/enma_pe

Cross-platform library for parsing and building PE\PE+ formats

Primary LanguageC++BSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

ENMA PE

Build status Build Status License

--------------------------------------------------------------------------------
Name....: enma pe
Author..: JNA
e.mail..: jnastarot@yandex.ru
--------------------------------------------------------------------------------

Supported directories

directory name reading building getting placement
export ✔️ ✔️ ✔️
import ✔️ ✔️ ✔️
import bound ✔️ ✔️ ✔️
import delay ✔️ ✖️ ✔️
resources ✔️ ✔️ ✔️
exceptions ✔️ ✔️ ✔️
security ✔️ ✖️ ✔️
relocations ✔️ ✔️ ✔️
debug ✔️ ✖️ ✔️
tls ✔️ ✔️ ✔️
load config ✔️ ✔️ ✔️
.NET meta data ✔️ ✖️ ✖️

Additional features

feature name description
build_pe_image build pe_image to packed binary version
load_virtual_pe_image load image in pe_image format from loaded in memory
get_runtime_type_information parsing runtime type information(MSVC only)
get_extended_exception_info parsing of extended variables for x64 exceptions
build_extended_exceptions_info building of extended variables for x64 exceptions
get_strings_from_image extracting ascii and wide strings
get_image_rich_header getting and building rich data
get_section_entropy calculating entropy of section
calculate_checksum calculating checksum of pe image

References

https://github.com/dishather/richprint/
https://github.com/radare/radare2
https://github.com/cmu-sei/pharos
https://github.com/JusticeRage/Manalyze
https://kaimi.io/2012/09/portable-executable-library/