exe-rs

exe-rs is a Portable Executable (PE) parsing library tested on multiple kinds of malformed PE executables, including the Corkami corpus and various forms of malware! It's a library built with creation in mind as well as parsing, attempting to make tasks related to PE files as smooth and flawless as possible.

You can read the documentation here, and see various use examples in the test file. The changelog between various versions is available here.

Windows-specific features (such as loading a given PE file for execution) can be configured by enabling the win32 feature of the crate.

lib.rs:

exe-rs is a library for handling PE files, whether it be building them or analyzing them!

Getting started is easy:

use exe::pe::{PE, VecPE};
use exe::types::{ImportDirectory, ImportData, CCharString};

let image = VecPE::from_disk_file("test/compiled.exe").unwrap();
let import_directory = ImportDirectory::parse(&image).unwrap();

for descriptor in import_directory.descriptors {
   println!("Module: {}", descriptor.get_name(&image).unwrap().as_str().unwrap());
   println!("Imports:");

   for import in descriptor.get_imports(&image).unwrap() {
      match import {
         ImportData::Ordinal(x) => println!("   #{}", x),
         ImportData::ImportByName(s) => println!("   {}", s)
      }
   }
}

Standard PE headers and other types can be found in the headers module, while helper types can be found in the types module. Low-level functionality for handling PE data, such as collecting pointers and managing pointers as well as pulling out data, is handled by the pkbuffer module and the Buffer trait. Further usage examples can be found in the test file.