Skip to content
/ PE-Header-Dump-Utilities Public

This x64dbg plugin adds several commands for dumping PE header information by address.

License

GPL-3.0 license
60 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

changeofpace/PE-Header-Dump-Utilities

BranchesTags

Repository files navigation

PE Header Dump Utilities

Added commands

  • pedumpPEHeader
  • pedumpDOSHeader
  • pedumpNTHeaders
  • pedumpFileHeader
  • pedumpOptionalHeader
  • pedumpDataDirectories
  • pedumpSections

Summary

Each command has the following syntax:

command [Base Address]

If a base address is not specified, then the command will calculate a base address using the selected address in the disassembly view. If the selected address is in a module, then the module's base address is used. If the selected address is not in a module, then the memory region's base address is used.

e.g. if you are viewing kernel32.dll's .text section in the disassembly view, then executing the pedumpPEHeader command will dump the entire pe header for kernel32.

Features

  • Magic numbers, signatures, flags, and misc. constants converted to strings.
  • RVA-to-VA translations.
  • Page-aligned size values.
  • Readable time date stamp

Building

A post-build event requires two environment variables, "X64DBG_PATH" and "X32DBG_PATH", to be defined to their respective install directories.

Sample output

See sample_output.txt

About

This x64dbg plugin adds several commands for dumping PE header information by address.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

60 stars

Watchers

3 watching

Forks

16 forks
Report repository

Releases 1

PE Header Dump Utilities v1.0 Latest
Feb 3, 2017

Packages

No packages published

Languages