README
¶
pelican
Probe PE files.
License
pelican is released under the MIT License. See the LICENSE file for details.
Documentation
¶
Index ¶
Constants ¶
View Source
const ( Arch386 = "386" ArchAmd64 = "amd64" )
View Source
const ResourceTableIdx = 2
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#resource-directory-table Resource Table
Variables ¶
View Source
var ResourceTypeNames = map[ResourceType]string{ ResourceTypeCursor: "Cursor", ResourceTypeBitmap: "Bitmap", ResourceTypeIcon: "Icon", ResourceTypeMenu: "Menu", ResourceTypeDialog: "Dialog", ResourceTypeString: "String", ResourceTypeFontDir: "FontDir", ResourceTypeFont: "Font", ResourceTypeAccelerator: "Accelerator", ResourceTypeRcData: "RcData", ResourceTypeMessageTable: "MessageTable", ResourceTypeGroupCursor: "GroupCursor", ResourceTypeGroupIcon: "GroupIcon", ResourceTypeVersion: "Version", ResourceTypeDlgInclude: "DlgInclude", ResourceTypePlugPlay: "PlugPlay", ResourceTypeVXD: "VXD", ResourceTypeAniCursor: "AniCursor", ResourceTypeAniIcon: "AniIcon", ResourceTypeHTML: "HTML", ResourceTypeManifest: "Manifest", }
Functions ¶
func DecodeUTF16 ¶
Convert a UTF-16 string (as a byte slice) to unicode
Types ¶
type AssemblyIdentity ¶
type AssemblyInfo ¶
type AssemblyInfo struct {
Identity *AssemblyIdentity `json:"identity"`
Description string `json:"description"`
RequestedExecutionLevel string `json:"requestedExecutionLevel,omitempty"`
}
type PeInfo ¶
type PeInfo struct {
Arch Arch `json:"arch"`
VersionProperties map[string]string `json:"versionProperties"`
AssemblyInfo *AssemblyInfo `json:"assemblyInfo"`
DependentAssemblies []*AssemblyIdentity `json:"dependentAssemblies"`
Imports []string `json:"imports"`
}
PeInfo contains the architecture of a binary file
For command `PeInfo`
func Probe ¶
func Probe(file eos.File, params ProbeParams) (*PeInfo, error)
Probe retrieves information about an PE file
func (*PeInfo) RequiresElevation ¶
type ProbeParams ¶
type ReadSeekerAt ¶
type ReadSeekerAt interface {
io.ReadSeeker
io.ReaderAt
}
type ResourceType ¶
type ResourceType uint32
const ( ResourceTypeNone ResourceType = 0 ResourceTypeCursor ResourceType = 1 ResourceTypeBitmap ResourceType = 2 ResourceTypeIcon ResourceType = 3 ResourceTypeMenu ResourceType = 4 ResourceTypeDialog ResourceType = 5 ResourceTypeString ResourceType = 6 ResourceTypeFontDir ResourceType = 7 ResourceTypeFont ResourceType = 8 ResourceTypeAccelerator ResourceType = 9 ResourceTypeRcData ResourceType = 10 ResourceTypeMessageTable ResourceType = 11 ResourceTypeGroupCursor ResourceType = ResourceTypeCursor + 11 // 12 ResourceTypeGroupIcon ResourceType = ResourceTypeIcon + 11 // 14 ResourceTypeVersion ResourceType = 16 ResourceTypeDlgInclude ResourceType = 17 ResourceTypePlugPlay ResourceType = 19 ResourceTypeVXD ResourceType = 20 // vxd = virtual device ResourceTypeAniCursor ResourceType = 21 ResourceTypeAniIcon ResourceType = 22 ResourceTypeHTML ResourceType = 23 ResourceTypeManifest ResourceType = 24 )
https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms648009(v=vs.85).aspx
type VsBlock ¶
type VsFixedFileInfo ¶
type VsFixedFileInfo struct {
DwSignature uint32
DwStrucVersion uint32
DwFileVersionMS uint32
DwFileVersionLS uint32
DwProductVersionMS uint32
DwProductVersionLS uint32
DwFileFlagsMask uint32
DwFileFlags uint32
DwFileOS uint32
DwFileType uint32
DwFileSubtype uint32
DwFileDateMS uint32
DwFileDateLS uint32
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.