PE Parser example
This example is from the PE Parser project. It can be found in the Chapter#2 folder of this book’s GitHub project, which is publicly available. To save space, we only extracted the highlighted code; you should refer to the complete source code of the project for more details.
This is a simple tool written in C/C++ that can read any EXE content into memory with fopen and fread and save it in the ptrToBinary pointer, as shown in Figure 2.4:
Figure 2.4 – Example of PE Parser code
Let’s take a look at the preceding code in more detail:
- Lines 2-7: DOS Header must be present at the beginning of the program. We can get the NT Header offset from its
e_lfanewfield, and then add this offset to the base address of the entire binary. Therefore, we have successfully obtained the DOS and NT Headers. - Line 4: We check whether the magic number of the DOS Header is MZ and the magic number of the NT Headers is PE\x00...
