this is a small pe32 and pe64 file analyzer in c++ with winapi, I didn't do it in the best way but hey, it's a small project like that that I thought was nice to do, the program can work in it calling with arguments or executing it as such. (each file contains a code between unique quotes, this is why certain variables are redefined each time)
you just need to have winapi, cmake and DIA SDK
- Unix:
sudo apt-get install cmake - RedHat/Fedora:
sudo yum install cmake - OSX:
brew install cmake - Windows : https://cmake.org/download/
and for dia you will just need to include the dia sdk include path to the cmakelist file which is generally located at the path: C:/Program Files/Microsoft Visual Studio/2022/Professional/DIA SDK/include
Usage: Pe_x86_parser.exe <file(s)> <option(s)>
Option:
-s --symbols For get the symbols
C:\code\cpp\Pe_x86_parser\cmake-build-debug>.\Pe_x86_parser "C:\code\cpp\libpe64\cmake-build-debug\libpe64.dll" -s
DOS HEADER:
0x00: (uint16_t) Magic Number MZ: 0x5a4d
0x02: (uint16_t) Bytes on last page of file: 90
0x04: (uint16_t) Pages in file: 3
0x06: (uint16_t) Relocations: 0
0x08: (uint16_t) Size of header in paragraphs: 4
0x0a: (uint16_t) Minimum extra paragraphs needed: 0
0x0c: (uint16_t) Maximum extra paragraphs needed: ffff
0x0e: (uint16_t) Initial ss value: 0
0x10: (uint16_t) e_sp: Initial SP value: b8
0x12: (uint16_t) Checksum: 0
0x14: (uint16_t) Initial ip value: 0
0x16: (uint16_t) Initial cs value: 0
0x18: (uint16_t) File address of relocation table: 40
0x1a: (uint16_t) e_ovno: Overlay number: 0
0x1c: (uint16_t[4]) Reserved words: 0 0 0 0
0x24: (uint16_t) OEM identifier: 0
0x26: (uint16_t) e_oeminfo: OEM information: 0
0x28: (uint16[10]) Reserved words2: 0 0 0 0 0 0 0 0 0 0
0x3c: (uint32_t) Pe header address: 0x80
FILE HEADER:
0x0: (uint32_t) Pe signature: 0x4550
0x4: (uint16_t) Machine: 0x8664
0x6: (uint16_t) Number of Sections: 20
0x8: (uint32_t) TimeDateStamp: 661dca1b
0xC: (uint32_t) PointerToSymbolTable: 0x79800
0x10: (uint32_t) NumberOfSymbols: 1715
0x14: (uint16_t) SizeOfOptionalHeader: f0
0x16: (uint16_t) Characteristics: 2026
OPTIONAL HEADER64:
0x18: (uint16_t) Magic: 0x20b
0x1A: (uinht8_t) MajorLinkerVersion: 2
0x1B: (uint16_t) MinorLinkerVersion: 28
0x1C: (uint32_t) SizeOfCode: 20600
0x20: (uint32_t) SizeOfInitializedData: 2a000
0x24: (uint32_t) SizeOfUninitializedData: c00
0x28: (uint32_t) AddressOfEntryPoint: 1330
0x2C: (uint32_t) BaseOfCode: 1000
0x34: (uint64_t) ImageBase: 3a6580000
0x38: (uint32_t) SectionAlignment: 1000
0x3C: (uint32_t) FileAlignment: 200
0x40: (uint16_t) MajorOperatingSystemVersion: 4
0x42: (uint16_t) MinorOperatingSystemVersion: 0
0x44: (uint16_t) MajorImageVersion: 0
0x46: (uint16_t) MinorImageVersion: 0
0x48: (uint16_t) MajorSubsystemVersion: 5
0x4A: (uint16_t) MinorSubsystemVersion: 2
0x4C: (uint32_t) Reserved1
0x50: (uint32_t) SizeOfImage: 85000
0x54: (uint32_t) SizeOfHeaders: 600
0x58: (uint32_t) CheckSum: c827c
0x5C: (uint16_t) Subsystem: 3
0x5E: (uint16_t) DllCharacteristics: 160
0x60: (uint64_t) SizeOfStackReserve: 200000
0x68: (uint64_t) SizeOfStackCommit: 1000
0x70: (uint64_t) SizeOfHeapReserve: 100000
0x78: (uint64_t) SizeOfHeapCommit: 1000
0x80: (uint32_t) LoaderFlags: 0
0x84: (uint32_t) NumberOfRvaAndSizes: 10
0x88: (uint32_t) ExportDirectory VA: 2e000
0x8C: (uint32_t) ExportDirectory Size: 72
0x90: (uint32_t) ImportDirectory VA: 2f000
0x94: (uint32_t) ImportDirectory Size: e10
0x98: (uint32_t) ResourceDirectory VA: 0
0x9C: (uint32_t) ResourceDirectory Size: 0
0xA0: (uint32_t) ExceptionDirectory VA: 29000
0xA4: (uint32_t) ExceptionDirectory Size: 10d4
0xA8: (uint32_t) SecurityDirectory VA: 0
0xAC: (uint32_t) SecurityDirectory Size: 0
0xB0: (uint32_t) BaseRelocationTable VA: 32000
0xB4: (uint32_t) BaseRelocationTable Size: 914
0xB8: (uint32_t) DebugDirectory VA: 0
0xBC: (uint32_t) DebugDirectory Size: 0
0xC0: (uint32_t) ArchitectureSpecificData VA: 0
0xC4: (uint32_t) ArchitectureSpecificData Size: 0
0xC8: (uint32_t) RVAofGP VA: 0
0xCC: (uint32_t) RVAofGP Size: 0
0xD0: (uint32_t) TLSDirectory VA: 23d60
0xD4: (uint32_t) TLSDirectory Size: 28
0xD8: (uint32_t) LoadConfigurationDirectory VA: 0
0xDC: (uint32_t) LoadConfigurationDirectory Size: 0
0xE0: (uint32_t) BoundImportDirectoryinheaders VA: 0
0xE4: (uint32_t) BoundImportDirectoryinheaders Size: 0
0xE8: (uint32_t) ImportAddressTable VA: 2f310
0xEC: (uint32_t) ImportAddressTable Size: 298
0xF0: (uint32_t) DelayLoadImportDescriptors VA: 0
0xF4: (uint32_t) DelayLoadImportDescriptors Size: 0
0xF8: (uint32_t) COMRuntimedescriptor VA: 0
0xFC: (uint32_t) COMRuntimedescriptor Size: 0
----------------------------------------------------------------------
SECTION TABLE:
Name: .text
VSize: 0x205c0 - Va: 0x1000
SizeOfRawData: 0x20600 - PtrToRawData: 0x600
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 60000060
-----------------------------------
Name: .data
VSize: 0xa0 - Va: 0x22000
SizeOfRawData: 0x200 - PtrToRawData: 0x20c00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: c0000040
-----------------------------------
8000
Name: .rdata
VSize: 0x518c - Va: 0x23000
SizeOfRawData: 0x5200 - PtrToRawData: 0x20e00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 40000040
-----------------------------------
Name: .pdata
VSize: 0x10d4 - Va: 0x29000
SizeOfRawData: 0x1200 - PtrToRawData: 0x26000
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 40000040
-----------------------------------
Name: .xdata
VSize: 0x12ec - Va: 0x2b000
SizeOfRawData: 0x1400 - PtrToRawData: 0x27200
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 40000040
-----------------------------------
Name: .bss
VSize: 0xb30 - Va: 0x2d000
SizeOfRawData: 0x0 - PtrToRawData: 0x0
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: c0000080
-----------------------------------
Name: .edata
VSize: 0x72 - Va: 0x2e000
SizeOfRawData: 0x200 - PtrToRawData: 0x28600
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 40000040
-----------------------------------
Name: .idata
VSize: 0xe10 - Va: 0x2f000
SizeOfRawData: 0x1000 - PtrToRawData: 0x28800
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: c0000040
-----------------------------------
Name: .CRT
VSize: 0x58 - Va: 0x30000
SizeOfRawData: 0x200 - PtrToRawData: 0x29800
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: c0000040
-----------------------------------
Name: .tls
VSize: 0x10 - Va: 0x31000
SizeOfRawData: 0x200 - PtrToRawData: 0x29a00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: c0000040
-----------------------------------
Name: .reloc
VSize: 0x914 - Va: 0x32000
SizeOfRawData: 0xa00 - PtrToRawData: 0x29c00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_aranges
VSize: 0xa80 - Va: 0x33000
SizeOfRawData: 0xc00 - PtrToRawData: 0x2a600
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_info
VSize: 0x32b9d - Va: 0x34000
SizeOfRawData: 0x32c00 - PtrToRawData: 0x2b200
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_abbrev
VSize: 0x4ebe - Va: 0x67000
SizeOfRawData: 0x5000 - PtrToRawData: 0x5de00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_line
VSize: 0x88f6 - Va: 0x6c000
SizeOfRawData: 0x8a00 - PtrToRawData: 0x62e00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_frame
VSize: 0x25d8 - Va: 0x75000
SizeOfRawData: 0x2600 - PtrToRawData: 0x6b800
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_str
VSize: 0xcbc - Va: 0x78000
SizeOfRawData: 0xe00 - PtrToRawData: 0x6de00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_line_str
VSize: 0x28b6 - Va: 0x79000
SizeOfRawData: 0x2a00 - PtrToRawData: 0x6ec00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_loclists
VSize: 0x7648 - Va: 0x7c000
SizeOfRawData: 0x7800 - PtrToRawData: 0x71600
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Name: .debug_rnglists
VSize: 0x8c2 - Va: 0x84000
SizeOfRawData: 0xa00 - PtrToRawData: 0x78e00
PtrToReloc: 0x0 - PtrToLinenum: 0x0
NumberOfReloc: 0 - NumberOfLinenum: 0
Characteristics: 42000040
-----------------------------------
Import Section address: 0x2f000
Import Table:
Address: 0x3a65af5a8 DLL: dbghelp.dll Function: SymCleanup
Address: 0x3a65af5b6 DLL: dbghelp.dll Function: SymEnumSymbols
Address: 0x3a65af5c8 DLL: dbghelp.dll Function: SymGetModuleInfo64
Address: 0x3a65af5de DLL: dbghelp.dll Function: SymInitialize
Address: 0x3a65af5ee DLL: dbghelp.dll Function: SymLoadModuleEx
Address: 0x3a65af600 DLL: dbghelp.dll Function: SymUnloadModule64
Address: 0x3a65af614 DLL: libgcc_s_seh-1.dll Function: _Unwind_Resume
Address: 0x3a65af628 DLL: KERNEL32.dll Function: CloseHandle
Address: 0x3a65af636 DLL: KERNEL32.dll Function: CreateFileA
Address: 0x3a65af644 DLL: KERNEL32.dll Function: DeleteCriticalSection
Address: 0x3a65af65c DLL: KERNEL32.dll Function: EnterCriticalSection
Address: 0x3a65af674 DLL: KERNEL32.dll Function: GetCurrentProcess
Address: 0x3a65af688 DLL: KERNEL32.dll Function: GetFileSize
Address: 0x3a65af696 DLL: KERNEL32.dll Function: GetLastError
Address: 0x3a65af6a6 DLL: KERNEL32.dll Function: InitializeCriticalSection
Address: 0x3a65af6c2 DLL: KERNEL32.dll Function: IsDBCSLeadByteEx
Address: 0x3a65af6d6 DLL: KERNEL32.dll Function: LeaveCriticalSection
Address: 0x3a65af6ee DLL: KERNEL32.dll Function: MultiByteToWideChar
Address: 0x3a65af704 DLL: KERNEL32.dll Function: ReadFile
Address: 0x3a65af710 DLL: KERNEL32.dll Function: Sleep
Address: 0x3a65af718 DLL: KERNEL32.dll Function: TlsGetValue
Address: 0x3a65af726 DLL: KERNEL32.dll Function: VirtualProtect
Address: 0x3a65af738 DLL: KERNEL32.dll Function: VirtualQuery
Address: 0x3a65af748 DLL: KERNEL32.dll Function: WideCharToMultiByte
Address: 0x3a65af75e DLL: msvcrt.dll Function: ___lc_codepage_func
Address: 0x3a65af774 DLL: msvcrt.dll Function: ___mb_cur_max_func
Address: 0x3a65af78a DLL: msvcrt.dll Function: __iob_func
Address: 0x3a65af798 DLL: msvcrt.dll Function: _amsg_exit
Address: 0x3a65af7a6 DLL: msvcrt.dll Function: _errno
Address: 0x3a65af7b0 DLL: msvcrt.dll Function: _initterm
Address: 0x3a65af7bc DLL: msvcrt.dll Function: _lock
Address: 0x3a65af7c4 DLL: msvcrt.dll Function: _unlock
Address: 0x3a65af7ce DLL: msvcrt.dll Function: abort
Address: 0x3a65af7d6 DLL: msvcrt.dll Function: calloc
Address: 0x3a65af7e0 DLL: msvcrt.dll Function: fputc
Address: 0x3a65af7e8 DLL: msvcrt.dll Function: free
Address: 0x3a65af7f0 DLL: msvcrt.dll Function: fwrite
Address: 0x3a65af7fa DLL: msvcrt.dll Function: isxdigit
Address: 0x3a65af806 DLL: msvcrt.dll Function: localeconv
Address: 0x3a65af814 DLL: msvcrt.dll Function: malloc
Address: 0x3a65af81e DLL: msvcrt.dll Function: memchr
Address: 0x3a65af828 DLL: msvcrt.dll Function: memcpy
Address: 0x3a65af832 DLL: msvcrt.dll Function: memmove
Address: 0x3a65af83c DLL: msvcrt.dll Function: memset
Address: 0x3a65af846 DLL: msvcrt.dll Function: realloc
Address: 0x3a65af850 DLL: msvcrt.dll Function: strerror
Address: 0x3a65af85c DLL: msvcrt.dll Function: strlen
Address: 0x3a65af866 DLL: msvcrt.dll Function: strncmp
Address: 0x3a65af870 DLL: msvcrt.dll Function: vfprintf
Address: 0x3a65af87c DLL: msvcrt.dll Function: wcslen
Address: 0x3a65af888 DLL: libstdc++-6.dll Function: _ZNKSt9basic_iosIcSt11char_traitsIcEEcvbEv
Address: 0x3a65af8b8 DLL: libstdc++-6.dll Function: _ZNSolsEPFRSoS_E
Address: 0x3a65af8cc DLL: libstdc++-6.dll Function: _ZNSolsEPFRSt8ios_baseS0_E
Address: 0x3a65af8ec DLL: libstdc++-6.dll Function: _ZNSolsEi
Address: 0x3a65af8f8 DLL: libstdc++-6.dll Function: _ZNSolsEm
Address: 0x3a65af904 DLL: libstdc++-6.dll Function: _ZNSolsEt
Address: 0x3a65af910 DLL: libstdc++-6.dll Function: _ZNSolsEy
Address: 0x3a65af91c DLL: libstdc++-6.dll Function: _ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode
Address: 0x3a65af960 DLL: libstdc++-6.dll Function: _ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
Address: 0x3a65af994 DLL: libstdc++-6.dll Function: _ZNSt14basic_ofstreamIcSt11char_traitsIcEE5closeEv
Address: 0x3a65af9cc DLL: libstdc++-6.dll Function: _ZNSt14basic_ofstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode
Address: 0x3a65afa10 DLL: libstdc++-6.dll Function: _ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
Address: 0x3a65afa44 DLL: libstdc++-6.dll Function: _ZSt17__throw_bad_allocv
Address: 0x3a65afa60 DLL: libstdc++-6.dll Function: _ZSt20__throw_length_errorPKc
Address: 0x3a65afa80 DLL: libstdc++-6.dll Function: _ZSt28__throw_bad_array_new_lengthv
Address: 0x3a65afaa8 DLL: libstdc++-6.dll Function: _ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
Address: 0x3a65afae8 DLL: libstdc++-6.dll Function: _ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
Address: 0x3a65afb54 DLL: libstdc++-6.dll Function: _ZSt9terminatev
Address: 0x3a65afb68 DLL: libstdc++-6.dll Function: _ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
Address: 0x3a65afba4 DLL: libstdc++-6.dll Function: _ZStlsIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_St5_Setw
Address: 0x3a65afbe8 DLL: libstdc++-6.dll Function: _ZTVN10__cxxabiv117__class_type_infoE
Address: 0x3a65afc10 DLL: libstdc++-6.dll Function: _ZTVN10__cxxabiv120__si_class_type_infoE
Address: 0x3a65afc3c DLL: libstdc++-6.dll Function: _ZdaPv
Address: 0x3a65afc48 DLL: libstdc++-6.dll Function: _ZdlPv
Address: 0x3a65afc54 DLL: libstdc++-6.dll Function: _ZdlPvy
Address: 0x3a65afc60 DLL: libstdc++-6.dll Function: _Znay
Address: 0x3a65afc68 DLL: libstdc++-6.dll Function: _Znwy
Address: 0x3a65afc70 DLL: libstdc++-6.dll Function: __gxx_personality_seh0
-------------------------------------------------------------------------------------------------
Export Table Address: 0x2e000
Export Table:
DLL Name: libpe64.dll
Number of Functions: 3
Number of Names: 3
Address: 0x146b Ordinal: 1 Function: extrn_pars
Address: 0x14a8 Ordinal: 2 Function: extrn_pars32
Address: 0x304b Ordinal: 3 Function: symbole
Module:
Base: 0x3a6580000
Size: 544768 bytes
Loaded:
Type: 4
Name: extrn_pars
Address: 0x3a658146b
Size: 3d bytes - Value: 0
TagStr: SymTagPublicSymbol
Reserved: 0x903dbfb368
Scope: 0x0 - NameLen: 0xa
Flags: 200 - Tag: 0xa
Name: extrn_pars32
Address: 0x3a65814a8
Size: 1ba3 bytes - Value: 0
TagStr: SymTagPublicSymbol
Reserved: 0x903dbfb368
Scope: 0x0 - NameLen: 0xc
Flags: 200 - Tag: 0xa
Name: symbole
Address: 0x3a658304b
Size: 0 bytes - Value: 0
TagStr: SymTagPublicSymbol
Reserved: 0x903dbfb368
Scope: 0x0 - NameLen: 0x7
Flags: 200 - Tag: 0xa