pelican

package module
v0.0.0-...-dbdf991 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 28, 2024 License: MIT Imports: 14 Imported by: 4

README

pelican

MIT licensed Build Status Go Report Card

Probe PE files.

License

pelican is released under the MIT License. See the LICENSE file for details.

Documentation

Index

Constants

View Source 
const (
	Arch386   = "386"
	ArchAmd64 = "amd64"
)

Variables

View Source 
var ResourceTypeNames = map[ResourceType]string{
	ResourceTypeCursor:       "Cursor",
	ResourceTypeBitmap:       "Bitmap",
	ResourceTypeIcon:         "Icon",
	ResourceTypeMenu:         "Menu",
	ResourceTypeDialog:       "Dialog",
	ResourceTypeString:       "String",
	ResourceTypeFontDir:      "FontDir",
	ResourceTypeFont:         "Font",
	ResourceTypeAccelerator:  "Accelerator",
	ResourceTypeRcData:       "RcData",
	ResourceTypeMessageTable: "MessageTable",
	ResourceTypeGroupCursor:  "GroupCursor",
	ResourceTypeGroupIcon:    "GroupIcon",
	ResourceTypeVersion:      "Version",
	ResourceTypeDlgInclude:   "DlgInclude",
	ResourceTypePlugPlay:     "PlugPlay",
	ResourceTypeVXD:          "VXD",
	ResourceTypeAniCursor:    "AniCursor",
	ResourceTypeAniIcon:      "AniIcon",
	ResourceTypeHTML:         "HTML",
	ResourceTypeManifest:     "Manifest",
}

Functions

func DecodeUTF16 

func DecodeUTF16(bs []byte) string

Convert a UTF-16 string (as a byte slice) to unicode

Types

type Arch 

type Arch string

type AssemblyIdentity 

type AssemblyIdentity struct {
	Name    string `json:"name"`
	Version string `json:"version"`
	Type    string `json:"type"`

	ProcessorArchitecture string `json:"processorArchitecture,omitempty"`
	Language              string `json:"language,omitempty"`
	PublicKeyToken        string `json:"publicKeyToken,omitempty"`
}

type AssemblyInfo 

type AssemblyInfo struct {
	Identity    *AssemblyIdentity `json:"identity"`
	Description string            `json:"description"`

	RequestedExecutionLevel string `json:"requestedExecutionLevel,omitempty"`
}

type PeInfo 

type PeInfo struct {
	Arch                Arch                `json:"arch"`
	VersionProperties   map[string]string   `json:"versionProperties"`
	AssemblyInfo        *AssemblyInfo       `json:"assemblyInfo"`
	DependentAssemblies []*AssemblyIdentity `json:"dependentAssemblies"`
	Imports             []string            `json:"imports"`
}

PeInfo contains the architecture of a binary file

For command `PeInfo`

func Probe 

func Probe(file eos.File, params ProbeParams) (*PeInfo, error)

Probe retrieves information about an PE file

func (*PeInfo) RequiresElevation 

func (pi *PeInfo) RequiresElevation() bool

type ProbeParams 

type ProbeParams struct {
	Consumer *state.Consumer
	// Return errors instead of printing warnings when
	// we can't parse some parts of the file
	Strict bool
}

type ReadSeekerAt 

type ReadSeekerAt interface {
	io.ReadSeeker
	io.ReaderAt
}

type ResourceType 

type ResourceType uint32
const (
	ResourceTypeNone ResourceType = 0

	ResourceTypeCursor       ResourceType = 1
	ResourceTypeBitmap       ResourceType = 2
	ResourceTypeIcon         ResourceType = 3
	ResourceTypeMenu         ResourceType = 4
	ResourceTypeDialog       ResourceType = 5
	ResourceTypeString       ResourceType = 6
	ResourceTypeFontDir      ResourceType = 7
	ResourceTypeFont         ResourceType = 8
	ResourceTypeAccelerator  ResourceType = 9
	ResourceTypeRcData       ResourceType = 10
	ResourceTypeMessageTable ResourceType = 11

	ResourceTypeGroupCursor ResourceType = ResourceTypeCursor + 11 // 12
	ResourceTypeGroupIcon   ResourceType = ResourceTypeIcon + 11   // 14

	ResourceTypeVersion    ResourceType = 16
	ResourceTypeDlgInclude ResourceType = 17
	ResourceTypePlugPlay   ResourceType = 19
	ResourceTypeVXD        ResourceType = 20 // vxd = virtual device
	ResourceTypeAniCursor  ResourceType = 21
	ResourceTypeAniIcon    ResourceType = 22
	ResourceTypeHTML       ResourceType = 23
	ResourceTypeManifest   ResourceType = 24
)

https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms648009(v=vs.85).aspx

type VsBlock 

type VsBlock struct {
	Length      uint16
	ValueLength uint16
	Type        uint16
	Key         []byte
	EndOffset   int64

	ReadSeekerAt
}

func (*VsBlock) KeyString 

func (vb *VsBlock) KeyString() string

type VsFixedFileInfo 

type VsFixedFileInfo struct {
	DwSignature        uint32
	DwStrucVersion     uint32
	DwFileVersionMS    uint32
	DwFileVersionLS    uint32
	DwProductVersionMS uint32
	DwProductVersionLS uint32
	DwFileFlagsMask    uint32
	DwFileFlags        uint32
	DwFileOS           uint32
	DwFileType         uint32
	DwFileSubtype      uint32
	DwFileDateMS       uint32
	DwFileDateLS       uint32
}

Source Files

View all Source files

Directories

Path Synopsis
Package pe implements access to PE (Microsoft Windows Portable Executable) files.
 Package pe implements access to PE (Microsoft Windows Portable Executable) files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.