huoxue1
/
peparse
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: huoxue1:676b4e69a1c1081d004cac02c02683d1b8e53918
Branches Tags
huoxue1:main
..
compare: huoxue1:2262dea7e2a4e9a0a3a324df64e95b9a9029d6a9
Branches Tags
huoxue1:main

No commits in common. "676b4e69a1c1081d004cac02c02683d1b8e53918" and "2262dea7e2a4e9a0a3a324df64e95b9a9029d6a9" have entirely different histories.
676b4e69a1 ... 2262dea7e2

6 changed files with 27 additions and 135 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,4 +6,3 @@
# https://dart.dev/guides/libraries/private-files#pubspeclock. # https://dart.dev/guides/libraries/private-files#pubspeclock.
pubspec.lock pubspec.lock
.vscode/ .vscode/
test.sql

24
example/peparse_example.dart
View File

@ -1,9 +1,29 @@
import 'dart:io';
import '../lib/peparse.dart'; import '../lib/peparse.dart';
void main() { void main() {
const filepath = "D:\\software\\qq\\Bin\\QQ.exe"; const filepath = "D:\\software\\qq\\Bin\\QQ.exe";
var pe = PeFile.parseFile(filepath); File file = File(filepath);
print(pe.toString()); var data = ReaderSeeker(file.readAsBytesSync());
var header = ImageDocHeader(data);
print(header.toString());
data.seek(header.elfanew);
var nt = ImageNtHeaders32(data);
print(nt.toString());
print(data.position);
var sections = <ImageSectionHeader>[];
for (var i = 0; i < nt.fileHeader.numberOfSections; i++) {
sections.add(ImageSectionHeader(data));
}
for (var section in sections) {
print(section.toString());
}
} }

2
lib/peparse.dart
View File

@ -8,6 +8,4 @@ export 'src/pojo/image_doc_header.dart' show ImageDocHeader;
export 'src/pojo/image_nt_header.dart' show ImageNtHeaders32; export 'src/pojo/image_nt_header.dart' show ImageNtHeaders32;
export 'src/pojo/reader_seeker.dart' show ReaderSeeker; export 'src/pojo/reader_seeker.dart' show ReaderSeeker;
export 'src/pojo/image_section_header.dart' show ImageSectionHeader; export 'src/pojo/image_section_header.dart' show ImageSectionHeader;
export 'src/pojo/resourse_section.dart' show IMAGE_RESOURCE_DIRECTORY,IMAGE_RESOURCE_DIRECTORY_ENTRY,FileEntry;
export 'src/peparse_base.dart' show PeFile;
// TODO: Export any libraries intended for clients of this package. // TODO: Export any libraries intended for clients of this package.

37
lib/src/peparse_base.dart
View File

@ -1,35 +1,6 @@
import 'dart:io'; // TODO: Put public facing types in this file.
import './pojo/image_doc_header.dart'; /// Checks if you are awesome. Spoiler: you are.
import './pojo/image_nt_header.dart'; class Awesome {
import './pojo/image_section_header.dart'; bool get isAwesome => true;
import './pojo/resourse_section.dart';
import './pojo/reader_seeker.dart';
class PeFile {
ImageDocHeader? imageDocHeader;
ImageNtHeaders32? imageNtHeaders;
List<ImageSectionHeader> imageSectionHeaders = [];
IMAGE_RESOURCE_DIRECTORY? imageResourceDirectory;
PeFile.parseFile(String filepath) {
File file = File(filepath);
var data = ReaderSeeker(file.readAsBytesSync());
imageDocHeader = ImageDocHeader(data);
data.seek(imageDocHeader!.elfanew);
imageNtHeaders = ImageNtHeaders32(data);
imageSectionHeaders = <ImageSectionHeader>[];
for (var i = 0; i < imageNtHeaders!.fileHeader.numberOfSections; i++) {
imageSectionHeaders.add(ImageSectionHeader(data));
}
var resourse_section =
imageSectionHeaders.firstWhere((element) => element.name == '.rsrc');
imageResourceDirectory = IMAGE_RESOURCE_DIRECTORY(
resourse_section.pointerToRawData, 0, resourse_section, data);
}
@override
String toString() {
return '{"imageDocHeader":${imageDocHeader.toString()}, "imageNtHeaders":${imageNtHeaders.toString()}, "imageSectionHeaders":${imageSectionHeaders.toString()}, "imageResourceDirectory":${imageResourceDirectory.toString()}}';
}
} }

3
lib/src/pojo/image_section_header.dart
View File

@ -28,8 +28,7 @@ class ImageSectionHeader {
ImageSectionHeader(ReaderSeeker readerSeeker){ ImageSectionHeader(ReaderSeeker readerSeeker){
_name = readerSeeker.getByte(8); _name = readerSeeker.getByte(8);
_name.removeWhere((element) => element == 0); name = utf8.decode(_name,allowMalformed: true);
name = utf8.decode(_name,allowMalformed: false);
var data = readerSeeker.getData(32); var data = readerSeeker.getData(32);
misc = data.getUint32(0,Endian.little); misc = data.getUint32(0,Endian.little);
virtualAddress = data.getUint32(4,Endian.little); virtualAddress = data.getUint32(4,Endian.little);

95
lib/src/pojo/resourse_section.dart
View File

@ -1,95 +0,0 @@
import 'dart:convert';
import 'dart:typed_data';
import './reader_seeker.dart';
import './image_section_header.dart';
class IMAGE_RESOURCE_DIRECTORY{
int Characteristics = 0;
int TimeDateStamp = 0;
int MajorVersion = 0;
int MinorVersion = 0;
int NumberOfNamedEntries = 0;
int NumberOfIdEntries = 0;
List<IMAGE_RESOURCE_DIRECTORY_ENTRY> Entries = [];
IMAGE_RESOURCE_DIRECTORY(int startOffset,int offset,ImageSectionHeader section,ReaderSeeker readerSeeker){
readerSeeker.seek(startOffset+offset);
var data = readerSeeker.getData(16);
Characteristics = data.getUint32(0,Endian.little);
TimeDateStamp = data.getUint32(4,Endian.little);
MajorVersion = data.getUint16(8,Endian.little);
MinorVersion = data.getUint16(10,Endian.little);
NumberOfNamedEntries = data.getUint16(12,Endian.little);
NumberOfIdEntries = data.getUint16(14,Endian.little);
for (var i = 0; i < NumberOfNamedEntries + NumberOfIdEntries; i++) {
Entries.add(IMAGE_RESOURCE_DIRECTORY_ENTRY(readerSeeker));
}
for (var i = 0; i < NumberOfNamedEntries + NumberOfIdEntries; i++) {
if (Entries[i].is_folder){
Entries[i].children = IMAGE_RESOURCE_DIRECTORY(startOffset , Entries[i].OffsetToData,section,readerSeeker);
}else{
readerSeeker.seek(startOffset + Entries[i].OffsetToData);
Entries[i].fileEntry = FileEntry(readerSeeker);
Entries[i].fileEntry!.real_offset = Entries[i].fileEntry!.offsetToData - section.virtualAddress + section.pointerToRawData;
}
}
}
@override
String toString(){
return '{"Characteristics":${Characteristics.toRadixString(16)}, "TimeDateStamp":${TimeDateStamp.toRadixString(16)}, "MajorVersion":${MajorVersion.toRadixString(16)}, "MinorVersion":${MinorVersion.toRadixString(16)}, "NumberOfNamedEntries":${NumberOfNamedEntries.toRadixString(16)}, "NumberOfIdEntries":${NumberOfIdEntries.toRadixString(16)}, "Entries":${Entries}}';
}
String toJson(){
return JsonEncoder().convert(this);
}
}
class IMAGE_RESOURCE_DIRECTORY_ENTRY{
int Name = 0;
int OffsetToData = 0;
bool is_folder = false;
FileEntry? fileEntry = null;
IMAGE_RESOURCE_DIRECTORY? children = null;
IMAGE_RESOURCE_DIRECTORY_ENTRY(ReaderSeeker readerSeeker){
var data = readerSeeker.getData(8);
Name = data.getUint32(0,Endian.little);
OffsetToData = data.getUint32(4,Endian.little);
is_folder = ((OffsetToData >> 31) & 0x01) == 1;
if (is_folder){
OffsetToData = OffsetToData & 0x7FFFFFFF;
}
}
@override
String toString(){
return '{"Name":${Name.toRadixString(16)}, "OffsetToData":${OffsetToData.toRadixString(16)}, "is_folder":${is_folder}, "fileEntry":${fileEntry}, "children":${children}}';
}
}
class FileEntry{
int offsetToData = 0;
int size = 0;
int codePage = 0 ;
int reserved = 0 ;
int real_offset = 0;
FileEntry(ReaderSeeker readerSeeker){
var data = readerSeeker.getData(16);
offsetToData = data.getUint32(0,Endian.little);
size = data.getUint32(4,Endian.little);
codePage = data.getUint32(8,Endian.little);
reserved = data.getUint32(12,Endian.little);
}
@override
String toString(){
return '{"offsetToData":${offsetToData.toRadixString(16)}, "real_offset":"${real_offset.toRadixString(16)}", "size":${size.toRadixString(16)}, "codePage":${codePage.toRadixString(16)}, "reserved":${reserved.toRadixString(16)}}';
}
}