peview
A minimal and fast zero-copy parser for the PE32+ file format.
Goal
This project aims to offer a more light weight and easier to use alternative to fully featured binary parsing libraries when it comes to parsing the PE32+ file format. It does so by:
- Taking a zero-copy approach. Everything is a reference to the original data
- Parsing on demand. Basic parsing is done at the beginning, the rest is opt-in
- Not focusing on endianness. The parsed buffer is assumed to be in LE
- Strongly validating native structures according to the official specification
- Having no external dependencies on top of being a
no-stdlibrary
Usage
Example of printing the RVA's and names of imported symbols:
use peview::{dir::Import, file::PeView};
use std::{error::Error, fs::File, io::Read};
fn main() -> Result<(), Box<dyn Error>> {
// Read file into buffer and parse it
let mut buf = Vec::new();
File::open("etc/ntoskrnl.exe")?.read_to_end(&mut buf)?;
let pe = PeView::parse(&buf)?;
// Iterate over modules in the import table
for m in pe.imports()? {
// Print the current modules name
let module = m?;
println!("{}", module.name()?);
// Iterate over symbols within the module
for i in module {
// Check if the symbol is imported by name
if let Import::Name(h, n) = i? {
// Print out both the hint and its name
println!("> {:#04x}: {}", h, n);
}
}
}
Ok(())
}
More usage examples can be found here.
Installation
Add the following line to your Cargo.toml file:
[dependencies]
# ...
peview = "0.2.0"
429 Dec 28, 2022
2 Mar 21, 2022
4 Jan 4, 2023
3 Mar 15, 2024
20 Aug 17, 2022
11 Dec 7, 2022
2 Dec 18, 2022
4 Jul 5, 2022
6 Dec 25, 2022
97 Jun 26, 2023
8 Dec 29, 2022
9 Feb 28, 2023
3 Nov 1, 2022
2 Jan 14, 2022
44 Dec 27, 2022
2.8k Dec 31, 2022
43 Dec 10, 2022
2 Jul 13, 2023
1 Feb 4, 2022