Skip to content
/ JavaPeParser Public

Reads PE headers and virtual memory from file or buffer in Java

License

MIT license
18 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cademtz/JavaPeParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

PE Parser

A simple PE parser written in Java that returns detailed warnings and errors.

Usage

First, create an input stream.

// Stream from file
CadesStreamReader stream = new CadesFileStream(new File("peFile.dll"));
// Stream from bytes
CadesStreamReader stream = new CadesBufferStream(peFileBytes);
// Or, make your own stream by implementing CadesStreamReader

Next, attempt to parse the PE headers (and print any errors or warnings).

// Print the error on failure
PeImage pe = PeImage.read(stream).ifErr(err -> {
    System.out.println("Error: " + err);
}).ifOk(val -> { // Print any warnings after parsing
    for (ParseError warning : val.warnings)
        System.out.println("Warning: " + warning);
}).getOkOrDefault(null); // Return the parsed value, or null

Now, you can print any info.

if (pe != null) {
    System.out.println("is64bit: " + pe.ntHeaders.is64bit());

    pe.imports.ifOk(imports -> {
        for (LibraryImports lib : imports) {
            System.out.printf("%s imports from \"%s\":%n", lib.entries.size(), lib.name);
            for (ImportEntry entry : lib.entries)
                System.out.printf("\tname=%s, ordinal=%s%n", entry.name, entry.ordinal);
        }
    }).ifErr(err -> System.out.printf("No imports: %s%n", err.toString()));

    pe.exports.ifOk(exports -> {
        System.out.printf("This file exports under the library name \"%s\"%n", exports.name);
        for (ExportEntry entry : exports.entries)
            System.out.printf("\tname=%s, ordinal=%s%n", entry.name, entry.ordinal);
    }).ifErr(err -> System.out.printf("No exports: %s%n", err.toString()));
}

More usage

Much of the data in a portable executable is optional. Optional data uses the ParseResult class, which holds either a value or ParseError object. There are multiple ways to handle ParseResult.

You can manually check for values and errors accordingly.

ParseResult<ArrayList<LibraryImports>> imports = pe.imports;
if (imports.isOk())
    printImports(imports.getOk());
else
    System.out.println(imports.getErr());

You can ignore any errors and only use the ok values (when available).

pe.imports.ifOk(imports -> printImports(imports));

Or, you can use a classic null check (and log errors on the side).

ArrayList<LibraryImports> imports = pe.imports
        .ifErr(err -> System.out.println(err)) // Optional call
        .getOkOrDefault(null);

if (imports != null)
    printImports(imports);

Commit reminders

  • Update version in pom.xml
  • Compile with mvn package

About

Reads PE headers and virtual memory from file or buffer in Java

Resources

Readme

License

MIT license
Activity

Stars

18 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 7

2.2.3 Latest
Feb 13, 2023
+ 6 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages