peview

A minimal and fast zero-copy parser for the PE32+ file format.

Goal

This project aims to offer a more light weight and easier to use alternative to fully featured binary parsing libraries when it comes to parsing the PE32+ file format. It does so by:

• Taking a zero-copy approach. Everything is a reference to the original data
• Parsing on demand. Basic parsing is done at the beginning, the rest is opt-in
• Not focusing on endianness. The parsed buffer is assumed to be in LE
• Strongly validating native structures according to the official specification
• Having no external dependencies on top of being a no-std library

Usage

Example of printing the RVA's and names of imported symbols:

```rust use peview::{dir::Import, file::PeView}; use std::{error::Error, fs::File, io::Read};

fn main() -> Result<(), Box> { // Read file into buffer and parse it let mut buf = Vec::new(); File::open("etc/exe/ntoskrnl.exe")?.readtoend(&mut buf)?; let pe = PeView::parse(&buf)?;

// Iterate over modules in the import table
for m in pe.imports()? {
    // Print the current modules name
    let module = m?;
    println!("{}", module.name()?);

    // Iterate over symbols within the module
    for i in module {
        // Check if the symbol is imported by name
        if let Import::Name(h, n) = i? {
            // Print out both the hint and its name
            println!("> {:#04x}: {}", h, n);
        }
    }
}

Ok(())

} ``` More usage examples can be found here.

Installation

Add the following line to your Cargo.toml file:

```toml [dependencies]

...

peview = "0.2.3" ```

License

MIT