问题
I want to work with PE files in Perl and didn't find a module, so I think I will write my own (already did that in delphi once).
I only got one problem, when mapping the executable to a buffer, how can i search for octals like 0x00004550 (IMAGE_NT_SIGNATURE), convert them back to writeable strings etc?
回答1:
There is a Perl module to manipulate portable executables: Win32::Exe.
I don't have a clue on your exact question, but if you still want to write your own library, Win32::Exe might be a good reference.
回答2:
For converting that value to a bytestring representation, use pack. The constant you are dealing is a little-endian 32 bit value, so 'V' in the template.
$ perl -e 'print pack q[V], 0x00004550' | hd
00000000 50 45 00 00 |PE..|
00000004
See perldoc -f pack for details.
You probably won't need to search for strings like "PE\0\0", just use them to verify whether the file you are reading actually is a PE file. The 'PE' section usually comes right after the DOS ('MZ') section which has its own length field.
(I agree that Win32::Exe may be worth a look, depending on what you want to do.)
来源:https://stackoverflow.com/questions/1418855/how-can-i-read-the-headers-from-a-winnt-portable-executable-file-using-perl