本文整理汇总了Golang中debug/pe.Open函数的典型用法代码示例。如果您正苦于以下问题:Golang Open函数的具体用法?Golang Open怎么用?Golang Open使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Open函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: IsPE
func IsPE(fPath string) error {
if _, err := pe.Open(fPath); err != nil {
return err
}
return nil
}
开发者ID:hcninja,项目名称:malpic,代码行数:7,代码来源:anal.go
示例2: pclnPE
func pclnPE() (textStart uint64, symtab, pclntab []byte, err error) {
f, err := pe.Open(*flagCompiler)
if err != nil {
return
}
defer f.Close()
var imageBase uint64
switch oh := f.OptionalHeader.(type) {
case *pe.OptionalHeader32:
imageBase = uint64(oh.ImageBase)
case *pe.OptionalHeader64:
imageBase = oh.ImageBase
default:
return 0, nil, nil, fmt.Errorf("pe file format not recognized")
}
if sect := f.Section(".text"); sect != nil {
textStart = imageBase + uint64(sect.VirtualAddress)
}
if pclntab, err = loadPETable(f, "runtime.pclntab", "runtime.epclntab"); err != nil {
return
}
if symtab, err = loadPETable(f, "runtime.symtab", "runtime.esymtab"); err != nil {
return
}
return
}
开发者ID:BenLubar,项目名称:bit,代码行数:28,代码来源:main.go
示例3: getDwarf
func getDwarf(execname string) *dwarf.Data {
e, err := elf.Open(execname)
if err == nil {
defer e.Close()
d, err := e.DWARF()
if err == nil {
return d
}
}
m, err := macho.Open(execname)
if err == nil {
defer m.Close()
d, err := m.DWARF()
if err == nil {
return d
}
}
p, err := pe.Open(execname)
if err == nil {
defer p.Close()
d, err := p.DWARF()
if err == nil {
return d
}
}
log.Fatal("can't get dwarf info from executable", err)
return nil
}
开发者ID:lamproae,项目名称:hprof,代码行数:28,代码来源:parser.go
示例4: openBinary
func openBinary(name string) (Binary, error) {
f, err := os.Open(name)
if err != nil {
return nil, err
}
magic := make([]byte, 4)
if _, err := f.ReadAt(magic[:], 0); err != nil {
return nil, err
}
if bytes.HasPrefix(magic, []byte{0x7f, 'E', 'L', 'F'}) {
e, err := elf.NewFile(f)
if err != nil {
return nil, err
}
return &elfBinary{File: e}, nil
} else if bytes.HasPrefix(magic, []byte{'M', 'Z'}) {
p, err := pe.Open(name)
if err != nil {
return nil, err
}
return &peBinary{File: p}, nil
} else if bytes.HasPrefix(magic, []byte{0xcf, 0xfa, 0xed, 0xfe}) {
m, err := macho.Open(name)
if err != nil {
return nil, err
}
return &machoBinary{File: m}, nil
}
return nil, fmt.Errorf("unsupported binary format")
}
开发者ID:ebfe,项目名称:gover,代码行数:31,代码来源:main.go
示例5: doit
func doit(path string) error {
f, e := pe.Open(path)
check(e)
ws, e := workspace.New(workspace.ARCH_X86, workspace.MODE_32)
check(e)
loader, e := peloader.New(path, f)
check(e)
m, e := loader.Load(ws)
check(e)
e = ws.Disassemble(m.EntryPoint, 0x30, os.Stdout)
check(e)
emu, e := ws.GetEmulator()
check(e)
emu.SetInstructionPointer(m.EntryPoint)
log.Printf("emudbg: start: 0x%x", emu.GetInstructionPointer())
e = doloop(emu)
check(e)
return nil
}
开发者ID:williballenthin,项目名称:Lancelot,代码行数:28,代码来源:emudbg.go
示例6: main
func main() {
file, err := pe.Open("Hello.exe")
if err != nil {
log.Fatalf("failed opening file: %s", err)
}
defer file.Close()
printFileInformation(file)
}
开发者ID:rrudduck,项目名称:golang-stuff,代码行数:8,代码来源:pe.go
示例7: dynimport
func dynimport(obj string) {
if f, err := elf.Open(obj); err == nil {
sym, err := f.ImportedSymbols()
if err != nil {
fatalf("cannot load imported symbols from ELF file %s: %v", obj, err)
}
for _, s := range sym {
targ := s.Name
if s.Version != "" {
targ += "@" + s.Version
}
fmt.Printf("#pragma dynimport %s %s %q\n", s.Name, targ, s.Library)
}
lib, err := f.ImportedLibraries()
if err != nil {
fatalf("cannot load imported libraries from ELF file %s: %v", obj, err)
}
for _, l := range lib {
fmt.Printf("#pragma dynimport _ _ %q\n", l)
}
return
}
if f, err := macho.Open(obj); err == nil {
sym, err := f.ImportedSymbols()
if err != nil {
fatalf("cannot load imported symbols from Mach-O file %s: %v", obj, err)
}
for _, s := range sym {
if len(s) > 0 && s[0] == '_' {
s = s[1:]
}
fmt.Printf("#pragma dynimport %s %s %q\n", s, s, "")
}
lib, err := f.ImportedLibraries()
if err != nil {
fatalf("cannot load imported libraries from Mach-O file %s: %v", obj, err)
}
for _, l := range lib {
fmt.Printf("#pragma dynimport _ _ %q\n", l)
}
return
}
if f, err := pe.Open(obj); err == nil {
sym, err := f.ImportedSymbols()
if err != nil {
fatalf("cannot load imported symbols from PE file %s: %v", obj, err)
}
for _, s := range sym {
ss := strings.Split(s, ":", -1)
fmt.Printf("#pragma dynimport %s %s %q\n", ss[0], ss[0], strings.ToLower(ss[1]))
}
return
}
fatalf("cannot parse %s as ELF, Mach-O or PE", obj)
}
开发者ID:jnwhiteh,项目名称:go,代码行数:58,代码来源:out.go
示例8: PEAnal
func PEAnal(input string, symbolsDump bool) ([][]int, error) {
// An array of arrays for storing the section offsets
var sectionData [][]int
fmt.Printf("[+] Analyzing binary: %s\n", input)
// Check for executable type
peFmt, err := pe.Open(input)
if err != nil {
fmt.Println("[!] This is not a valid PE file")
return sectionData, nil
}
defer peFmt.Close()
fmt.Println("[+] This is a valid PE file")
fmt.Printf("[+] Number of sections: %d\n", peFmt.NumberOfSections)
sections := peFmt.Sections
for k := range sections {
sec := sections[k]
secName := sec.Name
secSize := sec.Size
secOffset := sec.Offset + 1
secEnd := secOffset + secSize - 1
secVSize := sec.VirtualSize
secVAddr := sec.VirtualAddress
fmt.Printf("\t Name: %s\n", secName)
fmt.Printf("\t Size: %d\n", secSize)
fmt.Printf("\t Offset: %d\n", secOffset)
fmt.Printf("\t Section end: %d\n", secEnd)
fmt.Printf("\t Virtual size: %d\n", secVSize)
fmt.Printf("\t Virtual address: %d\n", secVAddr)
fmt.Println("")
sectionData = append(sectionData, []int{int(secOffset), int(secEnd)})
}
numberOfSymbols := peFmt.NumberOfSymbols
fmt.Printf("[+] Found %d symbols\n", numberOfSymbols)
if numberOfSymbols > 0 && symbolsDump {
symbols := peFmt.Symbols
for k := range symbols {
sym := symbols[k]
symName := sym.Name
// symType := sym.Type
// symValue := sym.Value
fmt.Printf("\t Name: %s\n", symName)
// fmt.Printf("\t\t Type: %d", symType)
// fmt.Printf("\t\t Value: %d", symValue)
}
fmt.Println("")
}
return sectionData, nil
}
开发者ID:hcninja,项目名称:malpic,代码行数:58,代码来源:anal.go
示例9: gccDebug
// gccDebug runs gcc -gdwarf-2 over the C program stdin and
// returns the corresponding DWARF data and, if present, debug data block.
func (p *Package) gccDebug(stdin []byte) (*dwarf.Data, binary.ByteOrder, []byte) {
runGcc(stdin, p.gccCmd())
if f, err := macho.Open(gccTmp); err == nil {
d, err := f.DWARF()
if err != nil {
fatalf("cannot load DWARF output from %s: %v", gccTmp, err)
}
var data []byte
if f.Symtab != nil {
for i := range f.Symtab.Syms {
s := &f.Symtab.Syms[i]
// Mach-O still uses a leading _ to denote non-assembly symbols.
if s.Name == "_"+"__cgodebug_data" {
// Found it. Now find data section.
if i := int(s.Sect) - 1; 0 <= i && i < len(f.Sections) {
sect := f.Sections[i]
if sect.Addr <= s.Value && s.Value < sect.Addr+sect.Size {
if sdat, err := sect.Data(); err == nil {
data = sdat[s.Value-sect.Addr:]
}
}
}
}
}
}
return d, f.ByteOrder, data
}
// Can skip debug data block in ELF and PE for now.
// The DWARF information is complete.
if f, err := elf.Open(gccTmp); err == nil {
d, err := f.DWARF()
if err != nil {
fatalf("cannot load DWARF output from %s: %v", gccTmp, err)
}
return d, f.ByteOrder, nil
}
if f, err := pe.Open(gccTmp); err == nil {
d, err := f.DWARF()
if err != nil {
fatalf("cannot load DWARF output from %s: %v", gccTmp, err)
}
return d, binary.LittleEndian, nil
}
fatalf("cannot parse gcc output %s as ELF, Mach-O, PE object", gccTmp)
panic("not reached")
}
开发者ID:WXB506,项目名称:golang,代码行数:53,代码来源:gcc.go
示例10: Open
func Open(name string) (binaryx.File, error) {
elfBinary, err := elf.Open(name)
if err == nil {
return newFile(&elfx.File{elfBinary})
}
machoBinary, err := macho.Open(name)
if err == nil {
return newFile(&machox.File{machoBinary})
}
peBinary, err := pe.Open(name)
if err == nil {
return newFile(&pex.File{peBinary})
}
return nil, err
}
开发者ID:ArtemKulyabin,项目名称:bre,代码行数:15,代码来源:file.go
示例11: listSections
func listSections(path string) error {
f, err := pe.Open(path)
if err != nil {
return err
}
defer f.Close()
// print sections
fmt.Println()
fmt.Println("Sections:")
fmt.Println()
fmt.Printf("idx virtual virtual disk disk reloc reloc mask\n")
fmt.Printf(" address size offset size offset qty \n")
fmt.Printf("--- ------- ------- ------- ------- ------- ------ --------\n")
for i, s := range f.Sections {
fmt.Printf("%3d %7x %7x %7x %7x %7x %6d %x %s\n",
i+1, s.VirtualAddress, s.VirtualSize, s.Offset, s.Size,
s.PointerToRelocations, s.NumberOfRelocations,
s.Characteristics, s.Name)
}
// print alignments
fmt.Println()
switch oh := f.OptionalHeader.(type) {
case nil:
fmt.Printf("no section or file alignment (no optional header present)\n")
case *pe.OptionalHeader32:
fmt.Printf("section alignment is 0x%x\n", oh.SectionAlignment)
fmt.Printf("file alignment is 0x%x\n", oh.FileAlignment)
case *pe.OptionalHeader64:
fmt.Printf("section alignment is 0x%x\n", oh.SectionAlignment)
fmt.Printf("file alignment is 0x%x\n", oh.FileAlignment)
default:
panic("unknown OptionalHeader type")
}
// print symbols
return printSymbols(f)
// TODO: I am not sure I want to print coff strings here
fmt.Println()
fmt.Println("Strings:")
fmt.Println()
fmt.Print(hex.Dump(f.StringTable))
return nil
}
开发者ID:alexbrainman,项目名称:goissue10776,代码行数:46,代码来源:pedump.go
示例12: Exe
// Exe returns architecture of execute file.
func Exe(name string) (CPU, error) {
f, err := pe.Open(name)
if err != nil {
if os.IsNotExist(err) {
return OS()
}
return 0, err
}
defer f.Close()
switch f.FileHeader.Machine {
case 0x014c:
return X86, nil
case 0x8664:
return AMD64, nil
}
return 0, ErrorUnknownArch
}
开发者ID:koron,项目名称:upvim,代码行数:19,代码来源:arch.go
示例13: loadArch
func loadArch(name string) (arch string, err error) {
f, err := pe.Open(name)
if err != nil {
if os.IsNotExist(err) {
err = nil
}
return
}
defer f.Close()
switch f.FileHeader.Machine {
case 0x014c:
arch = "x86"
case 0x8664:
arch = "amd64"
}
return
}
开发者ID:koron,项目名称:upgorade,代码行数:18,代码来源:util.go
示例14: PEAnal
func PEAnal(input string) ([]SectionData, []string, []string, error) {
// An array of arrays for storing the section offsets
var sectionData []SectionData
// Check for executable type
peFmt, err := pe.Open(input)
if err != nil {
return sectionData, nil, nil, NotValidPEFileError
}
defer peFmt.Close()
// Extract sections
sections := peFmt.Sections
for k := range sections {
sec := sections[k]
secName := sec.Name
secSize := sec.Size
secOffset := sec.Offset + 1
secEnd := secOffset + secSize - 1
sd := SectionData{
Name: secName,
Size: int(secSize),
Offset: int(secOffset),
End: int(secEnd),
}
sectionData = append(sectionData, sd)
}
// Get imported symbols
symbolsArr, err := peFmt.ImportedSymbols()
if err != nil {
return sectionData, nil, nil, err
}
// Get imported libraries
libraries, err := peFmt.ImportedLibraries()
if err != nil {
return sectionData, nil, nil, err
}
return sectionData, libraries, symbolsArr, nil
}
开发者ID:SecurityArtWork,项目名称:MEMT,代码行数:44,代码来源:anal.go
示例15: dumpSection
func dumpSection(path string, name string) error {
f, err := pe.Open(path)
if err != nil {
return err
}
defer f.Close()
sect := f.Section(name)
if sect == nil {
return fmt.Errorf("could not find section %q", name)
}
data, err := sect.Data()
if err != nil {
return err
}
fmt.Print(hex.Dump(data))
return printRelocations(f, sect)
}
开发者ID:alexbrainman,项目名称:goissue10776,代码行数:19,代码来源:pedump.go
示例16: newpe
func newpe(path string) (tabler, error) {
f, err := pe.Open(path)
if err != nil {
return nil, err
}
tbl := petbl{f, nil, 0}
switch oh := tbl.OptionalHeader.(type) {
case *pe.OptionalHeader32:
tbl.base = uint64(oh.ImageBase)
tbl.typ = PlatformWindows386
case *pe.OptionalHeader64:
tbl.base = oh.ImageBase
tbl.typ = PlatformWindowsAMD64
default:
tbl.Close()
return nil, ErrNotGoExec
}
return tbl, nil
}
开发者ID:rjeczalik,项目名称:which,代码行数:19,代码来源:which_pe.go
示例17: PEAutopsy
func PEAutopsy(fileDir string) error {
// Open PE file
peFile, err := pe.Open(name)
if err != nil {
return NotValidPEFileError
}
defer peFile.Close()
// Extract all the valuable info
architecture := peFile.Machine
librariesArr, err := peFile.ImportedLibraries()
if err != nil {
return err
}
importedSymbols, err := peFile.ImportedSymbols()
if err != nil {
return err
}
peFile.
}
开发者ID:SecurityArtWork,项目名称:MEMT,代码行数:20,代码来源:binary.go
示例18: containsDLLs
func containsDLLs(dir string) bool {
compatible := func(name string) bool {
file, err := pe.Open(filepath.Join(dir, name))
if err != nil {
return false
}
defer file.Close()
switch file.Machine {
case pe.IMAGE_FILE_MACHINE_AMD64:
return "amd64" == runtime.GOARCH
case pe.IMAGE_FILE_MACHINE_ARM:
return "arm" == runtime.GOARCH
case pe.IMAGE_FILE_MACHINE_I386:
return "386" == runtime.GOARCH
}
return false
}
return compatible("libglesv2.dll") && compatible("libegl.dll") && compatible("d3dcompiler_47.dll")
}
开发者ID:kardianos,项目名称:garage,代码行数:21,代码来源:dll_windows.go
示例19: TestPE
func TestPE(filename, expectedArch, expectedOs string) error {
file, err := pe.Open(filename)
if err != nil {
return errors.New("NOT a PE file")
}
defer file.Close()
log.Printf("File '%s' is a PE file, arch: %d (%d='X86' and %d='AMD64')\n", filename, file.FileHeader.Machine, pe.IMAGE_FILE_MACHINE_I386, pe.IMAGE_FILE_MACHINE_AMD64)
if expectedArch == platforms.X86 {
if file.FileHeader.Machine != pe.IMAGE_FILE_MACHINE_I386 {
return errors.New("Not a 386 executable")
}
}
if expectedArch == platforms.AMD64 {
if file.FileHeader.Machine != pe.IMAGE_FILE_MACHINE_AMD64 {
return errors.New("Not an AMD64 executable")
}
}
return nil
}
开发者ID:kc87654321,项目名称:goxc,代码行数:22,代码来源:parseexe.go
示例20: gccDebug
// gccDebug runs gcc -gdwarf-2 over the C program stdin and
// returns the corresponding DWARF data and any messages
// printed to standard error.
func (p *Package) gccDebug(stdin []byte) *dwarf.Data {
runGcc(stdin, p.gccCmd())
// Try to parse f as ELF and Mach-O and hope one works.
var f interface {
DWARF() (*dwarf.Data, os.Error)
}
var err os.Error
if f, err = elf.Open(gccTmp); err != nil {
if f, err = macho.Open(gccTmp); err != nil {
if f, err = pe.Open(gccTmp); err != nil {
fatalf("cannot parse gcc output %s as ELF or Mach-O or PE object", gccTmp)
}
}
}
d, err := f.DWARF()
if err != nil {
fatalf("cannot load DWARF debug information from %s: %s", gccTmp, err)
}
return d
}
开发者ID:go-nosql,项目名称:golang,代码行数:25,代码来源:gcc.go
注:本文中的debug/pe.Open函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论