This package implements access to PE (Microsoft Windows Portable Executable) and MS-COFF (Microsoft Common Object File Format) files in Go programming language.
In contrast to the debug.pe package from the standard library of Go, this implementation gives you access to much more file contents, such as:
- Dos header;
- File header;
- Optional header;
- Data directories of an optional header;
- Headers of sections;
- Relocations of sections;
- String table of a COFF file;
- and others...
The following example shows you how to check MachineType field inside a FileHeader
func Example_MachineType() {
file, _ := os.Open(testDir + "exe_32_fasm+1-71-39_aslr")
defer file.Close()
// Creating PE/COFF File
pe := pecoff.Explore(binutil.WrapReaderAt(file))
// Reading DosHeader to get offset to the file header
pe.ReadDosHeader()
// Reading FileHeader
pe.ReadFileHeader()
// Releasing resources (i.e. file)
pe.Seal()
// Priting string represntation of the MachineType
fmt.Println(windef.MAP_IMAGE_FILE_MACHINE[pe.FileHeader.Machine])
// Output:
// I386
}More usage examples can be found in the tests
This package can fully parse only PE/COFF files which are compiled for the following two architectures:
- AMD64
IMAGE_FILE_MACHINE_AMD64 - I386
IMAGE_FILE_MACHINE_I386
This package is not thread safe.
Calling Read* methods must be done from a single thread, otherwise the consistency and correctness of the parsed data cannot be guaranteed.
But all other operations, which don't modify the contents of the File can be safely performed from a multiple goroutines (i.e. accessing the File object and its fields).
Add support for the following data directories of an optional header:
- Exports
- Resources
- Exceptions
- Security
- Debug
- Architecture
- GlobalPtrs
- TLS
- LoadConfig
- BoundImports
- IAT
- DelayImports
- COMDescriptors