POEX is abbreviated from Portable Executable
POEX describes work with the structure of executable (image) files and object files under the Windows family of operating systems. These files are referred to as Portable Executable (PE) and Common Object File Format (COFF) files, respectively.
POEX is a library to access, load and manipulate PE files.
| PE Structures | Support Status | Description |
|---|---|---|
| DOS Header | Yes | Read, Write, Modify |
| File Header | Yes | Read, Write, Modify |
| Optional Header | Yes | Read, Write, Modify |
| Section Header | Yes | Read, Write, Modify |
| Data Directories Header | Yes | Read, Write, Modify |
| Export Table (Data Directory) | Yes | Read, Write, Modify |
| Import Table (Data Directory) | Yes | Read, Write, Modify |
| Resource Table (Data Directory) | Yes | Read, Write, Modify |
| Exception Table (Data Directory) | Yes | Read, Write, Modify |
| Certificate Table (Data Directory) | Yes | Read, Write, Modify |
| Base Relocation Table (Data Directory) | Yes | Read, Write, Modify |
| Debug (Data Directory) | Yes | Read, Write, Modify |
| Architecture (Data Directory) | useless | useless |
| Global Ptr (Data Directory) | Yes | Access |
| TLS Table (Data Directory) | Yes | Read, Write, Modify |
| Load Config Table (Data Directory) | Yes | Read, Write, Modify |
| Bound Import (Data Directory) | Yes | Read, Write, Modify |
| IAT (Data Directory) | Yes | Read |
| Delay Import Descriptor (Data Directory) | Yes | Read, Write, Modify |
| CLR Runtime Header (Data Directory) | Yes | Read, Write, Modify |
| Reserved (Data Directory) | useless | useless |
-
Clone the repository
- git clone https://github.com/AFP33/POEX.git
-
Open Visual Studio and just Build it
- you need at least C++14
- minimum SDK is 10.0
-
Use the output
POEX.libin your project
Please use WIKI for more info.
Open PE File:
#include <iostream>
#include <POEX.h> // include POEX header
int main()
{
auto pe = POEX::PE(L"1.exe");
// Other stuff here
return 0;
}Access to DOS Header:
#include <iostream>
#include <POEX.h> // include POEX header
int main()
{
auto pe = POEX::PE(L"1.exe");
// Access to Image DOS Header
auto dos = pe.GetImageDosHeader();
// Access to 'e_magic' and 'e_lfanew' and print them in console as hex;
std::cout << "Magic: 0x" << std::hex << dos.E_magic() << std::endl;
std::cout << "e_lfanew: 0x" << std::hex << dos.E_lfanew() << std::endl << std::endl;
// Change 'e_magic' and 'e_lfanew' values
dos.E_magic(23118);
dos.E_lfanew(249);
/// Try to print again 'e_magic' and 'e_lfanew' field the structure
std::cout << "Magic: 0x" << std::hex << dos.E_magic() << std::endl;
std::cout << "e_lfanew: 0x" << std::hex << dos.E_lfanew() << std::endl;
return 0;
}Save change as original file or new one:
#include <iostream>
#include <POEX.h> // include POEX header
int main()
{
auto pe = POEX::PE(L"1.exe");
// Access to Image DOS Header
auto dos = pe.GetImageDosHeader();
// ******** some stuff here **********
// If you want save change on Original file
pe.SaveFile();
// Else, you want save change on another file
pe.SaveFile("another.exe");
return 0;
}- You can access other part of PE Structures as you see in here DOS Header example.
- More detail see Wiki.