The pe-explorer from adamhlt

pe-explorer's Introduction

                          ____  ______   ______           __                    
                         / __ \/ ____/  / ____/  ______  / /___  ________  _____
                        / /_/ / __/    / __/ | |/_/ __ \/ / __ \/ ___/ _ \/ ___/
                       / ____/ /___   / /____>  </ /_/ / / /_/ / /  /  __/ /
                      /_/   /_____/  /_____/_/|_/ .___/_/\____/_/   \___/_/
                                               /_/                         
                                                                          
                                                                         
                                  PE Explorer in C++ (x86 / x64)
                          PE file parser, retrieve exports and imports

📖 Project Overview :

This is a PE file parser, it retrieve every informations from the differents headers...

This tool is made in C++, it can parse x86 and x64 PE file.

📚 Features :

The parser retrieve several informations :

Every fields in DOS header.
Every fields in NT header.
Every fields in File header.
Every fields in Optional header (x86 / x64).
Every sections' informations in the Section header.
Every DLL imported with imported functions.
Every exported functions (if the DataDirectory exists).

🚀 Getting Started :

Visual Studio :

Open the solution file (.sln).
Build the project in Realese (x86 or x64)

Every configuration in x86 / x64 (Debug and Realese) are already configured.

Note
It is not necessary to build it in x64, the x86 build can parse x86 and x64 PE file.

Other IDE using CMAKE :

This CMakeLists.txt should compile the project.

cmake_minimum_required(VERSION 3.0)
project(explorer)

set(CMAKE_CXX_STANDARD 17)

add_executable(explorer PE_Explorer.cpp)

Tested on CLion with MSVC compiler, you can get Visual Studio Build Tools here.

🧪 Usage :

How to use the program :

Use it in the command line :

explorer.exe <pe_file>

Note
You can test the parser with test files in the "Release" section.

Demonstration :

TEST FILE (EXE - x86)

Demo.EXE.x86.mp4

TEST FILE (DLL - x64)

Demo.DLL.x64.mp4

pe-explorer's People

Contributors

Stargazers

Watchers

pe-explorer's Issues

Read Access Violation

I am getting "Read Access Violation" exception whenever I try to access any element of NTHeader.

error in 'EXPORTED FUNCTIONS'

Hello.
when the program tries to display the exported functions, it encounters a problem. I think in the GetExports function, if you change the casting to DWORD*, the problem will be resolved.

Line: 370
Replace this:
const auto pArrayOfFunctionsNames = (DWORD_PTR*)(dRawOffset + (pImageExportDirectory->AddressOfNames - pImageExportSection->VirtualAddress));

with this:
const auto pArrayOfFunctionsNames = (DWORD*)(dRawOffset + (pImageExportDirectory->AddressOfNames - pImageExportSection->VirtualAddress));

thanks

Recommend Projects

adamhlt / pe-explorer Goto Github PK