Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CLREvidence ¶
type CLREvidence struct {
// HasClrResourceNames is true if there are CLR resource names found in the PE file (e.g. "CLRDEBUGINFO").
HasClrResourceNames bool
// MajorVersion is the minimum supported major version of the CLR.
MajorVersion uint16
// MinorVersion is the minimum supported minor version of the CLR.
MinorVersion uint16
}
CLREvidence is basic info about the CLR (common language runtime) version from the COM descriptor. This is not a complete representation of the CLR version, but rather a subset of the information that is useful to us.
func (*CLREvidence) HasEvidenceOfCLR ¶
func (c *CLREvidence) HasEvidenceOfCLR() bool
HasEvidenceOfCLR returns true if the PE file has evidence of a CLR (common language runtime) version.
type File ¶
type File struct {
// Location is where the PE file was found
Location file.Location
// CLR is the information about the CLR (common language runtime) version found in the PE file which helps
// understand if this executable is even a .NET application.
CLR *CLREvidence
// VersionResources is a map of version resource keys to their values found in the VERSIONINFO resource directory.
VersionResources map[string]string
}
File does not directly represent a binary shape to be parsed, instead it represents the information of interest extracted from a PE file.
Source Files
Click to show internal directories.
Click to hide internal directories.