PE#
- class cle.backends.PE[source]#
Bases:
BackendRepresentation of a PE (i.e. Windows) binary.
- is_default = True#
- __init__(*args, **kwargs)[source]#
- Parameters:
binary – The path to the binary to load
binary_stream – The open stream to this binary. The reference to this will be held until you call close.
is_main_bin – Whether this binary should be loaded as the main executable
- static is_compatible(stream)[source]#
Determine quickly whether this backend can load an object from this stream
- classmethod check_magic_compatibility(stream)[source]#
Check if a stream of bytes contains the same magic number as the main object
- classmethod check_compatibility(spec, obj)[source]#
Performs a minimal static load of
specand returns whether it’s compatible with other_obj
- get_symbol(name)[source]#
Look up the symbol with the given name. Symbols can be looked up by ordinal with the name
"ordinal.%d" % num
- imports: typing.Dict[str, 'Relocation']#
- relocs: List[Relocation]#
- child_objects: List['Backend']#
- exception_handlings: List[ExceptionHandling]#
- function_hints: List[FunctionHint]#
- memory: Clemory#
- cached_content: Optional[bytes]#
- class cle.backends.pe.regions.PESection[source]#
Bases:
SectionRepresents a section for the PE format.
- property is_readable#
Whether this section has read permissions
- property is_writable#
Whether this section has write permissions
- property is_executable#
Whether this section has execute permissions
- property only_contains_uninitialized_data#
Whether this section is initialized to zero after the executable is loaded.
- class cle.backends.pe.symbol.WinSymbol[source]#
Bases:
SymbolRepresents a symbol for the PE format.
- __init__(owner, name, addr, is_import, is_export, ordinal_number, forwarder)[source]#
Not documenting this since if you try calling it, you’re wrong.
- resolve_forwarder()[source]#
If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found
- owner: Backend#