Examples of tools that can be build using pelite.
Dumps the RunTime Type Information, each associated vtable and class hierarchy for every type found.
Limited to PE32 (32bit binaries) only. Pull requests are welcome to support PE32+ and/or GNU ABI!
cargo run --bin msrtti -- "demo/Demo.dll" > demo/Demo-rtti.txtThe result can be seen here.
Dumps the PE headers.
cargo run --bin pedump -- "demo/Demo64.dll" -dnsiertxg > demo/Demo64-pe.txtThe result can be seen here.
Prints a Module-Defintion file for the given input DLL.
cargo run --bin module-def -- "demo\Demo64.dll" > "demo\Demo64.DEF"
cargo run --bin module-def -- "demo\Demo.dll" > "demo\Demo.DEF"An Import Library can be created from the Module-Definition file. Note that this needs access the VC build tools.
vcvarsall x64
lib /def:"demo\Demo64.DEF" /out:"demo\Demo64.LIB" /machine:x64Also works for 32-bit binaries using the 32-bit VC build tools and commands.
vcvarsall x86
lib /def:"demo\Demo.DEF" /out:"demo\Demo.LIB" /machine:x86The result can be seen here for x64 and here for x86.
Finds matches of signatures in binaries using a language designed specifically for executable code.
Play around in interactive mode:
cargo run --bin findsig -- "demo\Demo64.dll"Try out the pattern E8${B8'???? C3} to find all call instructions to a function which load a constant into eax and returns.
In addition save the address of the constant so it can be extracted later.
Find signatures by passing them as command line arguments:
cargo run --bin findsig -- "demo\Demo64.dll" "E8${B8'???? C3}"The result is two matches for this pattern for this particular binary:
Pattern `E8${B8'???? C3}` matches:
Demo64.dll!00001930 [1/00001001]
Demo64.dll!0000194c [1/00001001]