Optimized routines for parsing certain parts of the PE header, optimized for use in the Reloaded3 libraries & runtime.
Aimed at minimizing code size down to the absolute minimum. You can learn more about this project in the dedicated documentation page.
This package provides the following utility functions:
get_import_dll_names- Extracts the names of DLLs that a PE file imports.parse_pe_sections- Retrieves the names of sections defined within the PE file.
To extract the names of DLLs that a PE file imports, use the get_import_dll_names function.
This function requires a pointer to the start of the PE file in memory, flags to indicate whether the PE file is mapped into memory already and whether to force interpretation as PE32 or PE64 format.
// Assuming `pe_bytes` is a byte slice containing your PE file data
let pe_start = pe_bytes.as_ptr() as *const c_void;
let is_mapped = false; // Set to true if the PE file is already mapped into memory
let force_pe64 = false;// Force PE64 format
let force_pe32 = false;// Force PE32 format
let imported_dll_names = unsafe {
get_import_dll_names(pe_start, is_mapped, force_pe64, force_pe32)
};
println!("Imported DLLs: {:?}", imported_dll_names);To get the names of sections within the PE file, use the get_section_names function.
Similar to get_import_dll_names, this function requires a pointer to the start of the PE file
and flags for PE format interpretation.
let section_names = unsafe {
get_section_names(pe_start, force_pe64, force_pe32)
};
println!("Section Names: {:?}", section_names);The force_pe64 and force_pe32 flags are used to force the parser to interpret the PE file as
a specific format. This is a compiler hint that can be used to say 'I will only ever deal with PE32'
files, etc. Saves a few instructions.
How to develop this project.
Clone this Repository:
# When cloning, make sure symlinks are enabled
git clone -c core.symlinks=true https://github.com/Sewer56/min-pe-parser.gitInstall Rust:
- Install the Rust Toolchain.Setup IDE
- This repository is fully with VSCode. Guidance below.
Code/VSCode is the de-facto Rust development environment.
The following extensions are required:
- rust-analyzer for Rust support.
- coverage-gutters for Coverage support.
- CodeLLDB for debugging.
- crates easier dependency management.
The VSCode configuration in Reloaded projects (.vscode) contain the following:
- Run Rust linter
clippyon Save. - Run code format
rustfmton Save. - Tasks for common operations (generate documentation, active CI/CD etc.).
These configurations are in the .vscode folder; and the tasks can be ran via Ctrl+Shift+P -> Run Task.
To run Coverage, run task (Ctrl+Shift+P -> Run Task), you should see:
| Task | Description |
|---|---|
| Cargo Watch Tarpaulin | Automatically runs tests and updates coverage on save. |
| Generate Code Coverage | Manually generate code coverage (cobertura.xml, tarpaulin-report.html) |
The tarpaulin-report.html file can be opened in VSCode (Show Preview) for a live view.
For GUI integration, run action Coverage Gutter: Watch (in Ctrl+Shift+P actions menu).
The following is the expected file layout for your project:
.vscode/
docs/
src/
Cargo.toml
mkdocs.yml
The docs folder, and mkdocs.yml contain MkDocs Material documentation for your project.
The src folder should contains all source code for your project.
Cargo.toml should be in the root of the project.
Make a tag, aptly named after the current version of the project. For instance, if you are publishing version 0.1.0, the tag should be 0.1.0. This will create a GitHub release for you automatically.
See CONTRIBUTING for guidance on how to contribute to this project.
Licensed under GPL v3 (with Reloaded FAQ).
Learn more about Reloaded's general choice of licensing for projects..