Class which represents a PE binary This is the main interface to manage and modify a PE executable. More...
#include <Binary.hpp>
Inheritance diagram for LIEF::PE::Binary:
Collaboration diagram for LIEF::PE::Binary:
Public Types | |
| using | sections_t = std::vector<std::unique_ptr<Section>> |
| Internal container for storing PE's Section. | |
| using | it_sections = ref_iterator<sections_t&, Section*> |
| Iterator that outputs Section& object. | |
| using | it_const_sections = const_ref_iterator<const sections_t&, const Section*> |
| Iterator that outputs const Section& object. | |
| using | data_directories_t = std::vector<std::unique_ptr<DataDirectory>> |
| Internal container for storing PE's DataDirectory. | |
| using | it_data_directories = ref_iterator<data_directories_t&, DataDirectory*> |
| Iterator that outputs DataDirectory&. | |
| using | it_const_data_directories = const_ref_iterator<const data_directories_t&, const DataDirectory*> |
| Iterator that outputs const DataDirectory&. | |
| using | relocations_t = std::vector<std::unique_ptr<Relocation>> |
| Internal container for storing PE's Relocation. | |
| using | it_relocations = ref_iterator<relocations_t&, Relocation*> |
| Iterator that outputs Relocation&. | |
| using | it_const_relocations = const_ref_iterator<const relocations_t&, const Relocation*> |
| Iterator that outputs const Relocation&. | |
| using | imports_t = std::vector<Import> |
| Internal container for storing PE's Import. | |
| using | it_imports = ref_iterator<imports_t&> |
| Iterator that output Import&. | |
| using | it_const_imports = const_ref_iterator<const imports_t&> |
| Iterator that outputs const Import&. | |
| using | delay_imports_t = std::vector<DelayImport> |
| Internal container for storing PE's DelayImport. | |
| using | it_delay_imports = ref_iterator<delay_imports_t&> |
| Iterator that output DelayImport&. | |
| using | it_const_delay_imports = const_ref_iterator<const delay_imports_t&> |
| Iterator that outputs const DelayImport&. | |
| using | debug_entries_t = std::vector<std::unique_ptr<Debug>> |
| Internal container for storing Debug information. | |
| using | it_debug_entries = ref_iterator<debug_entries_t&, Debug*> |
| Iterator that outputs Debug&. | |
| using | it_const_debug_entries = const_ref_iterator<const debug_entries_t&, const Debug*> |
| Iterator that outputs const Debug&. | |
| using | symbols_t = std::vector<Symbol> |
| Internal container for storing COFF Symbols. | |
| using | it_symbols = ref_iterator<symbols_t&> |
| Iterator that outputs Symbol&. | |
| using | it_const_symbols = const_ref_iterator<const symbols_t&> |
| Iterator that outputs const Symbol&. | |
| using | strings_table_t = std::vector<std::string> |
| Internal container for storing strings. | |
| using | it_strings_table = ref_iterator<strings_table_t&> |
| Iterator that outputs std::string&. | |
| using | it_const_strings_table = const_ref_iterator<const strings_table_t&> |
| Iterator that outputs const std::string&. | |
| using | signatures_t = std::vector<Signature> |
| Internal container for storing PE's authenticode Signature. | |
| using | it_signatures = ref_iterator<signatures_t&> |
| Iterator that outputs Signature&. | |
| using | it_const_signatures = const_ref_iterator<const signatures_t&> |
| Iterator that outputs const Signature&. | |
 Public Types inherited from LIEF::Binary | |
| enum class | VA_TYPES { AUTO = 0 , RVA = 1 , VA = 2 } |
| Type of a virtual address. More... | |
| enum | FORMATS { UNKNOWN = 0 , ELF , PE , MACHO , OAT } |
| using | functions_t = std::vector<Function> |
| using | sections_t = std::vector<Section*> |
| Internal container. | |
| using | it_sections = ref_iterator<sections_t> |
| Iterator that outputs LIEF::Section&. | |
| using | it_const_sections = const_ref_iterator<sections_t> |
| Iterator that outputs const LIEF::Section&. | |
| using | symbols_t = std::vector<Symbol*> |
| Internal container. | |
| using | it_symbols = ref_iterator<symbols_t> |
| Iterator that outputs LIEF::Symbol&. | |
| using | it_const_symbols = const_ref_iterator<symbols_t> |
| Iterator that outputs const LIEF::Symbol&. | |
| using | relocations_t = std::vector<Relocation*> |
| Internal container. | |
| using | it_relocations = ref_iterator<relocations_t> |
| Iterator that outputs LIEF::Relocation&. | |
| using | it_const_relocations = const_ref_iterator<relocations_t> |
| Iterator that outputs const LIEF::Relocation&. | |
| Public Types inherited from LIEF::Object | |
| template<class T > | |
| using | output_t = add_pointer_t<decay_t<T>> |
| template<class T > | |
| using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Public Member Functions | |
| Binary (PE_TYPE type) | |
| PE_TYPE | type () const |
Return PE32 or PE32+ | |
| uint64_t | rva_to_offset (uint64_t RVA) |
| Convert a Relative Virtual Address into an offset. | |
| uint64_t | va_to_offset (uint64_t VA) |
| Convert the absolute virtual address into an offset. | |
| result< uint64_t > | offset_to_virtual_address (uint64_t offset, uint64_t slide=0) const override |
| Convert the given offset into a virtual address. | |
| uint64_t | imagebase () const override |
Return binary's imagebase. 0 if not relevant. | |
| Section * | section_from_offset (uint64_t offset) |
| Find the section associated that encompasses the given offset. | |
| const Section * | section_from_offset (uint64_t offset) const |
| Section * | section_from_rva (uint64_t virtual_address) |
| Find the section associated that encompasses the given RVA. | |
| const Section * | section_from_rva (uint64_t virtual_address) const |
| it_sections | sections () |
| Return an iterator over the PE's Section. | |
| it_const_sections | sections () const |
| DosHeader & | dos_header () |
| Return a reference to the PE::DosHeader object. | |
| const DosHeader & | dos_header () const |
| Header & | header () |
| Return a reference to the PE::Header object. | |
| const Header & | header () const |
| OptionalHeader & | optional_header () |
| Return a reference to the OptionalHeader object. | |
| const OptionalHeader & | optional_header () const |
| uint64_t | virtual_size () const |
| Compute the binary's virtual size. It should match OptionalHeader::sizeof_image. | |
| uint32_t | sizeof_headers () const |
| Compute the size of all the headers. | |
| TLS * | tls () |
| Return a reference to the TLS object. | |
| const TLS * | tls () const |
| void | tls (const TLS &tls) |
| Set a TLS object in the current Binary. | |
| bool | has_tls () const |
| Check if the current binary has a TLS object. | |
| bool | has_imports () const |
| Check if the current binary contains imports. | |
| bool | has_signatures () const |
| Check if the current binary contains signatures. | |
| bool | has_exports () const |
| Check if the current binary has exports. | |
| bool | has_resources () const |
| Check if the current binary has resources. | |
| bool | has_exceptions () const |
| Check if the current binary has exceptions. | |
| bool | has_relocations () const |
| Check if the current binary has relocations. | |
| bool | has_debug () const |
| Check if the current binary contains debug information. | |
| bool | has_configuration () const |
| Check if the current binary has a load configuration. | |
| bool | is_reproducible_build () const |
| Check if the current binary is reproducible build, replacing timestamps by a compile hash. | |
| it_const_signatures | signatures () const |
| Return an iterator over the Signature object(s) if the binary is signed. | |
| it_signatures | signatures () |
| Signature::VERIFICATION_FLAGS | verify_signature (Signature::VERIFICATION_CHECKS checks=Signature::VERIFICATION_CHECKS::DEFAULT) const |
| Verify the binary against the embedded signature(s) (if any) First, it checks that the embedded signatures are correct (c.f. Signature::check) and then, it checks that the authentihash matches ContentInfo::digest. | |
| Signature::VERIFICATION_FLAGS | verify_signature (const Signature &sig, Signature::VERIFICATION_CHECKS checks=Signature::VERIFICATION_CHECKS::DEFAULT) const |
| Verify the binary with the Signature object provided in the first parameter It can be used to verify a detached signature: | |
| std::vector< uint8_t > | authentihash (ALGORITHMS algo) const |
| Compute the authentihash according to the algorithm provided in the first parameter. | |
| uint32_t | predict_function_rva (const std::string &library, const std::string &function) |
Try to predict the RVA of the function function in the import library library | |
| Export * | get_export () |
| Return the Export object. | |
| const Export * | get_export () const |
| std::vector< Symbol > & | symbols () |
| Return binary Symbols. | |
| const std::vector< Symbol > & | symbols () const |
| ResourceNode * | resources () |
| Return resources as a tree or a nullptr if there is no resources. | |
| const ResourceNode * | resources () const |
| void | set_resources (const ResourceDirectory &resource) |
| Set a new resource tree. | |
| void | set_resources (const ResourceData &resource) |
| Set a new resource tree. | |
| result< ResourcesManager > | resources_manager () const |
| Return the ResourcesManager (class to manage resources more easily than the tree one) | |
| Section * | get_section (const std::string &name) |
| Return binary's section from its name. If the secion can't be found, return a nullptr. | |
| const Section * | get_section (const std::string &name) const |
| const Section * | import_section () const |
| Return the section associated with import table or a nullptr if the binary does not have an import table. | |
| Section * | import_section () |
| void | remove_section (const std::string &name, bool clear=false) override |
| Delete the section with the given name. | |
| void | remove (const Section §ion, bool clear=false) |
| Remove the given section. | |
| Section * | add_section (const Section §ion, PE_SECTION_TYPES type=PE_SECTION_TYPES::UNKNOWN) |
| Add a section to the binary and return the section added. | |
| it_relocations | relocations () |
| Return an iterator over the PE's Relocation. | |
| it_const_relocations | relocations () const |
| Relocation & | add_relocation (const Relocation &relocation) |
| Add a PE::Relocation. | |
| void | remove_all_relocations () |
| Remove all the relocations. | |
| it_data_directories | data_directories () |
| Return an iterator over the DataDirectory present in the Binary. | |
| it_const_data_directories | data_directories () const |
| DataDirectory * | data_directory (DataDirectory::TYPES type) |
| Return the DataDirectory with the given type (or index) | |
| const DataDirectory * | data_directory (DataDirectory::TYPES type) const |
| bool | has (DataDirectory::TYPES type) const |
| Check if the current binary has the given DataDirectory::TYPES. | |
| it_debug_entries | debug () |
| Return an iterator over the Debug entries. | |
| it_const_debug_entries | debug () const |
| const CodeViewPDB * | codeview_pdb () const |
| Return the CodeViewPDB object if present. | |
| const LoadConfiguration * | load_configuration () const |
| Retrun the LoadConfiguration object or a nullptr if the binary does not use the LoadConfiguration. | |
| LoadConfiguration * | load_configuration () |
| span< const uint8_t > | overlay () const |
| Return the overlay content. | |
| span< uint8_t > | overlay () |
| uint64_t | overlay_offset () const |
| Return the original overlay offset. | |
| span< const uint8_t > | dos_stub () const |
| Return the DOS stub content. | |
| span< uint8_t > | dos_stub () |
| void | dos_stub (const std::vector< uint8_t > &content) |
| Update the DOS stub content. | |
| RichHeader * | rich_header () |
| Return a reference to the RichHeader object. | |
| const RichHeader * | rich_header () const |
| void | rich_header (const RichHeader &rich_header) |
| Set a RichHeader object in the current Binary. | |
| bool | has_rich_header () const |
| Check if the current binary has a RichHeader object. | |
| it_imports | imports () |
| Return an iterator over the binary imports. | |
| it_const_imports | imports () const |
| Import * | get_import (const std::string &import_name) |
| Returns the PE::Import from the given name. If it can't be found, return a nullptr. | |
| const Import * | get_import (const std::string &import_name) const |
| bool | has_import (const std::string &import_name) const |
True if the binary imports the given library name | |
| bool | has_delay_imports () const |
| Check if the current binary contains delay imports. | |
| it_delay_imports | delay_imports () |
| Return an iterator over the binary's delay imports. | |
| it_const_delay_imports | delay_imports () const |
| DelayImport * | get_delay_import (const std::string &import_name) |
| Returns the PE::DelayImport from the given name. If it can't be found, return a nullptr. | |
| const DelayImport * | get_delay_import (const std::string &import_name) const |
| bool | has_delay_import (const std::string &import_name) const |
True if the binary delay-imports the given library name | |
| ImportEntry * | add_import_function (const std::string &library, const std::string &function) |
Add the function function of the library library. If the function fails, it returns a nullptr. | |
| Import & | add_library (const std::string &name) |
Add an imported library (i.e. DLL) to the binary. | |
| void | remove_library (const std::string &name) |
Remove the library with the given name | |
| void | remove_all_libraries () |
| Remove all libraries in the binary. | |
| void | write (const std::string &filename) override |
Reconstruct the binary object and write the raw PE in filename | |
| void | write (std::ostream &os) override |
Reconstruct the binary object and write the raw PE in os stream. | |
| void | accept (Visitor &visitor) const override |
Method so that a visitor can visit us. | |
| void | patch_address (uint64_t address, const std::vector< uint8_t > &patch_value, LIEF::Binary::VA_TYPES addr_type=LIEF::Binary::VA_TYPES::AUTO) override |
Patch the content at virtual address address with patch_value. | |
| void | patch_address (uint64_t address, uint64_t patch_value, size_t size=sizeof(uint64_t), LIEF::Binary::VA_TYPES addr_type=LIEF::Binary::VA_TYPES::AUTO) override |
| Patch the address with the given value. | |
| span< const uint8_t > | get_content_from_virtual_address (uint64_t virtual_address, uint64_t size, Binary::VA_TYPES addr_type=Binary::VA_TYPES::AUTO) const override |
| Return the content located at the provided virtual address. | |
| uint64_t | entrypoint () const override |
| Return the binary's entrypoint (It is the same value as OptionalHeader::addressof_entrypoint. | |
| bool | is_pie () const override |
| Check if the binary is position independent. | |
| bool | has_nx () const override |
Check if the binary uses NX protection. | |
| LIEF::Binary::functions_t | ctor_functions () const override |
| Return the list of the binary constructors. | |
| LIEF::Binary::functions_t | functions () const |
| All functions found in the binary | |
| LIEF::Binary::functions_t | exception_functions () const |
| Functions found in the Exception table directory. | |
| std::ostream & | print (std::ostream &os) const override |
| Public Member Functions inherited from LIEF::Binary | |
| Binary (FORMATS fmt) | |
| Binary & | operator= (const Binary &) |
| Binary (const Binary &) | |
| FORMATS | format () const |
| Executable format (ELF, PE, Mach-O) of the underlying binary. | |
| Header | header () const |
| Return the abstract header of the binary. | |
| it_symbols | symbols () |
| Return an iterator over the abstracted symbols in which the elements can be modified. | |
| it_const_symbols | symbols () const |
| Return an iterator over the abstracted symbols in which the elements can't be modified. | |
| bool | has_symbol (const std::string &name) const |
| Check if a Symbol with the given name exists. | |
| const Symbol * | get_symbol (const std::string &name) const |
| Return the Symbol with the given name If the symbol does not exist, return a nullptr. | |
| Symbol * | get_symbol (const std::string &name) |
| it_sections | sections () |
| Return an iterator over the binary's sections (LIEF::Section) | |
| it_const_sections | sections () const |
| it_relocations | relocations () |
| Return an iterator over the binary relocation (LIEF::Relocation) | |
| it_const_relocations | relocations () const |
| uint64_t | original_size () const |
| Binary's original size. | |
| functions_t | exported_functions () const |
| Return the functions exported by the binary. | |
| std::vector< std::string > | imported_libraries () const |
| Return libraries which are imported by the binary. | |
| functions_t | imported_functions () const |
| Return functions imported by the binary. | |
| virtual result< uint64_t > | get_function_address (const std::string &func_name) const |
| Return the address of the given function name. | |
| std::vector< uint64_t > | xref (uint64_t address) const |
| void | original_size (uint64_t size) |
| Change binary's original size. | |
| Public Member Functions inherited from LIEF::Object | |
| Object (const Object &other) | |
| Object & | operator= (const Object &other) |
| template<class T > | |
| output_t< T > | as () |
| template<class T > | |
| output_const_t< T > | as () const |
| virtual bool | operator== (const Object &other) const |
| virtual bool | operator!= (const Object &other) const |
Static Public Member Functions | |
| static bool | classof (const LIEF::Binary *bin) |
Detailed Description
Member Function Documentation
◆ accept()
|
overridevirtual |
Method so that a visitor can visit us.
Reimplemented from LIEF::Binary.
◆ add_import_function()
| ImportEntry * LIEF::PE::Binary::add_import_function | ( | const std::string & | library, |
| const std::string & | function ) |
Add the function function of the library library. If the function fails, it returns a nullptr.
- Parameters
-
[in] library Library name of the function [in] function Function's name from the library to import
◆ ctor_functions()
|
overridevirtual |
Return the list of the binary constructors.
In a PE file, we consider a constructors as a callback in the TLS object
Implements LIEF::Binary.
◆ entrypoint()
|
overridevirtual |
Return the binary's entrypoint (It is the same value as OptionalHeader::addressof_entrypoint.
Implements LIEF::Binary.
◆ get_content_from_virtual_address()
|
overridevirtual |
Return the content located at the provided virtual address.
- Parameters
-
[in] virtual_address Virtual address of the data to retrieve [in] size Size in bytes of the data to retrieve [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
◆ get_delay_import()
| DelayImport * LIEF::PE::Binary::get_delay_import | ( | const std::string & | import_name | ) |
Returns the PE::DelayImport from the given name. If it can't be found, return a nullptr.
- Parameters
-
[in] import_name Name of the delay import
◆ get_import()
| Import * LIEF::PE::Binary::get_import | ( | const std::string & | import_name | ) |
Returns the PE::Import from the given name. If it can't be found, return a nullptr.
- Parameters
-
[in] import_name Name of the import
◆ get_section()
| Section * LIEF::PE::Binary::get_section | ( | const std::string & | name | ) |
Return binary's section from its name. If the secion can't be found, return a nullptr.
- Parameters
-
[in] name Name of the Section
◆ has_delay_import()
|
inline |
True if the binary delay-imports the given library name
- Parameters
-
[in] import_name Name of the delay import
◆ has_delay_imports()
|
inline |
Check if the current binary contains delay imports.
- See also
- DelayImport
- has_import
◆ has_exports()
|
inline |
Check if the current binary has exports.
- See also
- Export
◆ has_import()
|
inline |
True if the binary imports the given library name
- Parameters
-
[in] import_name Name of the import
◆ has_imports()
|
inline |
Check if the current binary contains imports.
- See also
- Import
◆ has_nx()
|
overridevirtual |
Check if the binary uses NX protection.
Implements LIEF::Binary.
◆ has_relocations()
|
inline |
Check if the current binary has relocations.
- See also
- Relocation
◆ has_signatures()
|
inline |
Check if the current binary contains signatures.
- See also
- signatures
◆ imagebase()
|
inlineoverridevirtual |
Return binary's imagebase. 0 if not relevant.
The value is the same as those returned by OptionalHeader::imagebase
Implements LIEF::Binary.
◆ is_pie()
|
overridevirtual |
Check if the binary is position independent.
Implements LIEF::Binary.
◆ is_reproducible_build()
| bool LIEF::PE::Binary::is_reproducible_build | ( | ) | const |
Check if the current binary is reproducible build, replacing timestamps by a compile hash.
- See also
- Repro
◆ offset_to_virtual_address()
|
overridevirtual |
Convert the given offset into a virtual address.
- Parameters
-
[in] offset The offset to convert. [in] slide If not 0, it will replace the default base address (if any)
Implements LIEF::Binary.
◆ patch_address() [1/2]
|
overridevirtual |
Patch the content at virtual address address with patch_value.
- Parameters
-
[in] address Address to patch [in] patch_value Patch to apply [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
◆ patch_address() [2/2]
|
overridevirtual |
Patch the address with the given value.
- Parameters
-
[in] address Address to patch [in] patch_value Patch to apply [in] size Size of the value in bytes (1, 2, ... 8) [in] addr_type Type of the Virtual address: VA or RVA. Default: Auto
Implements LIEF::Binary.
◆ predict_function_rva()
| uint32_t LIEF::PE::Binary::predict_function_rva | ( | const std::string & | library, |
| const std::string & | function ) |
Try to predict the RVA of the function function in the import library library
- Warning
- The value could be chang if imports change
- Note
- It should be used with: LIEF::PE::Builder::build_imports set to
true
- Parameters
-
[in] library Library name in which the function is located [in] function Function name
- Returns
- The address of the function (
IAT) in the new import table
◆ print()
|
overridevirtual |
Reimplemented from LIEF::Binary.
◆ remove()
| void LIEF::PE::Binary::remove | ( | const Section & | section, |
| bool | clear = false ) |
Remove the given section.
- See also
- remove_section
◆ remove_section()
|
overridevirtual |
Delete the section with the given name.
- Parameters
-
[in] name Name of section to delete [in] clear if trueclear the section's content with 0 before removing (default:false)
Implements LIEF::Binary.
◆ rva_to_offset()
| uint64_t LIEF::PE::Binary::rva_to_offset | ( | uint64_t | RVA | ) |
Convert a Relative Virtual Address into an offset.
The conversion is performed by looking for the section that encompasses the provided RVA.
◆ section_from_offset()
| Section * LIEF::PE::Binary::section_from_offset | ( | uint64_t | offset | ) |
Find the section associated that encompasses the given offset.
If no section can be found, return a nullptr
◆ section_from_rva()
| Section * LIEF::PE::Binary::section_from_rva | ( | uint64_t | virtual_address | ) |
Find the section associated that encompasses the given RVA.
If no section can be found, return a nullptr
◆ va_to_offset()
| uint64_t LIEF::PE::Binary::va_to_offset | ( | uint64_t | VA | ) |
Convert the absolute virtual address into an offset.
- See also
- rva_to_offset
◆ verify_signature() [1/2]
| Signature::VERIFICATION_FLAGS LIEF::PE::Binary::verify_signature | ( | const Signature & | sig, |
| Signature::VERIFICATION_CHECKS | checks = Signature::VERIFICATION_CHECKS::DEFAULT ) const |
Verify the binary with the Signature object provided in the first parameter It can be used to verify a detached signature:
if (detached) {
binary->verify_signature(detached.value());
}
static result< Signature > parse(std::vector< uint8_t > data, bool skip_header=false)
Parse a PKCS #7 signature given a raw blob.
tl::expected< T, lief_errors > result
Wrapper that contains an Object (T) or an error.
Definition errors.hpp:72
◆ verify_signature() [2/2]
| Signature::VERIFICATION_FLAGS LIEF::PE::Binary::verify_signature | ( | Signature::VERIFICATION_CHECKS | checks = Signature::VERIFICATION_CHECKS::DEFAULT | ) | const |
Verify the binary against the embedded signature(s) (if any) First, it checks that the embedded signatures are correct (c.f. Signature::check) and then, it checks that the authentihash matches ContentInfo::digest.
One can tweak the verification process with the Signature::VERIFICATION_CHECKS flags
- See also
- LIEF::PE::Signature::check
◆ write() [1/2]
|
overridevirtual |
Reconstruct the binary object and write the raw PE in filename
Rebuild a PE binary from the current Binary object. When rebuilding, import table and relocations are not rebuilt.
Implements LIEF::Binary.
◆ write() [2/2]
|
overridevirtual |
Reconstruct the binary object and write the raw PE in os stream.
Rebuild a PE binary from the current Binary object. When rebuilding, import table and relocations are not rebuilt.
Implements LIEF::Binary.
The documentation for this class was generated from the following file:
