pub struct Pe { /* private fields */ }Expand description
These fields contain Windows Portable Executable (PE) metadata.
Implementations§
Source§impl Pe
impl Pe
Sourcepub fn get_original_file_name(&self) -> Option<&String>
pub fn get_original_file_name(&self) -> Option<&String>
Internal name of the file, provided at compile-time.
Sourcepub fn set_original_file_name(&mut self, original_file_name_arg: String)
pub fn set_original_file_name(&mut self, original_file_name_arg: String)
Sourcepub fn get_file_version(&self) -> Option<&String>
pub fn get_file_version(&self) -> Option<&String>
Internal version of the file, provided at compile-time.
Sourcepub fn set_file_version(&mut self, file_version_arg: String)
pub fn set_file_version(&mut self, file_version_arg: String)
Sourcepub fn get_description(&self) -> Option<&String>
pub fn get_description(&self) -> Option<&String>
Internal description of the file, provided at compile-time.
Sourcepub fn set_description(&mut self, description_arg: String)
pub fn set_description(&mut self, description_arg: String)
Sourcepub fn get_product(&self) -> Option<&String>
pub fn get_product(&self) -> Option<&String>
Internal product name of the file, provided at compile-time.
Sourcepub fn set_product(&mut self, product_arg: String)
pub fn set_product(&mut self, product_arg: String)
Internal product name of the file, provided at compile-time.
§Example
Microsoft® Windows® Operating System
Sourcepub fn get_company(&self) -> Option<&String>
pub fn get_company(&self) -> Option<&String>
Internal company name of the file, provided at compile-time.
Sourcepub fn set_company(&mut self, company_arg: String)
pub fn set_company(&mut self, company_arg: String)
Sourcepub fn get_imphash(&self) -> Option<&String>
pub fn get_imphash(&self) -> Option<&String>
A hash of the imports in a PE file. An imphash – or import hash – can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.
Sourcepub fn set_imphash(&mut self, imphash_arg: String)
pub fn set_imphash(&mut self, imphash_arg: String)
A hash of the imports in a PE file. An imphash – or import hash – can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html.
§Example
0c6803c4e922103c4dca5963aad36ddf
Sourcepub fn get_architecture(&self) -> Option<&String>
pub fn get_architecture(&self) -> Option<&String>
CPU architecture target for the file.
Sourcepub fn set_architecture(&mut self, architecture_arg: String)
pub fn set_architecture(&mut self, architecture_arg: String)
Sourcepub fn get_go_import_hash(&self) -> Option<&String>
pub fn get_go_import_hash(&self) -> Option<&String>
A hash of the Go language imports in a PE file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
The algorithm used to calculate the Go symbol hash and a reference implementation are available here.
Sourcepub fn set_go_import_hash(&mut self, go_import_hash_arg: String)
pub fn set_go_import_hash(&mut self, go_import_hash_arg: String)
A hash of the Go language imports in a PE file excluding standard library imports. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
The algorithm used to calculate the Go symbol hash and a reference implementation are available here.
§Example
10bddcb4cee42080f76c88d9ff964491
Sourcepub fn get_go_imports(&self) -> Option<&String>
pub fn get_go_imports(&self) -> Option<&String>
List of imported Go language element names and types.
Sourcepub fn set_go_imports(&mut self, go_imports_arg: String)
pub fn set_go_imports(&mut self, go_imports_arg: String)
List of imported Go language element names and types.
Sourcepub fn get_go_imports_names_entropy(&self) -> Option<&u64>
pub fn get_go_imports_names_entropy(&self) -> Option<&u64>
Shannon entropy calculation from the list of Go imports.
Sourcepub fn set_go_imports_names_entropy(
&mut self,
go_imports_names_entropy_arg: u64,
)
pub fn set_go_imports_names_entropy( &mut self, go_imports_names_entropy_arg: u64, )
Shannon entropy calculation from the list of Go imports.
Sourcepub fn get_go_imports_names_var_entropy(&self) -> Option<&u64>
pub fn get_go_imports_names_var_entropy(&self) -> Option<&u64>
Variance for Shannon entropy calculation from the list of Go imports.
Sourcepub fn set_go_imports_names_var_entropy(
&mut self,
go_imports_names_var_entropy_arg: u64,
)
pub fn set_go_imports_names_var_entropy( &mut self, go_imports_names_var_entropy_arg: u64, )
Variance for Shannon entropy calculation from the list of Go imports.
Sourcepub fn get_go_stripped(&self) -> Option<&bool>
pub fn get_go_stripped(&self) -> Option<&bool>
Set to true if the file is a Go executable that has had its symbols stripped or obfuscated and false if an unobfuscated Go executable.
Sourcepub fn set_go_stripped(&mut self, go_stripped_arg: bool)
pub fn set_go_stripped(&mut self, go_stripped_arg: bool)
Set to true if the file is a Go executable that has had its symbols stripped or obfuscated and false if an unobfuscated Go executable.
Sourcepub fn get_import_hash(&self) -> Option<&String>
pub fn get_import_hash(&self) -> Option<&String>
A hash of the imports in a PE file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
This is a synonym for imphash.
Sourcepub fn set_import_hash(&mut self, import_hash_arg: String)
pub fn set_import_hash(&mut self, import_hash_arg: String)
A hash of the imports in a PE file. An import hash can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values.
This is a synonym for imphash.
§Example
d41d8cd98f00b204e9800998ecf8427e
Sourcepub fn get_imports(&self) -> &Vec<String>
pub fn get_imports(&self) -> &Vec<String>
List of imported element names and types.
Sourcepub fn add_import(&mut self, import_arg: String)
pub fn add_import(&mut self, import_arg: String)
List of imported element names and types.
Sourcepub fn get_imports_names_entropy(&self) -> Option<&u64>
pub fn get_imports_names_entropy(&self) -> Option<&u64>
Shannon entropy calculation from the list of imported element names and types.
Sourcepub fn set_imports_names_entropy(&mut self, imports_names_entropy_arg: u64)
pub fn set_imports_names_entropy(&mut self, imports_names_entropy_arg: u64)
Shannon entropy calculation from the list of imported element names and types.
Sourcepub fn get_imports_names_var_entropy(&self) -> Option<&u64>
pub fn get_imports_names_var_entropy(&self) -> Option<&u64>
Variance for Shannon entropy calculation from the list of imported element names and types.
Sourcepub fn set_imports_names_var_entropy(
&mut self,
imports_names_var_entropy_arg: u64,
)
pub fn set_imports_names_var_entropy( &mut self, imports_names_var_entropy_arg: u64, )
Variance for Shannon entropy calculation from the list of imported element names and types.
Sourcepub fn get_pehash(&self) -> Option<&String>
pub fn get_pehash(&self) -> Option<&String>
A hash of the PE header and data from one or more PE sections. An pehash can be used to cluster files by transforming structural information about a file into a hash value.
Learn more at https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.html.
Sourcepub fn set_pehash(&mut self, pehash_arg: String)
pub fn set_pehash(&mut self, pehash_arg: String)
A hash of the PE header and data from one or more PE sections. An pehash can be used to cluster files by transforming structural information about a file into a hash value.
Learn more at https://www.usenix.org/legacy/events/leet09/tech/full_papers/wicherski/wicherski_html/index.html.
§Example
73ff189b63cd6be375a7ff25179a38d347651975
Sourcepub fn get_sections(&self) -> &Vec<String>
pub fn get_sections(&self) -> &Vec<String>
An array containing an object for each section of the PE file.
The keys that should be present in these objects are defined by sub-fields underneath pe.sections.*.
Sourcepub fn add_section(&mut self, section_arg: String)
pub fn add_section(&mut self, section_arg: String)
An array containing an object for each section of the PE file.
The keys that should be present in these objects are defined by sub-fields underneath pe.sections.*.
Sourcepub fn get_sections_entropy(&self) -> Option<&u64>
pub fn get_sections_entropy(&self) -> Option<&u64>
Shannon entropy calculation from the section.
Sourcepub fn set_sections_entropy(&mut self, sections_entropy_arg: u64)
pub fn set_sections_entropy(&mut self, sections_entropy_arg: u64)
Shannon entropy calculation from the section.
Sourcepub fn get_sections_name(&self) -> Option<&String>
pub fn get_sections_name(&self) -> Option<&String>
PE Section List name.
Sourcepub fn set_sections_name(&mut self, sections_name_arg: String)
pub fn set_sections_name(&mut self, sections_name_arg: String)
PE Section List name.
Sourcepub fn get_sections_physical_size(&self) -> Option<&u64>
pub fn get_sections_physical_size(&self) -> Option<&u64>
PE Section List physical size.
Sourcepub fn set_sections_physical_size(&mut self, sections_physical_size_arg: u64)
pub fn set_sections_physical_size(&mut self, sections_physical_size_arg: u64)
PE Section List physical size.
Sourcepub fn get_sections_var_entropy(&self) -> Option<&u64>
pub fn get_sections_var_entropy(&self) -> Option<&u64>
Variance for Shannon entropy calculation from the section.
Sourcepub fn set_sections_var_entropy(&mut self, sections_var_entropy_arg: u64)
pub fn set_sections_var_entropy(&mut self, sections_var_entropy_arg: u64)
Variance for Shannon entropy calculation from the section.
Sourcepub fn get_sections_virtual_size(&self) -> Option<&u64>
pub fn get_sections_virtual_size(&self) -> Option<&u64>
PE Section List virtual size. This is always the same as physical_size.
Sourcepub fn set_sections_virtual_size(&mut self, sections_virtual_size_arg: u64)
pub fn set_sections_virtual_size(&mut self, sections_virtual_size_arg: u64)
PE Section List virtual size. This is always the same as physical_size.