = 0x90 , CORNISH = 0x91 , WELSH = 0x92 , BRETON = 0x93 , INUKTITUT = 0x5d , IRISH = 0x3C , LOWER_SORBIAN = 0x2E , PULAR = 0x67 , QUECHUA = 0x6B , TAMAZIGHT = 0x5F , TIGRINYA = 0x73 , VALENCIAN = 0x03 } |
| enum class | IMPHASH_MODE { DEFAULT = 0 , LIEF = DEFAULT , PEFILE , VT = PEFILE } |
| Enum to define the behavior of LIEF::PE::get_imphash. More... | |
Detailed Description
Typedef Documentation
◆ oid_t
| using LIEF::PE::oid_t = std::string |
Enumeration Type Documentation
◆ ACCELERATOR_CODES
|
strong |
From https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes.
◆ ALGORITHMS
|
strong |
◆ CODE_PAGES
|
strong |
Code page from https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers.
◆ IMPHASH_MODE
|
strong |
Enum to define the behavior of LIEF::PE::get_imphash.
| Enumerator | |
|---|---|
| DEFAULT | Default implementation |
| LIEF | Same as IMPHASH_MODE::DEFAULT |
| PEFILE | Use pefile algorithm |
| VT | Same as IMPHASH_MODE::PEFILE since Virus Total is using pefile |
◆ PE_TYPE
|
strong |
◆ RESOURCE_LANGS
|
strong |
Function Documentation
◆ algo_from_oid()
| ALGORITHMS LIEF::PE::algo_from_oid | ( | const std::string & | oid | ) |
◆ check_layout()
| bool LIEF::PE::check_layout | ( | const Binary & | bin, |
| std::string * | error_info = nullptr ) |
Check that the layout of the given Binary is correct from the Windows loader perspective.
◆ get_imphash()
| std::string LIEF::PE::get_imphash | ( | const Binary & | binary, |
| IMPHASH_MODE | mode = IMPHASH_MODE::DEFAULT ) |
Compute the hash of imported functions.
By default, it generates an hash with the following properties:
- Order agnostic
- Casse agnostic
- Ordinal (in some extent) agnostic
If one needs the same output as Virus Total (i.e. pefile), you can pass IMPHASH_MODE::PEFILE as second parameter.
- Warning
- The default algorithm used to compute the imphash value has some variations compared to Yara, pefile, VT implementation
References DEFAULT.
◆ get_type() [1/2]
if the input file is a PE one, return PE32 or PE32+
◆ get_type() [2/2]
◆ get_type_from_stream()
| result< PE_TYPE > LIEF::PE::get_type_from_stream | ( | BinaryStream & | stream | ) |
◆ is_pe() [1/3]
| bool LIEF::PE::is_pe | ( | BinaryStream & | stream | ) |
◆ is_pe() [2/3]
| bool LIEF::PE::is_pe | ( | const std::string & | file | ) |
check if the file is a PE file
◆ is_pe() [3/3]
| bool LIEF::PE::is_pe | ( | const std::vector< uint8_t > & | raw | ) |
check if the raw data is a PE file
◆ oid_to_string()
| const char * LIEF::PE::oid_to_string | ( | const oid_t & | oid | ) |
Convert an OID to a human-readable string.
◆ resolve_ordinals()
| result< Import > LIEF::PE::resolve_ordinals | ( | const Import & | import, |
| bool | strict = false, | ||
| bool | use_std = false ) |
Take a PE::Import as entry and try to resolve imports by ordinal.
The strict boolean parameter enables to throw an LIEF::not_found exception if the ordinal can't be resolved. Otherwise it skips the entry.
- Parameters
-
[in] import Import to resolve [in] strict If set to true, throw an exception if the import can't be resolved[in] use_std If true, it will use the pefile look-up table for resolving imports
- Returns
- The PE::import resolved with PE::ImportEntry::name set
◆ to_json()
| std::string LIEF::PE::to_json | ( | const Object & | v | ) |
◆ to_string() [1/39]
| const char * LIEF::PE::to_string | ( | ACCELERATOR_CODES | code | ) |
◆ to_string() [2/39]
| const char * LIEF::PE::to_string | ( | ALGORITHMS | e | ) |
◆ to_string() [3/39]
| const char * LIEF::PE::to_string | ( | Attribute::TYPE | e | ) |
◆ to_string() [4/39]
| const char * LIEF::PE::to_string | ( | AuxiliaryWeakExternal::CHARACTERISTICS | e | ) |
◆ to_string() [5/39]
| const char * LIEF::PE::to_string | ( | CHPEMetadataARM64::range_entry_t::TYPE | e | ) |
◆ to_string() [6/39]
| const char * LIEF::PE::to_string | ( | CODE_PAGES | e | ) |
◆ to_string() [7/39]
| const char * LIEF::PE::to_string | ( | CodeView::SIGNATURES | e | ) |
◆ to_string() [8/39]
| const char * LIEF::PE::to_string | ( | DataDirectory::TYPES | e | ) |
◆ to_string() [9/39]
| const char * LIEF::PE::to_string | ( | Debug::TYPES | e | ) |
◆ to_string() [10/39]
| const char * LIEF::PE::to_string | ( | DynamicRelocation::IMAGE_DYNAMIC_RELOCATION | e | ) |
◆ to_string() [11/39]
| const char * LIEF::PE::to_string | ( | EnclaveImport::TYPE | e | ) |
◆ to_string() [12/39]
| const char * LIEF::PE::to_string | ( | ExDllCharacteristics::CHARACTERISTICS | e | ) |
◆ to_string() [13/39]
| const char * LIEF::PE::to_string | ( | FPO::FRAME_TYPE | e | ) |
◆ to_string() [14/39]
| const char * LIEF::PE::to_string | ( | Header::CHARACTERISTICS | c | ) |
◆ to_string() [15/39]
| const char * LIEF::PE::to_string | ( | Header::MACHINE_TYPES | c | ) |
◆ to_string() [16/39]
| const char * LIEF::PE::to_string | ( | LoadConfiguration::IMAGE_GUARD | e | ) |
◆ to_string() [17/39]
| const char * LIEF::PE::to_string | ( | OptionalHeader::DLL_CHARACTERISTICS | ) |
◆ to_string() [18/39]
| const char * LIEF::PE::to_string | ( | OptionalHeader::SUBSYSTEM | ) |
◆ to_string() [19/39]
| const char * LIEF::PE::to_string | ( | PDBChecksum::HASH_ALGO | e | ) |
◆ to_string() [20/39]
| const char * LIEF::PE::to_string | ( | PE_TYPE | e | ) |
◆ to_string() [21/39]
| const char * LIEF::PE::to_string | ( | Pogo::SIGNATURES | e | ) |
◆ to_string() [22/39]
| const char * LIEF::PE::to_string | ( | RelocationEntry::BASE_TYPES | e | ) |
◆ to_string() [23/39]
| const char * LIEF::PE::to_string | ( | ResourceAccelerator::FLAGS | e | ) |
◆ to_string() [24/39]
| const char * LIEF::PE::to_string | ( | ResourceDialog::CONTROL_STYLES | s | ) |
◆ to_string() [25/39]
| const char * LIEF::PE::to_string | ( | ResourceDialog::DIALOG_STYLES | s | ) |
◆ to_string() [26/39]
| const char * LIEF::PE::to_string | ( | ResourceDialog::WINDOW_EXTENDED_STYLES | s | ) |
◆ to_string() [27/39]
| const char * LIEF::PE::to_string | ( | ResourceDialog::WINDOW_STYLES | s | ) |
◆ to_string() [28/39]
| const char * LIEF::PE::to_string | ( | ResourcesManager::TYPE | type | ) |
◆ to_string() [29/39]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::FILE_FLAGS | e | ) |
◆ to_string() [30/39]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::FILE_TYPE | e | ) |
◆ to_string() [31/39]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::FILE_TYPE_DETAILS | e | ) |
◆ to_string() [32/39]
| const char * LIEF::PE::to_string | ( | ResourceVersion::fixed_file_info_t::VERSION_OS | e | ) |
◆ to_string() [33/39]
| const char * LIEF::PE::to_string | ( | RuntimeFunctionX64::UNWIND_FLAGS | op | ) |
◆ to_string() [34/39]
| const char * LIEF::PE::to_string | ( | RuntimeFunctionX64::UNWIND_OPCODES | op | ) |
◆ to_string() [35/39]
| const char * LIEF::PE::to_string | ( | RuntimeFunctionX64::UNWIND_REG | op | ) |
◆ to_string() [36/39]
| const char * LIEF::PE::to_string | ( | Section::CHARACTERISTICS | e | ) |
◆ to_string() [37/39]
| const char * LIEF::PE::to_string | ( | Symbol::BASE_TYPE | e | ) |
◆ to_string() [38/39]
| const char * LIEF::PE::to_string | ( | Symbol::COMPLEX_TYPE | e | ) |
◆ to_string() [39/39]
| const char * LIEF::PE::to_string | ( | Symbol::STORAGE_CLASS | e | ) |
Generated by
1.13.0