当前位置: 首页>>代码示例>>Golang>>正文


Golang pe.Open函数代码示例

本文整理汇总了Golang中debug/pe.Open函数的典型用法代码示例。如果您正苦于以下问题:Golang Open函数的具体用法?Golang Open怎么用?Golang Open使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了Open函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: IsPE

func IsPE(fPath string) error {
	if _, err := pe.Open(fPath); err != nil {
		return err
	}

	return nil
}
开发者ID:hcninja,项目名称:malpic,代码行数:7,代码来源:anal.go

示例2: pclnPE

func pclnPE() (textStart uint64, symtab, pclntab []byte, err error) {
	f, err := pe.Open(*flagCompiler)
	if err != nil {
		return
	}
	defer f.Close()

	var imageBase uint64
	switch oh := f.OptionalHeader.(type) {
	case *pe.OptionalHeader32:
		imageBase = uint64(oh.ImageBase)
	case *pe.OptionalHeader64:
		imageBase = oh.ImageBase
	default:
		return 0, nil, nil, fmt.Errorf("pe file format not recognized")
	}
	if sect := f.Section(".text"); sect != nil {
		textStart = imageBase + uint64(sect.VirtualAddress)
	}
	if pclntab, err = loadPETable(f, "runtime.pclntab", "runtime.epclntab"); err != nil {
		return
	}
	if symtab, err = loadPETable(f, "runtime.symtab", "runtime.esymtab"); err != nil {
		return
	}

	return
}
开发者ID:BenLubar,项目名称:bit,代码行数:28,代码来源:main.go

示例3: getDwarf

func getDwarf(execname string) *dwarf.Data {
	e, err := elf.Open(execname)
	if err == nil {
		defer e.Close()
		d, err := e.DWARF()
		if err == nil {
			return d
		}
	}
	m, err := macho.Open(execname)
	if err == nil {
		defer m.Close()
		d, err := m.DWARF()
		if err == nil {
			return d
		}
	}
	p, err := pe.Open(execname)
	if err == nil {
		defer p.Close()
		d, err := p.DWARF()
		if err == nil {
			return d
		}
	}
	log.Fatal("can't get dwarf info from executable", err)
	return nil
}
开发者ID:lamproae,项目名称:hprof,代码行数:28,代码来源:parser.go

示例4: openBinary

func openBinary(name string) (Binary, error) {
	f, err := os.Open(name)
	if err != nil {
		return nil, err
	}
	magic := make([]byte, 4)
	if _, err := f.ReadAt(magic[:], 0); err != nil {
		return nil, err
	}

	if bytes.HasPrefix(magic, []byte{0x7f, 'E', 'L', 'F'}) {
		e, err := elf.NewFile(f)
		if err != nil {
			return nil, err
		}
		return &elfBinary{File: e}, nil
	} else if bytes.HasPrefix(magic, []byte{'M', 'Z'}) {
		p, err := pe.Open(name)
		if err != nil {
			return nil, err
		}
		return &peBinary{File: p}, nil
	} else if bytes.HasPrefix(magic, []byte{0xcf, 0xfa, 0xed, 0xfe}) {
		m, err := macho.Open(name)
		if err != nil {
			return nil, err
		}
		return &machoBinary{File: m}, nil
	}
	return nil, fmt.Errorf("unsupported binary format")
}
开发者ID:ebfe,项目名称:gover,代码行数:31,代码来源:main.go

示例5: PEAnal

func PEAnal(input string, symbolsDump bool) ([][]int, error) {
	// An array of arrays for storing the section offsets
	var sectionData [][]int

	fmt.Printf("[+] Analyzing binary: %s\n", input)

	// Check for executable type
	peFmt, err := pe.Open(input)
	if err != nil {
		fmt.Println("[!] This is not a valid PE file")
		return sectionData, nil
	}
	defer peFmt.Close()

	fmt.Println("[+] This is a valid PE file")
	fmt.Printf("[+] Number of sections: %d\n", peFmt.NumberOfSections)
	sections := peFmt.Sections

	for k := range sections {
		sec := sections[k]
		secName := sec.Name
		secSize := sec.Size
		secOffset := sec.Offset + 1
		secEnd := secOffset + secSize - 1
		secVSize := sec.VirtualSize
		secVAddr := sec.VirtualAddress

		fmt.Printf("\t Name: %s\n", secName)
		fmt.Printf("\t Size: %d\n", secSize)
		fmt.Printf("\t Offset: %d\n", secOffset)
		fmt.Printf("\t Section end: %d\n", secEnd)
		fmt.Printf("\t Virtual size: %d\n", secVSize)
		fmt.Printf("\t Virtual address: %d\n", secVAddr)
		fmt.Println("")

		sectionData = append(sectionData, []int{int(secOffset), int(secEnd)})
	}

	numberOfSymbols := peFmt.NumberOfSymbols
	fmt.Printf("[+] Found %d symbols\n", numberOfSymbols)
	if numberOfSymbols > 0 && symbolsDump {
		symbols := peFmt.Symbols

		for k := range symbols {
			sym := symbols[k]
			symName := sym.Name
			// symType := sym.Type
			// symValue := sym.Value

			fmt.Printf("\t Name: %s\n", symName)
			// fmt.Printf("\t\t Type: %d", symType)
			// fmt.Printf("\t\t Value: %d", symValue)
		}
		fmt.Println("")
	}

	return sectionData, nil
}
开发者ID:hcninja,项目名称:malpic,代码行数:58,代码来源:anal.go

示例6: doit

func doit(path string) error {
	f, e := pe.Open(path)
	check(e)

	ws, e := workspace.New(workspace.ARCH_X86, workspace.MODE_32)
	check(e)

	loader, e := peloader.New(path, f)
	check(e)

	m, e := loader.Load(ws)
	check(e)

	e = ws.Disassemble(m.EntryPoint, 0x30, os.Stdout)
	check(e)

	emu, e := ws.GetEmulator()
	check(e)

	emu.SetInstructionPointer(m.EntryPoint)

	log.Printf("emudbg: start: 0x%x", emu.GetInstructionPointer())

	e = doloop(emu)
	check(e)

	return nil
}
开发者ID:williballenthin,项目名称:Lancelot,代码行数:28,代码来源:emudbg.go

示例7: main

func main() {
	file, err := pe.Open("Hello.exe")
	if err != nil {
		log.Fatalf("failed opening file: %s", err)
	}
	defer file.Close()
	printFileInformation(file)
}
开发者ID:rrudduck,项目名称:golang-stuff,代码行数:8,代码来源:pe.go

示例8: dynimport

func dynimport(obj string) {
	if f, err := elf.Open(obj); err == nil {
		sym, err := f.ImportedSymbols()
		if err != nil {
			fatalf("cannot load imported symbols from ELF file %s: %v", obj, err)
		}
		for _, s := range sym {
			targ := s.Name
			if s.Version != "" {
				targ += "@" + s.Version
			}
			fmt.Printf("#pragma dynimport %s %s %q\n", s.Name, targ, s.Library)
		}
		lib, err := f.ImportedLibraries()
		if err != nil {
			fatalf("cannot load imported libraries from ELF file %s: %v", obj, err)
		}
		for _, l := range lib {
			fmt.Printf("#pragma dynimport _ _ %q\n", l)
		}
		return
	}

	if f, err := macho.Open(obj); err == nil {
		sym, err := f.ImportedSymbols()
		if err != nil {
			fatalf("cannot load imported symbols from Mach-O file %s: %v", obj, err)
		}
		for _, s := range sym {
			if len(s) > 0 && s[0] == '_' {
				s = s[1:]
			}
			fmt.Printf("#pragma dynimport %s %s %q\n", s, s, "")
		}
		lib, err := f.ImportedLibraries()
		if err != nil {
			fatalf("cannot load imported libraries from Mach-O file %s: %v", obj, err)
		}
		for _, l := range lib {
			fmt.Printf("#pragma dynimport _ _ %q\n", l)
		}
		return
	}

	if f, err := pe.Open(obj); err == nil {
		sym, err := f.ImportedSymbols()
		if err != nil {
			fatalf("cannot load imported symbols from PE file %s: %v", obj, err)
		}
		for _, s := range sym {
			ss := strings.Split(s, ":", -1)
			fmt.Printf("#pragma dynimport %s %s %q\n", ss[0], ss[0], strings.ToLower(ss[1]))
		}
		return
	}

	fatalf("cannot parse %s as ELF, Mach-O or PE", obj)
}
开发者ID:jnwhiteh,项目名称:go,代码行数:58,代码来源:out.go

示例9: gccDebug

// gccDebug runs gcc -gdwarf-2 over the C program stdin and
// returns the corresponding DWARF data and, if present, debug data block.
func (p *Package) gccDebug(stdin []byte) (*dwarf.Data, binary.ByteOrder, []byte) {
	runGcc(stdin, p.gccCmd())

	if f, err := macho.Open(gccTmp); err == nil {
		d, err := f.DWARF()
		if err != nil {
			fatalf("cannot load DWARF output from %s: %v", gccTmp, err)
		}
		var data []byte
		if f.Symtab != nil {
			for i := range f.Symtab.Syms {
				s := &f.Symtab.Syms[i]
				// Mach-O still uses a leading _ to denote non-assembly symbols.
				if s.Name == "_"+"__cgodebug_data" {
					// Found it.  Now find data section.
					if i := int(s.Sect) - 1; 0 <= i && i < len(f.Sections) {
						sect := f.Sections[i]
						if sect.Addr <= s.Value && s.Value < sect.Addr+sect.Size {
							if sdat, err := sect.Data(); err == nil {
								data = sdat[s.Value-sect.Addr:]
							}
						}
					}
				}
			}
		}
		return d, f.ByteOrder, data
	}

	// Can skip debug data block in ELF and PE for now.
	// The DWARF information is complete.

	if f, err := elf.Open(gccTmp); err == nil {
		d, err := f.DWARF()
		if err != nil {
			fatalf("cannot load DWARF output from %s: %v", gccTmp, err)
		}
		return d, f.ByteOrder, nil
	}

	if f, err := pe.Open(gccTmp); err == nil {
		d, err := f.DWARF()
		if err != nil {
			fatalf("cannot load DWARF output from %s: %v", gccTmp, err)
		}
		return d, binary.LittleEndian, nil
	}

	fatalf("cannot parse gcc output %s as ELF, Mach-O, PE object", gccTmp)
	panic("not reached")
}
开发者ID:WXB506,项目名称:golang,代码行数:53,代码来源:gcc.go

示例10: Open

func Open(name string) (binaryx.File, error) {
	elfBinary, err := elf.Open(name)
	if err == nil {
		return newFile(&elfx.File{elfBinary})
	}
	machoBinary, err := macho.Open(name)
	if err == nil {
		return newFile(&machox.File{machoBinary})
	}
	peBinary, err := pe.Open(name)
	if err == nil {
		return newFile(&pex.File{peBinary})
	}
	return nil, err
}
开发者ID:ArtemKulyabin,项目名称:bre,代码行数:15,代码来源:file.go

示例11: listSections

func listSections(path string) error {
	f, err := pe.Open(path)
	if err != nil {
		return err
	}
	defer f.Close()

	// print sections
	fmt.Println()
	fmt.Println("Sections:")
	fmt.Println()
	fmt.Printf("idx virtual virtual    disk    disk   reloc  reloc     mask\n")
	fmt.Printf("    address    size  offset    size  offset    qty         \n")
	fmt.Printf("--- ------- ------- ------- ------- ------- ------ --------\n")
	for i, s := range f.Sections {
		fmt.Printf("%3d %7x %7x %7x %7x %7x %6d %x %s\n",
			i+1, s.VirtualAddress, s.VirtualSize, s.Offset, s.Size,
			s.PointerToRelocations, s.NumberOfRelocations,
			s.Characteristics, s.Name)
	}

	// print alignments
	fmt.Println()
	switch oh := f.OptionalHeader.(type) {
	case nil:
		fmt.Printf("no section or file alignment (no optional header present)\n")
	case *pe.OptionalHeader32:
		fmt.Printf("section alignment is 0x%x\n", oh.SectionAlignment)
		fmt.Printf("file alignment is 0x%x\n", oh.FileAlignment)
	case *pe.OptionalHeader64:
		fmt.Printf("section alignment is 0x%x\n", oh.SectionAlignment)
		fmt.Printf("file alignment is 0x%x\n", oh.FileAlignment)
	default:
		panic("unknown OptionalHeader type")
	}

	// print symbols
	return printSymbols(f)

	// TODO: I am not sure I want to print coff strings here
	fmt.Println()
	fmt.Println("Strings:")
	fmt.Println()
	fmt.Print(hex.Dump(f.StringTable))
	return nil
}
开发者ID:alexbrainman,项目名称:goissue10776,代码行数:46,代码来源:pedump.go

示例12: Exe

// Exe returns architecture of execute file.
func Exe(name string) (CPU, error) {
	f, err := pe.Open(name)
	if err != nil {
		if os.IsNotExist(err) {
			return OS()
		}
		return 0, err
	}
	defer f.Close()

	switch f.FileHeader.Machine {
	case 0x014c:
		return X86, nil
	case 0x8664:
		return AMD64, nil
	}
	return 0, ErrorUnknownArch
}
开发者ID:koron,项目名称:upvim,代码行数:19,代码来源:arch.go

示例13: loadArch

func loadArch(name string) (arch string, err error) {
	f, err := pe.Open(name)
	if err != nil {
		if os.IsNotExist(err) {
			err = nil
		}
		return
	}
	defer f.Close()

	switch f.FileHeader.Machine {
	case 0x014c:
		arch = "x86"
	case 0x8664:
		arch = "amd64"
	}
	return
}
开发者ID:koron,项目名称:upgorade,代码行数:18,代码来源:util.go

示例14: PEAnal

func PEAnal(input string) ([]SectionData, []string, []string, error) {
	// An array of arrays for storing the section offsets
	var sectionData []SectionData

	// Check for executable type
	peFmt, err := pe.Open(input)
	if err != nil {
		return sectionData, nil, nil, NotValidPEFileError
	}
	defer peFmt.Close()

	// Extract sections
	sections := peFmt.Sections
	for k := range sections {
		sec := sections[k]
		secName := sec.Name
		secSize := sec.Size
		secOffset := sec.Offset + 1
		secEnd := secOffset + secSize - 1

		sd := SectionData{
			Name:   secName,
			Size:   int(secSize),
			Offset: int(secOffset),
			End:    int(secEnd),
		}

		sectionData = append(sectionData, sd)
	}

	// Get imported symbols
	symbolsArr, err := peFmt.ImportedSymbols()
	if err != nil {
		return sectionData, nil, nil, err
	}

	// Get imported libraries
	libraries, err := peFmt.ImportedLibraries()
	if err != nil {
		return sectionData, nil, nil, err
	}

	return sectionData, libraries, symbolsArr, nil
}
开发者ID:SecurityArtWork,项目名称:MEMT,代码行数:44,代码来源:anal.go

示例15: dumpSection

func dumpSection(path string, name string) error {
	f, err := pe.Open(path)
	if err != nil {
		return err
	}
	defer f.Close()

	sect := f.Section(name)
	if sect == nil {
		return fmt.Errorf("could not find section %q", name)
	}
	data, err := sect.Data()
	if err != nil {
		return err
	}
	fmt.Print(hex.Dump(data))

	return printRelocations(f, sect)
}
开发者ID:alexbrainman,项目名称:goissue10776,代码行数:19,代码来源:pedump.go


注:本文中的debug/pe.Open函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。