PortableExecutable Class Reference

#include <PanoptesPE.h>

Classes
struct	PEScanData
	The data that is sent to the Panoptes Service. More...

Public Member Functions
	PortableExecutable (std::string PortableExecutablePath)
	Constructor for the PortableExecutable class.
std::vector< std::string >	GetImports ()
	Get the imports from the portable executable.
std::vector< std::pair< std::string, double > >	GetSections ()
	Get the sections from the portable executable.
bool	CheckIfSigned ()
	Check if the portable executable is signed.

Detailed Description

Definition at line 8 of file PanoptesPE.h.

Constructor & Destructor Documentation

PortableExecutable()

PortableExecutable::PortableExecutable

(

std::string

PortableExecutablePath

)

Constructor for the PortableExecutable class.

Parameters

PortableExecutablePath

The path to the portable executable to scan

Definition at line 12 of file pe-scan.cpp.

{
    binary = Parser::parse(PortableExecutablePath);
    return;
}

References binary.

Member Function Documentation

CheckIfSigned()

bool PortableExecutable::CheckIfSigned

(

)

Check if the portable executable is signed.

Returns

True if the portable executable is signed, false otherwise

Definition at line 65 of file pe-scan.cpp.

{
    if (binary == NULL) {
        throw std::runtime_error("Not a PE");
    }
 
    if (!binary->has_signatures())
        return false;
 
    Signature::VERIFICATION_FLAGS sigCheck = binary->verify_signature();
    if (sigCheck == Signature::VERIFICATION_FLAGS::OK)
        return true;
 
    return false;
}

References binary.

Referenced by PanoEntry(), and PE::TEST().

GetImports()

std::vector< std::string > PortableExecutable::GetImports

(

)

Get the imports from the portable executable.

Returns

A vector of strings containing the imports

Definition at line 20 of file pe-scan.cpp.

{
    std::vector<std::string> results;
    if (binary == NULL) {
        throw std::runtime_error("Not a PE");
    }
 
    if (binary->imports().size() > 0) {
        auto it_imports = binary->imports();
        for (LIEF::PE::Import import : it_imports)
        {
            std::string moduleName = import.name();
            for (auto entry : import.entries())
            {
                std::string entryName = entry.name();
                std::string entryJoined = moduleName + "!" + entryName;
                results.push_back(entryJoined);
            }
        }
    }
    return results;
}

References binary.

Referenced by PanoEntry(), and PE::TEST().

GetSections()

std::vector< std::pair< std::string, double > > PortableExecutable::GetSections

(

)

Get the sections from the portable executable.

Returns

A vector of pairs containing the section name and entropy

Definition at line 45 of file pe-scan.cpp.

{
    std::vector<std::pair<std::string, double>> results;
    if (binary == NULL) {
        throw std::runtime_error("Not a PE");
    }
 
    if (binary->sections().size() > 0) {
        for (LIEF::PE::Section section : binary->sections())
        {
            std::string sectionName = section.name();
            double sectionEntropy = section.entropy();
            results.push_back(std::make_pair(sectionName, sectionEntropy));
        }
    }
    return results;
}

References binary.

Referenced by PanoEntry(), and PE::TEST().

---

The documentation for this class was generated from the following files:

• /home/runner/work/Panoptes/Panoptes/src/extensibility/PanoptesPE/include/PanoptesPE.h
• /home/runner/work/Panoptes/Panoptes/src/extensibility/PanoptesPE/src/pe-scan.cpp