Skip to content
This repository has been archived by the owner on Sep 23, 2023. It is now read-only.

RIscRIpt/pecoff

Repository files navigation

pecoff

Build Status Coverage Go Report Card GoDoc License

This package implements access to PE (Microsoft Windows Portable Executable) and MS-COFF (Microsoft Common Object File Format) files in Go programming language.

In contrast to the debug.pe package from the standard library of Go, this implementation gives you access to much more file contents, such as:

  • Dos header;
  • File header;
  • Optional header;
  • Data directories of an optional header;
  • Headers of sections;
  • Relocations of sections;
  • String table of a COFF file;
  • and others...

Example

The following example shows you how to check MachineType field inside a FileHeader

func Example_MachineType() {
    file, _ := os.Open(testDir + "exe_32_fasm+1-71-39_aslr")
    defer file.Close()
    // Creating PE/COFF File
    pe := pecoff.Explore(binutil.WrapReaderAt(file))
    // Reading DosHeader to get offset to the file header
    pe.ReadDosHeader()
    // Reading FileHeader
    pe.ReadFileHeader()
    // Releasing resources (i.e. file)
    pe.Seal()
    // Priting string represntation of the MachineType
    fmt.Println(windef.MAP_IMAGE_FILE_MACHINE[pe.FileHeader.Machine])
    // Output:
    // I386
}

More usage examples can be found in the tests

Limitations

This package can fully parse only PE/COFF files which are compiled for the following two architectures:

  • AMD64 IMAGE_FILE_MACHINE_AMD64
  • I386 IMAGE_FILE_MACHINE_I386

Thread safety

This package is not thread safe. Calling Read* methods must be done from a single thread, otherwise the consistency and correctness of the parsed data cannot be guaranteed. But all other operations, which don't modify the contents of the File can be safely performed from a multiple goroutines (i.e. accessing the File object and its fields).

TODO

Add support for the following data directories of an optional header:

  • Exports
  • Resources
  • Exceptions
  • Security
  • Debug
  • Architecture
  • GlobalPtrs
  • TLS
  • LoadConfig
  • BoundImports
  • IAT
  • DelayImports
  • COMDescriptors

License

GNU General Public License v3.0