15 releases
0.5.6 | Jan 10, 2023 |
---|---|
0.5.5 | Oct 12, 2022 |
0.5.4 | Apr 27, 2022 |
0.5.1 | Mar 29, 2022 |
0.4.0 | Jul 28, 2021 |
#101 in Windows APIs
666 downloads per month
Used in 10 crates
(8 directly)
305KB
6K
SLoC
exe-rs
exe-rs
is a Portable Executable (PE) parsing library tested on multiple kinds of malformed PE executables, including the Corkami corpus and various forms of malware! It's a library built with creation in mind as well as parsing, attempting to make tasks related to PE files as smooth and flawless as possible.
You can read the documentation here, and see various use examples in the test file. The changelog between various versions is available here.
Windows-specific features (such as loading a given PE file for execution) can be configured by enabling the win32
feature of the crate.
lib.rs
:
exe-rs is a library for handling PE files, whether it be building them or analyzing them!
Getting started is easy:
use exe::pe::{PE, VecPE};
use exe::types::{ImportDirectory, ImportData, CCharString};
let image = VecPE::from_disk_file("test/compiled.exe").unwrap();
let import_directory = ImportDirectory::parse(&image).unwrap();
for descriptor in import_directory.descriptors {
println!("Module: {}", descriptor.get_name(&image).unwrap().as_str().unwrap());
println!("Imports:");
for import in descriptor.get_imports(&image).unwrap() {
match import {
ImportData::Ordinal(x) => println!(" #{}", x),
ImportData::ImportByName(s) => println!(" {}", s)
}
}
}
Standard PE headers and other types can be found in the headers module, while
helper types can be found in the types module. Low-level functionality for handling
PE data, such as collecting pointers and managing pointers as well as pulling out data, is
handled by the pkbuffer module and the Buffer
trait.
Further usage examples can be found in the test file.
Dependencies
~3.5–9MB
~90K SLoC