Libpe - a Fast PE32/PE32+ Parsing Library.


I’ve just published on github libpe, a C/C++ library to parse Windows portable executables ( both PE32 and PE32+ ) written with speed and stability in mind, released under the GPL 3 license.
Currently the library is released as a Microsoft Visual Studio solution containing the library itself and an example project, I will make it cross platform in future releases.

The output of the example program dumping itself is:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
TYPE        : PE32
IMAGE BASE : 00400000
ENTRY POINT : 004111FE ( 000005FE )

SECTIONS ( 7 ):
.textbss 00401000 - 00401000 ( rsize=0, vsize=65536 )
.text 00411000 - 0041A200 ( rsize=37376, vsize=36879 )
.rdata 0041B000 - 0041D400 ( rsize=9216, vsize=9002 )
.data 0041E000 - 0041E200 ( rsize=512, vsize=1417 )
.idata 0041F000 - 0041FC00 ( rsize=3072, vsize=2913 )
.rsrc 00420000 - 00420600 ( rsize=1536, vsize=1084 )
.reloc 00421000 - 00421800 ( rsize=2048, vsize=1684 )

IMPORT TABLE ( 3 ) [0041F000]:
MSVCR110D.dll ( 48 )
[0041F328] __crtUnhandledException
[0041F32C] __crtTerminateProcess
[0041F330] [email protected]@YAXXZ
[0041F334] __crtSetUnhandledExceptionFilter
[0041F338] _lock
[0041F33C] _unlock
[0041F340] _crt_debugger_hook
[0041F344] __dllonexit
[0041F348] _onexit
[0041F34C] _invoke_watson
[0041F350] _controlfp_s
[0041F354] wcscpy_s
[0041F358] _wmakepath_s
[0041F35C] _wsplitpath_s
[0041F360] _except_handler4_common
[0041F364] _commode
[0041F368] _fmode
[0041F36C] __initenv
[0041F370] _initterm
[0041F374] _initterm_e
[0041F378] __setusermatherr
[0041F37C] _configthreadlocale
[0041F380] _cexit
[0041F384] _exit
[0041F388] _CrtSetCheckCount
[0041F38C] _CrtDbgReportW
[0041F390] __set_app_type
[0041F394] __getmainargs
[0041F398] _amsg_exit
[0041F39C] _XcptFilter
[0041F3A0] _CRT_RTC_INITW
[0041F3A4] tolower
[0041F3A8] strlen
[0041F3AC] malloc
[0041F3B0] vsprintf_s
[0041F3B4] free
[0041F3B8] calloc
[0041F3BC] _dupenv_s
[0041F3C0] strrchr
[0041F3C4] strncpy_s
[0041F3C8] _stricmp
[0041F3CC] strchr
[0041F3D0] strcmp
[0041F3D4] isprint
[0041F3D8] memset
[0041F3DC] printf
[0041F3E0] _calloc_dbg
[0041F3E4] exit
dbghelp.dll ( 1 )
[0041F438] UnDecorateSymbolName
KERNEL32.dll ( 34 )
[0041F25C] VirtualQuery
[0041F260] GetProcessHeap
[0041F264] HeapFree
[0041F268] HeapAlloc
[0041F26C] DecodePointer
[0041F270] GetSystemTimeAsFileTime
[0041F274] GetCurrentThreadId
[0041F278] GetCurrentProcessId
[0041F27C] QueryPerformanceCounter
[0041F280] IsProcessorFeaturePresent
[0041F284] WideCharToMultiByte
[0041F288] MultiByteToWideChar
[0041F28C] LoadLibraryW
[0041F290] lstrlenA
[0041F294] LoadLibraryExW
[0041F298] GetProcAddress
[0041F29C] RaiseException
[0041F2A0] IsDebuggerPresent
[0041F2A4] EncodePointer
[0041F2A8] IsBadReadPtr
[0041F2AC] CreateFileMappingA
[0041F2B0] UnmapViewOfFile
[0041F2B4] MapViewOfFile
[0041F2B8] GetWindowsDirectoryA
[0041F2BC] GetSystemDirectoryA
[0041F2C0] GetLastError
[0041F2C4] CloseHandle
[0041F2C8] GetFullPathNameA
[0041F2CC] GetFileSize
[0041F2D0] GetFileAttributesA
[0041F2D4] CreateFileA
[0041F2D8] GetModuleFileNameW
[0041F2DC] GetModuleHandleW
[0041F2E0] FreeLibrary