Struct lief::pe::Binary

pub struct Binary { /* private fields */ }

This is the main interface to read and write PE binary attributes.

Note that this structure implements the generic::Binary trait from which other generic functions are exposed

fn use_trait(pe: &Binary) {
    let generic_binary = pe as &dyn generic::Binary;
    println!("{}", generic_binary.entrypoint());
}

Implementations

impl Binary

pub fn parse(path: &str) -> Self

Parse from a file path given as a string

pub fn dos_header(&self) -> DosHeader<'_>

DosHeader which starts the PE files

pub fn optional_header(&self) -> OptionalHeader<'_>

Header that follows the Binary::header. It is named optional from the COFF specfication but it is mandatory in a PE file.

pub fn compute_checksum(&self) -> u32

Re-compute the value of OptionalHeader::checksum

pub fn header(&self) -> Header<'_>

Next header after the Binary::dos_header

pub fn tls(&self) -> Option<TLS<'_>>

Return TLS information if present

pub fn rich_header(&self) -> Option<RichHeader<'_>>

Return rich header information if present.

pub fn export(&self) -> Option<Export<'_>>

Return export information

pub fn resources(&self) -> Option<ResourceNode<'_>>

Return the root of the PE’s resource’s tree

pub fn resources_manager(&self) -> Option<ResourcesManager<'_>>

Return a manager interface to read and manipulate the resources tree with a user friendly interface.

pub fn imports(&self) -> Imports<'_>

Return the imports as an iterator over the Import structure

pub fn data_directories(&self) -> DataDirectories<'_>

Return the data directories as an iterator over the DataDirectory structure

pub fn sections(&self) -> Sections<'_>

Return the sections as an iterator over the Section structure

pub fn relocations(&self) -> Relocations<'_>

Return the relocations as an iterator over the super::Relocation structure

pub fn delay_imports(&self) -> DelayImports<'_>

Return the delayed imports as an iterator over the DelayImport structure

pub fn signatures(&self) -> Signatures<'_>

Return an iterator over the signature::Signature if the current PE is authenticode-signed.

pub fn debug(&self) -> DebugEntries<'_>

Return an iterator over the debug::Entries of the binary.

pub fn authentihash(&self, algo: Algorithms) -> Vec<u8>

Compute the authentihash for the current PE with the given algorithms.

pub fn load_configuration(&self) -> Option<LoadConfiguration<'_>>

Return load configuration info if present.

pub fn dos_stub(&self) -> &[u8]

Return the raw data between the Binary::dos_header and the regular Binary::header

pub fn overlay(&self) -> &[u8]

Return the original overlay data of the file

pub fn overlay_offset(&self) -> u64

Return the offset computed by LIEF to identify overlay data

pub fn rva_to_offset(&self, rva: u64) -> u64

Convert a relative virtual address into an offset

pub fn va_to_offset(&self, va: u64) -> u64

Convert an absolute virtual address into an offset.

pub fn virtual_size(&self) -> u64

Return the size of the current binary when loaded in memory.

pub fn sizeof_headers(&self) -> u64

Compute the size of all the headers.

pub fn section_from_offset(&self, offset: u64) -> Option<Section<'_>>

Find a section by its offset

pub fn section_from_rva(&self, rva: u64) -> Option<Section<'_>>

Find a section by its relative virtual address

pub fn section_by_name(&self, name: &str) -> Option<Section<'_>>

Find a section by its name

pub fn data_directory_by_type( &self, dir_type: Type ) -> Option<DataDirectory<'_>>

Find the data directory with the given type

pub fn verify_signature(&self, checks: VerificationChecks) -> VerificationFlags

Verify the binary against the embedded signature(s) (if any)

First, it checks that the embedded signatures are correct (c.f. signature::Signature::check) and then, it checks that the authentihash matches crate::pe::signature::content_info::ContentInfo::digest

pub fn verify_with_signature( &self, sig: &Signature<'_>, checks: VerificationChecks ) -> VerificationFlags

Verify the binary with the signature::Signature object provided in the first parameter. It can be used to verify a detached signature:

if let Some(sig) = Signature::from_file(path_str.unwrap()) {
    pe.verify_signature(&sig, signature::VerificationChecks::DEFAULT);
}

pub fn import_by_name(&self, name: &str) -> Option<Import<'_>>

Find an import by its DLL name

pub fn delay_import_by_name(&self, name: &str) -> Option<DelayImport<'_>>

Find a delayed import by its name

pub fn content_from_virtual_address(&self, address: u64, size: u64) -> &[u8]

Return the sized content from the virtual address

Trait Implementations

impl Binary for Binary

fn entrypoint(&self) -> u64

Binary’s entrypoint

fn imagebase(&self) -> u64

Default base address where the binary should be mapped

fn is_pie(&self) -> bool

Whether the current binary is an executable and position independent

fn has_nx(&self) -> bool

Whether the binary defines a non-executable stack

fn original_size(&self) -> u64

Original file size of the binary

fn debug_info(&self) -> Option<DebugInfo<'_>>

Return the debug info if present. It can be either a crate::pdb::DebugInfo or crate::dwarf::DebugInfo.

impl Debug for Binary

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.