pod (WIP)

pod is a PE binary splitting and re-linking utility. There will be many upcoming changes as I work on this using my proof-of-concept decompilation project for Windows XP Minesweeper. This project was inspired by splat, but with some pretty major deviations and simplifications from the splat workflow. The general process is as follows:

1. Generate initial pod.toml config, where each exe section is defined as a "unit". Units at their smallest are intended to be equivalent to a translation unit, and at a high level represent an object file that will be linked into the final executable. This will be done using pod init example.exe.
2. User can update units in pod.toml based on their own binary analysis, hopefully splitting them down into something close to the actual translation units. These units can be mapped to an assembly file, C file, C++ file, or to copy bytes directly from the original exe (this is useful for getting started and just getting an output exe that is identical, all projects should begin like this with all section data being simply copied from the original exe).
3. Split exe based on config into its units, as well as creating a "donee" exe file with all code sections removed. This will be done using pod split.
4. Generate object files based on split data from original exe or compiler/assembler output for configured source files. This will be done using pod gen.
5. Link all generated object files together into an executable with exe section data that is identical to that of the original. This is termed the "donor" exe, because it will likely not run by itself due to missing PE metadata. The section data from this donor exe is implanted into the "donee" exe from the split step, producing a final output that is identical to the original exe, but that has code generated at least partially based on rewritten source code.

As of now, all of these features are complete but are lacking in many configuration options and will likely only work for very specific use-cases. A major feature that is missing is also the inability to associate data from different sections to the same unit. This feature will be coming soon as I will need it for my proof-of-concept project.