Comments (4)
secana
commented on July 19, 2024
Hi @droyad, I'm not quite sure if I understand what data you want to get out of the PE file. Could you elaborate a bit more what you want?
from penet.
droyad
commented on July 19, 2024
@secana Thanks for having a look. For examlpe when I run the C++ Developer Tool dumpbin with the /headers flag against PEditor.exe (1.0.1.0), I get the following output:
SECTION HEADER #1
.text name
5FE1C virtual size
2000 virtual address (00402000 to 00461E1B)
60000 size of raw data
200 file pointer to raw data (00000200 to 000601FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
Debug Directories
Time Type Size RVA Pointer
-------- ------- -------- -------- --------
5BC43050 cv 11C 00061CA8 5FEA8 Format: RSDS, {96F231BD-9207-421C-9EF5-28D2F4DF0B81}, 1, D:\ExternalRepos\PeNet\src\PEditor\obj\Release\PEditor.pdb
I am interested in the last line, specifically the stuff to the right of Format. The start of the line matches up nicely with the Debug Directory information in the File Header/Debug section of PEditor.
Since I first posted and since I've started writing this reply, I figured out that pointer refers to the offset from the start of the file. If look at that location, I can see the data I need. I have no idea why I didn't see this yesterday when I tried the same thing.
So, I guess, my question has now change to: Is there anything in PENet that will help me read this data before I go out and hack it together myself?
If not, would this be something you would be interested in including in your project if I submit a PR?
from penet.
secana
commented on July 19, 2024
Hi @droyad, thx for the explanation. Unfortunatly there is currently no way to get the "RSDS, {96F231BD-9207-421C-9EF5-28D2F4DF0B81}, 1, D:\ExternalRepos\PeNet\src\PEditor\obj\Release\PEditor.pdb" information from PeNet.
Unfortunately, I'm very short on time a.t.m, so if I have to do it, it will take a few days. If you hack something together, I would be super happy about a PR, because especially the debug file path is really interesting for malware analysis. If you could extract the information, that would be great.
from penet.
droyad
commented on July 19, 2024
No worries, I'll see what I can scratch together later this week.
from penet.
Related Issues (20)
- Wrong version of `System.Runtime.CompilerServices.Unsafe` used for .NET 4.8 HOT 1
- Possibility to merge .dll into .exe file ? HOT 2
- AddImport produces corrupt binary on linux HOT 3
- Trim warnings (in .NET 7)
- PeNet.FileParser.StreamFile - ReadUnicodeString function issue - infinate loop HOT 7
- MetaDataTableHdr - Malformed Rowcount - Forces out of memory exception - Needs a sanity Check HOT 1
- Add example code which can extract multiple icons as one .ico file HOT 3
- The AuthenticodeInfo.IsAuthenticodeValid property is misleading HOT 2
- Version and Flags are swapped in UnwindInfo HOT 1
- ExportedFunctions is null despite a valid export data directory HOT 2
- Instant crash
- AddImport gives sequence not found
- Not detecting import from RPCRT4.dll HOT 3
- IsAuthenticodeSigned is true, but IsTrustedAuthenticodeSignature is false HOT 1
- ImageDelayImportDescriptor usage?
- SanityCheckFailed from 2.9.5 skips resources? HOT 3
- Request for permissions to use and implement PeNet HOT 1
- System.AccessviolationException occurs while PE files HOT 1
- How to get resource manifest XML using this library? HOT 1
- PeNet attempts to parse NE file as PE file HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from penet.