the notes of PE workshop#3 - 2
introduction
this entry follows http://d.hatena.ne.jp/takahirox/20110420/1303307111
links
- the blog of the host. handout, togetter and so on.
- ATND
what i did
i made an analysis tool of the PE File Header. i think it will help me to edit binary flies.
it isn't truly related to the workshop, never mind :P (as i said, it will help me to edit binaries, probably)
example
% ./analysis.exe ./homu.exe *IMAGE_DOS_HEADER e_magic : 5A4D [MZ] e_cblp : 0090 e_cp : 0003 e_cparhdr : 0004 e_minalloc : 0000 e_maxalloc : FFFF e_ss : 0000 e_sp : 00B8 e_csum : 0000 e_ip : 0000 e_cs : 0000 e_lfarlc : 0040 e_ovno : 0000 e_res[4] : 0000 0000 0000 0000 e_oemid : 0000 e_oeminfo : 0000 e_res2[10] : 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 e_lfanew : 00000080 *IMAGE_NT_HEADERS32 Signature : 00004550 [PE] ... omit ...
features
- judges whether an input file is PE file or not.
- if not, the tool doesn't analysis the header.
- shows detail of the PE header.
as you know, "objdump -x" can do it similarly. but i'm going to extend this tool function. for example, analyses a text section with OptionalHeader.BaseOfCode and IMAGE_SECTION_HEADER ... (i know "objdump" can also do it :-)
source code
thanks
i referred this entry to make the tool. thanx.
conclusion
reading a header detail is annoying for me, so i made this tool. i believe it will help me to analyse and edit binary files.
i wish i wrote a beautiful logic.(the logic i wrote was very simple and long...)
i'm going to make the memo of .idata next entry.