Module lancelot::analysis::pe

Modules

call_targets

Search for functions by disassembling executable regions and finding call instructions.

control_flow_guard

Parse the PE Control Flow Guard function table. This table contains an entry for each function that may be invoked dynamically. When present, it tends to cover a large percentage of the functions in a module.

entrypoints

Parse the PE header for the entry point (if present).

exports

Parse the PE export table (if present) to find entries in find exports in executable sections.

noret_imports

patterns

pointers

Scan the file looking for pointer-sized values that fall within an executable section. Then, step backwards and ensure that the target looks like either:

runtime_functions

safeseh

Parse the PE SafeSEH table for references to valid exception handler functions.

Structs

Import

Thunk

Enums

Function

ImportedSymbol

Functions

find_function_starts

find_functions

find_thunks

get_imports