PE (Portable Executable) file reading in C

[anonim]

TL;DR Summary

I try to find string in PE file.

I need to read PE file. I need to search word in PE file. Search is required to cover only the sections with the “executable” flag. And I need to specify the section where the word found. How can I do this in C? I hope you can help me. And I cannot use 3rd party libraries. This is my task and this is the rule..
I mean a searching sting in sections with the "executable" flags. I do not want to search string in non executable parts.

 

[Aaron Barnard]

The best way to do this in C is by using the Windows API. The Windows API provides you with a set of functions that allow you to read and parse Portable Executable (PE) files. Specifically, you can use the following functions:

• EnumSections: This function allows you to enumerate the sections of a PE file. You can use this to get the list of sections along with their flags.
• MapViewOfFile: This function allows you to map a view of a PE file into memory. This view can then be used to access the data within the PE file.
• ReadProcessMemory: This function allows you to read data from a process' memory. This can be used to access the data within sections of the PE file.
• FindString: This function allows you to search for a given string within a memory block.

Using these functions, you can iterate through the sections of a PE file and search each one for the desired string. If the string is found in a section with the "executable" flag, you can then mark the section as containing the searched string.

It should be noted that while these functions are available in the Windows API, they may not always be available on other platforms. In this case, you may need to use a different set of functions or libraries to read and parse PE files.