So Why Build a PE file dumper

A question that I sound a lot lately is why building a PE file dumper, after all there are other out there that can do it batter.

So my answer is very simple, I wanted to learn and practice how to do it, from a developer view, I wanted to create a small command line base tool that will be able to get as much as information that it can from a PE base file.

The first version was able to get some basic information out from a PE file and just output it to the console. I was always able to use ‘>’ in the command line to output it into a text base file.

With time, I needed a tool that will be able to output it to other file types, so I updated the tool to also support an HTML and XML output and in the mean wile I added some more functionality to the tool, from some researches I did over the net.

By now it had some nice options and as expected some bugs, that I am about to fix in the new release of the tool, soon, with some new features that I will had with time.

I build it as a command line so any one that needs an add-on to his tool can take it, set it as a CreateProces with the relevant parameters and output it to his own tool.

Other Tools That I Build:

I have some other command line tools that I build from the same reason, learning and practice, I will release them in the near future ( you can find some of them on my old DarkLich site).

Tools includes:

  • Adsinfo – alternate data stream (ADS) information.
  • Dinfo – general disk information.
  • Openwnd – list of open windows.
  • Netinfo – general network devices information.
  • PrcScanner – hidden process scanner.
  • Sysinfo –general system information.
  • Srvinf –services information and control.

I will rerelease them soon as a toolbox for window.

The output of the current PE File version is:

  • File Name.
  • MD5 Hash.
  • File Attributes.
  • File Properties.
  • Time Stamp.
  • File Size.
  • Header Information.
  • Characteristics information.
  • Subsystem.
  • DLL Characteristics.
  • Imported DLL List (DLL name, function name and address).
  • Data directory sections.
  • Image Config Information.
  • List of file stream (ads).

You can also set the output to be in an XML or HTML file.