Struct lief::pe::Binary

pub struct Binary { /* private fields */ }
Expand description

This is the main interface to read and write PE binary attributes.

Note that this structure implements the generic::Binary trait from which other generic functions are exposed

fn use_trait(pe: &Binary) {
    let generic_binary = pe as &dyn generic::Binary;
    println!("{}", generic_binary.entrypoint());
}

Implementations§

§

impl Binary

pub fn parse(path: &str) -> Option<Self>

Parse from a file path given as a string

pub fn dos_header(&self) -> DosHeader<'_>

DosHeader which starts the PE files

pub fn optional_header(&self) -> OptionalHeader<'_>

Header that follows the Binary::header. It is named optional from the COFF specfication but it is mandatory in a PE file.

pub fn compute_checksum(&self) -> u32

Re-compute the value of OptionalHeader::checksum

pub fn header(&self) -> Header<'_>

Next header after the Binary::dos_header

pub fn tls(&self) -> Option<TLS<'_>>

Return TLS information if present

pub fn rich_header(&self) -> Option<RichHeader<'_>>

Return rich header information if present.

pub fn export(&self) -> Option<Export<'_>>

Return export information

pub fn resources(&self) -> Option<ResourceNode<'_>>

Return the root of the PE’s resource’s tree

pub fn resources_manager(&self) -> Option<ResourcesManager<'_>>

Return a manager interface to read and manipulate the resources tree with a user friendly interface.

pub fn imports(&self) -> Imports<'_>

Return the imports as an iterator over the Import structure

pub fn data_directories(&self) -> DataDirectories<'_>

Return the data directories as an iterator over the DataDirectory structure

pub fn sections(&self) -> Sections<'_>

Return the sections as an iterator over the Section structure

pub fn relocations(&self) -> Relocations<'_>

Return the relocations as an iterator over the super::Relocation structure

pub fn delay_imports(&self) -> DelayImports<'_>

Return the delayed imports as an iterator over the DelayImport structure

pub fn signatures(&self) -> Signatures<'_>

Return an iterator over the signature::Signature if the current PE is authenticode-signed.

pub fn debug(&self) -> DebugEntries<'_>

Return an iterator over the debug::Entries of the binary.

pub fn authentihash(&self, algo: Algorithms) -> Vec<u8>

Compute the authentihash for the current PE with the given algorithms.

pub fn load_configuration(&self) -> Option<LoadConfiguration<'_>>

Return load configuration info if present.

pub fn dos_stub(&self) -> &[u8]

Return the raw data between the Binary::dos_header and the regular Binary::header

pub fn overlay(&self) -> &[u8]

Return the original overlay data of the file

pub fn overlay_offset(&self) -> u64

Return the offset computed by LIEF to identify overlay data

pub fn rva_to_offset(&self, rva: u64) -> u64

Convert a relative virtual address into an offset

pub fn va_to_offset(&self, va: u64) -> u64

Convert an absolute virtual address into an offset.

pub fn virtual_size(&self) -> u64

Return the size of the current binary when loaded in memory.

pub fn sizeof_headers(&self) -> u64

Compute the size of all the headers.

pub fn section_from_offset(&self, offset: u64) -> Option<Section<'_>>

Find a section by its offset

pub fn section_from_rva(&self, rva: u64) -> Option<Section<'_>>

Find a section by its relative virtual address

pub fn section_by_name(&self, name: &str) -> Option<Section<'_>>

Find a section by its name

pub fn data_directory_by_type( &self, dir_type: Type ) -> Option<DataDirectory<'_>>

Find the data directory with the given type

pub fn verify_signature(&self, checks: VerificationChecks) -> VerificationFlags

Verify the binary against the embedded signature(s) (if any)

First, it checks that the embedded signatures are correct (c.f. signature::Signature::check) and then, it checks that the authentihash matches crate::pe::signature::content_info::ContentInfo::digest

pub fn verify_with_signature( &self, sig: &Signature<'_>, checks: VerificationChecks ) -> VerificationFlags

Verify the binary with the signature::Signature object provided in the first parameter. It can be used to verify a detached signature:

if let Some(sig) = Signature::from_file(path_str.unwrap()) {
    pe.verify_signature(&sig, signature::VerificationChecks::DEFAULT);
}

pub fn import_by_name(&self, name: &str) -> Option<Import<'_>>

Find an import by its DLL name

pub fn delay_import_by_name(&self, name: &str) -> Option<DelayImport<'_>>

Find a delayed import by its name

pub fn content_from_virtual_address(&self, address: u64, size: u64) -> &[u8]

Return the sized content from the virtual address

pub fn get_int_from_virtual_address<T>(&self, addr: u64) -> Result<T, Error>where T: Num + FromPrimitive + ToPrimitive,

Get the integer value at the given virtual address

pub fn write(&mut self, output: &Path)

Write back the current PE binary into the file specified in parameter

Trait Implementations§

§

impl Binary for Binary

§

fn entrypoint(&self) -> u64

Binary’s entrypoint
§

fn imagebase(&self) -> u64

Default base address where the binary should be mapped
§

fn is_pie(&self) -> bool

Whether the current binary is an executable and position independent
§

fn has_nx(&self) -> bool

Whether the binary defines a non-executable stack
§

fn original_size(&self) -> u64

Original file size of the binary
§

fn debug_info(&self) -> Option<DebugInfo<'_>>

Return the debug info if present. It can be either a crate::pdb::DebugInfo or crate::dwarf::DebugInfo. Read more
§

fn disassemble(&self, address: u64, size: u64) -> InstructionsIt<'_>

Disassemble code starting a the given virtual address and with the given size. Read more
§

fn disassemble_symbol(&self, name: &str) -> InstructionsIt<'_>

Disassemble code for the given symbol name Read more
§

fn disassemble_address(&self, address: u64) -> InstructionsIt<'_>

Disassemble code at the given virtual address Read more
§

fn disassemble_slice(&self, slice: &[u8], address: u64) -> InstructionsIt<'_>

Disassemble code provided by the given slice at the specified address parameter. Read more
§

fn assemble(&mut self, address: u64, asm: &str) -> Vec<u8>

Assemble and patch the provided assembly code at the specified address. Read more
§

impl Debug for Binary

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl RefUnwindSafe for Binary

§

impl !Send for Binary

§

impl !Sync for Binary

§

impl Unpin for Binary

§

impl UnwindSafe for Binary

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.