XPEInfo - a non-MFC class to get info from PE file

Hans Dietrich

Rate me:

4.95/5 (21 votes)

11 Dec 2008CPOL4 min read

44.4K

988

The XPEInfo APIs allow you to extract information from a PE file. Included in the download is a Windows demo app, and a console app that tests whether a PE file is valid, whether it is 64-bit, contains debug info, is a .Net executable, or is signed. Sample cmd files are provided.

xpeinfo_demo.zip
- console app
  - src
    - HDPEInfo.cpp
    - HDPEInfo.rc
    - resource.h
    - StdAfx.cpp
    - StdAfx.h
    - XGetopt.cpp
    - XGetopt.h
    - XTrace.h
  - vs2005
    - bin
      - HDPEInfo.exe
      - hdsample.cmd
      - run_all_samples.cmd
      - test.obj
      - test32.exe
      - test64.exe
      - testcs.exe
      - testD.exe
    - HDPEInfo.sln
    - HDPEInfo.vcproj
    - Release
      - HDPEInfo.exe
  - vs6
    - bin
      - HDPEInfo.exe
      - hdsample.cmd
      - run_all_samples.cmd
      - test.obj
      - test32.exe
      - test64.exe
      - testcs.exe
      - testD.exe
    - HDPEInfo.dsp
    - HDPEInfo.dsw
    - Release
      - HDPEInfo.exe
- demo app
  - src
    - About.cpp
    - About.h
    - app.manifest
    - Clipboard.cpp
    - Clipboard.h
    - hans.ico
    - resource.h
    - StdAfx.cpp
    - StdAfx.h
    - wtlstring.h
    - XHistoryCombo.cpp
    - XHistoryCombo.h
    - XHyperLink.cpp
    - XHyperLink.h
    - XListBox.cpp
    - XListBox.h
    - XPEInfo.cpp
    - XPEInfo.h
    - XPEInfoTest.cpp
    - XPEInfoTest.h
    - XPEInfoTest.rc
    - XPEInfoTestDlg.cpp
    - XPEInfoTestDlg.h
    - XTrace.h
  - vs2005
    - Release
      - XPEInfoTest.exe
    - XPEInfoTest.sln
    - XPEInfoTest.vcproj
  - vs6
    - Release
      - XPEInfoTest.exe
    - XPEInfoTest.dsp
    - XPEInfoTest.dsw

// XPEInfo.cpp  Version 1.0
//
// Author:  Hans Dietrich
//          hdietrich@gmail.com
//
// License:
//     This software is released under the Code Project Open License (CPOL),
//     which may be found here:  http://www.codeproject.com/info/eula.aspx
//     You are free to use this software in any way you like, except that you 
//     may not sell this source code.
//
//     This software is provided "as is" with no expressed or implied warranty.
//     I accept no liability for any damage or loss of business that this 
//     software may cause.
//
///////////////////////////////////////////////////////////////////////////////

#ifndef XPEINFO_H
#define XPEINFO_H

#include <time.h>

#ifdef __AFX_H__
#define CWTLString CString
#else
#include "wtlstring.h"
#endif // __AFX_H__

//=============================================================================
class CXPEInfo
//=============================================================================
{
// Construction
public:
	CXPEInfo(LPCTSTR lpszFile = NULL);
	virtual ~CXPEInfo();

// Attributes
public:
	DWORD		CalculateChecksum();
	DWORD		GetCertificateInfo();
	WORD		GetCharacteristics();
	TCHAR *		GetCharacteristicString(WORD bitmask);
	DWORD		GetChecksum();
	WORD		GetDllCharacteristics();
	TCHAR *		GetDllCharacteristicString(WORD bitmask);
	DWORD		GetDotNetFlags();
	TCHAR *		GetDotNetFlagString(DWORD bitmask);
	DWORD		GetDotNetVersion();
	DWORD		GetImageVersion();
	WORD		GetMachineType();
	CWTLString	GetMachineTypeString();
	DWORD		GetRequiredOSVersion();
	WORD		GetSubsystem();
	CWTLString	GetSubsystemString();
	DWORD		GetSubsystemVersion();
	time_t		GetTimeStamp();
	TCHAR *		GetTimeStampString();

	BOOL Is64Bit();
	BOOL IsDebug();
	BOOL IsDotNet();
	BOOL IsOpen()	{ return m_hFile != 0; }
	BOOL IsSigned();
	BOOL IsValid();

	struct MACHINE_TYPE
	{
		WORD	nMachineType;
		TCHAR *	pszMachineType;
	};

	static MACHINE_TYPE m_aMachineTypes[];

	struct CHARACTERISTIC 
	{
		WORD	bitmask;
		TCHAR * pszCharacteristic;
	};

	static CHARACTERISTIC m_aCharacteristics[];

	static TCHAR * m_aSubsystem[];
	static int m_nSubsystem;

	static CHARACTERISTIC m_aDllCharacteristics[];

	struct DOTNETFLAG
	{
		DWORD	bitmask;
		TCHAR * pszFlag;
	};
	
	static DOTNETFLAG m_aDotNetFlags[];


// Operations
public:
	void Close();
	BOOL Open(LPCTSTR lpszFile);

// Implementation
protected:
	HANDLE					m_hFile;
	HANDLE					m_hFileMapping;
	BYTE *					m_pMappedFileBase;
	IMAGE_DOS_HEADER *		m_pDOSHeader;
	IMAGE_FILE_HEADER *		m_pImgFileHdr;
	IMAGE_NT_HEADERS *		m_pNTHeaders32;
	IMAGE_NT_HEADERS64 *	m_pNTHeaders64;
};

#endif //XPEINFO_H

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Hans Dietrich

Software Developer (Senior) Hans Dietrich Software

United States

I attended St. Michael's College of the University of Toronto, with the intention of becoming a priest. A friend in the University's Computer Science Department got me interested in programming, and I have been hooked ever since.

Recently, I have moved to Los Angeles where I am doing consulting and development work.

For consulting and custom software development, please see www.hdsoft.org.

XPEInfo - a non-MFC class to get info from PE file

License

Comments and Discussions