Crate exe

Expand description

exe-rs is a library for handling PE files, whether it be building them or analyzing them!

Getting started is easy:

use exe::pe::{PE, VecPE};
use exe::types::{ImportDirectory, ImportData, CCharString};

let image = VecPE::from_disk_file("test/compiled.exe").unwrap();
let import_directory = ImportDirectory::parse(&image).unwrap();

for descriptor in import_directory.descriptors {
   println!("Module: {}", descriptor.get_name(&image).unwrap().as_str().unwrap());
   println!("Imports:");

   for import in descriptor.get_imports(&image).unwrap() {
      match import {
         ImportData::Ordinal(x) => println!("   #{}", x),
         ImportData::ImportByName(s) => println!("   {}", s)
      }
   }
}

Standard PE headers and other types can be found in the headers module, while helper types can be found in the types module. Low-level functionality for handling PE data, such as collecting pointers and managing pointers as well as pulling out data, is handled by the pkbuffer module and the Buffer trait. Further usage examples can be found in the test file.

Re-exports§

pub use crate::headers::*;
pub use crate::imphash::*;
pub use crate::pe::*;
pub use crate::types::*;
pub use crate::valloc::*;

Modules§

headers: This module contains all the headers necessary to parse various aspects of a PE file.
imphash: This module only exports a single function. It’s used to contain metadata used to perform the imphash algorithm.
pe: This module contains the primary traits and types by which PE structures are derived.
types: This module contains Rust types to help with the parsing of PE files.
valloc: For Windows only. This module contains everything needed to interact with VirtualAlloc and related functions.

Enums§

Error: Errors produced by the library.

Traits§

Entropy: Syntactic sugar to calculate entropy on a given object.
HashData: Syntactic sugar for producing various hashes of data. Typically applied to [u8] slices.

Functions§