This page hosts a formal specification of Microsoft PE (Portable Executable) file format using Kaitai Struct. This specification can be automatically translated into a variety of programming languages to get a parsing library.
// Code generated by kaitai-struct-compiler from a .ksy source file. DO NOT EDIT.
import (
"github.com/kaitai-io/kaitai_struct_go_runtime/kaitai"
"io"
"bytes"
)
/**
* @see <a href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format">Source</a>
*/
type MicrosoftPe_PeFormat int
const (
MicrosoftPe_PeFormat__RomImage MicrosoftPe_PeFormat = 263
MicrosoftPe_PeFormat__Pe32 MicrosoftPe_PeFormat = 267
MicrosoftPe_PeFormat__Pe32Plus MicrosoftPe_PeFormat = 523
)
var values_MicrosoftPe_PeFormat = map[MicrosoftPe_PeFormat]struct{}{263: {}, 267: {}, 523: {}}
func (v MicrosoftPe_PeFormat) isDefined() bool {
_, ok := values_MicrosoftPe_PeFormat[v]
return ok
}
type MicrosoftPe struct {
Mz *MicrosoftPe_MzPlaceholder
_io *kaitai.Stream
_root *MicrosoftPe
_parent kaitai.Struct
_f_pe bool
pe *MicrosoftPe_PeHeader
}
func NewMicrosoftPe() *MicrosoftPe {
return &MicrosoftPe{
}
}
func (this MicrosoftPe) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe) Read(io *kaitai.Stream, parent kaitai.Struct, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp1 := NewMicrosoftPe_MzPlaceholder()
err = tmp1.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Mz = tmp1
return err
}
func (this *MicrosoftPe) Pe() (v *MicrosoftPe_PeHeader, err error) {
if (this._f_pe) {
return this.pe, nil
}
this._f_pe = true
_pos, err := this._io.Pos()
if err != nil {
return nil, err
}
_, err = this._io.Seek(int64(this.Mz.OfsPe), io.SeekStart)
if err != nil {
return nil, err
}
tmp2 := NewMicrosoftPe_PeHeader()
err = tmp2.Read(this._io, this, this._root)
if err != nil {
return nil, err
}
this.pe = tmp2
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return nil, err
}
return this.pe, nil
}
type MicrosoftPe_Annoyingstring struct {
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_CoffSymbol
_f_name bool
name string
_f_nameFromOffset bool
nameFromOffset string
_f_nameFromShort bool
nameFromShort string
_f_nameOffset bool
nameOffset uint32
_f_nameZeroes bool
nameZeroes uint32
}
func NewMicrosoftPe_Annoyingstring() *MicrosoftPe_Annoyingstring {
return &MicrosoftPe_Annoyingstring{
}
}
func (this MicrosoftPe_Annoyingstring) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_Annoyingstring) Read(io *kaitai.Stream, parent *MicrosoftPe_CoffSymbol, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
return err
}
func (this *MicrosoftPe_Annoyingstring) Name() (v string, err error) {
if (this._f_name) {
return this.name, nil
}
this._f_name = true
var tmp3 string;
tmp4, err := this.NameZeroes()
if err != nil {
return "", err
}
if (tmp4 == 0) {
tmp5, err := this.NameFromOffset()
if err != nil {
return "", err
}
tmp3 = tmp5
} else {
tmp6, err := this.NameFromShort()
if err != nil {
return "", err
}
tmp3 = tmp6
}
this.name = string(tmp3)
return this.name, nil
}
func (this *MicrosoftPe_Annoyingstring) NameFromOffset() (v string, err error) {
if (this._f_nameFromOffset) {
return this.nameFromOffset, nil
}
this._f_nameFromOffset = true
tmp7, err := this.NameZeroes()
if err != nil {
return "", err
}
if (tmp7 == 0) {
thisIo := this._root._io
_pos, err := thisIo.Pos()
if err != nil {
return "", err
}
var tmp8 int;
tmp9, err := this.NameZeroes()
if err != nil {
return "", err
}
if (tmp9 == 0) {
tmp10, err := this._parent._parent.SymbolNameTableOffset()
if err != nil {
return "", err
}
tmp11, err := this.NameOffset()
if err != nil {
return "", err
}
tmp8 = tmp10 + tmp11
} else {
tmp8 = 0
}
_, err = thisIo.Seek(int64(tmp8), io.SeekStart)
if err != nil {
return "", err
}
tmp12, err := thisIo.ReadBytesTerm(0, false, true, false)
if err != nil {
return "", err
}
this.nameFromOffset = string(tmp12)
_, err = thisIo.Seek(_pos, io.SeekStart)
if err != nil {
return "", err
}
}
return this.nameFromOffset, nil
}
func (this *MicrosoftPe_Annoyingstring) NameFromShort() (v string, err error) {
if (this._f_nameFromShort) {
return this.nameFromShort, nil
}
this._f_nameFromShort = true
tmp13, err := this.NameZeroes()
if err != nil {
return "", err
}
if (tmp13 != 0) {
_pos, err := this._io.Pos()
if err != nil {
return "", err
}
_, err = this._io.Seek(int64(0), io.SeekStart)
if err != nil {
return "", err
}
tmp14, err := this._io.ReadBytesTerm(0, false, true, false)
if err != nil {
return "", err
}
this.nameFromShort = string(tmp14)
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return "", err
}
}
return this.nameFromShort, nil
}
func (this *MicrosoftPe_Annoyingstring) NameOffset() (v uint32, err error) {
if (this._f_nameOffset) {
return this.nameOffset, nil
}
this._f_nameOffset = true
_pos, err := this._io.Pos()
if err != nil {
return 0, err
}
_, err = this._io.Seek(int64(4), io.SeekStart)
if err != nil {
return 0, err
}
tmp15, err := this._io.ReadU4le()
if err != nil {
return 0, err
}
this.nameOffset = tmp15
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return 0, err
}
return this.nameOffset, nil
}
func (this *MicrosoftPe_Annoyingstring) NameZeroes() (v uint32, err error) {
if (this._f_nameZeroes) {
return this.nameZeroes, nil
}
this._f_nameZeroes = true
_pos, err := this._io.Pos()
if err != nil {
return 0, err
}
_, err = this._io.Seek(int64(0), io.SeekStart)
if err != nil {
return 0, err
}
tmp16, err := this._io.ReadU4le()
if err != nil {
return 0, err
}
this.nameZeroes = tmp16
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return 0, err
}
return this.nameZeroes, nil
}
/**
* @see <a href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only">Source</a>
*/
type MicrosoftPe_CertificateEntry_CertificateRevision int
const (
MicrosoftPe_CertificateEntry_CertificateRevision__Revision10 MicrosoftPe_CertificateEntry_CertificateRevision = 256
MicrosoftPe_CertificateEntry_CertificateRevision__Revision20 MicrosoftPe_CertificateEntry_CertificateRevision = 512
)
var values_MicrosoftPe_CertificateEntry_CertificateRevision = map[MicrosoftPe_CertificateEntry_CertificateRevision]struct{}{256: {}, 512: {}}
func (v MicrosoftPe_CertificateEntry_CertificateRevision) isDefined() bool {
_, ok := values_MicrosoftPe_CertificateEntry_CertificateRevision[v]
return ok
}
type MicrosoftPe_CertificateEntry_CertificateTypeEnum int
const (
MicrosoftPe_CertificateEntry_CertificateTypeEnum__X509 MicrosoftPe_CertificateEntry_CertificateTypeEnum = 1
MicrosoftPe_CertificateEntry_CertificateTypeEnum__PkcsSignedData MicrosoftPe_CertificateEntry_CertificateTypeEnum = 2
MicrosoftPe_CertificateEntry_CertificateTypeEnum__Reserved1 MicrosoftPe_CertificateEntry_CertificateTypeEnum = 3
MicrosoftPe_CertificateEntry_CertificateTypeEnum__TsStackSigned MicrosoftPe_CertificateEntry_CertificateTypeEnum = 4
)
var values_MicrosoftPe_CertificateEntry_CertificateTypeEnum = map[MicrosoftPe_CertificateEntry_CertificateTypeEnum]struct{}{1: {}, 2: {}, 3: {}, 4: {}}
func (v MicrosoftPe_CertificateEntry_CertificateTypeEnum) isDefined() bool {
_, ok := values_MicrosoftPe_CertificateEntry_CertificateTypeEnum[v]
return ok
}
type MicrosoftPe_CertificateEntry struct {
Length uint32
Revision MicrosoftPe_CertificateEntry_CertificateRevision
CertificateType MicrosoftPe_CertificateEntry_CertificateTypeEnum
CertificateBytes []byte
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_CertificateTable
}
func NewMicrosoftPe_CertificateEntry() *MicrosoftPe_CertificateEntry {
return &MicrosoftPe_CertificateEntry{
}
}
func (this MicrosoftPe_CertificateEntry) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_CertificateEntry) Read(io *kaitai.Stream, parent *MicrosoftPe_CertificateTable, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp17, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Length = uint32(tmp17)
tmp18, err := this._io.ReadU2le()
if err != nil {
return err
}
this.Revision = MicrosoftPe_CertificateEntry_CertificateRevision(tmp18)
tmp19, err := this._io.ReadU2le()
if err != nil {
return err
}
this.CertificateType = MicrosoftPe_CertificateEntry_CertificateTypeEnum(tmp19)
tmp20, err := this._io.ReadBytes(int(this.Length - 8))
if err != nil {
return err
}
tmp20 = tmp20
this.CertificateBytes = tmp20
return err
}
/**
* Specifies the length of the attribute certificate entry.
*/
/**
* Contains the certificate version number.
*/
/**
* Specifies the type of content in bCertificate
*/
/**
* Contains a certificate, such as an Authenticode signature.
*/
type MicrosoftPe_CertificateTable struct {
Items []*MicrosoftPe_CertificateEntry
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_PeHeader
}
func NewMicrosoftPe_CertificateTable() *MicrosoftPe_CertificateTable {
return &MicrosoftPe_CertificateTable{
}
}
func (this MicrosoftPe_CertificateTable) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_CertificateTable) Read(io *kaitai.Stream, parent *MicrosoftPe_PeHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
for i := 0;; i++ {
tmp21, err := this._io.EOF()
if err != nil {
return err
}
if tmp21 {
break
}
tmp22 := NewMicrosoftPe_CertificateEntry()
err = tmp22.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Items = append(this.Items, tmp22)
}
return err
}
/**
* @see "3.3. COFF File Header (Object and Image)"
*/
type MicrosoftPe_CoffHeader_MachineType int
const (
MicrosoftPe_CoffHeader_MachineType__Unknown MicrosoftPe_CoffHeader_MachineType = 0
MicrosoftPe_CoffHeader_MachineType__I386 MicrosoftPe_CoffHeader_MachineType = 332
MicrosoftPe_CoffHeader_MachineType__R4000 MicrosoftPe_CoffHeader_MachineType = 358
MicrosoftPe_CoffHeader_MachineType__WceMipsV2 MicrosoftPe_CoffHeader_MachineType = 361
MicrosoftPe_CoffHeader_MachineType__Alpha MicrosoftPe_CoffHeader_MachineType = 388
MicrosoftPe_CoffHeader_MachineType__Sh3 MicrosoftPe_CoffHeader_MachineType = 418
MicrosoftPe_CoffHeader_MachineType__Sh3Dsp MicrosoftPe_CoffHeader_MachineType = 419
MicrosoftPe_CoffHeader_MachineType__Sh4 MicrosoftPe_CoffHeader_MachineType = 422
MicrosoftPe_CoffHeader_MachineType__Sh5 MicrosoftPe_CoffHeader_MachineType = 424
MicrosoftPe_CoffHeader_MachineType__Arm MicrosoftPe_CoffHeader_MachineType = 448
MicrosoftPe_CoffHeader_MachineType__Thumb MicrosoftPe_CoffHeader_MachineType = 450
MicrosoftPe_CoffHeader_MachineType__ArmNt MicrosoftPe_CoffHeader_MachineType = 452
MicrosoftPe_CoffHeader_MachineType__Am33 MicrosoftPe_CoffHeader_MachineType = 467
MicrosoftPe_CoffHeader_MachineType__Powerpc MicrosoftPe_CoffHeader_MachineType = 496
MicrosoftPe_CoffHeader_MachineType__PowerpcFp MicrosoftPe_CoffHeader_MachineType = 497
MicrosoftPe_CoffHeader_MachineType__Ia64 MicrosoftPe_CoffHeader_MachineType = 512
MicrosoftPe_CoffHeader_MachineType__Mips16 MicrosoftPe_CoffHeader_MachineType = 614
MicrosoftPe_CoffHeader_MachineType__Alpha64OrAxp64 MicrosoftPe_CoffHeader_MachineType = 644
MicrosoftPe_CoffHeader_MachineType__MipsFpu MicrosoftPe_CoffHeader_MachineType = 870
MicrosoftPe_CoffHeader_MachineType__Mips16Fpu MicrosoftPe_CoffHeader_MachineType = 1126
MicrosoftPe_CoffHeader_MachineType__Ebc MicrosoftPe_CoffHeader_MachineType = 3772
MicrosoftPe_CoffHeader_MachineType__Riscv32 MicrosoftPe_CoffHeader_MachineType = 20530
MicrosoftPe_CoffHeader_MachineType__Riscv64 MicrosoftPe_CoffHeader_MachineType = 20580
MicrosoftPe_CoffHeader_MachineType__Riscv128 MicrosoftPe_CoffHeader_MachineType = 20776
MicrosoftPe_CoffHeader_MachineType__Loongarch32 MicrosoftPe_CoffHeader_MachineType = 25138
MicrosoftPe_CoffHeader_MachineType__Loongarch64 MicrosoftPe_CoffHeader_MachineType = 25188
MicrosoftPe_CoffHeader_MachineType__Amd64 MicrosoftPe_CoffHeader_MachineType = 34404
MicrosoftPe_CoffHeader_MachineType__M32r MicrosoftPe_CoffHeader_MachineType = 36929
MicrosoftPe_CoffHeader_MachineType__Arm64 MicrosoftPe_CoffHeader_MachineType = 43620
)
var values_MicrosoftPe_CoffHeader_MachineType = map[MicrosoftPe_CoffHeader_MachineType]struct{}{0: {}, 332: {}, 358: {}, 361: {}, 388: {}, 418: {}, 419: {}, 422: {}, 424: {}, 448: {}, 450: {}, 452: {}, 467: {}, 496: {}, 497: {}, 512: {}, 614: {}, 644: {}, 870: {}, 1126: {}, 3772: {}, 20530: {}, 20580: {}, 20776: {}, 25138: {}, 25188: {}, 34404: {}, 36929: {}, 43620: {}}
func (v MicrosoftPe_CoffHeader_MachineType) isDefined() bool {
_, ok := values_MicrosoftPe_CoffHeader_MachineType[v]
return ok
}
type MicrosoftPe_CoffHeader struct {
Machine MicrosoftPe_CoffHeader_MachineType
NumberOfSections uint16
TimeDateStamp uint32
PointerToSymbolTable uint32
NumberOfSymbols uint32
SizeOfOptionalHeader uint16
Characteristics uint16
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_PeHeader
_f_symbolNameTableOffset bool
symbolNameTableOffset int
_f_symbolNameTableSize bool
symbolNameTableSize uint32
_f_symbolTable bool
symbolTable []*MicrosoftPe_CoffSymbol
_f_symbolTableSize bool
symbolTableSize int
}
func NewMicrosoftPe_CoffHeader() *MicrosoftPe_CoffHeader {
return &MicrosoftPe_CoffHeader{
}
}
func (this MicrosoftPe_CoffHeader) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_CoffHeader) Read(io *kaitai.Stream, parent *MicrosoftPe_PeHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp23, err := this._io.ReadU2le()
if err != nil {
return err
}
this.Machine = MicrosoftPe_CoffHeader_MachineType(tmp23)
tmp24, err := this._io.ReadU2le()
if err != nil {
return err
}
this.NumberOfSections = uint16(tmp24)
tmp25, err := this._io.ReadU4le()
if err != nil {
return err
}
this.TimeDateStamp = uint32(tmp25)
tmp26, err := this._io.ReadU4le()
if err != nil {
return err
}
this.PointerToSymbolTable = uint32(tmp26)
tmp27, err := this._io.ReadU4le()
if err != nil {
return err
}
this.NumberOfSymbols = uint32(tmp27)
tmp28, err := this._io.ReadU2le()
if err != nil {
return err
}
this.SizeOfOptionalHeader = uint16(tmp28)
tmp29, err := this._io.ReadU2le()
if err != nil {
return err
}
this.Characteristics = uint16(tmp29)
return err
}
func (this *MicrosoftPe_CoffHeader) SymbolNameTableOffset() (v int, err error) {
if (this._f_symbolNameTableOffset) {
return this.symbolNameTableOffset, nil
}
this._f_symbolNameTableOffset = true
tmp30, err := this.SymbolTableSize()
if err != nil {
return 0, err
}
this.symbolNameTableOffset = int(this.PointerToSymbolTable + tmp30)
return this.symbolNameTableOffset, nil
}
func (this *MicrosoftPe_CoffHeader) SymbolNameTableSize() (v uint32, err error) {
if (this._f_symbolNameTableSize) {
return this.symbolNameTableSize, nil
}
this._f_symbolNameTableSize = true
_pos, err := this._io.Pos()
if err != nil {
return 0, err
}
tmp31, err := this.SymbolNameTableOffset()
if err != nil {
return 0, err
}
_, err = this._io.Seek(int64(tmp31), io.SeekStart)
if err != nil {
return 0, err
}
tmp32, err := this._io.ReadU4le()
if err != nil {
return 0, err
}
this.symbolNameTableSize = tmp32
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return 0, err
}
return this.symbolNameTableSize, nil
}
func (this *MicrosoftPe_CoffHeader) SymbolTable() (v []*MicrosoftPe_CoffSymbol, err error) {
if (this._f_symbolTable) {
return this.symbolTable, nil
}
this._f_symbolTable = true
_pos, err := this._io.Pos()
if err != nil {
return nil, err
}
_, err = this._io.Seek(int64(this.PointerToSymbolTable), io.SeekStart)
if err != nil {
return nil, err
}
for i := 0; i < int(this.NumberOfSymbols); i++ {
_ = i
tmp33 := NewMicrosoftPe_CoffSymbol()
err = tmp33.Read(this._io, this, this._root)
if err != nil {
return nil, err
}
this.symbolTable = append(this.symbolTable, tmp33)
}
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return nil, err
}
return this.symbolTable, nil
}
func (this *MicrosoftPe_CoffHeader) SymbolTableSize() (v int, err error) {
if (this._f_symbolTableSize) {
return this.symbolTableSize, nil
}
this._f_symbolTableSize = true
this.symbolTableSize = int(this.NumberOfSymbols * 18)
return this.symbolTableSize, nil
}
type MicrosoftPe_CoffSymbol struct {
NameAnnoying *MicrosoftPe_Annoyingstring
Value uint32
SectionNumber uint16
Type uint16
StorageClass uint8
NumberOfAuxSymbols uint8
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_CoffHeader
_raw_NameAnnoying []byte
_f_data bool
data []byte
_f_section bool
section *MicrosoftPe_Section
}
func NewMicrosoftPe_CoffSymbol() *MicrosoftPe_CoffSymbol {
return &MicrosoftPe_CoffSymbol{
}
}
func (this MicrosoftPe_CoffSymbol) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_CoffSymbol) Read(io *kaitai.Stream, parent *MicrosoftPe_CoffHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp34, err := this._io.ReadBytes(int(8))
if err != nil {
return err
}
tmp34 = tmp34
this._raw_NameAnnoying = tmp34
_io__raw_NameAnnoying := kaitai.NewStream(bytes.NewReader(this._raw_NameAnnoying))
tmp35 := NewMicrosoftPe_Annoyingstring()
err = tmp35.Read(_io__raw_NameAnnoying, this, this._root)
if err != nil {
return err
}
this.NameAnnoying = tmp35
tmp36, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Value = uint32(tmp36)
tmp37, err := this._io.ReadU2le()
if err != nil {
return err
}
this.SectionNumber = uint16(tmp37)
tmp38, err := this._io.ReadU2le()
if err != nil {
return err
}
this.Type = uint16(tmp38)
tmp39, err := this._io.ReadU1()
if err != nil {
return err
}
this.StorageClass = tmp39
tmp40, err := this._io.ReadU1()
if err != nil {
return err
}
this.NumberOfAuxSymbols = tmp40
return err
}
func (this *MicrosoftPe_CoffSymbol) Data() (v []byte, err error) {
if (this._f_data) {
return this.data, nil
}
this._f_data = true
_pos, err := this._io.Pos()
if err != nil {
return nil, err
}
tmp41, err := this.Section()
if err != nil {
return nil, err
}
_, err = this._io.Seek(int64(tmp41.PointerToRawData + this.Value), io.SeekStart)
if err != nil {
return nil, err
}
tmp42, err := this._io.ReadBytes(int(1))
if err != nil {
return nil, err
}
tmp42 = tmp42
this.data = tmp42
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return nil, err
}
return this.data, nil
}
func (this *MicrosoftPe_CoffSymbol) Section() (v *MicrosoftPe_Section, err error) {
if (this._f_section) {
return this.section, nil
}
this._f_section = true
tmp43, err := this._root.Pe()
if err != nil {
return nil, err
}
this.section = tmp43.Sections[this.SectionNumber - 1]
return this.section, nil
}
type MicrosoftPe_DataDir struct {
VirtualAddress uint32
Size uint32
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_OptionalHeaderDataDirs
}
func NewMicrosoftPe_DataDir() *MicrosoftPe_DataDir {
return &MicrosoftPe_DataDir{
}
}
func (this MicrosoftPe_DataDir) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_DataDir) Read(io *kaitai.Stream, parent *MicrosoftPe_OptionalHeaderDataDirs, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp44, err := this._io.ReadU4le()
if err != nil {
return err
}
this.VirtualAddress = uint32(tmp44)
tmp45, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Size = uint32(tmp45)
return err
}
type MicrosoftPe_MzPlaceholder struct {
Magic []byte
Data1 []byte
OfsPe uint32
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe
}
func NewMicrosoftPe_MzPlaceholder() *MicrosoftPe_MzPlaceholder {
return &MicrosoftPe_MzPlaceholder{
}
}
func (this MicrosoftPe_MzPlaceholder) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_MzPlaceholder) Read(io *kaitai.Stream, parent *MicrosoftPe, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp46, err := this._io.ReadBytes(int(2))
if err != nil {
return err
}
tmp46 = tmp46
this.Magic = tmp46
if !(bytes.Equal(this.Magic, []uint8{77, 90})) {
return kaitai.NewValidationNotEqualError([]uint8{77, 90}, this.Magic, this._io, "/types/mz_placeholder/seq/0")
}
tmp47, err := this._io.ReadBytes(int(58))
if err != nil {
return err
}
tmp47 = tmp47
this.Data1 = tmp47
tmp48, err := this._io.ReadU4le()
if err != nil {
return err
}
this.OfsPe = uint32(tmp48)
return err
}
/**
* In PE file, an offset to PE header
*/
type MicrosoftPe_OptionalHeader struct {
Std *MicrosoftPe_OptionalHeaderStd
Windows *MicrosoftPe_OptionalHeaderWindows
DataDirs *MicrosoftPe_OptionalHeaderDataDirs
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_PeHeader
}
func NewMicrosoftPe_OptionalHeader() *MicrosoftPe_OptionalHeader {
return &MicrosoftPe_OptionalHeader{
}
}
func (this MicrosoftPe_OptionalHeader) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_OptionalHeader) Read(io *kaitai.Stream, parent *MicrosoftPe_PeHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp49 := NewMicrosoftPe_OptionalHeaderStd()
err = tmp49.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Std = tmp49
tmp50 := NewMicrosoftPe_OptionalHeaderWindows()
err = tmp50.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Windows = tmp50
tmp51 := NewMicrosoftPe_OptionalHeaderDataDirs()
err = tmp51.Read(this._io, this, this._root)
if err != nil {
return err
}
this.DataDirs = tmp51
return err
}
type MicrosoftPe_OptionalHeaderDataDirs struct {
ExportTable *MicrosoftPe_DataDir
ImportTable *MicrosoftPe_DataDir
ResourceTable *MicrosoftPe_DataDir
ExceptionTable *MicrosoftPe_DataDir
CertificateTable *MicrosoftPe_DataDir
BaseRelocationTable *MicrosoftPe_DataDir
Debug *MicrosoftPe_DataDir
Architecture *MicrosoftPe_DataDir
GlobalPtr *MicrosoftPe_DataDir
TlsTable *MicrosoftPe_DataDir
LoadConfigTable *MicrosoftPe_DataDir
BoundImport *MicrosoftPe_DataDir
Iat *MicrosoftPe_DataDir
DelayImportDescriptor *MicrosoftPe_DataDir
ClrRuntimeHeader *MicrosoftPe_DataDir
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_OptionalHeader
}
func NewMicrosoftPe_OptionalHeaderDataDirs() *MicrosoftPe_OptionalHeaderDataDirs {
return &MicrosoftPe_OptionalHeaderDataDirs{
}
}
func (this MicrosoftPe_OptionalHeaderDataDirs) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_OptionalHeaderDataDirs) Read(io *kaitai.Stream, parent *MicrosoftPe_OptionalHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp52 := NewMicrosoftPe_DataDir()
err = tmp52.Read(this._io, this, this._root)
if err != nil {
return err
}
this.ExportTable = tmp52
tmp53 := NewMicrosoftPe_DataDir()
err = tmp53.Read(this._io, this, this._root)
if err != nil {
return err
}
this.ImportTable = tmp53
tmp54 := NewMicrosoftPe_DataDir()
err = tmp54.Read(this._io, this, this._root)
if err != nil {
return err
}
this.ResourceTable = tmp54
tmp55 := NewMicrosoftPe_DataDir()
err = tmp55.Read(this._io, this, this._root)
if err != nil {
return err
}
this.ExceptionTable = tmp55
tmp56 := NewMicrosoftPe_DataDir()
err = tmp56.Read(this._io, this, this._root)
if err != nil {
return err
}
this.CertificateTable = tmp56
tmp57 := NewMicrosoftPe_DataDir()
err = tmp57.Read(this._io, this, this._root)
if err != nil {
return err
}
this.BaseRelocationTable = tmp57
tmp58 := NewMicrosoftPe_DataDir()
err = tmp58.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Debug = tmp58
tmp59 := NewMicrosoftPe_DataDir()
err = tmp59.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Architecture = tmp59
tmp60 := NewMicrosoftPe_DataDir()
err = tmp60.Read(this._io, this, this._root)
if err != nil {
return err
}
this.GlobalPtr = tmp60
tmp61 := NewMicrosoftPe_DataDir()
err = tmp61.Read(this._io, this, this._root)
if err != nil {
return err
}
this.TlsTable = tmp61
tmp62 := NewMicrosoftPe_DataDir()
err = tmp62.Read(this._io, this, this._root)
if err != nil {
return err
}
this.LoadConfigTable = tmp62
tmp63 := NewMicrosoftPe_DataDir()
err = tmp63.Read(this._io, this, this._root)
if err != nil {
return err
}
this.BoundImport = tmp63
tmp64 := NewMicrosoftPe_DataDir()
err = tmp64.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Iat = tmp64
tmp65 := NewMicrosoftPe_DataDir()
err = tmp65.Read(this._io, this, this._root)
if err != nil {
return err
}
this.DelayImportDescriptor = tmp65
tmp66 := NewMicrosoftPe_DataDir()
err = tmp66.Read(this._io, this, this._root)
if err != nil {
return err
}
this.ClrRuntimeHeader = tmp66
return err
}
type MicrosoftPe_OptionalHeaderStd struct {
Format MicrosoftPe_PeFormat
MajorLinkerVersion uint8
MinorLinkerVersion uint8
SizeOfCode uint32
SizeOfInitializedData uint32
SizeOfUninitializedData uint32
AddressOfEntryPoint uint32
BaseOfCode uint32
BaseOfData uint32
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_OptionalHeader
}
func NewMicrosoftPe_OptionalHeaderStd() *MicrosoftPe_OptionalHeaderStd {
return &MicrosoftPe_OptionalHeaderStd{
}
}
func (this MicrosoftPe_OptionalHeaderStd) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_OptionalHeaderStd) Read(io *kaitai.Stream, parent *MicrosoftPe_OptionalHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp67, err := this._io.ReadU2le()
if err != nil {
return err
}
this.Format = MicrosoftPe_PeFormat(tmp67)
tmp68, err := this._io.ReadU1()
if err != nil {
return err
}
this.MajorLinkerVersion = tmp68
tmp69, err := this._io.ReadU1()
if err != nil {
return err
}
this.MinorLinkerVersion = tmp69
tmp70, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfCode = uint32(tmp70)
tmp71, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfInitializedData = uint32(tmp71)
tmp72, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfUninitializedData = uint32(tmp72)
tmp73, err := this._io.ReadU4le()
if err != nil {
return err
}
this.AddressOfEntryPoint = uint32(tmp73)
tmp74, err := this._io.ReadU4le()
if err != nil {
return err
}
this.BaseOfCode = uint32(tmp74)
if (this.Format == MicrosoftPe_PeFormat__Pe32) {
tmp75, err := this._io.ReadU4le()
if err != nil {
return err
}
this.BaseOfData = uint32(tmp75)
}
return err
}
type MicrosoftPe_OptionalHeaderWindows_SubsystemEnum int
const (
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__Unknown MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 0
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__Native MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 1
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__WindowsGui MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 2
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__WindowsCui MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 3
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__PosixCui MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 7
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__WindowsCeGui MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 9
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__EfiApplication MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 10
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__EfiBootServiceDriver MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 11
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__EfiRuntimeDriver MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 12
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__EfiRom MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 13
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__Xbox MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 14
MicrosoftPe_OptionalHeaderWindows_SubsystemEnum__WindowsBootApplication MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = 16
)
var values_MicrosoftPe_OptionalHeaderWindows_SubsystemEnum = map[MicrosoftPe_OptionalHeaderWindows_SubsystemEnum]struct{}{0: {}, 1: {}, 2: {}, 3: {}, 7: {}, 9: {}, 10: {}, 11: {}, 12: {}, 13: {}, 14: {}, 16: {}}
func (v MicrosoftPe_OptionalHeaderWindows_SubsystemEnum) isDefined() bool {
_, ok := values_MicrosoftPe_OptionalHeaderWindows_SubsystemEnum[v]
return ok
}
type MicrosoftPe_OptionalHeaderWindows struct {
ImageBase32 uint32
ImageBase64 uint64
SectionAlignment uint32
FileAlignment uint32
MajorOperatingSystemVersion uint16
MinorOperatingSystemVersion uint16
MajorImageVersion uint16
MinorImageVersion uint16
MajorSubsystemVersion uint16
MinorSubsystemVersion uint16
Win32VersionValue uint32
SizeOfImage uint32
SizeOfHeaders uint32
CheckSum uint32
Subsystem MicrosoftPe_OptionalHeaderWindows_SubsystemEnum
DllCharacteristics uint16
SizeOfStackReserve32 uint32
SizeOfStackReserve64 uint64
SizeOfStackCommit32 uint32
SizeOfStackCommit64 uint64
SizeOfHeapReserve32 uint32
SizeOfHeapReserve64 uint64
SizeOfHeapCommit32 uint32
SizeOfHeapCommit64 uint64
LoaderFlags uint32
NumberOfRvaAndSizes uint32
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_OptionalHeader
}
func NewMicrosoftPe_OptionalHeaderWindows() *MicrosoftPe_OptionalHeaderWindows {
return &MicrosoftPe_OptionalHeaderWindows{
}
}
func (this MicrosoftPe_OptionalHeaderWindows) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_OptionalHeaderWindows) Read(io *kaitai.Stream, parent *MicrosoftPe_OptionalHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32) {
tmp76, err := this._io.ReadU4le()
if err != nil {
return err
}
this.ImageBase32 = uint32(tmp76)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32Plus) {
tmp77, err := this._io.ReadU8le()
if err != nil {
return err
}
this.ImageBase64 = uint64(tmp77)
}
tmp78, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SectionAlignment = uint32(tmp78)
tmp79, err := this._io.ReadU4le()
if err != nil {
return err
}
this.FileAlignment = uint32(tmp79)
tmp80, err := this._io.ReadU2le()
if err != nil {
return err
}
this.MajorOperatingSystemVersion = uint16(tmp80)
tmp81, err := this._io.ReadU2le()
if err != nil {
return err
}
this.MinorOperatingSystemVersion = uint16(tmp81)
tmp82, err := this._io.ReadU2le()
if err != nil {
return err
}
this.MajorImageVersion = uint16(tmp82)
tmp83, err := this._io.ReadU2le()
if err != nil {
return err
}
this.MinorImageVersion = uint16(tmp83)
tmp84, err := this._io.ReadU2le()
if err != nil {
return err
}
this.MajorSubsystemVersion = uint16(tmp84)
tmp85, err := this._io.ReadU2le()
if err != nil {
return err
}
this.MinorSubsystemVersion = uint16(tmp85)
tmp86, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Win32VersionValue = uint32(tmp86)
tmp87, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfImage = uint32(tmp87)
tmp88, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfHeaders = uint32(tmp88)
tmp89, err := this._io.ReadU4le()
if err != nil {
return err
}
this.CheckSum = uint32(tmp89)
tmp90, err := this._io.ReadU2le()
if err != nil {
return err
}
this.Subsystem = MicrosoftPe_OptionalHeaderWindows_SubsystemEnum(tmp90)
tmp91, err := this._io.ReadU2le()
if err != nil {
return err
}
this.DllCharacteristics = uint16(tmp91)
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32) {
tmp92, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfStackReserve32 = uint32(tmp92)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32Plus) {
tmp93, err := this._io.ReadU8le()
if err != nil {
return err
}
this.SizeOfStackReserve64 = uint64(tmp93)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32) {
tmp94, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfStackCommit32 = uint32(tmp94)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32Plus) {
tmp95, err := this._io.ReadU8le()
if err != nil {
return err
}
this.SizeOfStackCommit64 = uint64(tmp95)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32) {
tmp96, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfHeapReserve32 = uint32(tmp96)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32Plus) {
tmp97, err := this._io.ReadU8le()
if err != nil {
return err
}
this.SizeOfHeapReserve64 = uint64(tmp97)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32) {
tmp98, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfHeapCommit32 = uint32(tmp98)
}
if (this._parent.Std.Format == MicrosoftPe_PeFormat__Pe32Plus) {
tmp99, err := this._io.ReadU8le()
if err != nil {
return err
}
this.SizeOfHeapCommit64 = uint64(tmp99)
}
tmp100, err := this._io.ReadU4le()
if err != nil {
return err
}
this.LoaderFlags = uint32(tmp100)
tmp101, err := this._io.ReadU4le()
if err != nil {
return err
}
this.NumberOfRvaAndSizes = uint32(tmp101)
return err
}
type MicrosoftPe_PeHeader struct {
PeSignature []byte
CoffHdr *MicrosoftPe_CoffHeader
OptionalHdr *MicrosoftPe_OptionalHeader
Sections []*MicrosoftPe_Section
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe
_raw_OptionalHdr []byte
_raw_certificateTable []byte
_f_certificateTable bool
certificateTable *MicrosoftPe_CertificateTable
}
func NewMicrosoftPe_PeHeader() *MicrosoftPe_PeHeader {
return &MicrosoftPe_PeHeader{
}
}
func (this MicrosoftPe_PeHeader) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_PeHeader) Read(io *kaitai.Stream, parent *MicrosoftPe, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp102, err := this._io.ReadBytes(int(4))
if err != nil {
return err
}
tmp102 = tmp102
this.PeSignature = tmp102
if !(bytes.Equal(this.PeSignature, []uint8{80, 69, 0, 0})) {
return kaitai.NewValidationNotEqualError([]uint8{80, 69, 0, 0}, this.PeSignature, this._io, "/types/pe_header/seq/0")
}
tmp103 := NewMicrosoftPe_CoffHeader()
err = tmp103.Read(this._io, this, this._root)
if err != nil {
return err
}
this.CoffHdr = tmp103
tmp104, err := this._io.ReadBytes(int(this.CoffHdr.SizeOfOptionalHeader))
if err != nil {
return err
}
tmp104 = tmp104
this._raw_OptionalHdr = tmp104
_io__raw_OptionalHdr := kaitai.NewStream(bytes.NewReader(this._raw_OptionalHdr))
tmp105 := NewMicrosoftPe_OptionalHeader()
err = tmp105.Read(_io__raw_OptionalHdr, this, this._root)
if err != nil {
return err
}
this.OptionalHdr = tmp105
for i := 0; i < int(this.CoffHdr.NumberOfSections); i++ {
_ = i
tmp106 := NewMicrosoftPe_Section()
err = tmp106.Read(this._io, this, this._root)
if err != nil {
return err
}
this.Sections = append(this.Sections, tmp106)
}
return err
}
func (this *MicrosoftPe_PeHeader) CertificateTable() (v *MicrosoftPe_CertificateTable, err error) {
if (this._f_certificateTable) {
return this.certificateTable, nil
}
this._f_certificateTable = true
if (this.OptionalHdr.DataDirs.CertificateTable.VirtualAddress != 0) {
_pos, err := this._io.Pos()
if err != nil {
return nil, err
}
_, err = this._io.Seek(int64(this.OptionalHdr.DataDirs.CertificateTable.VirtualAddress), io.SeekStart)
if err != nil {
return nil, err
}
tmp107, err := this._io.ReadBytes(int(this.OptionalHdr.DataDirs.CertificateTable.Size))
if err != nil {
return nil, err
}
tmp107 = tmp107
this._raw_certificateTable = tmp107
_io__raw_certificateTable := kaitai.NewStream(bytes.NewReader(this._raw_certificateTable))
tmp108 := NewMicrosoftPe_CertificateTable()
err = tmp108.Read(_io__raw_certificateTable, this, this._root)
if err != nil {
return nil, err
}
this.certificateTable = tmp108
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return nil, err
}
}
return this.certificateTable, nil
}
type MicrosoftPe_Section struct {
Name string
VirtualSize uint32
VirtualAddress uint32
SizeOfRawData uint32
PointerToRawData uint32
PointerToRelocations uint32
PointerToLinenumbers uint32
NumberOfRelocations uint16
NumberOfLinenumbers uint16
Characteristics uint32
_io *kaitai.Stream
_root *MicrosoftPe
_parent *MicrosoftPe_PeHeader
_f_body bool
body []byte
}
func NewMicrosoftPe_Section() *MicrosoftPe_Section {
return &MicrosoftPe_Section{
}
}
func (this MicrosoftPe_Section) IO_() *kaitai.Stream {
return this._io
}
func (this *MicrosoftPe_Section) Read(io *kaitai.Stream, parent *MicrosoftPe_PeHeader, root *MicrosoftPe) (err error) {
this._io = io
this._parent = parent
this._root = root
tmp109, err := this._io.ReadBytes(int(8))
if err != nil {
return err
}
tmp109 = kaitai.BytesStripRight(tmp109, 0)
this.Name = string(tmp109)
tmp110, err := this._io.ReadU4le()
if err != nil {
return err
}
this.VirtualSize = uint32(tmp110)
tmp111, err := this._io.ReadU4le()
if err != nil {
return err
}
this.VirtualAddress = uint32(tmp111)
tmp112, err := this._io.ReadU4le()
if err != nil {
return err
}
this.SizeOfRawData = uint32(tmp112)
tmp113, err := this._io.ReadU4le()
if err != nil {
return err
}
this.PointerToRawData = uint32(tmp113)
tmp114, err := this._io.ReadU4le()
if err != nil {
return err
}
this.PointerToRelocations = uint32(tmp114)
tmp115, err := this._io.ReadU4le()
if err != nil {
return err
}
this.PointerToLinenumbers = uint32(tmp115)
tmp116, err := this._io.ReadU2le()
if err != nil {
return err
}
this.NumberOfRelocations = uint16(tmp116)
tmp117, err := this._io.ReadU2le()
if err != nil {
return err
}
this.NumberOfLinenumbers = uint16(tmp117)
tmp118, err := this._io.ReadU4le()
if err != nil {
return err
}
this.Characteristics = uint32(tmp118)
return err
}
func (this *MicrosoftPe_Section) Body() (v []byte, err error) {
if (this._f_body) {
return this.body, nil
}
this._f_body = true
_pos, err := this._io.Pos()
if err != nil {
return nil, err
}
_, err = this._io.Seek(int64(this.PointerToRawData), io.SeekStart)
if err != nil {
return nil, err
}
tmp119, err := this._io.ReadBytes(int(this.SizeOfRawData))
if err != nil {
return nil, err
}
tmp119 = tmp119
this.body = tmp119
_, err = this._io.Seek(_pos, io.SeekStart)
if err != nil {
return nil, err
}
return this.body, nil
}