-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathparser.c
More file actions
231 lines (199 loc) · 10.4 KB
/
parser.c
File metadata and controls
231 lines (199 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <Windows.h>
void displayErrorMessage(DWORD errorCode) {
LPSTR messageBuffer = NULL;
FormatMessageA(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
errorCode,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPSTR)&messageBuffer,
0,
NULL);
if (messageBuffer != NULL) {
printf("Error: %s\n", messageBuffer);
LocalFree(messageBuffer);
}
else {
printf("Error: Unable to get error message for code %d\n", errorCode);
}
}
void printDosHeader(LPVOID fileData) {
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)fileData;
printf("----------- DOS HEADER -----------\n");
printf("WORD e_magic -> 0x%x\n", dosHeader->e_magic);
printf("WORD e_cblp -> 0x%x\n", dosHeader->e_cblp);
printf("WORD e_cp -> 0x%x\n", dosHeader->e_cp);
printf("WORD e_crlc -> 0x%x\n", dosHeader->e_crlc);
printf("WORD e_cparhdr -> 0x%x\n", dosHeader->e_cparhdr);
printf("WORD e_minalloc -> 0x%x\n", dosHeader->e_minalloc);
printf("WORD e_maxalloc -> 0x%x\n", dosHeader->e_maxalloc);
printf("WORD e_ss -> 0x%x\n", dosHeader->e_ss);
printf("WORD e_sp -> 0x%x\n", dosHeader->e_sp);
printf("WORD e_csum -> 0x%x\n", dosHeader->e_csum);
printf("WORD e_ip -> 0x%x\n", dosHeader->e_ip);
printf("WORD e_cs -> 0x%x\n", dosHeader->e_cs);
printf("WORD e_lfarlc -> 0x%x\n", dosHeader->e_lfarlc);
printf("WORD e_ovno -> 0x%x\n", dosHeader->e_ovno);
printf("WORD e_oemid -> 0x%x\n", dosHeader->e_oemid);
printf("WORD e_oeminfo -> 0x%x\n", dosHeader->e_oeminfo);
printf("LONG e_lfanew -> 0x%x\n", dosHeader->e_lfanew);
}
void printNTHeaders(LPVOID fileData) {
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)fileData;
printf("\n");
PIMAGE_NT_HEADERS imageNTHeaders = (PIMAGE_NT_HEADERS)((uintptr_t)fileData + dosHeader->e_lfanew);
printf("----------- SIGNATURE HEADER -----------\n");
printf("DWORD Signature -> %x\n", imageNTHeaders->Signature);
printf("\n");
printf("----------- FILE HEADER -----------\n");
printf("WORD Machine -> %x\n", imageNTHeaders->FileHeader.Machine);
printf("WORD NumberOfSections -> %x\n", imageNTHeaders->FileHeader.NumberOfSections);
printf("DWORD TimeDateStamp -> %x\n", imageNTHeaders->FileHeader.TimeDateStamp);
printf("DWORD PointerToSymbolTable -> %x\n", imageNTHeaders->FileHeader.PointerToSymbolTable);
printf("DWORD NumberOfSymbols -> %x\n", imageNTHeaders->FileHeader.NumberOfSymbols);
printf("WORD SizeOfOptionalHeader -> %x\n", imageNTHeaders->FileHeader.SizeOfOptionalHeader);
printf("WORD Characteristics -> %x\n", imageNTHeaders->FileHeader.Characteristics);
printf("\n");
printf("----------- OPTIONAL HEADER -----------\n");
printf("WORD Magic -> %x\n", imageNTHeaders->OptionalHeader.Magic);
printf("BYTE MajorLinkerVersion -> %x\n", imageNTHeaders->OptionalHeader.MajorLinkerVersion);
printf("BYTE MinorLinkerVersion -> %x\n", imageNTHeaders->OptionalHeader.MinorLinkerVersion);
printf("DWORD SizeOfCode -> %x\n", imageNTHeaders->OptionalHeader.SizeOfCode);
printf("DWORD SizeOfInitializedData -> %x\n", imageNTHeaders->OptionalHeader.SizeOfInitializedData);
printf("DWORD SizeOfUninitializedData -> %x\n", imageNTHeaders->OptionalHeader.SizeOfUninitializedData);
printf("DWORD AddressOfEntryPoint -> %x\n", imageNTHeaders->OptionalHeader.AddressOfEntryPoint);
printf("DWORD BaseOfCode -> %x\n", imageNTHeaders->OptionalHeader.BaseOfCode);
printf("DWORD ImageBase -> %x\n", imageNTHeaders->OptionalHeader.ImageBase);
printf("DWORD SectionAlignment -> %x\n", imageNTHeaders->OptionalHeader.SectionAlignment);
printf("DWORD FileAlignment -> %x\n", imageNTHeaders->OptionalHeader.FileAlignment);
printf("WORD MajorOperatingSystemVersion -> %x\n", imageNTHeaders->OptionalHeader.MajorOperatingSystemVersion);
printf("WORD MinorOperatingSystemVersion -> %x\n", imageNTHeaders->OptionalHeader.MinorOperatingSystemVersion);
printf("WORD MajorImageVersion -> %x\n", imageNTHeaders->OptionalHeader.MajorImageVersion);
printf("WORD MinorImageVersion -> %x\n", imageNTHeaders->OptionalHeader.MinorImageVersion);
printf("WORD MajorSubsystemVersion -> %x\n", imageNTHeaders->OptionalHeader.MajorSubsystemVersion);
printf("WORD MinorSubsystemVersion -> %x\n", imageNTHeaders->OptionalHeader.MinorSubsystemVersion);
printf("DWORD Win32VersionValue -> %x\n", imageNTHeaders->OptionalHeader.Win32VersionValue);
printf("DWORD SizeOfImage -> %x\n", imageNTHeaders->OptionalHeader.SizeOfImage);
printf("DWORD SizeOfHeaders -> %x\n", imageNTHeaders->OptionalHeader.SizeOfHeaders);
printf("DWORD CheckSum -> %x\n", imageNTHeaders->OptionalHeader.CheckSum);
printf("WORD Subsystem -> %x\n", imageNTHeaders->OptionalHeader.Subsystem);
printf("WORD DllCharacteristics -> %x\n", imageNTHeaders->OptionalHeader.DllCharacteristics);
printf("DWORD SizeOfStackReserve -> %x\n", imageNTHeaders->OptionalHeader.SizeOfStackReserve);
printf("DWORD SizeOfStackCommit -> %x\n", imageNTHeaders->OptionalHeader.SizeOfStackCommit);
printf("DWORD SizeOfHeapReserve -> %x\n", imageNTHeaders->OptionalHeader.SizeOfHeapReserve);
printf("DWORD SizeOfHeapCommit -> %x\n", imageNTHeaders->OptionalHeader.SizeOfHeapCommit);
printf("DWORD LoaderFlags -> %x\n", imageNTHeaders->OptionalHeader.LoaderFlags);
printf("DWORD NumberOfRvaAndSizes -> %x\n", imageNTHeaders->OptionalHeader.NumberOfRvaAndSizes);
}
void printDataDirectories(LPVOID fileData) {
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)fileData;
PIMAGE_NT_HEADERS imageNTHeaders = (PIMAGE_NT_HEADERS)((uintptr_t)fileData + dosHeader->e_lfanew);
printf("\n");
printf("----------- DATA DIRECTORIES -----------\n");
printf("\tExport Directory Address: 0x%x; Size: 0x%x\n", imageNTHeaders->OptionalHeader.DataDirectory[0].VirtualAddress, imageNTHeaders->OptionalHeader.DataDirectory[0].Size);
printf("\tImport Directory Address: 0x%x; Size: 0x%x\n", imageNTHeaders->OptionalHeader.DataDirectory[1].VirtualAddress, imageNTHeaders->OptionalHeader.DataDirectory[1].Size);
}
void printSectionHeaders(LPVOID fileData) {
printf("\n");
printf("----------- SECTION HEADERS -----------\n");
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)fileData;
PIMAGE_NT_HEADERS imageNTHeaders = (PIMAGE_NT_HEADERS)((uintptr_t)fileData + dosHeader->e_lfanew);
PIMAGE_SECTION_HEADER sectionHeader = (PIMAGE_SECTION_HEADER)((DWORD_PTR)imageNTHeaders +
sizeof(DWORD) +
sizeof(IMAGE_FILE_HEADER) +
imageNTHeaders->FileHeader.SizeOfOptionalHeader);
DWORD importDirectoryRVA = imageNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
for (int i = 0; i < imageNTHeaders->FileHeader.NumberOfSections; i++) {
printf("\t%s\n", sectionHeader->Name); //Access violation reading location
printf("VirtualSize -> %x\n", sectionHeader->Misc.VirtualSize);
printf("VirtualAddress -> %x\n", sectionHeader->VirtualAddress);
printf("SizeOfRawData -> %x\n", sectionHeader->SizeOfRawData);
printf("PointerToRawData -> %x\n", sectionHeader->PointerToRawData);
printf("PointerToRelocations -> %x\n", sectionHeader->PointerToRelocations);
printf("PointerToLinenumbers -> %x\n", sectionHeader->PointerToLinenumbers);
printf("NumberOfRelocations -> %x\n", sectionHeader->NumberOfRelocations);
printf("NumberOfLinenumbers -> %x\n", sectionHeader->NumberOfLinenumbers);
printf("Characteristics -> %x\n", sectionHeader->Characteristics);
// Save section that contains import directory table
if (importDirectoryRVA >= sectionHeader->VirtualAddress &&
importDirectoryRVA < sectionHeader->VirtualAddress + sectionHeader->Misc.VirtualSize) {
PIMAGE_SECTION_HEADER importSection = sectionHeader;
}
// Move to the next section header
sectionHeader++;
}
}
void printMenu() {
printf("\n");
printf("---Options---\n");
printf("DosHeader -> 1\n");
printf("NTHeaders -> 2\n");
printf("DataDirectories -> 3\n");
printf("SectionHeaders -> 4\n");
printf("Exit -> 5\n");
printf("What do you wanna see?: ");
}
int main(int argc, char* argv[]) {
char fileName[MAX_PATH];
int option = -1;
printf("-----------PE Parser----------- \n");
printf("Give me the file path: ");
scanf("%s", fileName);
printMenu();
HANDLE hFile = CreateFileA(fileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
printf("[-] Error opening file... \n");
printf("[-] Error message: ");
displayErrorMessage(GetLastError());
return 1;
}
DWORD fileSize = GetFileSize(hFile, NULL);
if (fileSize == INVALID_FILE_SIZE) {
printf("[-] Error getting file size... \n");
printf("[-] Error message: ");
displayErrorMessage(GetLastError());
CloseHandle(hFile);
return 1;
}
LPVOID fileData = HeapAlloc(GetProcessHeap(), 0, fileSize);
if (fileData == NULL) {
printf("[-] Error allocating memory... \n");
CloseHandle(hFile);
return 1;
}
DWORD bytesRead = 0;
if (!ReadFile(hFile, fileData, fileSize, &bytesRead, NULL)) {
printf("[-] Error reading file... \n");
printf("[-] Error message: ");
displayErrorMessage(GetLastError());
HeapFree(GetProcessHeap(), 0, fileData);
CloseHandle(hFile);
return 1;
}
while (option != 5) {
scanf("%d", &option);
switch (option){
case 1:
printDosHeader(fileData);
break;
case 2:
printNTHeaders(fileData);
break;
case 3:
printDataDirectories(fileData);
break;
case 4:
printSectionHeaders(fileData);
break;
case 5:
printf("Exitting...");
return 0;
}
printMenu();
}
HeapFree(GetProcessHeap(), 0, fileData);
CloseHandle(hFile);
return 0;
}