Struct malwaredb_types::exec::pef::Pef

pub struct Pef<'a> {
    pub arch: Architecture,
    pub ordering: Ordering,
    pub os: OperatingSystem,
    pub sections: Option<Vec<Section<'a>>>,
    pub timestamp: u32,
    pub contents: &'a [u8],
}

The struct for Preferred Executables.

This was the binary format for “Classic” Mac OS, and BeOS on PowerPC. Some of the data is only on the “resource fork”, which is not available on modern systems, so we can’t the entire file. :(

Fields

arch: Architecture

Instruction set architecture for this binary

ordering: Ordering

Byte ordering for this binary

os: OperatingSystem

Operating System for this binary, likely Classic Mac OS

sections: Option<Vec<Section<'a>>>

Sections of this binary

timestamp: u32

Seconds since 1 January 1904

contents: &'a [u8]

The array containing the raw bytes used to parse this program

Implementations

impl<'a> Pef<'a>

pub fn from(contents: &'a [u8]) -> Result<Self>

Parsed PEF from a sequence of bytes

pub fn compiled_date(&self) -> DateTime<Utc>

Compiled timestamp as UTC

Trait Implementations

impl<'a> Clone for Pef<'a>

fn clone(&self) -> Pef<'a>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a> Debug for Pef<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> Display for Pef<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> ExecutableFile for Pef<'a>

fn architecture(&self) -> Architecture

Get the architecture type

fn pointer_size(&self) -> usize

Get the pointer size, 32- or 64-bit

fn operating_system(&self) -> OperatingSystem

Get the operating system type for a binary

fn compiled_timestamp(&self) -> Option<DateTime<Utc>>

Get the compilation timestamp, if available

fn num_sections(&self) -> u32

Number of sections for a binary

fn sections(&self) -> Option<&Vec<Section<'_>>>

Vec of sections for the binary

fn import_hash(&self) -> Option<String>

Import hash of the binary

fn fuzzy_imports(&self) -> Option<String>

SSDeep fuzzy hash of the binary

impl<'a> PartialEq for Pef<'a>

fn eq(&self, other: &Pef<'a>) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<'a> SpecimenFile for Pef<'a>

const MAGIC: &'static [&'static [u8]] = _

Magic number, the bytes at the beginning of the file, which identify the file format Some file types have more than one possible magic number

fn type_name(&self) -> &'static str

Common name for a specific file type

impl<'a> StructuralPartialEq for Pef<'a>