README
¶
pefile
Small library and tool to list and extract resources from Portable Executable (PE) files.
Installing the tool
go get -u github.com/folbricht/pefile/cmd/pe
Running the tool
List available resources in the file:
# pe list-resources /path/to/file.exe
3/1/1033
3/2/1033
5/105/1033
5/106/1033
10/SOMERESOURCE/1033
14/103/1033
Extract a single resource to STDOUT:
# pe extract-resource /path/to/file.exe 10/SOMERESOURCE/1033
Extract a single resource to a file:
# pe extract-resource /path/to/file.exe 10/SOMERESOURCE/1033 /tmp/someresource.bin
Extract all resources to a directory, preserving the directory layout from the PE file.
# pe extract-resources /path/to/file.exe /tmp/resources
Using the library
f, err := pefile.Open("/path/to/file.exe")
if err != nil {
return err
}
defer f.Close()
resources, err := f.GetResources()
if err != nil {
return err
}
for _, r := range resources {
fmt.Println("Name:", r.Name, ", Size:", len(r.Data))
}
References
- Godoc - https://godoc.org/github.com/folbricht/pefile
- Peering Inside the PE: A Tour of the Win32 Portable Executable File Format - https://msdn.microsoft.com/en-us/library/ms809762.aspx
- PE Format - https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format
- Go PE library - https://golang.org/pkg/debug/pe/
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func UTF16ToString ¶
UTF16ToString converts a UTF16-LE byte slice into a string
Types ¶
type File ¶
File represents a PE file. It wraps a pe.File to provide access to more headers and elements.
func (*File) GetResources ¶
GetResources returns a list of resources
type Resource ¶
Resource holds the full name and data of a data entry in a resource directory structure. The name represents all 3 parts of the tree, separated by /, <type>/<name>/<language> with For example: "3/1/1033" for a resources with ID names, or "10/SOMERES/1033" for a named resource in language 1033.
Source Files
Directories