Giter VIP home page Giter VIP logo

poex's Introduction

POEX

POEX is abbreviated from Portable Executable

  • What is it?

POEX describes work with the structure of executable (image) files and object files under the Windows family of operating systems. These files are referred to as Portable Executable (PE) and Common Object File Format (COFF) files, respectively. POEX is a library to access, load and manipulate PE files.

  • PE Feature Support

PE Structures Support Status Description
DOS Header Yes Read, Write, Modify
File Header Yes Read, Write, Modify
Optional Header Yes Read, Write, Modify
Section Header Yes Read, Write, Modify
Data Directories Header Yes Read, Write, Modify
Export Table (Data Directory) Yes Read, Write, Modify
Import Table (Data Directory) Yes Read, Write, Modify
Resource Table (Data Directory) Yes Read, Write, Modify
Exception Table (Data Directory) Yes Read, Write, Modify
Certificate Table (Data Directory) Yes Read, Write, Modify
Base Relocation Table (Data Directory) Yes Read, Write, Modify
Debug (Data Directory) Yes Read, Write, Modify
Architecture (Data Directory) useless useless
Global Ptr (Data Directory) Yes Access
TLS Table (Data Directory) Yes Read, Write, Modify
Load Config Table (Data Directory) Yes Read, Write, Modify
Bound Import (Data Directory) Yes Read, Write, Modify
IAT (Data Directory) Yes Read
Delay Import Descriptor (Data Directory) Yes Read, Write, Modify
CLR Runtime Header (Data Directory) Yes Read, Write, Modify
Reserved (Data Directory) useless useless

  • How to Build the Library?

  1. Clone the repository

  2. Open Visual Studio and just Build it

    • you need at least C++14
    • minimum SDK is 10.0

  3. Use the output POEX.lib in your project

  • Examples

Please use WIKI for more info.

Open PE File:

#include <iostream>
#include <POEX.h>  // include POEX header

int main()
{
    auto pe = POEX::PE(L"1.exe");

    // Other stuff here
    return 0;
}

Access to DOS Header:

#include <iostream>
#include <POEX.h>  // include POEX header

int main()
{
    auto pe = POEX::PE(L"1.exe");

    // Access to Image DOS Header
    auto dos = pe.GetImageDosHeader();

    // Access to 'e_magic' and 'e_lfanew' and print them in console as hex;
    std::cout << "Magic: 0x" << std::hex << dos.E_magic() << std::endl;
    std::cout << "e_lfanew: 0x" << std::hex << dos.E_lfanew() << std::endl << std::endl;

    // Change 'e_magic' and 'e_lfanew' values
    dos.E_magic(23118);
    dos.E_lfanew(249);

    /// Try to print again 'e_magic' and 'e_lfanew' field the structure
    std::cout << "Magic: 0x" << std::hex << dos.E_magic() << std::endl;
    std::cout << "e_lfanew: 0x" << std::hex << dos.E_lfanew() << std::endl;

    return 0;
}

Save change as original file or new one:

#include <iostream>
#include <POEX.h> // include POEX header

int main()
{
    auto pe = POEX::PE(L"1.exe");

    // Access to Image DOS Header
    auto dos = pe.GetImageDosHeader();

    // ******** some stuff here **********

    // If you want save change on Original file
    pe.SaveFile();

    // Else, you want save change on another file
    pe.SaveFile("another.exe");

    return 0;
}
  • You can access other part of PE Structures as you see in here DOS Header example.
  • More detail see Wiki.

poex's People

Contributors

afp33 avatar

Watchers

avatar

poex's Issues

POEX throws immediately

I built POEX and added a test app pretty much as shown in POEX wiki:

#include
#include "..\POEX\POEX.h" // include POEX header

#ifdef x64_DEBUG
#pragma comment(lib, "../Build/Debug/X64/POEX.lib") // Link with POEX.lib
#else
#pragma comment(lib, "../Build/Debug/X86/POEX.lib") // Link with POEX.lib
#endif

int main()
{
const wchar_t* pathToFile = L"C:\_W\_Wdevelop\BandBroadening\empowermonorepo\Source\UnitTests\ASTRALibraryd.dll"; // Path to the file
POEX::PE pe = POEX::PE(pathToFile);
std::unique_ptr resources = pe.GetImageResourceDirectory();
return 0;
}

I get an exception immediately in a call to GetImageResourceDirectory, which calls GetImageNtHeader, which, in turn, calls GetImageDosHeader. Since the offset for DOS header is 0, this last call throws in WRONG_LONG, which expands to (x <= 0), but macro's argument x is in fact 0, "[ERROR] offset value is wrong." is thrown:

ImageDosHeader::ImageDosHeader(const std::shared_ptr& bFile,
const long& offset) : bFile(bFile), offset(offset)
{
if (WRONG_LONG(this->offset))
THROW_EXCEPTION("[ERROR] offset value is wrong.");
}

Same happens in x86 build.

After changing (in Defines.h)

//#define WRONG_LONG(x) (x <= 0)
#define WRONG_LONG(x) (x < 0)

the code builds and runs.

Please comment and/or fix.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.