LIEF: Library to Instrument Executable Formats Version 0.15.0
Loading...
Searching...
No Matches
PE/utils.hpp
1/* Copyright 2017 - 2024 R. Thomas
2 * Copyright 2017 - 2024 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_PE_UTILS_H
17#define LIEF_PE_UTILS_H
18#include <vector>
19#include <string>
20
21#include "LIEF/PE/enums.hpp"
22#include "LIEF/visibility.h"
23#include "LIEF/errors.hpp"
24
25namespace LIEF {
26class BinaryStream;
27
28namespace PE {
29class Binary;
30class Import;
31
33enum class IMPHASH_MODE {
34 DEFAULT = 0,
35 LIEF = DEFAULT,
36 PEFILE,
37 VT = PEFILE,
38};
39
40//Check if the given stream wraps a PE binary
41LIEF_API bool is_pe(BinaryStream& stream);
42
44LIEF_API bool is_pe(const std::string& file);
45
47LIEF_API bool is_pe(const std::vector<uint8_t>& raw);
48
50LIEF_API result<PE_TYPE> get_type(const std::string& file);
51
53LIEF_API result<PE_TYPE> get_type(const std::vector<uint8_t>& raw);
54
55// In this case we assume that stream contains a valid PE stream
56LIEF_LOCAL result<PE_TYPE> get_type_from_stream(BinaryStream& stream);
57
71LIEF_API std::string get_imphash(const Binary& binary, IMPHASH_MODE mode = IMPHASH_MODE::DEFAULT);
72
84LIEF_API result<Import> resolve_ordinals(const Import& import, bool strict=false, bool use_std=false);
85
86LIEF_API ALGORITHMS algo_from_oid(const std::string& oid);
87}
88}
89#endif
LIEF::BinaryStream
Class that is used to a read stream of data from different sources.
Definition BinaryStream.hpp:34
LIEF::PE::Binary
Class which represents a PE binary This is the main interface to manage and modify a PE executable.
Definition PE/Binary.hpp:54
LIEF::PE::Import
Class that represents a PE import.
Definition Import.hpp:40
LIEF::PE::ALGORITHMS
ALGORITHMS
Cryptography algorithms.
Definition PE/enums.hpp:686
LIEF::PE::get_imphash
std::string get_imphash(const Binary &binary, IMPHASH_MODE mode=IMPHASH_MODE::DEFAULT)
Compute the hash of imported functions.
LIEF::PE::get_type
result< PE_TYPE > get_type(const std::string &file)
if the input file is a PE one, return PE32 or PE32+
LIEF::PE::resolve_ordinals
result< Import > resolve_ordinals(const Import &import, bool strict=false, bool use_std=false)
Take a PE::Import as entry and try to resolve imports by ordinal.
LIEF::PE::IMPHASH_MODE
IMPHASH_MODE
Enum to define the behavior of LIEF::PE::get_imphash.
Definition PE/utils.hpp:33
LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:32
LIEF::result
tl::expected< T, lief_errors > result
Wrapper that contains an Object (T) or an error.
Definition errors.hpp:72
Generated by doxygen 1.10.0