/
triage_pe.go
58 lines (46 loc) · 1.38 KB
/
triage_pe.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package bt
import (
"log"
"github.com/Binject/debug/pe"
)
// PeBinTriage - get more info on a PE binary
func PeBinTriage(sourceFile string) error {
peFile, err := pe.Open(sourceFile)
if err != nil {
return err
}
// Header deets
log.Println(cyan.Printf("DosHeader: %+v", peFile.DosHeader))
log.Println(blue.Printf("Rich Hdeader: %+v", peFile.RichHeader))
log.Println(cyan.Printf("Pe Header: %+v", peFile.FileHeader))
log.Println(blue.Printf("Optional Header: %+v", peFile.OptionalHeader))
for _, section := range peFile.Sections {
log.Println(cyan.Printf("Section details: %+v", section))
}
for _, symbol := range peFile.Symbols {
log.Println(blue.Printf("Symbol details: %+v", symbol))
}
libraries, err := peFile.ImportedLibraries()
if err != nil {
log.Fatal(err)
}
for _, ilib := range libraries {
log.Println(cyan.Printf("Imported lib details: %+v", ilib))
}
impSymbs, err := peFile.ImportedSymbols()
if err != nil {
log.Fatal(err)
}
for _, isymb := range impSymbs {
log.Println(blue.Printf("Imported symbol details: %+v", isymb))
}
// COFFSymbols
log.Println(cyan.Printf("Coff symbols: %+v", peFile.COFFSymbols))
// String Table
//log.Println(blue.Printf("String Table: %+v", peFile.StringTable))
// the certificate table
//if peFile.CertificateTable != nil {
// log.Println(cyan.Printf("Cert Table: %+v", peFile.CertificateTable))
//}
return nil
}