https://github.com/kedom1337/peview

A minimal and fast zero-copy parser for the PE32+ file format.
https://github.com/kedom1337/peview

no-std-alloc parser portable-executable rust

Last synced: 5 months ago
JSON representation

A minimal and fast zero-copy parser for the PE32+ file format.

Host: GitHub
URL: https://github.com/kedom1337/peview
Owner: kedom1337
License: mit
Created: 2022-12-04T19:25:53.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2023-05-30T11:36:58.000Z (over 2 years ago)
Last Synced: 2025-08-10T23:50:34.679Z (6 months ago)
Topics: no-std-alloc, parser, portable-executable, rust
Language: Rust
Homepage:
Size: 5.41 MB
Stars: 9
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

          # peview

A minimal and fast zero-copy parser for the PE32+ file format.

[![Build status](https://github.com/kedom1337/peview/workflows/ci/badge.svg)](https://github.com/kedom1337/peview/actions)

[![Docs.rs](https://img.shields.io/docsrs/peview)](https://docs.rs/peview/latest/peview)

[![Crates.io](https://img.shields.io/crates/v/peview.svg)](https://crates.io/crates/peview)

## Goal

This project aims to offer a more light weight and easier to use alternative to 

fully featured binary parsing libraries when it comes to parsing the PE32+ file format. It does so by:

- Taking a zero-copy approach. Everything is a reference to the original data

- Parsing on demand. Basic parsing is done at the beginning, the rest is opt-in

- Not focusing on endianness. The parsed buffer is assumed to be in LE

- Strongly validating native structures according to the [official specification](https://learn.microsoft.com/en-us/windows/win32/debug/pe-format)

- Having no external dependencies on top of being a `no-std` library

## Usage

Example of printing the RVA's and names of imported symbols:

```rust

use peview::{dir::Import, file::PeView};

use std::{error::Error, fs::File, io::Read};

fn main() -> Result<(), Box> {

    // Read file into buffer and parse it

    let mut buf = Vec::new();

    File::open("etc/exe/ntoskrnl.exe")?.read_to_end(&mut buf)?;

    let pe = PeView::parse(&buf)?;

    // Iterate over modules in the import table

    for m in pe.imports()? {

        // Print the current modules name

        let module = m?;

        println!("{}", module.name()?);

        // Iterate over symbols within the module

        for i in module {

            // Check if the symbol is imported by name

            if let Import::Name(h, n) = i? {

                // Print out both the hint and its name

                println!("> {:#04x}: {}", h, n);

            }

        }

    }

    Ok(())

}

```

More usage examples can be found [here](https://github.com/kedom1337/peview/blob/master/tests/integration.rs).

## Installation

Add the following line to your Cargo.toml file:

```toml

[dependencies]

# ...

peview = "0.2.3"

```

## License

[MIT](https://choosealicense.com/licenses/mit/)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/kedom1337/peview

Awesome Lists containing this project

README