|
1 | | -# peritux |
2 | | -A very basic PE parser written in C++ which parses only the File Header and Optional Headers. |
3 | | -Just made it as a learning project. |
| 1 | +# PEritux |
| 2 | +PEritux (peri-tux) comes from the latin work "peritus" from "expert. |
| 3 | +This is a small PE parser which parses all the important Portable Executable Header information such the File Header, Section Header, Optional Header, Import Directory and Export Directory. PEritux does not use any OOP at all, so if you're a beginner, the code can be easy to read for you. |
4 | 4 |
|
5 | | -## usage |
6 | | -Just give the PE file name as the first argument. |
| 5 | +## Compilation |
| 6 | +### g++ |
| 7 | +```bash |
| 8 | +g++ -o PEritux main.cpp PEritux_funcs.cpp |
| 9 | +``` |
| 10 | + |
| 11 | +## Usage |
| 12 | +```bash |
| 13 | +- PEritux [filename] |
| 14 | +``` |
| 15 | + |
| 16 | +## Documentation of each function used in the project. |
| 17 | + |
| 18 | +### Function: returnArch |
| 19 | + |
| 20 | +#### Input |
| 21 | + |
| 22 | +- int machineArch: the machine architecture |
| 23 | + |
| 24 | +#### Output |
| 25 | + |
| 26 | +- std::string: returns a string describing the architecture |
| 27 | + |
| 28 | +#### Description |
| 29 | + |
| 30 | +The `returnArch` function takes an integer representing a machine architecture value as an input, then uses a switch-case statement to return a string representation of that architecture. |
| 31 | + |
| 32 | +### Function: returnImageType |
| 33 | + |
| 34 | +#### Input |
| 35 | + |
| 36 | +- int magicNumber: a value used to determine the type of the executable |
| 37 | + |
| 38 | +#### Output |
| 39 | + |
| 40 | +- std::string: returns a string describing the executable format |
| 41 | + |
| 42 | +#### Description |
| 43 | + |
| 44 | +The `returnImageType` function takes an integer representing a magic number value as an input, then uses a switch-case statement to determine the type of the executable format and returns a string representation. |
| 45 | + |
| 46 | +### Function: returnImageSubsystem |
| 47 | + |
| 48 | +#### Input |
| 49 | + |
| 50 | +- int subsysNumber: a value used to determine the subsystem of the executable |
| 51 | + |
| 52 | +#### Output |
| 53 | + |
| 54 | +- std::string: returns a string describing the subsystem of the executable |
| 55 | + |
| 56 | +#### Description |
| 57 | + |
| 58 | +The `returnImageSubsystem` function takes an integer representing a subsystem number as an input, then uses a switch-case statement to determine the subsystem of the executable and returns a string representation. |
| 59 | + |
| 60 | +### Function: parseFileHeader |
| 61 | + |
| 62 | +#### Input |
| 63 | + |
| 64 | +- IMAGE_FILE_HEADER& ImgFileHeader: a reference to an IMAGE_FILE_HEADER structure |
| 65 | + |
| 66 | +#### Output |
| 67 | + |
| 68 | +- None |
| 69 | + |
| 70 | +#### Description |
| 71 | + |
| 72 | +The `parseFileHeader` function takes a reference to an IMAGE_FILE_HEADER structure as an input and prints information about the file header to the console. |
| 73 | + |
| 74 | +### Function: parseOptionalHeader |
| 75 | + |
| 76 | +#### Input |
| 77 | + |
| 78 | +- IMAGE_OPTIONAL_HEADER& ImgOptionalHeader: a reference to an IMAGE_OPTIONAL_HEADER structure |
| 79 | + |
| 80 | +#### Output |
| 81 | + |
| 82 | +- None |
| 83 | + |
| 84 | +#### Description |
| 85 | + |
| 86 | +The `parseOptionalHeader` function takes a reference to an IMAGE_OPTIONAL_HEADER structure as an input and prints information about the optional header to the console. |
| 87 | + |
| 88 | +### Function: parseSectionHeaders |
| 89 | + |
| 90 | +#### Input |
| 91 | + |
| 92 | +- PIMAGE_SECTION_HEADER pImgSectionHeader: a pointer to an array of IMAGE_SECTION_HEADER structures |
| 93 | +- WORD& ImgNoOfSections: a reference to the number of sections in the file |
| 94 | + |
| 95 | +#### Output |
| 96 | + |
| 97 | +- None |
| 98 | + |
| 99 | +#### Description |
| 100 | + |
| 101 | +The `parseSectionHeaders` function takes a pointer to an array of IMAGE_SECTION_HEADER structures and a reference to the number of sections in the file as inputs and prints information about each section to the console. |
| 102 | + |
| 103 | +### Function: parseImports |
| 104 | + |
| 105 | +#### Input |
| 106 | + |
| 107 | +- PIMAGE_DATA_DIRECTORY pImageDataDirectory: a pointer to an IMAGE_DATA_DIRECTORY structure |
| 108 | +- WORD& ImgTotalSections: a reference to the number of sections in the file |
| 109 | +- PIMAGE_SECTION_HEADER pImgSectionHeader: a pointer to an array of IMAGE_SECTION_HEADER structures |
| 110 | +- unsigned char* pBuffer: a pointer to the file buffer |
| 111 | + |
| 112 | +#### Output |
| 113 | + |
| 114 | +- None |
| 115 | + |
| 116 | +#### Description |
| 117 | + |
| 118 | +The `parseImports` function takes a pointer to an IMAGE_DATA_DIRECTORY structure, a reference to the number of sections in the file, a pointer to an array of IMAGE_SECTION_HEADER structures, and a pointer to the file buffer as inputs. The function parses the import directory and prints information about each import to the console. |
| 119 | + |
| 120 | +### Function: parseExports |
| 121 | + |
| 122 | +#### Input |
| 123 | + |
| 124 | +- IMAGE_DATA_DIRECTORY ImageExportDirectory: an IMAGE_DATA_DIRECTORY structure |
| 125 | +- WORD& ImgTotalSections: a reference to the number of sections in the file |
| 126 | +- PIMAGE_SECTION_HEADER pImgSectionHeader: a pointer to an array of IMAGE_SECTION_HEADER structures |
| 127 | +- unsigned char* pBuffer: a pointer to the file buffer |
| 128 | + |
| 129 | +#### Output |
| 130 | + |
| 131 | +- None |
| 132 | + |
| 133 | +#### Description |
| 134 | + |
| 135 | +The `parseExports` function takes an IMAGE_DATA_DIRECTORY structure, a reference to the number of sections in the file, a pointer to an array of IMAGE_SECTION_HEADER structures, and a pointer to the file buffer as inputs. |
0 commit comments