Post by bartcPost by firPost by bartcBut it might take some days before I can show that info.
It wasn't quite that long...
Post by firi dubbled a tiny bit in it last hour and probably quick hack to this approach would be
void main()
{
for(int n = 0; n<number_of_sections; n++)
{
char* section_name = pe_image[0x178 + n*0x28];
int* section_size = (int*) pe_image[0x178 + n*0x28 + 8];
unsigned* section_flags = pe_image[0x178 + n*0x28 + 36];
//printf it
}
}
something like that, this 0x178 may depend on one or two previous fields but may be typical (im not sure as now for correct recipe for that value).. witt try that soon
I came up with this. It avoids using 'windows.h' should ought to run
#include <stdio.h>
#include <stdint.h>
typedef int16_t wt_word;
typedef int32_t wt_dword;
typedef struct {
wt_word machine;
wt_word nsections;
wt_dword timedatestamp;
wt_dword stpointer;
wt_dword nsymbols;
wt_word optheadersize;
wt_word characteristics;
} imagefileheader;
typedef struct {
char name[8];
union {
wt_dword physical_address;
wt_dword virtual_size;
};
wt_dword virtual_address;
wt_dword rawdata_size;
wt_dword rawdata_ptr;
wt_dword relocations_ptr;
wt_dword linenos_ptr;
wt_word nrelocs;
wt_word nlinenos;
wt_dword characteristics;
} imagesectionheader;
int getfilesize(FILE *handle) {
int p,size;
p = ftell(handle);
fseek(handle,0,2);
size = ftell(handle);
fseek(handle,p,0);
return size;
}
char *readfile(char *filename) {
FILE *f;
int size;
char *m;
f = fopen(filename,"rb");
if (f==0) {
return NULL;
}
size = getfilesize(f);
m = malloc(size);
if (m==NULL) {
return NULL;
}
fseek(f,0,0);
fread(m,1,size,f);
fclose(f);
return m;
}
int main(int nargs, char**args) {
char *infile;
char *pe;
int peoffset,coffoffset,sectionoffset,nsections;
int i;
imagefileheader *coffptr;
imagesectionheader *sectionptr;
if (nargs<2) {
printf("Usage: %s file.exe\n",args[0]);
printf(" %s file.obj\n",args[0]);
exit(0);
}
infile=args[1];
printf("Loading: %s\n",infile);
pe=readfile(infile);
if (pe==NULL) {
printf("Can't load %s\n",infile);
exit(0);
}
if (*pe=='M' & *(pe+1)=='Z') { // exe file
puts("Executable file");
peoffset=*(wt_dword*)(pe+0x3c);
coffoffset=peoffset+4;
}
else {
puts("Object file");
coffoffset=0;
}
coffptr=(imagefileheader*)(pe+coffoffset);
nsections=coffptr->nsections;
sectionoffset=coffoffset+sizeof(imagefileheader)+coffptr->optheadersize;
sectionptr=(imagesectionheader*)(pe+sectionoffset);
printf("Nsections %d\n",nsections);
for (i=1; i<=nsections; ++i) {
printf("Section %d: %10.8s: Virtual Size=%6d Rawdata Size=%6d\n", i,
sectionptr->name,sectionptr->virtual_size,
sectionptr->rawdata_size);
++sectionptr;
}
}
well tnx i come with (as first draft)
///////////////////////////////////////////
int GetFileSize1(FILE* file)
{
int seek_pos = ftell(file);
int error = fseek(file, 0, SEEK_END);
if(error) printf ("seek1 error"), exit (-1);
int file_length = ftell(file) ;
error = fseek(file, seek_pos, SEEK_SET);
if(error) printf ("seek2 error"), exit (-1);
return file_length;
}
int main(int argc, char **argv)
{
char* filename = NULL ;
if (argc>=2)
filename = argv[1];
else
printf ("\n this tiny program prints names and sizes of executable file sections (exe or dll) \n USE: firdump.exe filepath \n "), exit (-1);
FILE* file = fopen ( filename , "rb" );
if (!file) printf ("cant open file %s", filename), exit (-1);
static char pe_image[1024];
int result = fread (pe_image, 1, 1024, file);
int file_size = GetFileSize1(file);
fclose(file);
///////////
printf("\n --= fir's executable sections info =-- \n\n sections for %s ( %d bytes ) \n", filename, file_size);
int pe_header_offset = *((int*) &pe_image[0x3c]);
int size_of_image_file_header = 24;
short size_of_optional_header = *((short*) &pe_image[pe_header_offset+20]);
int sections_offset = pe_header_offset + size_of_image_file_header + size_of_optional_header;
short number_of_sections = *( (short*) &pe_image[pe_header_offset+6]);
for(int n = 0; n<number_of_sections; n++)
{
char* section_name = (char*) &pe_image[sections_offset + n*0x28];
int section_size = *((int*) &pe_image[sections_offset + n*0x28 + 8]);
unsigned section_flags = *((unsigned*) &pe_image[sections_offset + n*0x28 + 36]);
static char section_flags_binary_string [33];
itoa (section_flags, section_flags_binary_string, 2);
int percent_size = 100*section_size/file_size;
if(section_size>file_size)
printf("\n %10.8s %10d bytes %4s %33s", section_name, section_size, " ", section_flags_binary_string );
else
printf("\n %10.8s %10d bytes %4d%% %33s", section_name, section_size, percent_size, section_flags_binary_string );
}
printf("\n\n " );
////////////
}
it is the same, it gives for example
sections for c:\windows\system32\kernel32.dll ( 1018368 bytes )
.text 536777 bytes 52% 1100000000000000000000000100000
.data 17408 bytes 1% 11000000000000000000000001000000
.rsrc 446104 bytes 43% 1000000000000000000000001000000
.reloc 23680 bytes 2% 1000010000000000000000001000000
sections for c:\windows\system32\user32.dll ( 580096 bytes )
.text 389763 bytes 67% 1100000000000000000000000100000
.data 4480 bytes 0% 11000000000000000000000001000000
.rsrc 173924 bytes 29% 1000000000000000000000001000000
.reloc 11748 bytes 2% 1000010000000000000000001000000
sections for c:\windows\system32\gdi32.dll ( 285184 bytes )
.text 271738 bytes 95% 1100000000000000000000000100000
.data 4448 bytes 1% 11000000000000000000000001000000
.rsrc 960 bytes 0% 1000000000000000000000001000000
.reloc 6272 bytes 2% 1000010000000000000000001000000