SPUG: Parsing (Windows) PE files in Perl
uril at exchange.microsoft.com
Thu Jan 12 01:27:47 PST 2006
Please forgive me if this is a trivial question - I'm just doing my very first steps in Perl.
I need to extract some information from the headers of PE files (If you have left the Unix realm, PE files are Windows executables - DLL's, EXE's, SYS's etc. These files start with 'MZ').
The files have a binary structure. They starts with IMAGE_DOS_HEADER, which is concatenated with IMAGE_OS_HEADER, IMAGE_FILE_HEADER, and then bunch of different directories, with various offsets, depends on values on the previous headers. The headers contains information such as size (of various sections), bunch of attributes, version, check-sums, timestamps, offsets to other structures resources, offsets to tables, list of imports, list of exports, etc. etc.
These structures and various definitions to magic values are all public and defined in C/C++ in winnt.h in the platform SDK.
I'm not sure that Perl is the best choice for this task, but I'd like to try to do it in Perl, so I'd like to consult this alias about the best strategy.
Is Perl the right language to parse binary files?
Is anyone aware of an already existing package to does this job?
Assuming a package doesn't exist, please help with some novice questions:
- How to open a file in a binary mode?
- How do I read blobs from a file?
- How to unpack a binary structure?
- If I need to, can I seek (forward, backward), or another mean to have random access. Does Perl support memory mapping?
Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the spug-list