Skip to content

romainaugier/execdump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
examples
examples
 
 
res
res
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

execdump

execdump is a command-line tool that helps you analyze Windows's PE and Linux's ELF files by parsing and printing the required information about them, or navigate through them using a terminal-based ui.

This project is currently a work in progress so not everything is supported, and it might be broken.

The goal is to provide a fast, reliable and cross-platform reverse-engineering application.

execdump might evolve into a library later, instead of just being a standalone command-line tool.

Usage

Usage: execdump.exe [OPTIONS] <FILE_PATH>

Arguments:
  <FILE_PATH>
  
Options:
  -t, --tui
          Opens the executable in the terminal-based user interface for exploration
      --pe-dos-header
          Dumps the PE legacy MS-DOS compatible header
      --pe-nt-header
          Dumps the PE NT Header (most recent)
      --pe-optional-header
          Dumps the PE Optional (either 32/64) header
      --pe-import
          Dump all the PE data related to imports, if any
      --pe-import-directory-table
          Dump the Import Directory Table, if any
      --pe-hint-name-table
          Dump the Hint/Name Table, if any
      --pe-dlls
          Dump the DLLs names imported, if any
      --pe-debug-directory
          Dump the debug information from the Debug Directory, if any
      --pe-exc-table
          Dump the exception information from the Exception Table, if any
      --elf-headers
          Dump all the ELF headers
      --elf-header
          Dump the ELF Base Header
      --elf-program-headers
          Dump the ELF Program Headers
      --sections
          Dump the Sections
      --sections-filter <SECTIONS_FILTER>
          Regulax expresion to filter the Sections to display [default: .*]
      --sections-data
          Dump the Sections data along the Sections headers
      --disasm
          Disassemble the code found in the Sections containing code
      --padding-size <PADDING_SIZE>
          Padding size to apply when dumping information for better readability [default: 4]
  -h, --help
          Print help
  -V, --version
          Print version

Features

PE

Headers:

  • ✔️ DOS
  • ✔️ NT-Header (and COFF Header)
  • ✔️ Optional Header (32-bit and 64-bit)

Sections:

  • ❌ Export Table
  • ✔️ Import Table
  • ❌ Resource Table
  • ✔️ Exception Table
  • ❌ Certificate Table
  • ❌ Base Relocation Table
  • ✔️ Debug
  • ❌ TLS Table
  • ❌ Load Config Table
  • ❌ Bound Import Table
  • ❌ Import Address Table
  • ❌ Delay Import Descriptor
  • ❌ CLR Runtime Header

Code:

  • ✔️ Basic disassembly of the code sections

ELF

Headers:

  • ✔️ ELF Header
  • ✔️ Program Headers

Sections:

Code:

  • ✔️ Basic disassembly of the code sections

Core

Utilities:

  • 🕘 C++ Symbol Demangler

PE/ELF Disasm:

  • ❌ Replace call addresses with symbols
  • ❌ Structure program
  • ❌ Easily find system calls
  • ❌ Generate C code from assembly functions

TUI

Viewers:

  • ✔️ Headers
  • 🕘 PE Sections
  • 🕘 ELF Sections
  • ✔️ Hex Viewer
  • 🕘 Disasm Viewer

tui

Acknowledgement

This tool is based on several amazing open-source projects (go check them out!) :

About

Parse, dump, analyze Windows's PE and Linux's ELF files

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages