petricks is a header-only C++ library for manipulating PE files. Basically C++11 compliant.
- Headers that helps interpret PE structure & some windows internal buffers with some handy inline functions and operator overloading, which does not pollute your global namespace with macros and capitalized typedefs.
- Implementation for:
- getting base address of a loaded module, i.e.
GetModuleHandle - finding address of exported functions in a loaded module (forwarders supported), i.e.
GetProcAddress - loading a module from memory
- getting base address of a loaded module, i.e.
- Zero dependency on
windows.h! - A "no static import" mode, where this library produces no import table entries.
- This is not tested, written for learning purpose.
- Module name must be all ASCII chars.
pe::runtime::reflect::get_module_basecan only find already loaded modules from its base name.pe::runtime::loader::memory_module::openskips ISA-specific relocations. (which is fine on x86, for they have none)pe::runtime::loader::memory_module::openrequires all imports to be findable throughLoadLibraryA, i.e. the in-memory module cannot depend on other in-memory modules.pe::runtime::loader::memory_module::opendoes not utilize bound imports.
- "PE Format" on Microsoft Learn
- 0xRick's "A dive into the PE file format": 1, 2, 3, 4, 5, 6
- Daax's Custom GetProcAddress and GetModuleHandle Implementation
- bokernb's "PEB and LDR chain"
ntpebteb.hin phnt- "An In-Depth Look into the Win32 Portable Executable File Format" on MSDN Magazine: 1, 2
- Hughes's "PE loading process"