void CheckFormat(unsigned char *buffer, char opt, unsigned char *extraopt, int extraopt2, unsigned char *extraopt3){ // here we check file format we will begin with PE and ELF void *name; if(buffer[0] == 0x7f && buffer[1] == 0x45){ printf("this file is ELF \n"); }else if(buffer[0] == 0x4d && buffer[1] == 0x5a){ printf("this file is PE file\n"); if(opt == 'a') PeAnalyzer(buffer, opt); else if(opt == 'I') DumpImports(buffer, opt); else if(opt == 's') ListSections(buffer, opt); else if(opt == 'n') GetSection(buffer, opt, extraopt); else if(opt == 'N') DumpSecHex(buffer, opt, extraopt); else if(opt == 'S') DumpStrings(buffer, opt, extraopt); else if(opt == 'f') DisassembleCap(buffer, opt, extraopt, extraopt2); else if(opt == 'c') DisassembleCapOffset(buffer, opt, extraopt, extraopt3); } // free(format); }
void DumpPeFile(hadesmem::Process const& process, hadesmem::PeFile const& pe_file, std::wstring const& path) { std::wostream& out = GetOutputStreamW(); ClearWarnForCurrentFile(); WriteNewline(out); std::wstring const architecture_str{pe_file.Is64() ? L"64-Bit File: Yes" : L"64-Bit File: No"}; WriteNormal(out, architecture_str, 1); std::uint32_t const k1MB = (1U << 20); std::uint32_t const k100MB = k1MB * 100; if (pe_file.GetSize() > k100MB) { // Not actually unsupported, just want to flag large files for use in perf // testing. WriteNewline(out); WriteNormal(out, L"WARNING! File is over 100MB.", 0); // WarnForCurrentFile(WarningType::kUnsupported); } DumpHeaders(process, pe_file); DumpSections(process, pe_file); DumpOverlay(process, pe_file); DumpTls(process, pe_file); DumpExports(process, pe_file); bool has_new_bound_imports_any = false; DumpImports(process, pe_file, has_new_bound_imports_any); DumpBoundImports(process, pe_file, has_new_bound_imports_any); DumpRelocations(process, pe_file); if (!g_quiet && g_strings) { DumpStrings(process, pe_file); } HandleWarnings(path); }
void DumpPeFile(hadesmem::Process const& process, hadesmem::PeFile const& pe_file, std::wstring const& path) { std::wostream& out = std::wcout; ClearWarnForCurrentFile(); std::uint32_t const k1MB = (1U << 20); std::uint32_t const k100MB = k1MB * 100; if (pe_file.GetSize() > k100MB) { // Not actually unsupported, just want to flag large files. WriteNewline(out); WriteNormal(out, L"WARNING! File is over 100MB.", 0); WarnForCurrentFile(WarningType::kUnsupported); } DumpHeaders(process, pe_file); DumpSections(process, pe_file); DumpTls(process, pe_file); DumpExports(process, pe_file); bool has_new_bound_imports_any = false; DumpImports(process, pe_file, has_new_bound_imports_any); DumpBoundImports(process, pe_file, has_new_bound_imports_any); DumpRelocations(process, pe_file); DumpStrings(process, pe_file); HandleWarnings(path); }