Debris status 0x01 - File and Optional Headers

by Jason Haley 15. January 2006 18:14

Currently I am working on functionality that matches some of what DumpBin provides.  Today I hooked a somewhat crude win forms ui up to it and started a DumpBinWriter class that I am using to write out to a RichTextBox (but it should work with the console application too).  Little by little I am working through the redesign and heading toward the new logic I need to add for the 3 new metadata tables - but probably won't get to that until the end of this month at the earliest.  Tomorrow (holiday for me) I hope to complete the writer for the Sections with bytes and readable text being output so I can move onto the .net specific stuff.

Here is the current output for a simple test.dll:

PE Signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
             014C machine (x86)
                3 number of sections
         4333DFCE time date stamp 9/23/2005 6:58:22 AM
                0 file pointer to symbol table
                0 number of symbols
               E0 size of optional header
             210E characteristics
                    Executable
                    Line numbers stripped
                    Symbols stripped
                    32 bit word machine
                    DLL

OPTIONAL HEADER VALUES
             010B magic # PE32
              6.0 linker version
              800 size of code
              600 size of initialized data
                0 size of uninitialized data
             260E entry point
             2000 base of code
             4000 base of data
           400000 image base
             2000 section alignment
              200 file alignment
              4.0 operating system version
              0.0 image version
              4.0 subsystem version
                0 Win32 version
              800 size of image
              200 size of headers
                0 checksum
             0003 subsystem (Windows CUI)
              400 DLL characteristics
           100000 size of stack reserve
             1000 size of stack commit
           100000 size of heap reserve
             1000 size of heap commit
                0 loader flags
               10 number of directories
                0 [        0] RVA [size] of Export Directory
             25B4 [       57] RVA [size] of Import Directory
             4000 [      328] RVA [size] of Resource Directory
                0 [        0] RVA [size] of Exception Directory
                0 [        0] RVA [size] of Certificates Directory
             6000 [        C] RVA [size] of Base Relocation Directory
                0 [        0] RVA [size] of Debug Directory
                0 [        0] RVA [size] of Architecture Directory
                0 [        0] RVA [size] of Global Pointer Directory
                0 [        0] RVA [size] of Thread Storage Directory
                0 [        0] RVA [size] of Load Configuration Directory
                0 [        0] RVA [size] of Bound Import Directory
             2000 [        8] RVA [size] of Import Address Table Directory
                0 [        0] RVA [size] of Delay Import Directory
             2008 [       48] RVA [size] of COM Descriptor Directory
                0 [        0] RVA [size] of Reserved Directory

 

Comments (0) | Post RSSRSS comment feed |

Categories:
Tags:

Comments are closed