A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
GenericParamConstraint
metadata table by @veramine in https://github.com/saferwall/pe/pull/85
StringFileInfo
by @dmjb in https://github.com/saferwall/pe/pull/79
Full Changelog: https://github.com/saferwall/pe/compare/v1.4.0...v1.5.0
retpoline
types: Imported Address, Indirect Branch and Switchable retpoline #70.SerialNumber
, SignatureAlgorithm
and PubKeyAlgorithm
to the CertInfo
#60.POGO
debug entry types #68.Authentihash()
for instances w/o fd thanks to flanfly #47.RichHeader.XorKey
-> RichHeader.XORKey
.Rva
substring -> RVA
and any Iat
substring -> IAT
.*pkcs7.PKCS7
to pkcs7.PKCS7
.Section.Entropy
changed from float64
to float64*
to distinguish between the case when the section entropy is equal to zero and the case when the entropy is equal to nil - meaning that it was never calculated.cobra
dependency from cmd/pedumper
#56.Full Changelog: https://github.com/saferwall/pe/compare/v1.3.0...v1.4.0
HasImports()
#42..File
structure #44.adjustSectionAlignment()
thanks to wanglei-coder #40.Close()
function that missed a call to unmap()
thanks to Mamba24L8.Full Changelog: https://github.com/saferwall/pe/compare/v1.2.0...v1.3.0
GetData()
and GetRVAFromOffset()
and GetOffsetFromRva()
helper routines public.skipCertVerification
in security directory.GetExportFunctionByRVA()
and out of bounds when calculating symbolAddress
in export directory #28.readUnicodeStringAtRVA()
#26.New()
to customize max of relocations entries and COFF symbols to parse.@Max Altgelt
.readASCIIStringAtOffset()
out of bounds exception.