rpecli 0.1.9

Rust cli tool to display information about PE files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

use crate::{
    alert_format, alert_format_if, color_format_if,
    utils::{
        self,
        debug::DebugEntries,
        export::{pexp, Exports},
        import::{pimp, Imports},
        rich::RichTable,
        rich_headers::rich_utils::RichRecord,
        rsrc::Resources,
        sections::{Section, SectionTable},
        sig::PeAuthenticodes,
        tls::TLSCallbacks,
    },
    warn_format, warn_format_if,
};
use colored::Colorize;
use exe::VecPE;
use serde::{Deserialize, Serialize};
use std::io::stdout;
use std::io::Write;

#[derive(Serialize, Deserialize)]
struct FilesExport {
    pub filename: String,
    pub exports: Option<Exports>,
}

#[derive(Serialize, Deserialize)]
struct FilesImport {
    pub filename: String,
    pub imports: Option<Imports>,
}

#[derive(Serialize, Deserialize)]
struct FilesRich {
    pub filename: String,
    pub rich: RichTable,
}

#[derive(Serialize, Deserialize)]
struct FilesSection<'a> {
    pub filename: String,
    #[serde(borrow)]
    pub section: SectionTable<'a>,
}

#[derive(Serialize, Deserialize)]
struct FilesDebug {
    pub filename: String,
    pub dbg: DebugEntries,
}

#[derive(Serialize, Deserialize)]
struct FileDescription<'a> {
    pub filename: String,
    #[serde(borrow)]
    pub sections: Vec<Section<'a>>,
    pub rich: Option<Vec<RichRecord>>,
    pub sig: Option<PeAuthenticodes>,
    pub imports: Option<Imports>,
    pub exports: Option<Exports>,
    pub dbg: Option<DebugEntries>,
    pub rsrc: Option<Resources>,
    pub tls: Option<TLSCallbacks>,
}

pub fn test_cmd(pe_filepaths: &Vec<String>) {
    // let mut x: Vec<FilesExport> = vec![];

    for file in pe_filepaths {
        let Ok(image) = VecPE::from_disk_file(file) else {
            continue;
        };
        let rich_entries = RichTable::parse(&image).rich_entries;
        let file_desc = FileDescription {
            filename: file.to_string(),
            sections: Section::parse(&image).sections,
            rich: match rich_entries.len() {
                0 => None,
                sz => Some(rich_entries),
            },
            dbg: DebugEntries::parse(&image).ok(),
            sig: PeAuthenticodes::parse(&image).ok(),
            imports: pimp(&image),
            exports: pexp(&image),
            rsrc: match Resources::parse(&image).ok() {
                Some(r) => r,
                None => None,
            },
            tls: match TLSCallbacks::parse(&image).ok() {
                Some(t) => t,
                None => None,
            },
        };
        write!(stdout(), "{}\n", serde_json::to_string(&file_desc).unwrap());
    }
}