Struct exe::buffer::Buffer

pub struct Buffer { /* fields omitted */ }

A buffer representing the PE file.

Implementations

impl Buffer

pub fn new(size: Option<usize>) -> Self

Creates a new buffer with an optional size.

pub fn from_data(data: &[u8]) -> Self

Creates a new buffer from a slice of data.

pub fn from_file<P: AsRef<Path>>(filename: P) -> Result<Self, IoError>

Creates a new buffer from disk data.

pub fn len(&self) -> usize

Get the length of the buffer.

pub fn resize(&mut self, size: usize)

Resize the buffer.

pub fn as_slice(&self) -> &[u8]

Get the buffer as a slice.

pub fn as_mut_slice(&mut self) -> &mut [u8]

Get the buffer as a mutable slice.

pub fn as_ptr(&self) -> *const u8

Get the buffer as a pointer.

pub fn as_mut_ptr(&mut self) -> *mut u8

Get the buffer as a mutable pointer.

pub fn append(&mut self, other: &mut Vec<u8>)

Append a vector of data to the buffer.

pub fn is_empty(&self) -> bool

Check if the PE file is empty.

pub fn extend_from_slice(&mut self, other: &[u8])

Extend the buffer with a data slice.

pub unsafe fn offset_to_ptr(&self, offset: Offset) -> *const u8

Convert the given offset value to a pointer in the buffer. The function is marked as unsafe because the offset isn’t validated.

pub unsafe fn offset_to_mut_ptr(&mut self, offset: Offset) -> *mut u8

Convert the given offset value to a mutable pointer in the buffer. The function is marked as unsafe because the offset isn’t validated.

pub unsafe fn eof(&self) -> *const u8

Get the pointer to the end of the file. This pointer is unsafe because it points at the end of the buffer, which doesn’t contain data.

pub fn ptr_to_offset(&self, ptr: *const u8) -> Result<Offset, Error>

Convert a pointer to an offset. This returns Error::BadPointer if the pointer isn’t in the buffer range.

pub fn ref_to_offset<T>(&self, data: &T) -> Result<Offset, Error>

Converts a reference to an offset. Returns a Error::BadPointer error if the reference isn’t from the buffer.

pub fn get_ref<T>(&self, offset: Offset) -> Result<&T, Error>

Gets a reference to an object in the buffer data. This is ultimately how PE objects are created from the buffer.

use exe::buffer::Buffer;
use exe::types::{Offset, ImageDOSHeader, ImageNTHeaders32, NT_SIGNATURE};

let buffer = Buffer::from_file("test/compiled.exe").unwrap();
 
let dos_header = buffer.get_ref::<ImageDOSHeader>(Offset(0)).unwrap();
let nt_header = buffer.get_ref::<ImageNTHeaders32>(dos_header.e_lfanew).unwrap();
 
assert_eq!(nt_header.signature, NT_SIGNATURE);

pub fn get_mut_ref<T>(&mut self, offset: Offset) -> Result<&mut T, Error>

Gets a mutable reference to an object in the buffer data.

pub fn get_slice_ref<T>(
    &self,
    offset: Offset,
    count: usize
) -> Result<&[T], Error>

Gets a slice reference of data in the buffer. This is how to get arrays in the buffer.

use exe::buffer::Buffer;
use exe::types::Offset;

let buffer = Buffer::from_file("test/compiled.exe").unwrap();
let mz = buffer.get_slice_ref::<u8>(Offset(0), 2).unwrap();
 
assert_eq!(mz, [0x4D, 0x5A]);

pub fn get_mut_slice_ref<T>(
    &mut self,
    offset: Offset,
    count: usize
) -> Result<&mut [T], Error>

Gets a mutable slice reference of data in the buffer.

pub fn get_cstring_size(
    &self,
    offset: Offset,
    thunk: bool,
    max_size: Option<usize>
) -> Result<usize, Error>

Get the size of a zero-terminated C-string in the data.

pub fn get_widestring_size(
    &self,
    offset: Offset,
    max_size: Option<usize>
) -> Result<usize, Error>

Gets the size of a zero-terminated UTF16 string in the data.

pub fn get_cstring(
    &self,
    offset: Offset,
    thunk: bool,
    max_size: Option<usize>
) -> Result<&[CChar], Error>

Get a zero-terminated C-string from the data. The thunk option is there to handle imports by name, whose null terminated value size is dependent on how long the string is (i.e., if it’s an odd length, an extra zero is appended).

use exe::buffer::Buffer;
use exe::types::{Offset, CCharString};

let buffer = Buffer::from_file("test/dll.dll").unwrap();
let dll_name = buffer.get_cstring(Offset(0x328), false, None).unwrap();

assert_eq!(dll_name.as_str(), "dll.dll");

pub fn get_mut_cstring(
    &mut self,
    offset: Offset,
    thunk: bool,
    max_size: Option<usize>
) -> Result<&mut [CChar], Error>

Get a mutable zero-terminated C-string from the data.

pub fn get_widestring(
    &self,
    offset: Offset,
    max_size: Option<usize>
) -> Result<&[WChar], Error>

Get a zero-terminated UTF16 string from the data.

pub fn get_mut_widestring(
    &mut self,
    offset: Offset,
    max_size: Option<usize>
) -> Result<&mut [WChar], Error>

Get a mutable zero-terminated UTF16 string from the data.

pub fn get_import_by_name(
    &self,
    offset: Offset
) -> Result<ImageImportByName<'_>, Error>

Get an ImageImportByName object at the given offset. See the documentation of ImageImportByName for an explanation of why this is needed.

pub fn read(&self, offset: Offset, size: usize) -> Result<&[u8], Error>

Read arbitrary data from the buffer.

pub fn read_mut(
    &mut self,
    offset: Offset,
    size: usize
) -> Result<&mut [u8], Error>

Read mutable arbitrary data from the buffer.

pub fn write(&mut self, offset: Offset, data: &[u8]) -> Result<usize, Error>

Write arbitrary data to the buffer.

pub fn write_ref<T>(&mut self, offset: Offset, data: &T) -> Result<usize, Error>

Write a referenced object to the buffer.

Trait Implementations

impl Clone for Buffer

fn clone(&self) -> Buffer

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Buffer

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq<Buffer> for Buffer

fn eq(&self, other: &Buffer) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Buffer) -> bool

This method tests for !=.

impl Eq for Buffer

impl StructuralEq for Buffer

impl StructuralPartialEq for Buffer