Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How to get the sections of an exe in .NET?

LordCoder
LordCoder
in Programming and Coding

Featured Replies

Posted

Hello!


 


I want to get the sections of an executable (.text, .rdata, etc). With PEiD it's easy to dump them, but programming it's more difficult. Anybody knows how to do so in .NET?


 


Thanks so much! :)


 


you mean like


 


dump.png


 


CFF Explorer.


  • Author

Yes like in CFF Explorer but with programming code.


  • Author

@xsp!d3r Is there any documentation for this library?


@atom0s This gets the data only for .NET applications. I mean for all types of applications in any language.


This is code in C, but it could help...

    IMAGE_DOS_HEADER *pdh;    IMAGE_NT_HEADERS *pnth;    IMAGE_SECTION_HEADER *psh;    pdh=(IMAGE_DOS_HEADER*)((DWORD)pFileInfo->lpFile); //start of file = DOS HEADER    if(pdh->e_magic!=IMAGE_DOS_SIGNATURE) //check if it's a good MZ signature        return false;    pnth=(IMAGE_NT_HEADERS*)((DWORD)pFileInfo->lpFile+pdh->e_lfanew); //NT HEADER is file + e_lfanew    if(IsBadReadPtr(pnth, 4)) //check if its a readable pointer        return false;    if(pnth->Signature!=IMAGE_NT_SIGNATURE) //check NT signature        return false;    if(pnth->FileHeader.Machine!=IMAGE_FILE_MACHINE_I386) //check x32        return false;    psh=IMAGE_FIRST_SECTION(pnth); //little macro for section header
when you have IMAGE_SECTION_HEADER, you can dump the sections using the raw address (file+raw address) and the raw size.

Another trick I saw (in Armadillo) to get the section header is:

psh=(IMAGE_SECTION_HEADER*)pnth[1];

  • Author

Oh I found NetPE app from Ki! which does exacly that.


 


Thanks everyone for help! :)


@xsp!d3r Is there any documentation for this library?

@atom0s This gets the data only for .NET applications. I mean for all types of applications in any language.

 

You can just remove the managed check:

           // Is this managed?

            bool bIsManaged = (imgNtHeaders.OptionalHeader.DataDirectory[HeaderHelper.IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size > 0);

            if (!bIsManaged)

            {

                // invalid file..

                throw new Exception("Invalid PE file... file is not managed.");

            }

    •
    • Like 1

    Oh I found NetPE app from Ki! which does exacly that.

     

    Thanks everyone for help! :)

    Did you mean this http://netpe.codeplex.com/

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.