-
Notifications
You must be signed in to change notification settings - Fork 95
PE Visualizer
Karsten Hahn edited this page Feb 11, 2023
·
10 revisions
You can get a quick overview for the structure of a PE file by using the PE Visualizer tool. The tool creates a buffered image that shows your PE file.
The following example writes an image of the PE file's structure to disk:
File peFile = new File("samplefile.exe");
Visualizer visualizer = new VisualizerBuilder().build();
visualizer.writeImage(peFile, new File("image.png"));;
Use the visualizer builder to change the look of your image:
visualizer = new VisualizerBuilder()
.setPixelated(true)
.setHeight(800)
.setFileWidth(600)
.setLegendWidth(300)
.setPixelSize(10)
.setAdditionalGap(3)
.setBytesPerPixel(10, peFile.length())
.setColor(ColorableItem.SECTION_TABLE, Color.BLUE)
.build();
If you want one square pixel to represent an exact number of bytes, you can do this. With the following option one square pixel would represent exactly 10 bytes. The height of the image is changed accordingly.
new VisualizerBuilder().setBytesPerPixel(10, file.length()).build();
You can create an image of the local entropies and append it to the structure image:
BufferedImage leftImage = visualizer.createEntropyImage(peFile);
BufferedImage rightImage = visualizer.createImage(peFile);
BufferedImage appendedImage = ImageUtil.appendImages(leftImage,
rightImage);
This code will create a Byteplot with a legend on the right.
BufferedImage bytePlot = visualizer.createBytePlot(peFile);
BufferedImage legendImage = visualizer.createLegendImage(true, false, false);
BufferedImage appendedImage2 = ImageUtil.appendImages(bytePlot, legendImage);
ImageIO.write(appendedImage2, "png", new File("outfile.png"));