當前位置: 首頁>>代碼示例>>Golang>>正文

Golang pe.NewFile函數代碼示例

本文整理匯總了Golang中debug/pe.NewFile函數的典型用法代碼示例。如果您正苦於以下問題:Golang NewFile函數的具體用法?Golang NewFile怎麽用?Golang NewFile使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了NewFile函數的14個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。

示例1: openExecutablePath

func openExecutablePath(path string) (*pe.File, error) {
	f, err := os.OpenFile(path, 0, os.ModePerm)
	if err != nil {
		return nil, err
	}
	return pe.NewFile(f)
}
開發者ID:alexbrainman,項目名稱:delve,代碼行數:7,代碼來源:proc_windows.go

示例2: CheckPE

func CheckPE(file string) bool {

	r := _ioReader(file)    //reader interface for file
	f, err := pe.NewFile(r) //open the file as a PE
	if err != nil {
		return false //Not a PE file
	}

	//Reading DOS header
	var dosheader [96]byte
	r.ReadAt(dosheader[0:], 0)
	if dosheader[0] == 'M' && dosheader[1] == 'Z' { //if we get MZ
		signoff := int64(binary.LittleEndian.Uint32(dosheader[0x3c:]))
		var sign [4]byte
		r.ReadAt(sign[:], signoff)
		if !(sign[0] == 'P' && sign[1] == 'E' && sign[2] == 0 && sign[3] == 0) { //if not PE\0\0
			return false //Invalid PE File Format
		}
	}
	if (f.Characteristics & 0x2000) == 0x2000 { //IMAGE_FILE_DLL signature
		return false //it's a DLL, OCX, CPL file, we want a EXE file
	}

	f.Close()
	return true //it is a valid EXE file

}
開發者ID:postfix,項目名稱:go-liora,代碼行數:27,代碼來源:win32.liora.b.go

示例3: Open

func Open(files string) {
	file := ioReader(files)

	f, err := pe.NewFile(file)
	if err != nil {
		return
	}

}
開發者ID:FloydZ,項目名稱:peextendgo,代碼行數:9,代碼來源:structs.go

示例4: loadTables

func loadTables(f *os.File) (textStart uint64, symtab, pclntab []byte, err error) {
	if obj, err := elf.NewFile(f); err == nil {
		if sect := obj.Section(".text"); sect != nil {
			textStart = sect.Addr
		}
		if sect := obj.Section(".gosymtab"); sect != nil {
			if symtab, err = sect.Data(); err != nil {
				return 0, nil, nil, err
			}
		}
		if sect := obj.Section(".gopclntab"); sect != nil {
			if pclntab, err = sect.Data(); err != nil {
				return 0, nil, nil, err
			}
		}
		return textStart, symtab, pclntab, nil
	}

	if obj, err := macho.NewFile(f); err == nil {
		if sect := obj.Section("__text"); sect != nil {
			textStart = sect.Addr
		}
		if sect := obj.Section("__gosymtab"); sect != nil {
			if symtab, err = sect.Data(); err != nil {
				return 0, nil, nil, err
			}
		}
		if sect := obj.Section("__gopclntab"); sect != nil {
			if pclntab, err = sect.Data(); err != nil {
				return 0, nil, nil, err
			}
		}
		return textStart, symtab, pclntab, nil
	}

	if obj, err := pe.NewFile(f); err == nil {
		if sect := obj.Section(".text"); sect != nil {
			textStart = uint64(sect.VirtualAddress)
		}
		if sect := obj.Section(".gosymtab"); sect != nil {
			if symtab, err = sect.Data(); err != nil {
				return 0, nil, nil, err
			}
		}
		if sect := obj.Section(".gopclntab"); sect != nil {
			if pclntab, err = sect.Data(); err != nil {
				return 0, nil, nil, err
			}
		}
		return textStart, symtab, pclntab, nil
	}

	return 0, nil, nil, fmt.Errorf("unrecognized binary format")
}
開發者ID:TomHoenderdos,項目名稱:go-sunos,代碼行數:54,代碼來源:main.go

示例5: openPE

func openPE(r *os.File) (rawFile, error) {
	f, err := pe.NewFile(r)
	if err != nil {
		return nil, err
	}
	switch f.OptionalHeader.(type) {
	case *pe.OptionalHeader32, *pe.OptionalHeader64:
		// ok
	default:
		return nil, fmt.Errorf("unrecognized PE format")
	}
	return &peFile{f}, nil
}
開發者ID:danny8002,項目名稱:go,代碼行數:13,代碼來源:pe.go

示例6: NewFile

func NewFile(r io.ReaderAt) (binaryx.File, error) {
	elfBinary, err := elf.NewFile(r)
	if err == nil {
		return newFile(&elfx.File{elfBinary})
	}
	machoBinary, err := macho.NewFile(r)
	if err == nil {
		return newFile(&machox.File{machoBinary})
	}
	peBinary, err := pe.NewFile(r)
	if err == nil {
		return newFile(&pex.File{peBinary})
	}
	return nil, err
}
開發者ID:ArtemKulyabin,項目名稱:bre,代碼行數:15,代碼來源:file.go

示例7: findExecutable

func (dbp *Process) findExecutable(path string) (*pe.File, error) {
	if path == "" {
		// TODO: Find executable path from PID/handle on Windows:
		// https://msdn.microsoft.com/en-us/library/aa366789(VS.85).aspx
		return nil, fmt.Errorf("not yet implemented")
	}
	f, err := os.OpenFile(path, 0, os.ModePerm)
	if err != nil {
		return nil, err
	}
	peFile, err := pe.NewFile(f)
	if err != nil {
		return nil, err
	}
	dbp.dwarf, err = dwarfFromPE(peFile)
	if err != nil {
		return nil, err
	}
	return peFile, nil
}
開發者ID:DuoSoftware,項目名稱:v6engine-deps,代碼行數:20,代碼來源:proc_windows.go

示例8: peSymbols

func peSymbols(f *os.File) []Sym {
	p, err := pe.NewFile(f)
	if err != nil {
		errorf("parsing %s: %v", f.Name(), err)
		return nil
	}

	var syms []Sym
	for _, s := range p.Symbols {
		sym := Sym{Name: s.Name, Addr: uint64(s.Value), Code: '?'}
		if s.SectionNumber == 0 {
			sym.Code = 'U'
		} else if int(s.SectionNumber) <= len(p.Sections) {
			sect := p.Sections[s.SectionNumber-1]
			const (
				text  = 0x20
				data  = 0x40
				bss   = 0x80
				permX = 0x20000000
				permR = 0x40000000
				permW = 0x80000000
			)
			ch := sect.Characteristics
			switch {
			case ch&text != 0:
				sym.Code = 'T'
			case ch&data != 0:
				if ch&permW == 0 {
					sym.Code = 'R'
				} else {
					sym.Code = 'D'
				}
			case ch&bss != 0:
				sym.Code = 'B'
			}
		}
		syms = append(syms, sym)
	}

	return syms
}
開發者ID:TomHoenderdos,項目名稱:go-sunos,代碼行數:41,代碼來源:pe.go

示例9: zipExeReaderPe

// zipExeReaderPe treats the file as a Portable Exectuable binary
// (Windows executable) and attempts to find a zip archive.
func zipExeReaderPe(rda io.ReaderAt, size int64) (*zip.Reader, error) {
	file, err := pe.NewFile(rda)
	if err != nil {
		return nil, err
	}

	var max int64
	for _, sec := range file.Sections {
		// Check if this section has a zip file
		if zfile, err := zip.NewReader(sec, int64(sec.Size)); err == nil {
			return zfile, nil
		}

		// Otherwise move end of file pointer
		end := int64(sec.Offset + sec.Size)
		if end > max {
			max = end
		}
	}

	// No zip file within binary, try appended to end
	section := io.NewSectionReader(rda, max, size-max)
	return zip.NewReader(section, section.Size())
}
開發者ID:Skarlso,項目名稱:slick,代碼行數:26,代碼來源:zipexe.go

示例10: grabDebugLineSection

func grabDebugLineSection(p string, t *testing.T) []byte {
	f, err := os.Open(p)
	if err != nil {
		t.Fatal(err)
	}
	defer f.Close()

	ef, err := elf.NewFile(f)
	if err == nil {
		data, _ := ef.Section(".debug_line").Data()
		return data
	}

	pf, err := pe.NewFile(f)
	if err == nil {
		data, _ := pf.Section(".debug_line").Data()
		return data
	}

	mf, _ := macho.NewFile(f)
	data, _ := mf.Section("__debug_line").Data()

	return data
}
開發者ID:alexbrainman,項目名稱:delve,代碼行數:24,代碼來源:line_parser_test.go

示例11: ldpeError

func ldpeError(ctxt *Link, input *bio.Reader, pkg string, length int64, pn string) error {
	if ctxt.Debugvlog != 0 {
		ctxt.Logf("%5.2f ldpe %s\n", obj.Cputime(), pn)
	}

	localSymVersion := ctxt.Syms.IncVersion()

	sectsyms := make(map[*pe.Section]*Symbol)
	sectdata := make(map[*pe.Section][]byte)

	// Some input files are archives containing multiple of
	// object files, and pe.NewFile seeks to the start of
	// input file and get confused. Create section reader
	// to stop pe.NewFile looking before current position.
	sr := io.NewSectionReader((*peBiobuf)(input), input.Offset(), 1<<63-1)

	// TODO: replace pe.NewFile with pe.Load (grep for "add Load function" in debug/pe for details)
	f, err := pe.NewFile(sr)
	if err != nil {
		return err
	}
	defer f.Close()

	// TODO return error if found .cormeta

	// create symbols for mapped sections
	for _, sect := range f.Sections {
		if sect.Characteristics&IMAGE_SCN_MEM_DISCARDABLE != 0 {
			continue
		}

		if sect.Characteristics&(IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA) == 0 {
			// This has been seen for .idata sections, which we
			// want to ignore. See issues 5106 and 5273.
			continue
		}

		data, err := sect.Data()
		if err != nil {
			return err
		}
		sectdata[sect] = data

		name := fmt.Sprintf("%s(%s)", pkg, sect.Name)
		s := ctxt.Syms.Lookup(name, localSymVersion)

		switch sect.Characteristics & (IMAGE_SCN_CNT_UNINITIALIZED_DATA | IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE | IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE) {
		case IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ: //.rdata
			s.Type = obj.SRODATA

		case IMAGE_SCN_CNT_UNINITIALIZED_DATA | IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE: //.bss
			s.Type = obj.SNOPTRBSS

		case IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE: //.data
			s.Type = obj.SNOPTRDATA

		case IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ: //.text
			s.Type = obj.STEXT

		default:
			return fmt.Errorf("unexpected flags %#06x for PE section %s", sect.Characteristics, sect.Name)
		}

		s.P = data
		s.Size = int64(len(data))
		sectsyms[sect] = s
		if sect.Name == ".rsrc" {
			setpersrc(ctxt, s)
		}
	}

	// load relocations
	for _, rsect := range f.Sections {
		if _, found := sectsyms[rsect]; !found {
			continue
		}
		if rsect.NumberOfRelocations == 0 {
			continue
		}
		if rsect.Characteristics&IMAGE_SCN_MEM_DISCARDABLE != 0 {
			continue
		}
		if rsect.Characteristics&(IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_CNT_UNINITIALIZED_DATA) == 0 {
			// This has been seen for .idata sections, which we
			// want to ignore. See issues 5106 and 5273.
			continue
		}

		rs := make([]Reloc, rsect.NumberOfRelocations)
		for j, r := range rsect.Relocs {
			rp := &rs[j]
			if int(r.SymbolTableIndex) >= len(f.COFFSymbols) {
				return fmt.Errorf("relocation number %d symbol index idx=%d cannot be large then number of symbols %d", j, r.SymbolTableIndex, len(f.COFFSymbols))
			}
			pesym := &f.COFFSymbols[r.SymbolTableIndex]
			gosym, err := readpesym(ctxt, f, pesym, sectsyms, localSymVersion)
			if err != nil {
				return err
			}
			if gosym == nil {
//.........這裏部分代碼省略.........
開發者ID:achanda,項目名稱:go,代碼行數:101,代碼來源:ldpe.go

示例12: loadTables

func loadTables(f *os.File) (textStart uint64, textData, symtab, pclntab []byte, err error) {
	if obj, err := elf.NewFile(f); err == nil {
		if sect := obj.Section(".text"); sect != nil {
			textStart = sect.Addr
			textData, _ = sect.Data()
		}
		if sect := obj.Section(".gosymtab"); sect != nil {
			if symtab, err = sect.Data(); err != nil {
				return 0, nil, nil, nil, err
			}
		}
		if sect := obj.Section(".gopclntab"); sect != nil {
			if pclntab, err = sect.Data(); err != nil {
				return 0, nil, nil, nil, err
			}
		}
		return textStart, textData, symtab, pclntab, nil
	}

	if obj, err := macho.NewFile(f); err == nil {
		if sect := obj.Section("__text"); sect != nil {
			textStart = sect.Addr
			textData, _ = sect.Data()
		}
		if sect := obj.Section("__gosymtab"); sect != nil {
			if symtab, err = sect.Data(); err != nil {
				return 0, nil, nil, nil, err
			}
		}
		if sect := obj.Section("__gopclntab"); sect != nil {
			if pclntab, err = sect.Data(); err != nil {
				return 0, nil, nil, nil, err
			}
		}
		return textStart, textData, symtab, pclntab, nil
	}

	if obj, err := pe.NewFile(f); err == nil {
		var imageBase uint64
		switch oh := obj.OptionalHeader.(type) {
		case *pe.OptionalHeader32:
			imageBase = uint64(oh.ImageBase)
		case *pe.OptionalHeader64:
			imageBase = oh.ImageBase
		default:
			return 0, nil, nil, nil, fmt.Errorf("pe file format not recognized")
		}
		if sect := obj.Section(".text"); sect != nil {
			textStart = imageBase + uint64(sect.VirtualAddress)
			textData, _ = sect.Data()
		}
		if pclntab, err = loadPETable(obj, "pclntab", "epclntab"); err != nil {
			return 0, nil, nil, nil, err
		}
		if symtab, err = loadPETable(obj, "symtab", "esymtab"); err != nil {
			return 0, nil, nil, nil, err
		}
		return textStart, textData, symtab, pclntab, nil
	}

	if obj, err := plan9obj.NewFile(f); err == nil {
		sym, err := findPlan9Symbol(obj, "text")
		if err != nil {
			return 0, nil, nil, nil, err
		}
		textStart = sym.Value
		if sect := obj.Section("text"); sect != nil {
			textData, _ = sect.Data()
		}
		if pclntab, err = loadPlan9Table(obj, "pclntab", "epclntab"); err != nil {
			return 0, nil, nil, nil, err
		}
		if symtab, err = loadPlan9Table(obj, "symtab", "esymtab"); err != nil {
			return 0, nil, nil, nil, err
		}
		return textStart, textData, symtab, pclntab, nil
	}

	return 0, nil, nil, nil, fmt.Errorf("unrecognized binary format")
}
開發者ID:h8liu,項目名稱:golang,代碼行數:80,代碼來源:main.go

示例13: peSymbols

func peSymbols(f *os.File) (syms []Sym, goarch string) {
	p, err := pe.NewFile(f)
	if err != nil {
		errorf("parsing %s: %v", f.Name(), err)
		return
	}

	// Build sorted list of addresses of all symbols.
	// We infer the size of a symbol by looking at where the next symbol begins.
	var addrs []uint64

	var imageBase uint64
	switch oh := p.OptionalHeader.(type) {
	case *pe.OptionalHeader32:
		imageBase = uint64(oh.ImageBase)
		goarch = "386"
	case *pe.OptionalHeader64:
		imageBase = oh.ImageBase
		goarch = "amd64"
	default:
		errorf("parsing %s: file format not recognized", f.Name())
		return
	}

	for _, s := range p.Symbols {
		const (
			N_UNDEF = 0  // An undefined (extern) symbol
			N_ABS   = -1 // An absolute symbol (e_value is a constant, not an address)
			N_DEBUG = -2 // A debugging symbol
		)
		sym := Sym{Name: s.Name, Addr: uint64(s.Value), Code: '?'}
		switch s.SectionNumber {
		case N_UNDEF:
			sym.Code = 'U'
		case N_ABS:
			sym.Code = 'C'
		case N_DEBUG:
			sym.Code = '?'
		default:
			if s.SectionNumber < 0 {
				errorf("parsing %s: invalid section number %d", f.Name(), s.SectionNumber)
				return
			}
			if len(p.Sections) < int(s.SectionNumber) {
				errorf("parsing %s: section number %d is large then max %d", f.Name(), s.SectionNumber, len(p.Sections))
				return
			}
			sect := p.Sections[s.SectionNumber-1]
			const (
				text  = 0x20
				data  = 0x40
				bss   = 0x80
				permX = 0x20000000
				permR = 0x40000000
				permW = 0x80000000
			)
			ch := sect.Characteristics
			switch {
			case ch&text != 0:
				sym.Code = 'T'
			case ch&data != 0:
				if ch&permW == 0 {
					sym.Code = 'R'
				} else {
					sym.Code = 'D'
				}
			case ch&bss != 0:
				sym.Code = 'B'
			}
			sym.Addr += imageBase + uint64(sect.VirtualAddress)
		}
		syms = append(syms, sym)
		addrs = append(addrs, sym.Addr)
	}

	sort.Sort(uint64s(addrs))
	for i := range syms {
		j := sort.Search(len(addrs), func(x int) bool { return addrs[x] > syms[i].Addr })
		if j < len(addrs) {
			syms[i].Size = int64(addrs[j] - syms[i].Addr)
		}
	}

	return
}
開發者ID:h8liu,項目名稱:golang,代碼行數:85,代碼來源:pe.go

示例14: check

func check(fname string) error {
	f, err := os.Open(fname)
	if err != nil {
		return err
	}
	defer f.Close()

	pefile, err := pe.NewFile(f)
	if err != nil {
		return err
	}

	dch := getDllCharacteristics(pefile)
	subsystem := getSubsystem(pefile)

	if flagVerbose {
		log.Printf("   Machine = 0x%04d\n", pefile.Machine)
		log.Printf("   Subsystem = %d\n", subsystem)
		log.Printf("   DllCharacteristics = 0x%04x\n", dch)
	}

	// Device drivers always have these flags set.
	if subsystem != IMAGE_SUBSYSTEM_NATIVE {
		if dch&IMAGE_DLLCHARACTERISTICS_NX_COMPAT == 0 {
			fmt.Printf("%s:does not have NXCOMPAT bit set\n", fname)
		}
		if dch&IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE == 0 {
			fmt.Printf("%s:does not have DYNAMICBASE bit set\n", fname)
		}
	}

	// Check for the /GS flag
	dir, err := readImageLoadConfigDirectory(pefile)
	if err != nil {
		return err
	}
	if dir != nil {
		var securityCookie uint64
		switch imdir := dir.(type) {
		case *ImageLoadConfigDirectory32:
			securityCookie = uint64(imdir.SecurityCookie)
		case *ImageLoadConfigDirectory64:
			securityCookie = imdir.SecurityCookie
		default:
			panic("bad load config directory type")
		}

		if flagVerbose {
			log.Printf("   SecurityCookie = 0x%x", securityCookie)
		}
		if securityCookie == 0 {
			fmt.Printf("%s:does not use security cookies\n", fname)
		}

		// Check for SAFESEH on Windows x86 only
		if pefile.Machine == pe.IMAGE_FILE_MACHINE_I386 {
			if dch&IMAGE_DLLCHARACTERISTICS_NO_SEH == 0 {
				handlerTable := dir.(*ImageLoadConfigDirectory32).SEHandlerTable
				handlerCount := dir.(*ImageLoadConfigDirectory32).SEHandlerTable

				if handlerTable == 0 {
					fmt.Printf("%s:does not use SAFESEH\n", fname)
				}

				if flagVerbose {
					log.Printf("   SEHandlerTable = 0x%x\n", handlerTable)
					log.Printf("   SEHandlerCount = 0x%x\n", handlerCount)
				}
			} else if flagVerbose {
				log.Println("   Skipping SAFESEH check because image has NO_SEH bit set")
			}
		} else if flagVerbose {
			log.Println("   Skipping SAFESEH check on non-x86 file")
		}
	}

	// Check for R/W shared image sections
	var rwSharedFlags uint32 = IMAGE_SCN_MEM_SHARED | IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE
	for _, section := range pefile.Sections {
		if section.Characteristics&rwSharedFlags == rwSharedFlags {
			fmt.Printf("%s:has a R/W shared section named %s\n", fname, section.Name)
		}
	}

	return nil
}
開發者ID:postfix,項目名稱:binscope,代碼行數:86,代碼來源:main.go


注:本文中的debug/pe.NewFile函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。