5 releases
0.2.3 | May 30, 2023 |
---|---|
0.2.1 | Dec 25, 2022 |
0.2.0 | Dec 25, 2022 |
0.1.1 | Dec 5, 2022 |
0.1.0 | Dec 5, 2022 |
#2121 in Parser implementations
41 downloads per month
11MB
1K
SLoC
Contains (DOS exe, 11MB) etc/exe/ntoskrnl.exe
peview
A minimal and fast zero-copy parser for the PE32+ file format.
Goal
This project aims to offer a more light weight and easier to use alternative to fully featured binary parsing libraries when it comes to parsing the PE32+ file format. It does so by:
- Taking a zero-copy approach. Everything is a reference to the original data
- Parsing on demand. Basic parsing is done at the beginning, the rest is opt-in
- Not focusing on endianness. The parsed buffer is assumed to be in LE
- Strongly validating native structures according to the official specification
- Having no external dependencies on top of being a
no-std
library
Usage
Example of printing the RVA's and names of imported symbols:
use peview::{dir::Import, file::PeView};
use std::{error::Error, fs::File, io::Read};
fn main() -> Result<(), Box<dyn Error>> {
// Read file into buffer and parse it
let mut buf = Vec::new();
File::open("etc/exe/ntoskrnl.exe")?.read_to_end(&mut buf)?;
let pe = PeView::parse(&buf)?;
// Iterate over modules in the import table
for m in pe.imports()? {
// Print the current modules name
let module = m?;
println!("{}", module.name()?);
// Iterate over symbols within the module
for i in module {
// Check if the symbol is imported by name
if let Import::Name(h, n) = i? {
// Print out both the hint and its name
println!("> {:#04x}: {}", h, n);
}
}
}
Ok(())
}
More usage examples can be found here.
Installation
Add the following line to your Cargo.toml file:
[dependencies]
# ...
peview = "0.2.3"