Documentation

API Reference

Pe

Description

Parsed PE file. Holds the raw bytes plus decoded indices. All three PeOpen* constructors leave the parser as the sole owner of data – see the L / R semantics on the FromMemory / FromMemoryCopy constructors (mirrors VecInsertL / VecInsertR).

Fields

Name	Description
`allocator`	Allocator for `data` and the sections vector.
`data`	Pointer to the raw PE bytes (owned).
`data_size`	Length of `data` in bytes.
`machine`	Decoded `IMAGE_FILE_HEADER.Machine`.
`is_pe32_plus`	True for PE32+ (64-bit). v1 supports both PE32 and PE32+ headers, but the address-bearing fields are widened to 64 bits even on PE32.
`image_base`	`OptionalHeader.ImageBase` – the runtime virtual address the loader places the image at when no relocation is required.
`size_of_image`	`OptionalHeader.SizeOfImage` – total in-memory size (helps bounds-check RVAs).
`sections`	All section headers, in original order.
`codeview`	CodeView debug record, if present.

Usage example (Cross-references)

Usage examples (Cross-references)

In Pe.c:11:

    
    #include <Misra.h>
    #include <Misra/Parsers/Pe.h>
    #include <Misra/Std/Zstr.h>
    #include <Misra/Std/Allocator/Default.h>

In Pe.c:161:

        build_pe_blob();
    
        Pe pe;
        bool   ok = PeOpenFromMemoryCopy(&pe, blob, sizeof(blob), base);
        if (!ok) {

In Pe.c:187:

    
        build_pe_blob();
        Pe pe;
        if (!PeOpenFromMemoryCopy(&pe, blob, sizeof(blob), base)) {
            DefaultAllocatorDeinit(&alloc);

In Pe.c:215:

        garbage[1] = 'X';
    
        Pe pe;
        bool   ok = !PeOpenFromMemoryCopy(&pe, garbage, sizeof(garbage), base);

In Pe.c:223:

    
    int main(void) {
        WriteFmt("[INFO] Starting Pe tests\n\n");
    
        TestFunction tests[] = {

In Pe.c:231:

        };
    
        return run_test_suite(tests, sizeof(tests) / sizeof(tests[0]), NULL, 0, "Pe");
    }

In PdbCache.c:69:

    //
    // On success populates `out_path` (an owned Str the caller frees).
    static bool find_pdb(const Pe *pe, const char *pe_path, Str *out_path) {
        if (!pe->codeview.present || !pe->codeview.pdb_path)
            return false;

In Pe.c:17:

    
    #include <Misra/Std/Container/Buf.h>
    #include <Misra/Parsers/Pe.h>
    
    // ---------------------------------------------------------------------------

In Pe.c:147:

    
    typedef struct PeContext {
        Pe     *out;
        BufIter file;      // bounds for the whole image
        u32     nt_offset; // offset of NT signature

In Pe.c:494:

    // MemSets the caller's view. Anything that fails past the snapshot
    // cleans up via PeDeinit -- the buffer never leaks.
    bool pe_open_from_memory(Pe *out, Buf *in) {
        if (!out || !in || !in->data || !in->allocator) {
            LOG_FATAL("PeOpenFromMemory: NULL argument (contract violation)");

In Pe.c:530:

    
    // R-value form: allocate Buf, copy, hand `&copy` to the L-form.
    bool pe_open_from_memory_copy(Pe *out, const u8 *data, size data_size, Allocator *alloc) {
        if (!out || !data || !alloc) {
            LOG_FATAL("PeOpenFromMemoryCopy: NULL argument (contract violation)");

In Pe.c:544:

    }
    
    bool pe_open(Pe *out, const char *path, Allocator *alloc) {
        if (!out || !path || !alloc) {
            LOG_FATAL("PeOpen: NULL argument (contract violation)");

In Pe.c:557:

    }
    
    void PeDeinit(Pe *self) {
        if (!self)
            return;

In Pe.c:565:

    }
    
    const PeSection *PeFindSection(const Pe *self, const char *name) {
        if (!self || !name)
            return NULL;

In Pe.c:576:

    }
    
    bool PeRvaToOffset(const Pe *self, u32 rva, u64 *out_offset) {
        if (!self || !out_offset)
            return false;

In PdbCache.h:27:

    
    #include <Misra/Parsers/Pdb.h>
    #include <Misra/Parsers/Pe.h>
    #include <Misra/Std/Allocator.h>
    #include <Misra/Std/Container/Vec.h>

In PdbCache.h:35:

        char   *module_path; // owned copy
        u64     module_base; // last-seen runtime load base
        Pe  pe;
        Pdb pdb;
        bool    pe_open;

In Pe.h:105:

        PeSections     sections;
        PeCodeViewInfo codeview;
    } Pe;
    
    ///

In Pe.h:120:

    /// TAGS: Parser, PE, File
    ///
    bool pe_open(Pe *out, const char *path, Allocator *alloc);
    #define PeOpen(...) MISRA_OVERLOAD(PeOpen, __VA_ARGS__)
    #define PeOpen_2(out, path)                                                                                            \

In Pe.h:155:

    /// TAGS: Parser, PE, Memory, Ownership
    ///
    bool pe_open_from_memory(Pe *out, Buf *in);
    #define PeOpenFromMemory(out, in) pe_open_from_memory((out), (in))

In Pe.h:170:

    /// TAGS: Parser, PE, Memory, Copy
    ///
    bool pe_open_from_memory_copy(Pe *out, const u8 *data, size data_size, Allocator *alloc);
    #define PeOpenFromMemoryCopy(...)                    MISRA_OVERLOAD(PeOpenFromMemoryCopy, __VA_ARGS__)
    #define PeOpenFromMemoryCopy_3(out, data, data_size) pe_open_from_memory_copy((out), (data), (data_size), MisraScope)

In Pe.h:181:

    /// tears down the sections vector. Safe on a zeroed struct.
    ///
    void PeDeinit(Pe *self);
    
    ///

In Pe.h:187:

    /// they're vanishingly rare).
    ///
    const PeSection *PeFindSection(const Pe *self, const char *name);
    
    ///

In Pe.h:201:

    /// TAGS: Parser, PE, Address
    ///
    bool PeRvaToOffset(const Pe *self, u32 rva, u64 *out_offset);
    
    #endif // MISRA_PARSERS_PE_H

Last updated on May 20, 2026

PdbResolveRva PeCodeViewInfo