Struct lief::pe::Binary

pub struct Binary { /* private fields */ }
Expand description

This is the main interface to read and write PE binary attributes.

Note that this structure implements the generic::Binary trait from which other generic functions are exposed

fn use_trait(pe: &Binary) {
    let generic_binary = pe as &dyn generic::Binary;
    println!("{}", generic_binary.entrypoint());
}

Implementations§

§

impl Binary

pub fn parse(path: &str) -> Option<Self>

Parse from a file path given as a string

pub fn parse_with_config(path: &str, config: ParserConfig) -> Option<Self>

Parse from a string file path and with a provided configuration

pub fn dos_header(&self) -> DosHeader<'_>

DosHeader which starts the PE files

pub fn optional_header(&self) -> OptionalHeader<'_>

Header that follows the Binary::header. It is named optional from the COFF specfication but it is mandatory in a PE file.

pub fn compute_checksum(&self) -> u32

Re-compute the value of OptionalHeader::checksum

pub fn header(&self) -> Header<'_>

Next header after the Binary::dos_header

pub fn tls(&self) -> Option<TLS<'_>>

Return TLS information if present

pub fn rich_header(&self) -> Option<RichHeader<'_>>

Return rich header information if present.

pub fn export(&self) -> Option<Export<'_>>

Return export information

pub fn resources(&self) -> Option<ResourceNode<'_>>

Return the root of the PE’s resource tree

pub fn resources_manager(&self) -> Option<ResourcesManager<'_>>

Return a manager interface to read and manipulate the resources tree with a user friendly interface.

pub fn imports(&self) -> Imports<'_>

Return the imports as an iterator over the Import structure

pub fn data_directories(&self) -> DataDirectories<'_>

Return the data directories as an iterator over the DataDirectory structure

pub fn sections(&self) -> Sections<'_>

Return the sections as an iterator over the Section structure

pub fn relocations(&self) -> Relocations<'_>

Return the relocations as an iterator over the super::Relocation structure

pub fn delay_imports(&self) -> DelayImports<'_>

Return the delayed imports as an iterator over the DelayImport structure

pub fn signatures(&self) -> Signatures<'_>

Return an iterator over the signature::Signature if the current PE is authenticode-signed.

pub fn debug(&self) -> DebugEntries<'_>

Return an iterator over the debug::Entries of the binary.

pub fn authentihash(&self, algo: Algorithms) -> Vec<u8>

Compute the authentihash for the current PE with the given algorithms.

pub fn load_configuration(&self) -> Option<LoadConfiguration<'_>>

Return load configuration info if present.

pub fn dos_stub(&self) -> &[u8]

Return the raw data between the Binary::dos_header and the regular Binary::header

pub fn overlay(&self) -> &[u8]

Return the original overlay data of the file

pub fn overlay_offset(&self) -> u64

Return the offset computed by LIEF to identify overlay data

pub fn rva_to_offset(&self, rva: u64) -> u64

Convert a relative virtual address into an offset

pub fn va_to_offset(&self, va: u64) -> u64

Convert an absolute virtual address into an offset.

pub fn virtual_size(&self) -> u64

Return the size of the current binary when loaded in memory.

pub fn sizeof_headers(&self) -> u64

Compute the size of all the headers.

pub fn section_from_offset(&self, offset: u64) -> Option<Section<'_>>

Find a section by its offset

pub fn section_from_rva(&self, rva: u64) -> Option<Section<'_>>

Find a section by its relative virtual address

pub fn section_by_name(&self, name: &str) -> Option<Section<'_>>

Find a section by its name

pub fn data_directory_by_type( &self, dir_type: Type ) -> Option<DataDirectory<'_>>

Find the data directory with the given type

pub fn verify_signature(&self, checks: VerificationChecks) -> VerificationFlags

Verify the binary against the embedded signature(s) (if any)

First, it checks that the embedded signatures are correct (c.f. signature::Signature::check) and then, it checks that the authentihash matches crate::pe::signature::content_info::ContentInfo::digest

pub fn verify_with_signature( &self, sig: &Signature<'_>, checks: VerificationChecks ) -> VerificationFlags

Verify the binary with the signature::Signature object provided in the first parameter. It can be used to verify a detached signature:

if let Some(sig) = Signature::from_file(path_str.unwrap()) {
    pe.verify_signature(&sig, signature::VerificationChecks::DEFAULT);
}

pub fn import_by_name(&self, name: &str) -> Option<Import<'_>>

Find an import by its DLL name (case insensitive)

pub fn delay_import_by_name(&self, name: &str) -> Option<DelayImport<'_>>

Find a delayed import by its name

pub fn content_from_virtual_address(&self, address: u64, size: u64) -> &[u8]

Return the sized content from the virtual address

pub fn functions(&self) -> Functions<'_>

pub fn export_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the export table

pub fn import_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the import table

pub fn rsrc_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the resources tree

pub fn exceptions_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the exceptions

pub fn cert_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the certificate table (authenticode)

pub fn relocation_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the relocation table

pub fn debug_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the debug table

pub fn tls_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with TLS

pub fn load_config_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the load config

pub fn iat_dir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with the IAT

pub fn export_delay_dirdir(&self) -> Option<DataDirectory<'_>>

Return the data directory associated with delayed imports

pub fn get_int_from_virtual_address<T>(&self, addr: u64) -> Result<T, Error>where T: Num + FromPrimitive + ToPrimitive,

Get the integer value at the given virtual address

pub fn add_import<'a>(&'a mut self, name: &str) -> Import<'a>

Add an imported library (i.e. DLL) to the binary

pub fn remove_import(&mut self, name: &str)

Remove the imported library with the given name

pub fn remove_all_imports(&mut self)

Remove all libraries in the binary

pub fn remove_tls(&mut self)

Remove the TLS from the binary

pub fn set_tls(&mut self, tls: &TLS<'_>)

Set or change the TLS information

pub fn set_resources(&mut self, node: &dyn NodeBase)

Change or set the resources tree to given node

pub fn add_debug_info<'a>( &'a mut self, entry: &dyn DebugEntry ) -> Option<Entries<'a>>

Add a new debug entry

pub fn remove_debug<'a>(&'a mut self, entry: &dyn DebugEntry) -> bool

Remove a specific debug entry

pub fn clear_debug<'a>(&'a mut self) -> bool

Remove all debug info

pub fn codeview_pdb(&self) -> Option<CodeViewPDB<'_>>

Return the CodeViewPDB object if present

pub fn write(&mut self, output: &Path)

Write back the current PE binary into the file specified in parameter

pub fn write_with_config(&mut self, output: &Path, config: Config)

Write back the current PE binary into the file specified in parameter with the configuration provided in the second parameter.

pub fn coff_string_table(&self) -> COFFStrings<'_>

Iterator over the strings located in the COFF string table

pub fn symbols(&self) -> Symbols<'_>

Return an iterator over the binary (COFF) symbols (if any).

pub fn find_coff_string_at(&self, offset: u32) -> Option<String<'_>>

Try to find the COFF string at the given offset in the COFF string table.

This offset must include the first 4 bytes holding the size of the table. Hence, the first string starts a the offset 4.

pub fn exceptions(&self) -> Exceptions<'_>

Iterator over the exception (_RUNTIME_FUNCTION) functions

This function requires that the option ParserConfig::parse_exceptions was turned on (default is false) when parsing the binary.

pub fn find_exception_at( &self, rva: u32 ) -> Option<RuntimeExceptionFunction<'_>>

Try to find the exception info at the given RVA

This function requires that the option ParserConfig::parse_exceptions was turned on (default is false) when parsing the binary.

pub fn is_arm64ec(&self) -> bool

True if this binary is compiled in ARM64EC mode (emulation compatible)

pub fn is_arm64x(&self) -> bool

True if this binary is compiled in ARM64X mode (contains both ARM64 and ARM64EC).

pub fn nested_pe_binary(&self) -> Option<Binary>

If the current binary contains dynamic relocations (e.g. LIEF::PE::DynamicFixupARM64X), this function returns the relocated view of the current PE.

This can be used to get the alternative PE binary, targeting a different architectures.

This function is moving and taking the ownership of the nested PE binary. This means that subsequent calls to this function will return None.

This function requires that the option ParserConfig::parse_arm64x_binary was turned on (default is false) when parsing the binary.

pub fn set_export(&mut self, export: &Export<'_>)

Set or change the export table

Trait Implementations§

§

impl Binary for Binary

§

fn entrypoint(&self) -> u64

Binary’s entrypoint
§

fn imagebase(&self) -> u64

Default base address where the binary should be mapped
§

fn is_pie(&self) -> bool

Whether the current binary is an executable and position independent
§

fn has_nx(&self) -> bool

Whether the binary defines a non-executable stack
§

fn original_size(&self) -> u64

Original file size of the binary
§

fn debug_info(&self) -> Option<DebugInfo<'_>>

Return the debug info if present. It can be either a crate::pdb::DebugInfo or crate::dwarf::DebugInfo. Read more
§

fn disassemble(&self, address: u64, size: u64) -> InstructionsIt<'_>

Disassemble code starting a the given virtual address and with the given size. Read more
§

fn disassemble_symbol(&self, name: &str) -> InstructionsIt<'_>

Disassemble code for the given symbol name Read more
§

fn disassemble_address(&self, address: u64) -> InstructionsIt<'_>

Disassemble code at the given virtual address Read more
§

fn disassemble_slice(&self, slice: &[u8], address: u64) -> InstructionsIt<'_>

Disassemble code provided by the given slice at the specified address parameter. Read more
§

fn assemble(&mut self, address: u64, asm: &str) -> Vec<u8>

Assemble and patch the provided assembly code at the specified address. Read more
§

impl Debug for Binary

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl !RefUnwindSafe for Binary

§

impl !Send for Binary

§

impl !Sync for Binary

§

impl Unpin for Binary

§

impl UnwindSafe for Binary

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.