def idautils_peutils(): """ Get PE header from a Windows file. Using this you should be able to view every single field inside the header. Only it isn't clear via the documentation - on how these fields are to be accessed. There doesn't seem to be any code in idautils that does this either. Need to dig into this some more. Some properties though...are exposed. These can be obtained by calling them. IDA GUI: Manually load the file at the start and then go to View - Open Subviews - Segments and look at the HEADER segment. """ p = idautils.peutils_t() print "Imagebase of the loaded binary: " + hex(p.imagebase) #Its unclear what use this is or how to use it. This should have returned an entire header, which we could then iterate through. That didn't work though :( print "Peheader instance of the entire PE header: " print p.header()
def idautils_peutils():
"""
Get PE header from a Windows file. Using this you should be able to view every single field inside the header. Only it isn't clear via the documentation - on how these
fields are to be accessed. There doesn't seem to be any code in idautils that does this either. Need to dig into this some more.
Some properties though...are exposed. These can be obtained by calling them.
IDA GUI: Manually load the file at the start and then go to View - Open Subviews - Segments and look at the HEADER segment.
"""
p = idautils.peutils_t()
print "Imagebase of the loaded binary: " + hex(p.imagebase)
#Its unclear what use this is or how to use it. This should have returned an entire header, which we could then iterate through. That didn't work though :(
print "Peheader instance of the entire PE header: "
print p.header()
def copy_windbg_bp():
bp = 'bu @!"{}"+0x{:X}'.format(
os.path.splitext(idaapi.get_root_filename())[0],
idaapi.get_screen_ea() - idautils.peutils_t().imagebase)
clipboard.copy(bp)
if numFixups == 0: return []
return VTableFixups.parse(idc.GetManyBytes(clrHeader.VTableFixups.VA, VTableFixups.sizeof()))
class MDStreams(object):
def __init__(s):
s.streams = {}
def getStream(s, name):
return s.streams[name]
def addStream(s, name, data):
assert name not in s.streams
s.streams[name] = io.BytesIO(data)
if __name__ == '__main__':
peHeader = ImageNtHeaders.parse(idautils.peutils_t().header())
#print peHeader
clrDirectory = peHeader.ImageOptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
#print '%8x %8x' % (clrDirectory.VA, clrDirectory.Size)
#Jump(clrHeaderEa)
clrHeader = ImageCor20Header.parse(idc.GetManyBytes(clrDirectory.VA, ImageCor20Header.sizeof()))
#print clrHeader
if clrHeader.Flags.COMIMAGE_FLAGS_NATIVE_ENTRYPOINT:
idc.AddEntryPoint(clrHeader.EntryPoint.VA, clrHeader.EntryPoint.VA, 'ClrEntryPointNative', True)
clrMetadataEa = clrHeader.MetaData.VA
clrVTableFixupsEa = clrHeader.VTableFixups.VA
print 'metadata %8x vtablefixups %8x' % (clrMetadataEa, clrVTableFixupsEa)
def RVA2VA(self, RVA):
peutils = idautils.peutils_t()
return RVA + peutils.imagebase
def VA2RVA(self, VA):
peutils = idautils.peutils_t()
return VA - peutils.imagebase
def RVA2VA(self, RVA):
peutils = idautils.peutils_t()
return RVA + peutils.imagebase
def VA2RVA(self, VA):
peutils = idautils.peutils_t()
return VA - peutils.imagebase
if numFixups == 0: return []
return VTableFixups.parse(idc.get_bytes(ClrHeader.VTableFixups.VA, int(VTableFixups.sizeof())))
class MDStreams(object):
def __init__(s):
s.streams = {}
def getStream(s, name):
return s.streams[name]
def addStream(s, name, data):
assert name not in s.streams
s.streams[name] = io.BytesIO(data)
if __name__ == '__main__':
peHeader = ImageNtHeaders.parse(idautils.peutils_t().header())
#print(peHeader)
clrDirectory = peHeader.ImageOptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
print('%8x %8x' % (clrDirectory.VA, clrDirectory.Size))
#Jump(clrHeaderEa)
clrHeader = ImageCor20Header.parse(idc.get_bytes(clrDirectory.VA, ImageCor20Header.sizeof()))
#print(clrHeader)
if clrHeader.Flags.COMIMAGE_FLAGS_NATIVE_ENTRYPOINT:
ida_entry.add_entry(clrHeader.EntryPoint.VA, clrHeader.EntryPoint.VA, 'ClrEntryPointNative', True)
clrMetadataEa = clrHeader.MetaData.VA
clrVTableFixupsEa = clrHeader.VTableFixups.VA
print('metadata %8x vtablefixups %8x' % (clrMetadataEa, clrVTableFixupsEa))
