adds several commands to x64dbg for dumping PE header information by address.
C C++ Objective-C
Switch branches/tags
Nothing to show
Clone or download
Latest commit 0b603e4 May 30, 2017
Permalink
Failed to load latest commit information.
PE Header Dump Utilities release 1.0 Feb 3, 2017
bin release 1.0 Feb 3, 2017
.gitignore included .dp32 and .dp64 files in bin/ Jan 16, 2017
LICENSE Create LICENSE May 31, 2017
PE Header Dump Utilities.sln init Dec 9, 2016
README.md release 1.0 Feb 3, 2017
sample_output.txt release 1.0 Feb 3, 2017

README.md

PE Header Dump Utilities

Added commands

  • pedumpPEHeader
  • pedumpDOSHeader
  • pedumpNTHeaders
  • pedumpFileHeader
  • pedumpOptionalHeader
  • pedumpDataDirectories
  • pedumpSections

Summary

Each command has the following syntax:

command [Base Address]

If a base address is not specified, then the command will calculate a base address using the selected address in the disassembly view. If the selected address is in a module, then the module's base address is used. If the selected address is not in a module, then the memory region's base address is used.

e.g. if you are viewing kernel32.dll's .text section in the disassembly view, then executing the pedumpPEHeader command will dump the entire pe header for kernel32.

Features

  • Magic numbers, signatures, flags, and misc. constants converted to strings.
  • RVA-to-VA translations.
  • Page-aligned size values.
  • Readable time date stamp

Building

A post-build event requires two environment variables, "X64DBG_PATH" and "X32DBG_PATH", to be defined to their respective install directories.

Sample output

See sample_output.txt