14

I am looking for a way to automatically represent the relation between the content of a PE file and how it would be loaded in memory - either an IDA plugin, a combination of pefile script+R/SVG...

Something that could look like this (hand drawn):

enter image description here

(Not necessarily something that already supports PE, but that could be extended freely to support PE)

perror
  • 19,083
  • 29
  • 87
  • 150
Ange
  • 6,694
  • 3
  • 28
  • 62

2 Answers2

1

TeX (TikZ) could be used for it. See here for some discussion and examples.

Community
  • 1
Igor Skochinsky
  • 36,553
  • 7
  • 65
  • 115
1

You've seen CFF Explorer, right? It is a free PE Editor/viewer by Daniel Pistelli (the author of the IDA 6.x Qt GUI) that breaks out a PE file by field. This is not a vector graphic display like you are asking for, but it may serve the same need.

dingo_kinznerhook
  • 1,016
  • 8
  • 34
  • I know and use regularly CFF Explorer and its sequel, Cerbero Profiler, but they don't have any graphical representation for section mappings. – Ange Apr 30 '13 at 06:53
  • My bad. In my defense, I did state that as a disclaimer in my answer. – dingo_kinznerhook Apr 30 '13 at 20:49
  • 2
    @dingo_kinznerhook Don't feel bad, there is nothing wrong with contributing an answer. That's why I don't like the fact that answers can be downvoted negative. I makes sense to vote them down to 0, but -1 is just an insult and discourages contribution :o. – dyasta May 02 '13 at 21:24