HyperDbg Debugger
Loading...
Searching...
No Matches
Functions
pe.cpp File Reference

.pe command More...

#include "pch.h"

Functions

VOID CommandPeHelp ()
 help of the .pe command
 
VOID CommandPe (vector< string > SplitCommand, string Command)
 .pe command handler
 

Detailed Description

.pe command

Author
Sina Karvandi (sina@.nosp@m.hype.nosp@m.rdbg..nosp@m.org)
Version
0.1
Date
2021-12-27
Copyright
This project is released under the GNU Public License v3.

Function Documentation

◆ CommandPe()

VOID CommandPe ( vector< string > SplitCommand,
string Command )

.pe command handler

Parameters
SplitCommand
Command
Returns
VOID
44{
45 BOOLEAN Is32Bit = FALSE;
46 wstring Filepath;
47 BOOLEAN ShowDumpOfSection = FALSE;
48
49 if (SplitCommand.size() <= 2)
50 {
51 ShowMessages("err, incorrect use of the '.pe' command\n\n");
52 CommandPeHelp();
53 return;
54 }
55
56 //
57 // Check for first option
58 //
59 if (!SplitCommand.at(1).compare("section"))
60 {
61 if (SplitCommand.size() == 3)
62 {
63 ShowMessages("please specify a valid PE file\n\n");
64 CommandPeHelp();
65 return;
66 }
67 ShowDumpOfSection = TRUE;
68 }
69 else if (!SplitCommand.at(1).compare("header"))
70 {
71 ShowDumpOfSection = FALSE;
72 }
73 else
74 {
75 //
76 // Couldn't resolve or unknown parameter
77 //
78 ShowMessages("err, couldn't resolve error at '%s'\n\n",
79 SplitCommand.at(1).c_str());
80 CommandPeHelp();
81 return;
82 }
83
84 //
85 // Trim the command
86 //
87 Trim(Command);
88
89 //
90 // Remove .pe from it
91 //
92 Command.erase(0, SplitCommand.at(0).size());
93
94 if (!ShowDumpOfSection)
95 {
96 //
97 // Remove header + space
98 //
99 Command.erase(0, 6 + 1);
100 }
101 else
102 {
103 //
104 // Remove section + space
105 //
106 Command.erase(0, 7 + 1);
107
108 //
109 // Remove the string param for section + space
110 //
111 Command.erase(0, SplitCommand.at(2).size() + 1);
112 }
113
114 //
115 // Trim it again
116 //
117 Trim(Command);
118
119 //
120 // Convert path to wstring
121 //
122 StringToWString(Filepath, Command);
123
124 //
125 // Detect whether PE is 32-bit or 64-bit
126 //
127 if (!PeIsPE32BitOr64Bit(Filepath.c_str(), &Is32Bit))
128 {
129 //
130 // File was invalid, the error message is shown in the above function
131 //
132 return;
133 }
134
135 //
136 // Parse PE file
137 //
138 if (!ShowDumpOfSection)
139 {
140 PeShowSectionInformationAndDump(Filepath.c_str(), NULL, Is32Bit);
141 }
142 else
143 {
144 PeShowSectionInformationAndDump(Filepath.c_str(), SplitCommand.at(2).c_str(), Is32Bit);
145 }
146}
BOOLEAN
UCHAR BOOLEAN
Definition BasicTypes.h:39
TRUE
#define TRUE
Definition BasicTypes.h:55
FALSE
#define FALSE
Definition BasicTypes.h:54
StringToWString
VOID StringToWString(std::wstring &ws, const std::string &s)
convert std::string to std::wstring
Definition common.cpp:729
Trim
void Trim(std::string &s)
trim from both ends and start of a string (in place)
Definition common.cpp:594
ShowMessages
VOID ShowMessages(const char *Fmt,...)
Show messages.
Definition libhyperdbg.cpp:96
PeIsPE32BitOr64Bit
BOOLEAN PeIsPE32BitOr64Bit(const WCHAR *AddressOfFile, PBOOLEAN Is32Bit)
Detect whether PE is a 32-bit PE or 64-bit PE.
Definition pe-parser.cpp:482
PeShowSectionInformationAndDump
BOOLEAN PeShowSectionInformationAndDump(const WCHAR *AddressOfFile, const CHAR *SectionToShow, BOOLEAN Is32Bit)
Show information about different sections of PE and the dump of sections.
Definition pe-parser.cpp:75
CommandPeHelp
VOID CommandPeHelp()
help of the .pe command
Definition pe.cpp:22

◆ CommandPeHelp()

VOID CommandPeHelp ( )

help of the .pe command

Returns
VOID
23{
24 ShowMessages(".pe : parses portable executable (PE) files and dump sections.\n\n");
25
26 ShowMessages("syntax : \t.pe [header] [FilePath (string)]\n");
27 ShowMessages("syntax : \t.pe [section] [SectionName (string)] [FilePath (string)]\n");
28
29 ShowMessages("\n");
30 ShowMessages("\t\te.g : .pe header c:\\reverse files\\myfile.exe\n");
31 ShowMessages("\t\te.g : .pe section .text c:\\reverse files\\myfile.exe\n");
32 ShowMessages("\t\te.g : .pe section .rdata c:\\reverse files\\myfile.exe\n");
33}