pub struct PE<'a> {Show 17 fields
pub header: Header,
pub sections: Vec<SectionTable>,
pub size: usize,
pub name: Option<&'a str>,
pub is_lib: bool,
pub is_64: bool,
pub entry: usize,
pub image_base: usize,
pub export_data: Option<ExportData<'a>>,
pub import_data: Option<ImportData<'a>>,
pub exports: Vec<Export<'a>>,
pub imports: Vec<Import<'a>>,
pub libraries: Vec<&'a str>,
pub debug_data: Option<DebugData<'a>>,
pub tls_data: Option<TlsData<'a>>,
pub exception_data: Option<ExceptionData<'a>>,
pub certificates: CertificateDirectoryTable<'a>,
/* private fields */
}
Expand description
An analyzed PE32/PE32+ binary
Fields§
§header: Header
The PE header
sections: Vec<SectionTable>
A list of the sections in this PE binary
size: usize
The size of the binary
name: Option<&'a str>
The name of this dll
, if it has one
is_lib: bool
Whether this is a dll
or not
is_64: bool
Whether the binary is 64-bit (PE32+)
entry: usize
the entry point of the binary
image_base: usize
The binary’s RVA, or image base - useful for computing virtual addreses
export_data: Option<ExportData<'a>>
Data about any exported symbols in this binary (e.g., if it’s a dll
)
import_data: Option<ImportData<'a>>
Data for any imported symbols, and from which dll
, etc., in this binary
exports: Vec<Export<'a>>
The list of exported symbols in this binary, contains synthetic information for easier analysis
imports: Vec<Import<'a>>
The list symbols imported by this binary from other dll
s
libraries: Vec<&'a str>
The list of libraries which this binary imports symbols from
debug_data: Option<DebugData<'a>>
Debug information, if any, contained in the PE header
tls_data: Option<TlsData<'a>>
TLS information, if any, contained in the PE header
exception_data: Option<ExceptionData<'a>>
Exception handling and stack unwind information, if any, contained in the PE header
certificates: CertificateDirectoryTable<'a>
Certificates present, if any, described by the Certificate Table
Implementations§
Source§impl PE<'_>
impl PE<'_>
Sourcepub fn authenticode_ranges(&self) -> ExcludedSectionsIter<'_> ⓘ
pub fn authenticode_ranges(&self) -> ExcludedSectionsIter<'_> ⓘ
Returns the various ranges of the binary that are relevant for signature.
Source§impl<'a> PE<'a>
impl<'a> PE<'a>
Sourcepub fn parse_with_opts(bytes: &'a [u8], opts: &ParseOptions) -> Result<Self>
pub fn parse_with_opts(bytes: &'a [u8], opts: &ParseOptions) -> Result<Self>
Reads a PE binary from the underlying bytes