pub struct Binary { /* private fields */ }
Expand description
This is the main interface to read and write PE binary attributes.
Note that this structure implements the generic::Binary
trait from which other generic
functions are exposed
fn use_trait(pe: &Binary) {
let generic_binary = pe as &dyn generic::Binary;
println!("{}", generic_binary.entrypoint());
}
Implementations§
§impl Binary
impl Binary
pub fn dos_header(&self) -> DosHeader<'_>
pub fn dos_header(&self) -> DosHeader<'_>
DosHeader which starts the PE files
pub fn optional_header(&self) -> OptionalHeader<'_>
pub fn optional_header(&self) -> OptionalHeader<'_>
Header that follows the Binary::header
. It is named
optional from the COFF specfication but it is mandatory in a PE file.
pub fn compute_checksum(&self) -> u32
pub fn compute_checksum(&self) -> u32
Re-compute the value of OptionalHeader::checksum
pub fn header(&self) -> Header<'_>
pub fn header(&self) -> Header<'_>
Next header after the Binary::dos_header
pub fn rich_header(&self) -> Option<RichHeader<'_>>
pub fn rich_header(&self) -> Option<RichHeader<'_>>
Return rich header information if present.
pub fn resources(&self) -> Option<ResourceNode<'_>>
pub fn resources(&self) -> Option<ResourceNode<'_>>
Return the root of the PE’s resource’s tree
pub fn resources_manager(&self) -> Option<ResourcesManager<'_>>
pub fn resources_manager(&self) -> Option<ResourcesManager<'_>>
Return a manager interface to read and manipulate the resources tree with a user friendly interface.
pub fn data_directories(&self) -> DataDirectories<'_> ⓘ
pub fn data_directories(&self) -> DataDirectories<'_> ⓘ
Return the data directories as an iterator over the DataDirectory
structure
pub fn sections(&self) -> Sections<'_> ⓘ
pub fn sections(&self) -> Sections<'_> ⓘ
Return the sections as an iterator over the Section
structure
pub fn relocations(&self) -> Relocations<'_> ⓘ
pub fn relocations(&self) -> Relocations<'_> ⓘ
Return the relocations as an iterator over the super::Relocation
structure
pub fn delay_imports(&self) -> DelayImports<'_> ⓘ
pub fn delay_imports(&self) -> DelayImports<'_> ⓘ
Return the delayed imports as an iterator over the DelayImport
structure
pub fn signatures(&self) -> Signatures<'_> ⓘ
pub fn signatures(&self) -> Signatures<'_> ⓘ
Return an iterator over the signature::Signature
if the current PE is authenticode-signed.
pub fn debug(&self) -> DebugEntries<'_> ⓘ
pub fn debug(&self) -> DebugEntries<'_> ⓘ
Return an iterator over the debug::Entries
of the binary.
pub fn authentihash(&self, algo: Algorithms) -> Vec<u8>
pub fn authentihash(&self, algo: Algorithms) -> Vec<u8>
Compute the authentihash for the current PE with the given algorithms.
pub fn load_configuration(&self) -> Option<LoadConfiguration<'_>>
pub fn load_configuration(&self) -> Option<LoadConfiguration<'_>>
Return load configuration info if present.
pub fn dos_stub(&self) -> &[u8] ⓘ
pub fn dos_stub(&self) -> &[u8] ⓘ
Return the raw data between the Binary::dos_header
and the regular Binary::header
pub fn overlay_offset(&self) -> u64
pub fn overlay_offset(&self) -> u64
Return the offset computed by LIEF to identify overlay data
pub fn rva_to_offset(&self, rva: u64) -> u64
pub fn rva_to_offset(&self, rva: u64) -> u64
Convert a relative virtual address into an offset
pub fn va_to_offset(&self, va: u64) -> u64
pub fn va_to_offset(&self, va: u64) -> u64
Convert an absolute virtual address into an offset.
pub fn virtual_size(&self) -> u64
pub fn virtual_size(&self) -> u64
Return the size of the current binary when loaded in memory.
pub fn sizeof_headers(&self) -> u64
pub fn sizeof_headers(&self) -> u64
Compute the size of all the headers.
pub fn section_from_offset(&self, offset: u64) -> Option<Section<'_>>
pub fn section_from_offset(&self, offset: u64) -> Option<Section<'_>>
Find a section by its offset
pub fn section_from_rva(&self, rva: u64) -> Option<Section<'_>>
pub fn section_from_rva(&self, rva: u64) -> Option<Section<'_>>
Find a section by its relative virtual address
pub fn section_by_name(&self, name: &str) -> Option<Section<'_>>
pub fn section_by_name(&self, name: &str) -> Option<Section<'_>>
Find a section by its name
pub fn data_directory_by_type(
&self,
dir_type: Type
) -> Option<DataDirectory<'_>>
pub fn data_directory_by_type( &self, dir_type: Type ) -> Option<DataDirectory<'_>>
Find the data directory with the given type
pub fn verify_signature(&self, checks: VerificationChecks) -> VerificationFlags
pub fn verify_signature(&self, checks: VerificationChecks) -> VerificationFlags
Verify the binary against the embedded signature(s) (if any)
First, it checks that the embedded signatures are correct (c.f. signature::Signature::check
)
and then, it checks that the authentihash matches crate::pe::signature::content_info::ContentInfo::digest
pub fn verify_with_signature(
&self,
sig: &Signature<'_>,
checks: VerificationChecks
) -> VerificationFlags
pub fn verify_with_signature( &self, sig: &Signature<'_>, checks: VerificationChecks ) -> VerificationFlags
Verify the binary with the signature::Signature
object provided in the first parameter.
It can be used to verify a detached signature:
if let Some(sig) = Signature::from_file(path_str.unwrap()) {
pe.verify_signature(&sig, signature::VerificationChecks::DEFAULT);
}
pub fn import_by_name(&self, name: &str) -> Option<Import<'_>>
pub fn import_by_name(&self, name: &str) -> Option<Import<'_>>
Find an import by its DLL name
pub fn delay_import_by_name(&self, name: &str) -> Option<DelayImport<'_>>
pub fn delay_import_by_name(&self, name: &str) -> Option<DelayImport<'_>>
Find a delayed import by its name
pub fn content_from_virtual_address(&self, address: u64, size: u64) -> &[u8] ⓘ
pub fn content_from_virtual_address(&self, address: u64, size: u64) -> &[u8] ⓘ
Return the sized content from the virtual address
Trait Implementations§
§impl Binary for Binary
impl Binary for Binary
§fn entrypoint(&self) -> u64
fn entrypoint(&self) -> u64
§fn original_size(&self) -> u64
fn original_size(&self) -> u64
§fn debug_info(&self) -> Option<DebugInfo<'_>>
fn debug_info(&self) -> Option<DebugInfo<'_>>
crate::pdb::DebugInfo
or crate::dwarf::DebugInfo
. Read more