Skip to content

Access to IMAGE_SECTION_HEADER

Jump to bottom
AFP edited this page Jun 16, 2022 · 1 revision

How to Access the IMAGE_SECTION_HEADER structure

after initialize the PE class, you can get access the IMAGE_SECTION_HEADER structure by calling GetImageSectionHeader() method. by calling this function, you get the object of ImageSectionHeader class, so you can retrieve IMAGE_SECTION_HEADER fields, changed or modify them.

Note: Every field in ImageSectionHeader class has two overload method. first overload is getter function to just retrieve the specific field and second overload is a setter for change and modify the specific field.

#include <iostream>
#include <POEX.h> // include POEX header

int main()
{
    auto pe = POEX::PE(L"1.exe");

    // Access to Image Nt Header
    auto sh = pe.GetImageSectionHeader();

    // print all section name
    for (size_t i = 0; i < sh.size(); i++)
        std::cout << "Section Name: " << sh[i].Name() << std::endl;

    // change first section name
    sh[0].Name(".abcd");

    // print all section name after changing
    for (size_t i = 0; i < sh.size(); i++)
        std::cout << "Section Name: " << sh[i].Name() << std::endl;

    return 0;
}

List of all available method in ImageSectionHeader class

auto ImageBaseAddress()->unsigned long;

auto Name() const->std::string;
auto Name(const std::string& name)->void;

auto VirtualSize() const ->unsigned int;
auto VirtualSize(const unsigned int& virtualSize)->void;

auto VirtualAddress() const ->unsigned int;
auto VirtualAddress(const unsigned int& virtualAddress)->void;

auto SizeOfRawData() const ->unsigned int;
auto SizeOfRawData(const unsigned int& sizeOfRawData)->void;

auto PointerToRawData() const ->unsigned int;
auto PointerToRawData(const unsigned int& pointerToRawData)->void;

auto PointerToRelocations() const ->unsigned int;
auto PointerToRelocations(const unsigned int& pointerToRelocations)->void;

auto PointerToLinenumbers() const ->unsigned int;
auto PointerToLinenumbers(const unsigned int& pointerToLinenumbers)->void;

auto NumberOfRelocations() const ->unsigned short;
auto NumberOfRelocations(const unsigned short& numberOfRelocations)->void;

auto NumberOfLinenumbers() const ->unsigned short;
auto NumberOfLinenumbers(const unsigned short& numberOfLinenumbers)->void;

auto Characteristics() const->SectionFlag;
auto Characteristics(const SectionFlag& sectionFlag)->void;

auto ToArray()->std::vector<byte>;
Clone this wiki locally