Initial commit
This commit is contained in:
commit
e053a2aef4
3 changed files with 169 additions and 0 deletions
21
CMakeLists.txt
Normal file
21
CMakeLists.txt
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# CMakeList.txt: проект CMake для pedump; включите исходный код и определения,
|
||||
# укажите здесь логику для конкретного проекта.
|
||||
#
|
||||
cmake_minimum_required (VERSION 3.8)
|
||||
|
||||
# Включение горячей перезагрузки для компиляторов MSVC, если поддерживается.
|
||||
if (POLICY CMP0141)
|
||||
cmake_policy(SET CMP0141 NEW)
|
||||
set(CMAKE_MSVC_DEBUG_INFORMATION_FORMAT "$<IF:$<AND:$<C_COMPILER_ID:MSVC>,$<CXX_COMPILER_ID:MSVC>>,$<$<CONFIG:Debug,RelWithDebInfo>:EditAndContinue>,$<$<CONFIG:Debug,RelWithDebInfo>:ProgramDatabase>>")
|
||||
endif()
|
||||
|
||||
project ("pedump")
|
||||
|
||||
# Добавьте источник в исполняемый файл этого проекта.
|
||||
add_executable (pedump "pedump.cpp" )
|
||||
|
||||
if (CMAKE_VERSION VERSION_GREATER 3.12)
|
||||
set_property(TARGET pedump PROPERTY CXX_STANDARD 20)
|
||||
endif()
|
||||
|
||||
# TODO: Добавьте тесты и целевые объекты, если это необходимо.
|
||||
61
CMakePresets.json
Normal file
61
CMakePresets.json
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
{
|
||||
"version": 3,
|
||||
"configurePresets": [
|
||||
{
|
||||
"name": "windows-base",
|
||||
"hidden": true,
|
||||
"generator": "Ninja",
|
||||
"binaryDir": "${sourceDir}/out/build/${presetName}",
|
||||
"installDir": "${sourceDir}/out/install/${presetName}",
|
||||
"cacheVariables": {
|
||||
"CMAKE_C_COMPILER": "cl.exe",
|
||||
"CMAKE_CXX_COMPILER": "cl.exe"
|
||||
},
|
||||
"condition": {
|
||||
"type": "equals",
|
||||
"lhs": "${hostSystemName}",
|
||||
"rhs": "Windows"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "x64-debug",
|
||||
"displayName": "x64 Debug",
|
||||
"inherits": "windows-base",
|
||||
"architecture": {
|
||||
"value": "x64",
|
||||
"strategy": "external"
|
||||
},
|
||||
"cacheVariables": {
|
||||
"CMAKE_BUILD_TYPE": "Debug"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "x64-release",
|
||||
"displayName": "x64 Release",
|
||||
"inherits": "x64-debug",
|
||||
"cacheVariables": {
|
||||
"CMAKE_BUILD_TYPE": "Release"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "x86-debug",
|
||||
"displayName": "x86 Debug",
|
||||
"inherits": "windows-base",
|
||||
"architecture": {
|
||||
"value": "x86",
|
||||
"strategy": "external"
|
||||
},
|
||||
"cacheVariables": {
|
||||
"CMAKE_BUILD_TYPE": "Debug"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "x86-release",
|
||||
"displayName": "x86 Release",
|
||||
"inherits": "x86-debug",
|
||||
"cacheVariables": {
|
||||
"CMAKE_BUILD_TYPE": "Release"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
87
pedump.cpp
Normal file
87
pedump.cpp
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
#include "windows.h"
|
||||
#include "stdio.h"
|
||||
#include <iostream>
|
||||
|
||||
BOOL LoadPeFile(LPCWSTR FilePath, PUCHAR* ppImageBase)
|
||||
{
|
||||
HANDLE hFile = CreateFileW(FilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||
if (INVALID_HANDLE_VALUE == hFile) {
|
||||
printf("ERROR: LoadPeFile: CreateFile fails with %d error \n", GetLastError());
|
||||
return false;
|
||||
}
|
||||
|
||||
HANDLE hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY | SEC_IMAGE_NO_EXECUTE, 0, 0, NULL);
|
||||
if (NULL == hFileMapping) {
|
||||
printf("ERROR: LoadPeFile: CreateFileMapping fails with %d error \n", GetLastError());
|
||||
return false;
|
||||
}
|
||||
|
||||
LPVOID p = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
|
||||
if (NULL == p) {
|
||||
printf("ERROR: LoadPeFile: MapViewOfFile fails with %d error \n", GetLastError());
|
||||
return false;
|
||||
}
|
||||
|
||||
*ppImageBase = (PUCHAR)p;
|
||||
return true;
|
||||
}
|
||||
|
||||
#define TO_PSTRUCT(TYPE, offset) (TYPE)(pImageBase+(offset)) //RVA
|
||||
#define VAR_OF_PSTRUCT(var, TYPE, offset) TYPE var = TO_PSTRUCT(TYPE, offset)
|
||||
#define READ_BYTES(var, header) var = (PUCHAR)(&header->Signature)
|
||||
|
||||
int wmain(int argc, wchar_t* argv[])
|
||||
{
|
||||
|
||||
if (argc != 2) {
|
||||
printf("Usage: %ls PeFilePath \n", argv[0]);
|
||||
return -1;
|
||||
}
|
||||
|
||||
LPCWSTR g_FilePath = argv[1];
|
||||
|
||||
PUCHAR pImageBase = nullptr;
|
||||
if (!LoadPeFile(g_FilePath, &pImageBase)) return -1;
|
||||
|
||||
printf("MS-DOS Signature: %c%c \n", pImageBase[0], pImageBase[1]);
|
||||
if (pImageBase[0] != 'M' || pImageBase[1] != 'Z') {
|
||||
printf("Not a valid PE file!\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pImageBase;
|
||||
VAR_OF_PSTRUCT(pTempPeHeader, PIMAGE_NT_HEADERS, pDosHeader->e_lfanew); //offset to PE Header
|
||||
|
||||
PUCHAR p;
|
||||
READ_BYTES(p, pTempPeHeader);
|
||||
|
||||
printf("PE Signature: %c%c %x%x \n", p[0], p[1], p[2], p[3]);
|
||||
|
||||
WORD nSections = pTempPeHeader->FileHeader.NumberOfSections;
|
||||
printf("PE Sections total %d \n", nSections);
|
||||
PIMAGE_SECTION_HEADER pSectionHeader = nullptr;
|
||||
|
||||
switch (pTempPeHeader->FileHeader.Machine) {
|
||||
case IMAGE_FILE_MACHINE_I386:
|
||||
printf("PE Architecture: x86 \n");
|
||||
pSectionHeader = (PIMAGE_SECTION_HEADER)(((PUCHAR)pTempPeHeader) + sizeof(IMAGE_NT_HEADERS32));
|
||||
break;
|
||||
case IMAGE_FILE_MACHINE_AMD64:
|
||||
printf("PE Architecture: x64 \n");
|
||||
pSectionHeader = (PIMAGE_SECTION_HEADER)(((PUCHAR)pTempPeHeader) + sizeof(IMAGE_NT_HEADERS64));
|
||||
break;
|
||||
default:
|
||||
printf("PE Architecture: unknown \n");
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
|
||||
CHAR nmSection[9];
|
||||
memset(nmSection, 0, sizeof(nmSection));
|
||||
for (int i = 0; i < nSections; i++) {
|
||||
memcpy(nmSection, pSectionHeader->Name, 8);
|
||||
printf("section #%i %s \n", i, nmSection);
|
||||
pSectionHeader++;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
Loading…
Reference in a new issue