So Why Build a PE file dumper
A question that I sound a lot lately is why building a PE file dumper, after all there are other out there that can do it batter.
So my answer is very simple, I wanted to learn and practice how to do it, from a developer view, I wanted to create a small command line base tool that will be able to get as much as information that it can from a PE base file.
The first version was able to get some basic information out from a PE file and just output it to the console. I was always able to use ‘>’ in the command line to output it into a text base file.
With time, I needed a tool that will be able to output it to other file types, so I updated the tool to also support an HTML and XML output and in the mean wile I added some more functionality to the tool, from some researches I did over the net.
By now it had some nice options and as expected some bugs, that I am about to fix in the new release of the tool, soon, with some new features that I will had with time.
I build it as a command line so any one that needs an add-on to his tool can take it, set it as a CreateProces with the relevant parameters and output it to his own tool.
Other Tools That I Build:
I have some other command line tools that I build from the same reason, learning and practice, I will release them in the near future ( you can find some of them on my old DarkLich site).
Tools includes:
- Adsinfo – alternate data stream (ADS) information.
- Dinfo – general disk information.
- Openwnd – list of open windows.
- Netinfo – general network devices information.
- PrcScanner – hidden process scanner.
- Sysinfo –general system information.
- Srvinf –services information and control.
I will rerelease them soon as a toolbox for window.
The output of the current PE File version is:
- File Name.
- MD5 Hash.
- File Attributes.
- File Properties.
- Time Stamp.
- File Size.
- Header Information.
- Characteristics information.
- Subsystem.
- DLL Characteristics.
- Imported DLL List (DLL name, function name and address).
- Data directory sections.
- Image Config Information.
- List of file stream (ads).
You can also set the output to be in an XML or HTML file.