|
LIEF: Library to Instrument Executable Formats Version 0.15.0
|
Namespace related to the LIEF's PE module. More...
Classes | |
| class | Attribute |
| Interface over PKCS #7 attribute. More... | |
| class | AuxiliarySymbol |
| class | Binary |
| Class which represents a PE binary This is the main interface to manage and modify a PE executable. More... | |
| class | Builder |
| Class that is used to rebuild a raw PE binary from a PE::Binary object. More... | |
| class | CodeIntegrity |
| class | CodeView |
Interface for the (Generic) Debug CodeView (IMAGE_DEBUG_TYPE_CODEVIEW) More... | |
| class | CodeViewPDB |
| CodeView PDB specialization. More... | |
| class | ContentInfo |
| class | ContentType |
Interface over the structure described by the OID 1.2.840.113549.1.9.3 (PKCS #9) More... | |
| class | DataDirectory |
| Class that represents a PE data directory entry. More... | |
| class | Debug |
| This class represents a generic entry in the debug data directory. For known types, this class is extended to provide a dedicated API (see: ! CodeCodeView) More... | |
| class | DelayImport |
| Class that represents a PE delayed import. More... | |
| class | DelayImportEntry |
| Class that represents an entry (i.e. an import) in the delay import table (DelayImport). More... | |
| class | DosHeader |
| Class which represents the DosHeader, the first structure presents at the beginning of a PE file. More... | |
| class | Export |
| Class which represents a PE Export. More... | |
| class | ExportEntry |
| Class which represents a PE Export entry (cf. PE::Export) More... | |
| class | GenericContent |
| class | GenericType |
| Interface over an attribute for which the internal structure is not supported by LIEF. More... | |
| class | Hash |
| Class which implements a visitor to compute a deterministic hash for LIEF PE objects. More... | |
| class | Header |
| Class that represents the PE header (which follows the DosHeader) More... | |
| class | Import |
| Class that represents a PE import. More... | |
| class | ImportEntry |
| Class that represents an entry (i.e. an import) in the import table (Import). More... | |
| class | LangCodeItem |
| Class which represents the childs of the ResourceStringFileInfo. More... | |
| class | LoadConfiguration |
Class that represents the default PE's LoadConfiguration More... | |
| class | LoadConfigurationV0 |
| LoadConfiguration enhanced with SEH. More... | |
| class | LoadConfigurationV1 |
| LoadConfiguration enhanced with Control Flow Guard. More... | |
| class | LoadConfigurationV10 |
| class | LoadConfigurationV11 |
| class | LoadConfigurationV2 |
| LoadConfiguration enhanced with code integrity. More... | |
| class | LoadConfigurationV3 |
| LoadConfiguration with Control Flow Guard improved. More... | |
| class | LoadConfigurationV4 |
| Load Configuration enhanced with. More... | |
| class | LoadConfigurationV5 |
| Load Configuration enhanced with Return Flow Guard. More... | |
| class | LoadConfigurationV6 |
| Load Configuration enhanced with Hotpatch and improved RFG. More... | |
| class | LoadConfigurationV7 |
| class | LoadConfigurationV8 |
| class | LoadConfigurationV9 |
| class | MsSpcNestedSignature |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.4.1 More... | |
| class | MsSpcStatementType |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.1.11 More... | |
| class | OptionalHeader |
| Class which represents the PE OptionalHeader structure. More... | |
| class | Parser |
| Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used to get a LIEF::PE::Binary. More... | |
| struct | ParserConfig |
| This structure is used to tweak the PE Parser (PE::Parser) More... | |
| class | PKCS9AtSequenceNumber |
Interface over the structure described by the OID 1.2.840.113549.1.9.25.4 (PKCS #9) More... | |
| class | PKCS9CounterSignature |
Interface over the structure described by the OID 1.2.840.113549.1.9.6 (PKCS #9) More... | |
| class | PKCS9MessageDigest |
Interface over the structure described by the OID 1.2.840.113549.1.9.4 (PKCS #9) More... | |
| class | PKCS9SigningTime |
Interface over the structure described by the OID 1.2.840.113549.1.9.5 (PKCS #9) More... | |
| class | Pogo |
This class represents a Profile Guided Optimization entry from the debug directory (IMAGE_DEBUG_TYPE_POGO). More... | |
| class | PogoEntry |
| class | Relocation |
Class which represents the Base Relocation Block We usually find this structure in the .reloc section. More... | |
| class | RelocationEntry |
| Class which represents an entry of the PE relocation table. More... | |
| class | Repro |
This class represents a reproducible build entry from the debug directory. (IMAGE_DEBUG_TYPE_REPRO). This entry is usually generated with the undocumented /Brepro linker flag. More... | |
| class | ResourceAccelerator |
| class | ResourceData |
| Class which represents a Data Node in the PE resources tree. More... | |
| class | ResourceDialog |
| Representation of a dialog box. More... | |
| class | ResourceDialogItem |
| This class represents an item in the ResourceDialog. More... | |
| class | ResourceDirectory |
| class | ResourceFixedFileInfo |
| Representation of VS_FIXEDFILEINFO Structure. More... | |
| class | ResourceIcon |
| class | ResourceNode |
| Class which represents a Node in the resource tree. More... | |
| class | ResourcesManager |
| The Resource Manager provides an enhanced API to manipulate the resource tree. More... | |
| class | ResourceStringFileInfo |
Representation of the StringFileInfo structure. More... | |
| class | ResourceStringTable |
| class | ResourceVarFileInfo |
| This object describes information about languages supported by the application. More... | |
| class | ResourceVersion |
Representation of the data associated with the RT_VERSION entry. More... | |
| class | RichEntry |
| Class which represents an entry associated to the RichHeader. More... | |
| class | RichHeader |
| Class which represents the not-so-documented rich header. More... | |
| class | RsaInfo |
| Object that wraps a RSA key. More... | |
| class | Section |
| Class which represents a PE section. More... | |
| class | Signature |
| Main interface for the PKCS #7 signature scheme. More... | |
| class | SignatureParser |
| class | SignerInfo |
| class | SpcIndirectData |
| class | SpcSpOpusInfo |
Interface over the structure described by the OID 1.3.6.1.4.1.311.2.1.12 More... | |
| class | Symbol |
| Class that represents a PE symbol. More... | |
| class | TLS |
| Class which represents the PE Thread Local Storage. More... | |
| class | x509 |
| Interface over a x509 certificate. More... | |
Typedefs | |
| using | oid_t = std::string |
Enumerations | |
| enum class | PE_TYPES : size_t { PE32 = 0x10b , PE32_PLUS = 0x20b } |
| enum | SYMBOL_SECTION_NUMBER : int { IMAGE_SYM_DEBUG = -2 , IMAGE_SYM_ABSOLUTE = -1 , IMAGE_SYM_UNDEFINED = 0 } |
| enum | SYMBOL_STORAGE_CLASS : int { IMAGE_SYM_CLASS_INVALID = 0xFF , IMAGE_SYM_CLASS_END_OF_FUNCTION = -1 , IMAGE_SYM_CLASS_NULL = 0 , IMAGE_SYM_CLASS_AUTOMATIC = 1 , IMAGE_SYM_CLASS_EXTERNAL = 2 , IMAGE_SYM_CLASS_STATIC = 3 , IMAGE_SYM_CLASS_REGISTER = 4 , IMAGE_SYM_CLASS_EXTERNAL_DEF = 5 , IMAGE_SYM_CLASS_LABEL = 6 , IMAGE_SYM_CLASS_UNDEFINED_LABEL = 7 , IMAGE_SYM_CLASS_MEMBER_OF_STRUCT = 8 , IMAGE_SYM_CLASS_ARGUMENT = 9 , IMAGE_SYM_CLASS_STRUCT_TAG = 10 , IMAGE_SYM_CLASS_MEMBER_OF_UNION = 11 , IMAGE_SYM_CLASS_UNION_TAG = 12 , IMAGE_SYM_CLASS_TYPE_DEFINITION = 13 , IMAGE_SYM_CLASS_UNDEFINED_STATIC = 14 , IMAGE_SYM_CLASS_ENUM_TAG = 15 , IMAGE_SYM_CLASS_MEMBER_OF_ENUM = 16 , IMAGE_SYM_CLASS_REGISTER_PARAM = 17 , IMAGE_SYM_CLASS_BIT_FIELD = 18 , IMAGE_SYM_CLASS_BLOCK = 100 , IMAGE_SYM_CLASS_FUNCTION = 101 , IMAGE_SYM_CLASS_END_OF_STRUCT = 102 , IMAGE_SYM_CLASS_FILE = 103 , IMAGE_SYM_CLASS_SECTION = 104 , IMAGE_SYM_CLASS_WEAK_EXTERNAL = 105 , IMAGE_SYM_CLASS_CLR_TOKEN = 107 } |
| Storage class tells where and what the symbol represents. More... | |
| enum class | SYMBOL_BASE_TYPES : size_t { IMAGE_SYM_TYPE_NULL = 0 , IMAGE_SYM_TYPE_VOID = 1 , IMAGE_SYM_TYPE_CHAR = 2 , IMAGE_SYM_TYPE_SHORT = 3 , IMAGE_SYM_TYPE_INT = 4 , IMAGE_SYM_TYPE_LONG = 5 , IMAGE_SYM_TYPE_FLOAT = 6 , IMAGE_SYM_TYPE_DOUBLE = 7 , IMAGE_SYM_TYPE_STRUCT = 8 , IMAGE_SYM_TYPE_UNION = 9 , IMAGE_SYM_TYPE_ENUM = 10 , IMAGE_SYM_TYPE_MOE = 11 , IMAGE_SYM_TYPE_BYTE = 12 , IMAGE_SYM_TYPE_WORD = 13 , IMAGE_SYM_TYPE_UINT = 14 , IMAGE_SYM_TYPE_DWORD = 15 } |
| enum class | SYMBOL_COMPLEX_TYPES : size_t { IMAGE_SYM_DTYPE_NULL = 0 , IMAGE_SYM_DTYPE_POINTER = 1 , IMAGE_SYM_DTYPE_FUNCTION = 2 , IMAGE_SYM_DTYPE_ARRAY = 3 , SCT_COMPLEX_TYPE_SHIFT = 4 } |
| enum class | AuxSymbolType : size_t { IMAGE_AUX_SYMBOL_TYPE_TOKEN_DEF = 1 } |
| enum class | RELOCATIONS_I386 : size_t { IMAGE_REL_I386_ABSOLUTE = 0x0000 , IMAGE_REL_I386_DIR16 = 0x0001 , IMAGE_REL_I386_REL16 = 0x0002 , IMAGE_REL_I386_DIR32 = 0x0006 , IMAGE_REL_I386_DIR32NB = 0x0007 , IMAGE_REL_I386_SEG12 = 0x0009 , IMAGE_REL_I386_SECTION = 0x000A , IMAGE_REL_I386_SECREL = 0x000B , IMAGE_REL_I386_TOKEN = 0x000C , IMAGE_REL_I386_SECREL7 = 0x000D , IMAGE_REL_I386_REL32 = 0x0014 } |
| enum class | RELOCATIONS_AMD64 : size_t { IMAGE_REL_AMD64_ABSOLUTE = 0x0000 , IMAGE_REL_AMD64_ADDR64 = 0x0001 , IMAGE_REL_AMD64_ADDR32 = 0x0002 , IMAGE_REL_AMD64_ADDR32NB = 0x0003 , IMAGE_REL_AMD64_REL32 = 0x0004 , IMAGE_REL_AMD64_REL32_1 = 0x0005 , IMAGE_REL_AMD64_REL32_2 = 0x0006 , IMAGE_REL_AMD64_REL32_3 = 0x0007 , IMAGE_REL_AMD64_REL32_4 = 0x0008 , IMAGE_REL_AMD64_REL32_5 = 0x0009 , IMAGE_REL_AMD64_SECTION = 0x000A , IMAGE_REL_AMD64_SECREL = 0x000B , IMAGE_REL_AMD64_SECREL7 = 0x000C , IMAGE_REL_AMD64_TOKEN = 0x000D , IMAGE_REL_AMD64_SREL32 = 0x000E , IMAGE_REL_AMD64_PAIR = 0x000F , IMAGE_REL_AMD64_SSPAN32 = 0x0010 } |
| enum class | RELOCATIONS_ARM : size_t { IMAGE_REL_ARM_ABSOLUTE = 0x0000 , IMAGE_REL_ARM_ADDR32 = 0x0001 , IMAGE_REL_ARM_ADDR32NB = 0x0002 , IMAGE_REL_ARM_BRANCH24 = 0x0003 , IMAGE_REL_ARM_BRANCH11 = 0x0004 , IMAGE_REL_ARM_TOKEN = 0x0005 , IMAGE_REL_ARM_BLX24 = 0x0008 , IMAGE_REL_ARM_BLX11 = 0x0009 , IMAGE_REL_ARM_SECTION = 0x000E , IMAGE_REL_ARM_SECREL = 0x000F , IMAGE_REL_ARM_MOV32A = 0x0010 , IMAGE_REL_ARM_MOV32T = 0x0011 , IMAGE_REL_ARM_BRANCH20T = 0x0012 , IMAGE_REL_ARM_BRANCH24T = 0x0014 , IMAGE_REL_ARM_BLX23T = 0x0015 } |
| enum class | WeakExternalCharacteristics : size_t { IMAGE_WEAK_EXTERN_SEARCH_NOLIBRARY = 1 , IMAGE_WEAK_EXTERN_SEARCH_LIBRARY = 2 , IMAGE_WEAK_EXTERN_SEARCH_ALIAS = 3 } |
| These are not documented in the spec, but are located in WinNT.h. | |
| enum class | ImportType : size_t { IMPORT_CODE = 0 , IMPORT_DATA = 1 , IMPORT_CONST = 2 } |
| enum class | ImportNameType : size_t { IMPORT_ORDINAL = 0 , IMPORT_NAME = 1 , IMPORT_NAME_NOPREFIX = 2 , IMPORT_NAME_UNDECORATE = 3 } |
| enum class | CodeViewIdentifiers : size_t { DEBUG_LINE_TABLES_HAVE_COLUMN_RECORDS = 0x1 , DEBUG_SECTION_MAGIC = 0x4 , DEBUG_SYMBOL_SUBSECTION = 0xF1 , DEBUG_LINE_TABLE_SUBSECTION = 0xF2 , DEBUG_STRING_TABLE_SUBSECTION = 0xF3 , DEBUG_INDEX_SUBSECTION = 0xF4 , DEBUG_SYMBOL_TYPE_PROC_START = 0x1147 , DEBUG_SYMBOL_TYPE_PROC_END = 0x114F } |
| enum class | EXTENDED_WINDOW_STYLES : size_t { WS_EX_DLGMODALFRAME = 0x00000001L , WS_EX_NOPARENTNOTIFY = 0x00000004L , WS_EX_TOPMOST = 0x00000008L , WS_EX_ACCEPTFILES = 0x00000010L , WS_EX_TRANSPARENT = 0x00000020L , WS_EX_MDICHILD = 0x00000040L , WS_EX_TOOLWINDOW = 0x00000080L , WS_EX_WINDOWEDGE = 0x00000100L , WS_EX_CLIENTEDGE = 0x00000200L , WS_EX_CONTEXTHELP = 0x00000400L , WS_EX_RIGHT = 0x00001000L , WS_EX_LEFT = 0x00000000L , WS_EX_RTLREADING = 0x00002000L , WS_EX_LTRREADING = 0x00000000L , WS_EX_LEFTSCROLLBAR = 0x00004000L , WS_EX_RIGHTSCROLLBAR = 0x00000000L , WS_EX_CONTROLPARENT = 0x00010000L , WS_EX_STATICEDGE = 0x00020000L , WS_EX_APPWINDOW = 0x00040000L } |
| From https://docs.microsoft.com/en-us/windows/win32/winmsg/extended-window-styles. | |
| enum class | WINDOW_STYLES : size_t { WS_OVERLAPPED = 0x00000000L , WS_POPUP = 0x80000000L , WS_CHILD = 0x40000000L , WS_MINIMIZE = 0x20000000L , WS_VISIBLE = 0x10000000L , WS_DISABLED = 0x08000000L , WS_CLIPSIBLINGS = 0x04000000L , WS_CLIPCHILDREN = 0x02000000L , WS_MAXIMIZE = 0x01000000L , WS_CAPTION = 0x00C00000L , WS_BORDER = 0x00800000L , WS_DLGFRAME = 0x00400000L , WS_VSCROLL = 0x00200000L , WS_HSCROLL = 0x00100000L , WS_SYSMENU = 0x00080000L , WS_THICKFRAME = 0x00040000L , WS_GROUP = 0x00020000L , WS_TABSTOP = 0x00010000L , WS_MINIMIZEBOX = 0x00020000L , WS_MAXIMIZEBOX = 0x00010000L } |
| From: https://docs.microsoft.com/en-us/windows/win32/winmsg/window-styles. | |
| enum class | DIALOG_BOX_STYLES : size_t { DS_ABSALIGN = 0x0001L , DS_SYSMODAL = 0x0002L , DS_LOCALEDIT = 0x0020L , DS_SETFONT = 0x0040L , DS_MODALFRAME = 0x0080L , DS_NOIDLEMSG = 0x0100L , DS_SETFOREGROUND = 0x0200L , DS_3DLOOK = 0x0004L , DS_FIXEDSYS = 0x0008L , DS_NOFAILCREATE = 0x0010L , DS_CONTROL = 0x0400L , DS_CENTER = 0x0800L , DS_CENTERMOUSE = 0x1000L , DS_CONTEXTHELP = 0x2000L , DS_SHELLFONT = 0x0040L | 0x0008L } |
| From https://docs.microsoft.com/en-us/windows/win32/dlgbox/dialog-box-styles. | |
| enum class | FIXED_VERSION_OS : size_t { VOS_UNKNOWN = 0x00000000L , VOS_DOS = 0x00010000L , VOS_NT = 0x00040000L , VOS__WINDOWS16 = 0x00000001L , VOS__WINDOWS32 = 0x00000004L , VOS_OS216 = 0x00020000L , VOS_OS232 = 0x00030000L , VOS__PM16 = 0x00000002L , VOS__PM32 = 0x00000003L , VOS_DOS_WINDOWS16 = 0x00010000L | 0x00000001L , VOS_DOS_WINDOWS32 = 0x00010000L | 0x00000004L , VOS_NT_WINDOWS32 = 0x00040000L | 0x00000004L , VOS_OS216_PM16 = 0x00020000L | 0x00000002L , VOS_OS232_PM32 = 0x00030000L | 0x00000003L } |
| enum class | FIXED_VERSION_FILE_FLAGS : size_t { VS_FF_DEBUG = 0x00000001L , VS_FF_INFOINFERRED = 0x00000010L , VS_FF_PATCHED = 0x00000004L , VS_FF_PRERELEASE = 0x00000002L , VS_FF_PRIVATEBUILD = 0x00000008L , VS_FF_SPECIALBUILD = 0x00000020L } |
| enum class | FIXED_VERSION_FILE_TYPES : size_t { VFT_APP = 0x00000001L , VFT_DLL = 0x00000002L , VFT_DRV = 0x00000003L , VFT_FONT = 0x00000004L , VFT_STATIC_LIB = 0x00000007L , VFT_UNKNOWN = 0x00000000L , VFT_VXD = 0x00000005L } |
| enum class | FIXED_VERSION_FILE_SUB_TYPES : size_t { VFT2_DRV_COMM = 0x0000000AL , VFT2_DRV_DISPLAY = 0x00000004L , VFT2_DRV_INSTALLABLE = 0x00000008L , VFT2_DRV_KEYBOARD = 0x00000002L , VFT2_DRV_LANGUAGE = 0x00000003L , VFT2_DRV_MOUSE = 0x00000005L , VFT2_DRV_NETWORK = 0x00000006L , VFT2_DRV_PRINTER = 0x00000001L , VFT2_DRV_SOUND = 0x00000009L , VFT2_DRV_SYSTEM = 0x00000007L , VFT2_DRV_VERSIONED_PRINTER = 0x0000000CL , VFT2_FONT_RASTER = 0x00000001L , VFT2_FONT_TRUETYPE = 0x00000003L , VFT2_FONT_VECTOR = 0x00000002L , VFT2_UNKNOWN = 0x00000000L } |
| enum class | CODE_PAGES : size_t { CP_IBM037 = 37 , CP_IBM437 = 437 , CP_IBM500 = 500 , CP_ASMO_708 = 708 , CP_DOS_720 = 720 , CP_IBM737 = 737 , CP_IBM775 = 775 , CP_IBM850 = 850 , CP_IBM852 = 852 , CP_IBM855 = 855 , CP_IBM857 = 857 , CP_IBM00858 = 858 , CP_IBM860 = 860 , CP_IBM861 = 861 , CP_DOS_862 = 862 , CP_IBM863 = 863 , CP_IBM864 = 864 , CP_IBM865 = 865 , CP_CP866 = 866 , CP_IBM869 = 869 , CP_IBM870 = 870 , CP_WINDOWS_874 = 874 , CP_CP875 = 875 , CP_SHIFT_JIS = 932 , CP_GB2312 = 936 , CP_KS_C_5601_1987 = 949 , CP_BIG5 = 950 , CP_IBM1026 = 1026 , CP_IBM01047 = 1047 , CP_IBM01140 = 1140 , CP_IBM01141 = 1141 , CP_IBM01142 = 1142 , CP_IBM01143 = 1143 , CP_IBM01144 = 1144 , CP_IBM01145 = 1145 , CP_IBM01146 = 1146 , CP_IBM01147 = 1147 , CP_IBM01148 = 1148 , CP_IBM01149 = 1149 , CP_UTF_16 = 1200 , CP_UNICODEFFFE = 1201 , CP_WINDOWS_1250 = 1250 , CP_WINDOWS_1251 = 1251 , CP_WINDOWS_1252 = 1252 , CP_WINDOWS_1253 = 1253 , CP_WINDOWS_1254 = 1254 , CP_WINDOWS_1255 = 1255 , CP_WINDOWS_1256 = 1256 , CP_WINDOWS_1257 = 1257 , CP_WINDOWS_1258 = 1258 , CP_JOHAB = 1361 , CP_MACINTOSH = 10000 , CP_X_MAC_JAPANESE = 10001 , CP_X_MAC_CHINESETRAD = 10002 , CP_X_MAC_KOREAN = 10003 , CP_X_MAC_ARABIC = 10004 , CP_X_MAC_HEBREW = 10005 , CP_X_MAC_GREEK = 10006 , CP_X_MAC_CYRILLIC = 10007 , CP_X_MAC_CHINESESIMP = 10008 , CP_X_MAC_ROMANIAN = 10010 , CP_X_MAC_UKRAINIAN = 10017 , CP_X_MAC_THAI = 10021 , CP_X_MAC_CE = 10029 , CP_X_MAC_ICELANDIC = 10079 , CP_X_MAC_TURKISH = 10081 , CP_X_MAC_CROATIAN = 10082 , CP_UTF_32 = 12000 , CP_UTF_32BE = 12001 , CP_X_CHINESE_CNS = 20000 , CP_X_CP20001 = 20001 , CP_X_CHINESE_ETEN = 20002 , CP_X_CP20003 = 20003 , CP_X_CP20004 = 20004 , CP_X_CP20005 = 20005 , CP_X_IA5 = 20105 , CP_X_IA5_GERMAN = 20106 , CP_X_IA5_SWEDISH = 20107 , CP_X_IA5_NORWEGIAN = 20108 , CP_US_ASCII = 20127 , CP_X_CP20261 = 20261 , CP_X_CP20269 = 20269 , CP_IBM273 = 20273 , CP_IBM277 = 20277 , CP_IBM278 = 20278 , CP_IBM280 = 20280 , CP_IBM284 = 20284 , CP_IBM285 = 20285 , CP_IBM290 = 20290 , CP_IBM297 = 20297 , CP_IBM420 = 20420 , CP_IBM423 = 20423 , CP_IBM424 = 20424 , CP_X_EBCDIC_KOREANEXTENDED = 20833 , CP_IBM_THAI = 20838 , CP_KOI8_R = 20866 , CP_IBM871 = 20871 , CP_IBM880 = 20880 , CP_IBM905 = 20905 , CP_IBM00924 = 20924 , CP_EUC_JP_JIS = 20932 , CP_X_CP20936 = 20936 , CP_X_CP20949 = 20949 , CP_CP1025 = 21025 , CP_KOI8_U = 21866 , CP_ISO_8859_1 = 28591 , CP_ISO_8859_2 = 28592 , CP_ISO_8859_3 = 28593 , CP_ISO_8859_4 = 28594 , CP_ISO_8859_5 = 28595 , CP_ISO_8859_6 = 28596 , CP_ISO_8859_7 = 28597 , CP_ISO_8859_8 = 28598 , CP_ISO_8859_9 = 28599 , CP_ISO_8859_13 = 28603 , CP_ISO_8859_15 = 28605 , CP_X_EUROPA = 29001 , CP_ISO_8859_8_I = 38598 , CP_ISO_2022_JP = 50220 , CP_CSISO2022JP = 50221 , CP_ISO_2022_JP_JIS = 50222 , CP_ISO_2022_KR = 50225 , CP_X_CP50227 = 50227 , CP_EUC_JP = 51932 , CP_EUC_CN = 51936 , CP_EUC_KR = 51949 , CP_HZ_GB_2312 = 52936 , CP_GB18030 = 54936 , CP_X_ISCII_DE = 57002 , CP_X_ISCII_BE = 57003 , CP_X_ISCII_TA = 57004 , CP_X_ISCII_TE = 57005 , CP_X_ISCII_AS = 57006 , CP_X_ISCII_OR = 57007 , CP_X_ISCII_KA = 57008 , CP_X_ISCII_MA = 57009 , CP_X_ISCII_GU = 57010 , CP_X_ISCII_PA = 57011 , CP_UTF_7 = 65000 , CP_UTF_8 = 65001 } |
| Code page from https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers. More... | |
| enum class | ACCELERATOR_FLAGS : size_t { FVIRTKEY = 0x01 , FNOINVERT = 0x02 , FSHIFT = 0x04 , FCONTROL = 0x08 , FALT = 0x10 , END = 0x80 } |
| From https://docs.microsoft.com/en-us/windows/win32/menurc/acceltableentry. | |
| enum class | ACCELERATOR_VK_CODES : size_t { VK_LBUTTON = 0x01 , VK_RBUTTON = 0x02 , VK_CANCEL = 0x03 , VK_MBUTTON = 0x04 , VK_XBUTTON1 = 0x05 , VK_XBUTTON2 = 0x06 , VK_BACK = 0x08 , VK_TAB = 0x09 , VK_CLEAR = 0x0C , VK_RETURN = 0x0D , VK_SHIFT = 0x10 , VK_CONTROL = 0x11 , VK_MENU = 0x12 , VK_PAUSE = 0x13 , VK_CAPITAL = 0x14 , VK_KANA = 0x15 , VK_HANGUEL = 0x15 , VK_HANGUL = 0x15 , VK_IME_ON = 0x16 , VK_JUNJA = 0x17 , VK_FINAL = 0x18 , VK_HANJA = 0x19 , VK_KANJI = 0x19 , VK_IME_OFF = 0x1A , VK_ESCAPE = 0x1B , VK_CONVERT = 0x1C , VK_NONCONVERT = 0x1D , VK_ACCEPT = 0x1E , VK_MODECHANGE = 0x1F , VK_SPACE = 0x20 , VK_PRIOR = 0x21 , VK_NEXT = 0x22 , VK_END = 0x23 , VK_HOME = 0x24 , VK_LEFT = 0x25 , VK_UP = 0x26 , VK_RIGHT = 0x27 , VK_DOWN = 0x28 , VK_SELECT = 0x29 , VK_PRINT = 0x2A , VK_EXECUTE = 0x2B , VK_SNAPSHOT = 0x2C , VK_INSERT = 0x2D , VK_DELETE = 0x2E , VK_HELP = 0x2F , VK_0 = 0x30 , VK_1 = 0x31 , VK_2 = 0x32 , VK_3 = 0x33 , VK_4 = 0x34 , VK_5 = 0x35 , VK_6 = 0x36 , VK_7 = 0x37 , VK_8 = 0x38 , VK_9 = 0x39 , VK_A = 0x41 , VK_B = 0x42 , VK_C = 0x43 , VK_D = 0x44 , VK_E = 0x45 , VK_F = 0x46 , VK_G = 0x47 , VK_H = 0x48 , VK_I = 0x49 , VK_J = 0x4A , VK_K = 0x4B , VK_L = 0x4C , VK_M = 0x4D , VK_N = 0x4E , VK_O = 0x4F , VK_P = 0x50 , VK_Q = 0x51 , VK_R = 0x52 , VK_S = 0x53 , VK_T = 0x54 , VK_U = 0x55 , VK_V = 0x56 , VK_W = 0x57 , VK_X = 0x58 , VK_Y = 0x59 , VK_Z = 0x60 , VK_LWIN = 0x5B , VK_RWIN = 0x5C , VK_APPS = 0x5D , VK_SLEEP = 0x5F , VK_NUMPAD0 = 0x60 , VK_NUMPAD1 = 0x61 , VK_NUMPAD2 = 0x62 , VK_NUMPAD3 = 0x63 , VK_NUMPAD4 = 0x64 , VK_NUMPAD5 = 0x65 , VK_NUMPAD6 = 0x66 , VK_NUMPAD7 = 0x67 , VK_NUMPAD8 = 0x68 , VK_NUMPAD9 = 0x69 , VK_MULTIPLY = 0x6A , VK_ADD = 0x6B , VK_SEPARATOR = 0x6C , VK_SUBTRACT = 0x6D , VK_DECIMAL = 0x6E , VK_DIVIDE = 0x6F , VK_F1 = 0x70 , VK_F2 = 0x71 , VK_F3 = 0x72 , VK_F4 = 0x73 , VK_F5 = 0x74 , VK_F6 = 0x75 , VK_F7 = 0x76 , VK_F8 = 0x77 , VK_F9 = 0x78 , VK_F10 = 0x79 , VK_F11 = 0x7A , VK_F12 = 0x7B , VK_F13 = 0x7C , VK_F14 = 0x7D , VK_F15 = 0x7E , VK_F16 = 0x7F , VK_F17 = 0x80 , VK_F18 = 0x81 , VK_F19 = 0x82 , VK_F20 = 0x83 , VK_F21 = 0x84 , VK_F22 = 0x85 , VK_F23 = 0x86 , VK_F24 = 0x87 , VK_NUMLOCK = 0x90 , VK_SCROLL = 0x91 , VK_LSHIFT = 0xA0 , VK_RSHIFT = 0xA1 , VK_LCONTROL = 0xA2 , VK_RCONTROL = 0xA3 , VK_LMENU = 0xA4 , VK_RMENU = 0xA5 , VK_BROWSER_BACK = 0xA6 , VK_BROWSER_FORWARD = 0xA7 , VK_BROWSER_REFRESH = 0xA8 , VK_BROWSER_STOP = 0xA9 , VK_BROWSER_SEARCH = 0xAA , VK_BROWSER_FAVORITES = 0xAB , VK_BROWSER_HOME = 0xAC , VK_VOLUME_MUTE = 0xAD , VK_VOLUME_DOWN = 0xAE , VK_VOLUME_UP = 0xAF , VK_MEDIA_NEXT_TRACK = 0xB0 , VK_MEDIA_PREV_TRACK = 0xB1 , VK_MEDIA_STOP = 0xB2 , VK_MEDIA_PLAY_PAUSE = 0xB3 , VK_LAUNCH_MAIL = 0xB4 , VK_LAUNCH_MEDIA_SELECT = 0xB5 , VK_LAUNCH_APP1 = 0xB6 , VK_LAUNCH_APP2 = 0xB7 , VK_OEM_1 = 0xBA , VK_OEM_PLUS = 0xBB , VK_OEM_COMMA = 0xBC , VK_OEM_MINUS = 0xBD , VK_OEM_PERIOD = 0xBE , VK_OEM_2 = 0xBF , VK_OEM_4 = 0xDB , VK_OEM_5 = 0xDC , VK_OEM_6 = 0xDD , VK_OEM_7 = 0xDE , VK_OEM_8 = 0xDF , VK_OEM_102 = 0xE2 , VK_PROCESSKEY = 0xE5 , VK_PACKET = 0xE7 , VK_ATTN = 0xF6 , VK_CRSEL = 0xF7 , VK_EXSEL = 0xF8 , VK_EREOF = 0xF9 , VK_PLAY = 0xFA , VK_ZOOM = 0xFB , VK_NONAME = 0xFC , VK_PA1 = 0xFD , VK_OEM_CLEAR = 0xFE } |
| From https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes. | |
| enum class | PE_SECTION_TYPES : uint8_t { TEXT = 0 , TLS = 1 , IMPORT = 2 , DATA = 3 , BSS = 4 , RESOURCE = 5 , RELOCATION = 6 , EXPORT = 7 , DEBUG = 8 , LOAD_CONFIG = 9 , UNKNOWN = 10 } |
| Common section type. | |
| enum class | PE_TYPE : uint16_t { PE32 = 0x10b , PE32_PLUS = 0x20b } |
| enum class | ALGORITHMS : uint32_t { UNKNOWN = 0 , SHA_512 , SHA_384 , SHA_256 , SHA_1 , MD5 , MD4 , MD2 , RSA , EC , MD5_RSA , SHA1_DSA , SHA1_RSA , SHA_256_RSA , SHA_384_RSA , SHA_512_RSA , SHA1_ECDSA , SHA_256_ECDSA , SHA_384_ECDSA , SHA_512_ECDSA } |
| Cryptography algorithms. | |
| enum class | RESOURCE_LANGS { NEUTRAL = 0x00 , INVARIANT = 0x7f , AFRIKAANS = 0x36 , ALBANIAN = 0x1c , ARABIC = 0x01 , ARMENIAN = 0x2b , ASSAMESE = 0x4d , AZERI = 0x2c , BASQUE = 0x2d , BELARUSIAN = 0x23 , BANGLA = 0x45 , BULGARIAN = 0x02 , CATALAN = 0x03 , CHINESE = 0x04 , CROATIAN = 0x1a , BOSNIAN = 0x1a , CZECH = 0x05 , DANISH = 0x06 , DIVEHI = 0x65 , DUTCH = 0x13 , ENGLISH = 0x09 , ESTONIAN = 0x25 , FAEROESE = 0x38 , FARSI = 0x29 , FINNISH = 0x0b , FRENCH = 0x0c , GALICIAN = 0x56 , GEORGIAN = 0x37 , GERMAN = 0x07 , GREEK = 0x08 , GUJARATI = 0x47 , HEBREW = 0x0d , HINDI = 0x39 , HUNGARIAN = 0x0e , ICELANDIC = 0x0f , INDONESIAN = 0x21 , ITALIAN = 0x10 , JAPANESE = 0x11 , KANNADA = 0x4b , KASHMIRI = 0x60 , KAZAK = 0x3f , KONKANI = 0x57 , KOREAN = 0x12 , KYRGYZ = 0x40 , LATVIAN = 0x26 , LITHUANIAN = 0x27 , MACEDONIAN = 0x2f , MALAY = 0x3e , MALAYALAM = 0x4c , MANIPURI = 0x58 , MARATHI = 0x4e , MONGOLIAN = 0x50 , NEPALI = 0x61 , NORWEGIAN = 0x14 , ORIYA = 0x48 , POLISH = 0x15 , PORTUGUESE = 0x16 , PUNJABI = 0x46 , ROMANIAN = 0x18 , RUSSIAN = 0x19 , SANSKRIT = 0x4f , SERBIAN = 0x1a , SINDHI = 0x59 , SLOVAK = 0x1b , SLOVENIAN = 0x24 , SPANISH = 0x0a , SWAHILI = 0x41 , SWEDISH = 0x1d , SYRIAC = 0x5a , TAMIL = 0x49 , TATAR = 0x44 , TELUGU = 0x4a , THAI = 0x1e , TURKISH = 0x1f , UKRAINIAN = 0x22 , URDU = 0x20 , UZBEK = 0x43 , VIETNAMESE = 0x2a , GAELIC = 0x3c , MALTESE = 0x3a , MAORI = 0x28 , RHAETO_ROMANCE = 0x17 , SAMI = 0x3b , SORBIAN = 0x2e , SUTU = 0x30 , TSONGA = 0x31 , TSWANA = 0x32 , VENDA = 0x33 , XHOSA = 0x34 , ZULU = 0x35 , ESPERANTO = 0x8f , WALON = 0x90 , CORNISH = 0x91 , WELSH = 0x92 , BRETON = 0x93 , INUKTITUT = 0x5d , IRISH = 0x3C , LOWER_SORBIAN = 0x2E , PULAR = 0x67 , QUECHUA = 0x6B , TAMAZIGHT = 0x5F , TIGRINYA = 0x73 , VALENCIAN = 0x03 } |
| enum class | IMPHASH_MODE { DEFAULT = 0 , LIEF = DEFAULT , PEFILE , VT = PEFILE } |
| Enum to define the behavior of LIEF::PE::get_imphash. More... | |
Functions | |
| const char * | to_string (DataDirectory::TYPES e) |
| const char * | to_string (CodeView::SIGNATURES e) |
| const char * | to_string (Debug::TYPES e) |
| const char * | to_string (Pogo::SIGNATURES e) |
| const char * | to_string (PE_TYPE e) |
| const char * | to_string (PE_SECTION_TYPES e) |
| const char * | to_string (SYMBOL_BASE_TYPES e) |
| const char * | to_string (SYMBOL_COMPLEX_TYPES e) |
| const char * | to_string (SYMBOL_SECTION_NUMBER e) |
| const char * | to_string (SYMBOL_STORAGE_CLASS e) |
| const char * | to_string (RELOCATIONS_BASE_TYPES e) |
| const char * | to_string (RELOCATIONS_I386 e) |
| const char * | to_string (RELOCATIONS_AMD64 e) |
| const char * | to_string (RELOCATIONS_ARM e) |
| const char * | to_string (CODE_PAGES e) |
| const char * | to_string (EXTENDED_WINDOW_STYLES e) |
| const char * | to_string (WINDOW_STYLES e) |
| const char * | to_string (DIALOG_BOX_STYLES e) |
| const char * | to_string (FIXED_VERSION_OS e) |
| const char * | to_string (FIXED_VERSION_FILE_FLAGS e) |
| const char * | to_string (FIXED_VERSION_FILE_TYPES e) |
| const char * | to_string (FIXED_VERSION_FILE_SUB_TYPES e) |
| const char * | to_string (ACCELERATOR_FLAGS e) |
| const char * | to_string (ACCELERATOR_VK_CODES e) |
| const char * | to_string (ALGORITHMS e) |
| const char * | to_string (Header::CHARACTERISTICS c) |
| const char * | to_string (Header::MACHINE_TYPES c) |
| std::string | to_json (const Object &v) |
| const char * | to_string (LoadConfiguration::VERSION e) |
| const char * | to_string (LoadConfigurationV1::IMAGE_GUARD e) |
| const char * | to_string (OptionalHeader::DLL_CHARACTERISTICS) |
| const char * | to_string (OptionalHeader::SUBSYSTEM) |
| const char * | to_string (RelocationEntry::BASE_TYPES e) |
| const char * | to_string (ResourcesManager::TYPE type) |
| const char * | to_string (Section::CHARACTERISTICS e) |
| const char * | to_string (Attribute::TYPE e) |
| const char * | oid_to_string (const oid_t &oid) |
| Convert an OID to a human-readable string. | |
| bool | is_pe (BinaryStream &stream) |
| bool | is_pe (const std::string &file) |
check if the file is a PE file | |
| bool | is_pe (const std::vector< uint8_t > &raw) |
| check if the raw data is a PE file | |
| result< PE_TYPE > | get_type (const std::string &file) |
if the input file is a PE one, return PE32 or PE32+ | |
| result< PE_TYPE > | get_type (const std::vector< uint8_t > &raw) |
Return PE32 or PE32+ | |
| result< PE_TYPE > | get_type_from_stream (BinaryStream &stream) |
| std::string | get_imphash (const Binary &binary, IMPHASH_MODE mode=IMPHASH_MODE::DEFAULT) |
| Compute the hash of imported functions. | |
| result< Import > | resolve_ordinals (const Import &import, bool strict=false, bool use_std=false) |
| Take a PE::Import as entry and try to resolve imports by ordinal. | |
| ALGORITHMS | algo_from_oid (const std::string &oid) |
|
strong |
Code page from https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers.
|
strong |
Enum to define the behavior of LIEF::PE::get_imphash.
| Enumerator | |
|---|---|
| DEFAULT | Default implementation |
| LIEF | Same as IMPHASH_MODE::DEFAULT |
| PEFILE | Use pefile algorithm |
| VT | Same as IMPHASH_MODE::PEFILE since Virus Total is using pefile |
|
strong |
| Enumerator | |
|---|---|
| IMPORT_ORDINAL | Import is by ordinal. This indicates that the value in the Ordinal/Hint field of the import header is the import's ordinal. If this constant is not specified, then the Ordinal/Hint field should always be interpreted as the import's hint. |
| IMPORT_NAME | The import name is identical to the public symbol name. |
| IMPORT_NAME_NOPREFIX | The import name is the public symbol name, but skipping the leading ?, @, or optionally _. |
| IMPORT_NAME_UNDECORATE | The import name is the public symbol name, but skipping the leading ?, @, or optionally _, and truncating at the first . |
|
strong |
|
strong |
|
strong |
|
strong |
| enum LIEF::PE::SYMBOL_STORAGE_CLASS : int |
Storage class tells where and what the symbol represents.
| Enumerator | |
|---|---|
| IMAGE_SYM_CLASS_END_OF_FUNCTION | Physical end of function. |
| IMAGE_SYM_CLASS_NULL | No symbol. |
| IMAGE_SYM_CLASS_AUTOMATIC | Stack variable. |
| IMAGE_SYM_CLASS_EXTERNAL | External symbol. |
| IMAGE_SYM_CLASS_STATIC | Static. |
| IMAGE_SYM_CLASS_REGISTER | Register variable. |
| IMAGE_SYM_CLASS_EXTERNAL_DEF | External definition. |
| IMAGE_SYM_CLASS_LABEL | Label. |
| IMAGE_SYM_CLASS_UNDEFINED_LABEL | Undefined label. |
| IMAGE_SYM_CLASS_MEMBER_OF_STRUCT | Member of structure. |
| IMAGE_SYM_CLASS_ARGUMENT | Function argument. |
| IMAGE_SYM_CLASS_STRUCT_TAG | Structure tag. |
| IMAGE_SYM_CLASS_MEMBER_OF_UNION | Member of union. |
| IMAGE_SYM_CLASS_UNION_TAG | Union tag. |
| IMAGE_SYM_CLASS_TYPE_DEFINITION | Type definition. |
| IMAGE_SYM_CLASS_UNDEFINED_STATIC | Undefined static. |
| IMAGE_SYM_CLASS_ENUM_TAG | Enumeration tag. |
| IMAGE_SYM_CLASS_MEMBER_OF_ENUM | Member of enumeration. |
| IMAGE_SYM_CLASS_REGISTER_PARAM | Register parameter. |
| IMAGE_SYM_CLASS_BIT_FIELD | Bit field ".bb" or ".eb" - beginning or end of block. |
| IMAGE_SYM_CLASS_BLOCK | ".bf" or ".ef" - beginning or end of function |
| IMAGE_SYM_CLASS_END_OF_STRUCT | End of structure. |
| IMAGE_SYM_CLASS_FILE | File name line number, reformatted as symbol. |
| IMAGE_SYM_CLASS_WEAK_EXTERNAL | Duplicate tag external symbol in dmert public lib. |
| std::string LIEF::PE::get_imphash | ( | const Binary & | binary, |
| IMPHASH_MODE | mode = IMPHASH_MODE::DEFAULT ) |
Compute the hash of imported functions.
By default, it generates an hash with the following properties:
If one needs the same output as Virus Total (i.e. pefile), you can pass IMPHASH_MODE::PEFILE as second parameter.
| result< Import > LIEF::PE::resolve_ordinals | ( | const Import & | import, |
| bool | strict = false, | ||
| bool | use_std = false ) |
Take a PE::Import as entry and try to resolve imports by ordinal.
The strict boolean parameter enables to throw an LIEF::not_found exception if the ordinal can't be resolved. Otherwise it skips the entry.
| [in] | import | Import to resolve |
| [in] | strict | If set to true, throw an exception if the import can't be resolved |
| [in] | use_std | If true, it will use the pefile look-up table for resolving imports |
1.10.0