From e053a2aef4a1fc58c7472cbbcbe9a143b188412f Mon Sep 17 00:00:00 2001 From: nihonium Date: Mon, 16 Dec 2024 04:23:08 +0300 Subject: [PATCH] Initial commit --- CMakeLists.txt | 21 ++++++++++++ CMakePresets.json | 61 +++++++++++++++++++++++++++++++++ pedump.cpp | 87 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 CMakeLists.txt create mode 100644 CMakePresets.json create mode 100644 pedump.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..4a7ea85 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,21 @@ +# CMakeList.txt: проект CMake для pedump; включите исходный код и определения, +# укажите здесь логику для конкретного проекта. +# +cmake_minimum_required (VERSION 3.8) + +# Включение горячей перезагрузки для компиляторов MSVC, если поддерживается. +if (POLICY CMP0141) + cmake_policy(SET CMP0141 NEW) + set(CMAKE_MSVC_DEBUG_INFORMATION_FORMAT "$,$>,$<$:EditAndContinue>,$<$:ProgramDatabase>>") +endif() + +project ("pedump") + +# Добавьте источник в исполняемый файл этого проекта. +add_executable (pedump "pedump.cpp" ) + +if (CMAKE_VERSION VERSION_GREATER 3.12) + set_property(TARGET pedump PROPERTY CXX_STANDARD 20) +endif() + +# TODO: Добавьте тесты и целевые объекты, если это необходимо. diff --git a/CMakePresets.json b/CMakePresets.json new file mode 100644 index 0000000..abf4065 --- /dev/null +++ b/CMakePresets.json @@ -0,0 +1,61 @@ +{ + "version": 3, + "configurePresets": [ + { + "name": "windows-base", + "hidden": true, + "generator": "Ninja", + "binaryDir": "${sourceDir}/out/build/${presetName}", + "installDir": "${sourceDir}/out/install/${presetName}", + "cacheVariables": { + "CMAKE_C_COMPILER": "cl.exe", + "CMAKE_CXX_COMPILER": "cl.exe" + }, + "condition": { + "type": "equals", + "lhs": "${hostSystemName}", + "rhs": "Windows" + } + }, + { + "name": "x64-debug", + "displayName": "x64 Debug", + "inherits": "windows-base", + "architecture": { + "value": "x64", + "strategy": "external" + }, + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Debug" + } + }, + { + "name": "x64-release", + "displayName": "x64 Release", + "inherits": "x64-debug", + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Release" + } + }, + { + "name": "x86-debug", + "displayName": "x86 Debug", + "inherits": "windows-base", + "architecture": { + "value": "x86", + "strategy": "external" + }, + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Debug" + } + }, + { + "name": "x86-release", + "displayName": "x86 Release", + "inherits": "x86-debug", + "cacheVariables": { + "CMAKE_BUILD_TYPE": "Release" + } + } + ] +} diff --git a/pedump.cpp b/pedump.cpp new file mode 100644 index 0000000..050d5f5 --- /dev/null +++ b/pedump.cpp @@ -0,0 +1,87 @@ +#include "windows.h" +#include "stdio.h" +#include + +BOOL LoadPeFile(LPCWSTR FilePath, PUCHAR* ppImageBase) +{ + HANDLE hFile = CreateFileW(FilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (INVALID_HANDLE_VALUE == hFile) { + printf("ERROR: LoadPeFile: CreateFile fails with %d error \n", GetLastError()); + return false; + } + + HANDLE hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY | SEC_IMAGE_NO_EXECUTE, 0, 0, NULL); + if (NULL == hFileMapping) { + printf("ERROR: LoadPeFile: CreateFileMapping fails with %d error \n", GetLastError()); + return false; + } + + LPVOID p = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); + if (NULL == p) { + printf("ERROR: LoadPeFile: MapViewOfFile fails with %d error \n", GetLastError()); + return false; + } + + *ppImageBase = (PUCHAR)p; + return true; +} + +#define TO_PSTRUCT(TYPE, offset) (TYPE)(pImageBase+(offset)) //RVA +#define VAR_OF_PSTRUCT(var, TYPE, offset) TYPE var = TO_PSTRUCT(TYPE, offset) +#define READ_BYTES(var, header) var = (PUCHAR)(&header->Signature) + +int wmain(int argc, wchar_t* argv[]) +{ + + if (argc != 2) { + printf("Usage: %ls PeFilePath \n", argv[0]); + return -1; + } + + LPCWSTR g_FilePath = argv[1]; + + PUCHAR pImageBase = nullptr; + if (!LoadPeFile(g_FilePath, &pImageBase)) return -1; + + printf("MS-DOS Signature: %c%c \n", pImageBase[0], pImageBase[1]); + if (pImageBase[0] != 'M' || pImageBase[1] != 'Z') { + printf("Not a valid PE file!\n"); + return -1; + } + + PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pImageBase; + VAR_OF_PSTRUCT(pTempPeHeader, PIMAGE_NT_HEADERS, pDosHeader->e_lfanew); //offset to PE Header + + PUCHAR p; + READ_BYTES(p, pTempPeHeader); + + printf("PE Signature: %c%c %x%x \n", p[0], p[1], p[2], p[3]); + + WORD nSections = pTempPeHeader->FileHeader.NumberOfSections; + printf("PE Sections total %d \n", nSections); + PIMAGE_SECTION_HEADER pSectionHeader = nullptr; + + switch (pTempPeHeader->FileHeader.Machine) { + case IMAGE_FILE_MACHINE_I386: + printf("PE Architecture: x86 \n"); + pSectionHeader = (PIMAGE_SECTION_HEADER)(((PUCHAR)pTempPeHeader) + sizeof(IMAGE_NT_HEADERS32)); + break; + case IMAGE_FILE_MACHINE_AMD64: + printf("PE Architecture: x64 \n"); + pSectionHeader = (PIMAGE_SECTION_HEADER)(((PUCHAR)pTempPeHeader) + sizeof(IMAGE_NT_HEADERS64)); + break; + default: + printf("PE Architecture: unknown \n"); + return -1; + break; + } + + CHAR nmSection[9]; + memset(nmSection, 0, sizeof(nmSection)); + for (int i = 0; i < nSections; i++) { + memcpy(nmSection, pSectionHeader->Name, 8); + printf("section #%i %s \n", i, nmSection); + pSectionHeader++; + } + return 0; +}