PE

class cle.backends.PE[source]

Bases: Backend

Representation of a PE (i.e. Windows) binary.

is_default = True
__init__(*args, **kwargs)[source]
Parameters:
  • binary – The path to the binary to load

  • binary_stream – The open stream to this binary. The reference to this will be held until you call close.

  • is_main_bin – Whether this binary should be loaded as the main executable

static is_compatible(stream)[source]

Determine quickly whether this backend can load an object from this stream

classmethod check_magic_compatibility(stream)[source]

Check if a stream of bytes contains the same magic number as the main object

classmethod check_compatibility(spec, obj)[source]

Performs a minimal static load of spec and returns whether it’s compatible with other_obj

close()[source]
get_symbol(name)[source]

Look up the symbol with the given name. Symbols can be looked up by ordinal with the name "ordinal.%d" % num

class cle.backends.pe.regions.PESection[source]

Bases: Section

Represents a section for the PE format.

__init__(pe_section, remap_offset=0)[source]
Parameters:
  • name (str) – The name of the section

  • offset (int) – The offset into the binary file this section begins

  • vaddr (int) – The address in virtual memory this section begins

  • size (int) – How large this section is

property is_readable

Whether this section has read permissions

property is_writable

Whether this section has write permissions

property is_executable

Whether this section has execute permissions

property only_contains_uninitialized_data

Whether this section is initialized to zero after the executable is loaded.

class cle.backends.pe.symbol.WinSymbol[source]

Bases: Symbol

Represents a symbol for the PE format.

__init__(owner, name, addr, is_import, is_export, ordinal_number, forwarder)[source]

Not documenting this since if you try calling it, you’re wrong.

resolve_forwarder()[source]

If this symbol is a forwarding export, return the symbol the forwarding refers to, or None if it cannot be found