-
Notifications
You must be signed in to change notification settings - Fork 106
Home
hasherezade edited this page Aug 22, 2014
·
30 revisions
Portable Executable parsing library
WARNING: this is an early beta version, some elements are unfinished!
Please report any bugs and remarks to: hasherezade@op.pl
Requires:
- Qt4 Core
- cmake http://www.cmake.org/
mkdir re-bear git clone https://github.com/hasherezade/bearparser.git mkdir build cd build cmake -G [some generator] ../bearparser/ make
Done!
You can test it running the commander:
./commander/bearcommander [optional: path to exe]
WARNING: Commander is very basic tool, used only for the purpose of testing the library capabilities.
It's not a fully functional tool - or at least not yet!
Sample usage:
hshrzd@kali:~/mytest/build$ ./commander/bearcommander Starting... Path to executable: /home/hshrzd/vm_shared/corkami_samples/exe/cfbogus.exe Type: PE Buffering... Parsing executable... $ info Bit mode: 32 Entry point: 0x1000v Raw size: 0x400 Virtual size: 0x2000 Raw align.: 0x200 Virtual align.: 0x1000 Contains: [ 0] DOS Hdr [ 1] File Hdr [ 2] Optional Hdr [ 3] Data Directory [ 4] Section Hdrs [ 5] Imports [12] LdConfig
Use dump command to see the details of particular structure,
i.e.
dump 12- dumps LdConfig
~ hasherezade (@hasherezade), 2014-2015 ~