patterncMinor
Pulling PE32 header info
Viewed 0 times
pe32pullinginfoheader
Problem
Context Info
I coded up a program that maps an executable file(.exe .dll mainly) to the program's memory space which allows for easier extraction of the PE header info. I extract the information by simply casting a structure of a certain header to a memory location of the mapped file.
What I'm asking for
Readability and general structure. Some of the naming is horrible and I don't know which is the right alternative. The main function looks like it's all over the place for some reason and feels very hard to read. And anything else of course, I'm sure there are tons of bad things that I'm not aware of.
pe32inf.c
```
#include
#include
#include "pe32inf.h"
void Terminate(const char *s);
LPCTSTR DecodeInput(int argc, char *argv[]);
LPVOID Map(LPCTSTR lpFileName);
MZ_DOS SetDOSheader(LPVOID lpFileBase);
COFF SetCOFFheader(LPVOID lpCOFFoffset);
SectionTable SetSectionTable(LPVOID SectionTableOffset, int NumberOfSections);
int main(int argc, char *argv[])
{
LPCTSTR lpFileName;
LPVOID lpFileBase;
MZ_DOS DOSheader; //Naming issues with the headers.
COFF COFFheader;
OptionalHeader OPTheader; //I tried to get around the 2 declarations because 1 is going to be unused.
OptionalHeader64 OPTheader64; //However, I can only think of malloc and then there's inconsistency since this will be a PTR.
SectionTable SECtable;
lpFileName = DecodeInput(argc, argv);
lpFileBase = Map(lpFileName);
DOSheader = SetDOSheader(lpFileBase);
COFFheader = SetCOFFheader(lpFileBase + DOSheader.pe_offset + 0x4); //0x4 To skip PE sig.
LPVOID lpOptionalHeader = lpFileBase + DOSheader.pe_offset + 0x4 + sizeof(COFF);
WORD magic = (WORD)lpOptionalHeader;
if (magic == 0x10b) { //PE32
OPTheader = (OptionalHeader)lpOptionalHeader;
} else if (magic == 0x20b) { //PE32+
OPTheader64 = (OptionalHeader64)lpOptionalHeader;
} else {
Terminate("Unknown PE magic.");
}
LPVOID SectionTableOffset = lpOptionalHea
I coded up a program that maps an executable file(.exe .dll mainly) to the program's memory space which allows for easier extraction of the PE header info. I extract the information by simply casting a structure of a certain header to a memory location of the mapped file.
What I'm asking for
Readability and general structure. Some of the naming is horrible and I don't know which is the right alternative. The main function looks like it's all over the place for some reason and feels very hard to read. And anything else of course, I'm sure there are tons of bad things that I'm not aware of.
pe32inf.c
```
#include
#include
#include "pe32inf.h"
void Terminate(const char *s);
LPCTSTR DecodeInput(int argc, char *argv[]);
LPVOID Map(LPCTSTR lpFileName);
MZ_DOS SetDOSheader(LPVOID lpFileBase);
COFF SetCOFFheader(LPVOID lpCOFFoffset);
SectionTable SetSectionTable(LPVOID SectionTableOffset, int NumberOfSections);
int main(int argc, char *argv[])
{
LPCTSTR lpFileName;
LPVOID lpFileBase;
MZ_DOS DOSheader; //Naming issues with the headers.
COFF COFFheader;
OptionalHeader OPTheader; //I tried to get around the 2 declarations because 1 is going to be unused.
OptionalHeader64 OPTheader64; //However, I can only think of malloc and then there's inconsistency since this will be a PTR.
SectionTable SECtable;
lpFileName = DecodeInput(argc, argv);
lpFileBase = Map(lpFileName);
DOSheader = SetDOSheader(lpFileBase);
COFFheader = SetCOFFheader(lpFileBase + DOSheader.pe_offset + 0x4); //0x4 To skip PE sig.
LPVOID lpOptionalHeader = lpFileBase + DOSheader.pe_offset + 0x4 + sizeof(COFF);
WORD magic = (WORD)lpOptionalHeader;
if (magic == 0x10b) { //PE32
OPTheader = (OptionalHeader)lpOptionalHeader;
} else if (magic == 0x20b) { //PE32+
OPTheader64 = (OptionalHeader64)lpOptionalHeader;
} else {
Terminate("Unknown PE magic.");
}
LPVOID SectionTableOffset = lpOptionalHea
Solution
-
pe32.h
Since you call Windows APIs, it is reasonable to expect that the program targets Windows platform. You really should take advantage of ImageHlp APIs and structures, and in any case not rely on the third party 5-year-old documents.
-
Copying structures
seems unreasonable. Data are already in memory, so setting up a pointer should suffice. For example:
Same applies to other structures.
-
Magic number
I mean,
-
void pointer arithmetic
LPVOID is defined as
-
Command line parsing
I don't think that
pe32.h
Since you call Windows APIs, it is reasonable to expect that the program targets Windows platform. You really should take advantage of ImageHlp APIs and structures, and in any case not rely on the third party 5-year-old documents.
-
Copying structures
seems unreasonable. Data are already in memory, so setting up a pointer should suffice. For example:
COFF * COFFheader;
....
COFFheader * SetCoffHeader(lpFileBase, offset) {
return (COFFheader *) (lpFileBase + offset);
}Same applies to other structures.
-
Magic number
I mean,
0x4, which according to a comment is a size of PE signature. I recommend to explicitly define a struct PE_signature, take its sizeof and remove the comment.-
void pointer arithmetic
LPVOID is defined as
typedef void *LPVOID;. I am surprised that lpFileBase + smth compiles at all.-
Command line parsing
I don't think that
lpFileName == NULL is ever possible.Code Snippets
COFF * COFFheader;
....
COFFheader * SetCoffHeader(lpFileBase, offset) {
return (COFFheader *) (lpFileBase + offset);
}Context
StackExchange Code Review Q#106037, answer score: 3
Revisions (0)
No revisions yet.