Basic PE Explorer (v1.0 BETA)
本帖最后由 cmc5410 于 2013-1-25 11:00 编辑Hey guys, been working with PE for quite a few weeks now and decided to actually make an application using the libraries I create during that time. It is a relatively basic mimic of the "PE Explorer" application, however it also lets you parse PEs from modules loaded in processes and shit, which I thought was handy..
Here's some screenshots (Yeah, the GUI is yucky, I was lazy)
Opening process modules...
It's pretty basic as you can see.
This is by no means complete, the export table is only a partial parse, because I got frustrated at it. There are still 14 other sections in a standard PE file that I will probably never get around to doing.
Common errors:
Can't see a process you think should be open?
At this stage I only made it extract processes that have a window, longer lists would take a while to extract all the icons and create the list...etc. Also, can't parse 64-bit processes due to protection problems.
Planned future features
Hopefully I end up finishing the export table, I'm probably going to rethink and rework the process module selection ergonomics 'cos at the moment it's a touch laggy for a MenuStrup.
Credits (though they are in the screenshot)
The fantastic documentation of the PE structure by Microsoft (97 pages of pure sex)
David
Hell_Demon
Has been a good learning experience.
Scans:
{:301_1009:}又一神器
very godo PE头的啥?
页:
[1]