The PE library used by pev - the PE file toolkit purely written in C and available to many platforms.
- Support for both 32 and 64-bits PE files.
- ssdeep support (built-in libfuzzy).
- Disassemble support (built-in libudis86).
- Imphash support.
- Crypographic digests calculation (using OpeenSSL).
git clone https://github.com/merces/libpe.git
cd libpe
make
NOTE: You may need to install OpenSSL using your package manager. Examples:
apt install libssl-dev
yum install openssl-devel
cd libpe
CFLAGS="-I/usr/local/opt/openssl/include/" LDFLAGS="-L/usr/local/opt/openssl/lib/" make
NOTE: You may need to install OpenSSL and PCRE via Homebrew:
brew update
brew install openssl
#include <stdio.h>
#include "../include/libpe/pe.h"
int main(int argc, char *argv[]) {
if (argc < 2)
return 1;
pe_ctx_t ctx;
pe_err_e err = pe_load_file(&ctx, argv[1]);
if (err != LIBPE_E_OK) {
pe_error_print(stderr, err);
return 1;
}
err = pe_parse(&ctx);
if (err != LIBPE_E_OK) {
pe_error_print(stderr, err);
return 1;
}
if (!pe_is_pe(&ctx))
return 1;
printf("Entrypoint: %#llx\n", ctx.pe.entrypoint);
return 0;
}
Compile with:
cc -o example example.c -lpe
-
Error while loading shared libraries: libpe.so.1
- The prefix used in libpe's makefile is
/usr/local/lib
- If your system isn't set to look here, you can add it to
ld.so.conf
- Alternatively, change prefix to whatever suits, ie.
/usr/lib
- The prefix used in libpe's makefile is
-
Undefined reference to
log
- Linux' glibc does not define math functions, they live instead in libm
- Link against both libpe and libm to fix this (ie.
-lm
)