dorkbox
/
PeParser
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Some sections are not properly parsed #1

New Issue
Open
opened 2018-07-20 18:18:02 +02:00 by Ghost · 1 comment
Ghost commented 2018-07-20 18:18:02 +02:00

Hello !

After playing with the library, it seems the private field sectionTable is properly filled with the sections of the opened program, but the collection optionalHeader.tables fails to return them all. A quick example on Windows:

public static void main(String[] args) {
    PE pe = new PE("C:\\Users\\james\\Documents\\calc.exe");
    for(ImageDataDir table : pe.optionalHeader.tables) {
        System.out.println(table.getDescriptiveName() + ":");
        SectionTableEntry section = table.getSection();

        if(section != null) {
            System.out.println("  Segment name: " + table.getSection().NAME);
            System.out.println();
            System.out.println("  Base address: " + table.getSection().POINTER_TO_RAW_DATA);
            System.out.println("  Size: " + table.getSection().SIZE_OF_RAW_DATA);
        } else {
            System.out.println("  <empty>");
        }

        System.out.println("---");
    }
}

The output is the following:

Export Directory:

Import Directory:
Segment name: name: .rdata

Is code: false
Base address: pointer to raw data: 4096 (0x1000)

Size: size of raw data: 3584 (0xe00)

Resource Directory:
Segment name: name: .rsrc

Is code: false
Base address: pointer to raw data: 8704 (0x2200)

Size: size of raw data: 18432 (0x4800)

Exception Directory:
Segment name: name: .pdata

Is code: false
Base address: pointer to raw data: 8192 (0x2000)

Size: size of raw data: 512 (0x200)

Security Directory:

Base Relocation Table:
Segment name: name: .reloc

Is code: false
Base address: pointer to raw data: 27136 (0x6a00)

Size: size of raw data: 512 (0x200)

Debug Directory:

Description String:

Machine Value (MIPS GP):

TLS Directory:

Load Configuration Directory:

But a couple of sections are missing, notably the .text one. Could you please have a look to it ? Also, I'm wondering why you have chosen to not expose publicly the COFF header, as well as this field sectionTable.

Thanks !

Hello ! After playing with the library, it seems the private field `sectionTable` is properly filled with the sections of the opened program, but the collection `optionalHeader.tables` fails to return them all. A quick example on Windows: public static void main(String[] args) { PE pe = new PE("C:\\Users\\james\\Documents\\calc.exe"); for(ImageDataDir table : pe.optionalHeader.tables) { System.out.println(table.getDescriptiveName() + ":"); SectionTableEntry section = table.getSection(); if(section != null) { System.out.println(" Segment name: " + table.getSection().NAME); System.out.println(); System.out.println(" Base address: " + table.getSection().POINTER_TO_RAW_DATA); System.out.println(" Size: " + table.getSection().SIZE_OF_RAW_DATA); } else { System.out.println(" <empty>"); } System.out.println("---"); } } The output is the following: Export Directory: <empty> --- Import Directory: Segment name: name: .rdata Is code: false Base address: pointer to raw data: 4096 (0x1000) Size: size of raw data: 3584 (0xe00) --- Resource Directory: Segment name: name: .rsrc Is code: false Base address: pointer to raw data: 8704 (0x2200) Size: size of raw data: 18432 (0x4800) --- Exception Directory: Segment name: name: .pdata Is code: false Base address: pointer to raw data: 8192 (0x2000) Size: size of raw data: 512 (0x200) --- Security Directory: <empty> --- Base Relocation Table: Segment name: name: .reloc Is code: false Base address: pointer to raw data: 27136 (0x6a00) Size: size of raw data: 512 (0x200) --- Debug Directory: <empty> --- Description String: <empty> --- Machine Value (MIPS GP): <empty> --- TLS Directory: <empty> --- Load Configuration Directory: <empty> --- But a couple of sections are missing, notably the `.text` one. Could you please have a look to it ? Also, I'm wondering why you have chosen to not expose publicly the COFF header, as well as this field `sectionTable`. Thanks !
robinson commented 2018-07-20 22:29:43 +02:00
Owner

Sure, I'll look at it - might take a while since i've got a lot going on right now.

No reason why it's not exposed, i just didn't think about it.

Sure, I'll look at it - might take a while since i've got a lot going on right now. No reason why it's not exposed, i just didn't think about it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Version_2.14
Version_2.13
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: dorkbox/PeParser#1
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?