github.com/vchain-us/vcn@v0.9.11-0.20210921212052-a2484d23c0b3/pkg/extractor/file/internal/sniff/pe.go (about) 1 /* 2 * Copyright (c) 2018-2020 vChain, Inc. All Rights Reserved. 3 * This software is released under GPL3. 4 * The full license information can be found under: 5 * https://www.gnu.org/licenses/gpl-3.0.en.html 6 * 7 */ 8 9 package sniff 10 11 import ( 12 "debug/pe" 13 "os" 14 ) 15 16 const Platform_PE = "Windows" 17 18 var machineTypes = map[uint16]string{ 19 pe.IMAGE_FILE_MACHINE_UNKNOWN: "UNKNOWN", 20 pe.IMAGE_FILE_MACHINE_AM33: "AM33", 21 pe.IMAGE_FILE_MACHINE_AMD64: "AMD64", 22 pe.IMAGE_FILE_MACHINE_ARM: "ARM", 23 pe.IMAGE_FILE_MACHINE_ARMNT: "ARMNT", 24 pe.IMAGE_FILE_MACHINE_ARM64: "ARM64", 25 pe.IMAGE_FILE_MACHINE_EBC: "EBC", 26 pe.IMAGE_FILE_MACHINE_I386: "I386", 27 pe.IMAGE_FILE_MACHINE_IA64: "IA64", 28 pe.IMAGE_FILE_MACHINE_M32R: "M32R", 29 pe.IMAGE_FILE_MACHINE_MIPS16: "MIPS16", 30 pe.IMAGE_FILE_MACHINE_MIPSFPU: "MIPSFPU", 31 pe.IMAGE_FILE_MACHINE_MIPSFPU16: "MIPSFPU16", 32 pe.IMAGE_FILE_MACHINE_POWERPC: "POWERPC", 33 pe.IMAGE_FILE_MACHINE_POWERPCFP: "POWERPCFP", 34 pe.IMAGE_FILE_MACHINE_R4000: "R4000", 35 pe.IMAGE_FILE_MACHINE_SH3: "SH3", 36 pe.IMAGE_FILE_MACHINE_SH3DSP: "SH3DSP", 37 pe.IMAGE_FILE_MACHINE_SH4: "SH4", 38 pe.IMAGE_FILE_MACHINE_SH5: "SH5", 39 pe.IMAGE_FILE_MACHINE_THUMB: "THUMB", 40 pe.IMAGE_FILE_MACHINE_WCEMIPSV2: "WCEMIPSV2", 41 } 42 43 func PE(file *os.File) (*Data, error) { 44 f, err := pe.NewFile(file) 45 if err != nil { 46 return nil, err 47 } 48 49 arch := machineTypes[f.FileHeader.Machine] 50 51 x64 := false 52 switch f.OptionalHeader.(type) { 53 case *pe.OptionalHeader64: 54 x64 = true 55 } 56 57 format := "PE32" 58 if x64 { 59 format += "+" 60 } 61 62 d := &Data{ 63 Format: format, 64 Platform: Platform_PE, 65 Arch: arch, 66 X64: x64, 67 // Timestamp: f.TimeDateStamp, 68 } 69 return d, nil 70 }