introduction

this entry follows http://d.hatena.ne.jp/takahirox/20110420/1303307111

links

• the blog of the host. handout, togetter and so on.
  • http://d.hatena.ne.jp/n7shi/20110416
• ATND
  • http://atnd.org/events/13353

what i did

i made an analysis tool of the PE File Header. i think it will help me to edit binary flies.

it isn't truly related to the workshop, never mind :P (as i said, it will help me to edit binaries, probably)

example

% ./analysis.exe ./homu.exe
*IMAGE_DOS_HEADER
 e_magic    : 5A4D [MZ]
 e_cblp     : 0090
 e_cp       : 0003
 e_cparhdr  : 0004
 e_minalloc : 0000
 e_maxalloc : FFFF
 e_ss       : 0000
 e_sp       : 00B8
 e_csum     : 0000
 e_ip       : 0000
 e_cs       : 0000
 e_lfarlc   : 0040
 e_ovno     : 0000
 e_res[4]   : 0000 0000 0000 0000
 e_oemid    : 0000
 e_oeminfo  : 0000
 e_res2[10] : 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
 e_lfanew   : 00000080
*IMAGE_NT_HEADERS32
 Signature  : 00004550 [PE]

... omit ...

features

• judges whether an input file is PE file or not.
  • if not, the tool doesn't analysis the header.
• shows detail of the PE header.

as you know, "objdump -x" can do it similarly. but i'm going to extend this tool function. for example, analyses a text section with OptionalHeader.BaseOfCode and IMAGE_SECTION_HEADER ... (i know "objdump" can also do it :-)

source code

• http://code.google.com/p/ta-binary-edit/source/browse/
  • http://code.google.com/p/ta-binary-edit/source/browse/analysis.c?r=94a4f2555534fb97c9959e3773920671ff473962

thanks

i referred this entry to make the tool. thanx.

• http://nyaos.org/d/index.cgi?p=%282010.06.05%29

conclusion

reading a header detail is annoying for me, so i made this tool. i believe it will help me to analyse and edit binary files.

i wish i wrote a beautiful logic.(the logic i wrote was very simple and long...)

i'm going to make the memo of .idata next entry.