[Kong API].PE.PE
PE image parser
Synopsis:
int PE_verify(Stream file); template PE_platform(uint PLATFORM); class PE_platform!(PLATFORM).image; // PLATFORM: IMAGE_FILE_MACHINE_I386, IMAGE_FILE_MACHINE_IA64, IMAGE_FILE_MACHINE_AMD64.
Description:
PE_verify checks if the target is a valid PE image, and returns its platform type.
PE_platform is used to generate classes needed to parse images for a given platform. Valid platform are currently IMAGE_FILE_MACHINE_I386, IMAGE_FILE_MACHINE_IA64 and IMAGE_FILE_MACHINE_AMD64. The two 64bit types are identical at the moment.
- The Stream file must be pointing to the start of the PE header.
- See [PE types and aliases http://destroy.selfip.org/svn_view/index.cgi/root/view/kong/PE/types.d]
- Bug: non-native endian formats are unsupported.
template :
PE_platform (uint platform)
class : PE_platform.image
| Types | Name | Description |
| Constructors: | ||
| (string path, IO_MODE mode = IO_MODE.R) | this | Version NOTE: ALPHA_001 uses FileMode. |
| (void* base_address) | this | |
| (io_stream file) | this | Version NOTE: ALPHA_001 uses Stream |
| Data: | ||
| IMAGE_DOS_HEADER* | DOS | |
| IMAGE_NT_HEADERS* | NT | |
| IMAGE_SECTION_HEADER[] | sections | |
| Methods: | ||
| void () | analyze | Parse section header. |
| ulong (uint32_t ptr) | RVA2file | Virtual address : file offset conversion. |
| uint32_t (ulong pos) | file2RVA | |
| Operators: | ||
| IMAGE_SECTION_HEADER* (string) | opIndex | Look up section by name. |
| Static Methods: | ||
| uint32_t (ulong pos, IMAGE_SECTION_HEADER* sec) | file2RVA | |
| ulong (uint32_t ptr, IMAGE_SECTION_HEADER* sec) | RVA2file |
Error handling:
Throws image_exception for various parse failures (in addition to standard IO exceptions).
- RVA2file and file2RVA throw image_exception if the conversion is invalid (offsets out of bounds).
Example:
import_dump.d http://destroy.selfip.org/svn_view/index.cgi/root/view/kong/examples/import_dump.d
Related:
image_interface, PE.types http://destroy.selfip.org/svn_view/index.cgi/root/view/kong/PE/types.d