{"id":20101052,"url":"https://github.com/fkie-cad/headerparser","last_synced_at":"2025-09-07T14:11:52.273Z","repository":{"id":41366566,"uuid":"299554695","full_name":"fkie-cad/headerParser","owner":"fkie-cad","description":"Header information parser for PE, ELF, DEX, MachO, ZIP (JAR, DocX).","archived":false,"fork":false,"pushed_at":"2025-05-13T09:55:42.000Z","size":4646,"stargazers_count":14,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-13T10:45:26.075Z","etag":null,"topics":["binary","dex","elf","header","linux","macho","parser","pe","windows","zip"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fkie-cad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-09-29T08:35:07.000Z","updated_at":"2025-05-13T09:55:48.000Z","dependencies_parsed_at":"2024-11-13T17:25:09.935Z","dependency_job_id":"a8228f89-1462-4a5e-87e5-40ba8ea99f45","html_url":"https://github.com/fkie-cad/headerParser","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/fkie-cad/headerParser","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkie-cad%2FheaderParser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkie-cad%2FheaderParser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkie-cad%2FheaderParser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkie-cad%2FheaderParser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fkie-cad","download_url":"https://codeload.github.com/fkie-cad/headerParser/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fkie-cad%2FheaderParser/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274046000,"owners_count":25212982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","dex","elf","header","linux","macho","parser","pe","windows","zip"],"created_at":"2024-11-13T17:23:05.544Z","updated_at":"2025-09-07T14:11:52.254Z","avatar_url":"https://github.com/fkie-cad.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\r\n    \u003cimg src=\"logo.png\" alt=\"HeaderParser Logo\" width=\"50%\"/\u003e\r\n\u003c/p\u003e\r\n\r\n# Header Parser\r\nParses header information of a binary (executable) file.  \r\nPE, ELF, DEX, MachO, ZIP (JAR, DocX) are parsed in depth.  \r\nJava.class, ART, .NET, NE, MS-DOS are recognized.  \r\n\r\nThe focus was on PE and ELF. \r\nThe other types are handled less carefully but may be extended in the future.\r\nAs well as PE and ELF still have to be extended.\r\n\r\n\r\nPOSIX compliant.  \r\nCompiles and runs under\r\n- Linux \r\n- Windows (x86/x64)  \r\n- OsX may work too\r\n- Android in Termux\r\n\r\n\r\n## CONTENTS\r\n- [VERSION](#version)\r\n- [REQUIREMENTS](#requirements)\r\n- [BUILD](#build)\r\n    - [Linux (gcc) \u0026 cmake](#linux-(gcc)-\u0026-cmake)\r\n    - [Linux (gcc)](#linux-(gcc))\r\n    - [Windows (MsBuild)](#windows-(msbuild))\r\n    - [Runtime Errors (Windows)](#runtime-errors-(windows))\r\n- [USAGE](#usage)\r\n    - [Windows Context Menu](#windows-context-menu)\r\n- [EXAMPLE](#example)\r\n    - [Offsets](#offsets)\r\n    - [Forcing](#forcing)\r\n- [LIBRARY USAGE](#library-usage)\r\n    - [Build](#build)\r\n    - [Usage](#usage)\r\n    - [Python](#python)\r\n- [COPYRIGHT, CREDITS \u0026 CONTACT](#copyright,-credits-\u0026-contact)\r\n    - [Author](#author)\r\n    - [Co-Author, Icon Art](#co-author,-icon-art)\r\n\r\n\r\n## VERSION\r\n1.15.16  \r\nLast changed: 13.05.2025  \r\n\r\n## REQUIREMENTS\r\n- Linux\r\n   - Gcc\r\n- Windows\r\n   - msbuild\r\n\r\n\r\n## BUILD\r\n### Linux (gcc)\r\nscript\r\n```bash\r\n$ ./linuxBuild.sh [-t app] [-m Release|Debug] [-h]\r\n```\r\n\r\nmanual\r\n```bash\r\n$ mkdir build\r\n$ gcc -o build/headerParser -Wl,-z,relro,-z,now -D_FILE_OFFSET_BITS=64 -Ofast src/headerParser.c src/pe/PEHeader.c src/pe/PEHeaderOffsets.c\r\n```\r\n\r\nUse `clang` instead of `gcc` in Termux on Android.\r\n\r\n### Windows (MsBuild)\r\n```bash\r\n$ winBuild.bat [/exe] [/m \u003cRelease|Debug\u003e] [/b \u003c32|64\u003e] [/rtl] [/pdb] [/bt \u003cpath\u003e] [/pts \u003cPlatformToolset\u003e] [/h]\r\n```\r\nThis will run in a normal cmd.  \r\n\r\nThe correct path to your build tools may be passed  with the `/bt` parameter or changed in the script [winBuild.bat](winBuild.bat) itself.  \r\n\r\nThe PlatformToolset defaults to \"v143\", but may be changed with the `/pts` option.\r\n\"v142\" is used for VS 2019, \"v143\" would be used in VS 2022.\r\n\r\nIn a developer cmd you can also type:\r\n```bash\r\n$devcmd\u003e msbuild HeaderParser.vcxproj /p:Configuration=\u003cRelease|Debug\u003e /p:Platform=\u003cx64|x86\u003e [/p:PlatformToolset=\u003cv142|v143|WindowsApplicationForDrivers10.0\u003e]\r\n```\r\n\r\n**Warnings**  \r\nMSBuild issues some serious warnings:\r\n- `headerParser\\src\\headerDataHandler.h(54): warning C6001: Using uninitialized memory`\r\n- `headerParser\\src\\dex\\DexHeaderParser.h(371): warning C6386: Buffer overrun`\r\n\r\nBut so far I could not figure out, how to fix them, or put another way, what's the problem.\r\nIf someone knows, feel free to drop me a line.\r\n\r\n### Runtime Errors (Windows)\r\nIf a \"VCRUNTIMExxx.dll not found Error\" occurs on the target system, statically including runtime libs is a solution.  \r\nThis is done by using the `/p:RunTimeLib=Debug|Release` (msbuild) or `[/rtl]` (winBuild) flags.\r\n\r\n \r\n\r\n## USAGE\r\n```bash\r\n$ ./headerParser a/file/name [options]\r\n$ ./headerParser [options] a/file/name\r\n```\r\nOptions:  \r\n * -h Print help.\r\n * -s:uint64_t Start offset in file. Default = 1.\r\n * -i:uint8_t Level of output info. 1 : minimal output (Default), 2 : extended output (basic header).\r\n * -f:string Force parsing a specific type, skipping magic value checks. Currently, only \"pe\" is supported.\r\n * -offs: show file offsets of the printed values (for -i 2 or XX only options).\r\n * PE only options:\r\n   * -dosh: Print DOS header.\r\n   * -coffh: Print COFF header.\r\n   * -opth: Print Optional header.\r\n   * -sech: Print Section headers.\r\n   * -exp: Print the Image Export Table (IMAGE_DIRECTORY_ENTRY_EXPORT).\r\n   * -imp: Print the Image Import Table (IMAGE_DIRECTORY_ENTRY_IMPORT) dll names and info.\r\n   * -impx: Print the Image Import Table (IMAGE_DIRECTORY_ENTRY_IMPORT) dll names, info and imported functions.\r\n   * -res: Print the Image Resource Table (IMAGE_DIRECTORY_ENTRY_RESOURCE).\r\n   * -crt: Print the Image Certificate Table (IMAGE_DIRECTORY_ENTRY_CERTIFICATE).\r\n   * -cod: Directory to save found certificates in. (Needs -crt.)\r\n   * -rel: Print the Image Base Relocation Table (IMAGE_DIRECTORY_ENTRY_BASE_RELOC).\r\n   * -dbg: Print the Debug Table (IMAGE_DIRECTORY_ENTRY_DEBUG).\r\n   * -dbgx: Print the Debug Table (IMAGE_DIRECTORY_ENTRY_DEBUG) extended.\r\n   * -tls: Print the Image TLS Table (IMAGE_DIRECTORY_ENTRY_TLS).\r\n   * -lcfg: Print the Image Load Config Table (IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG)\r\n   * -bimp: Print the Image Bound Import Table (IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT).\r\n   * -dimp: Print the Image Delay Import Table (IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT) dll names and info.\r\n   * -dimpx: Print the Image Delay Import Table (IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT) dll names, info and imported functions.\r\n * ELF only options:\r\n   * -fileh: Print file header.\r\n   * -progh: Print program headers.\r\n   * -sech: Print section headers.\r\n   * -sym: Print symbol table (names only).\r\n   * -symx: Print symbol table with all info.\r\n   * -dym: Print dynamic symbol table (names only).\r\n   * -dymx: Print dynamic symbol table with all info.\r\n * DEX only options:\r\n   * -fileh: Print file header.\r\n   * -class: Print class defs.\r\n   * -field: Print field ids.\r\n   * -map: Print map.\r\n   * -method: Print method ids.\r\n   * -proto: Print proto ids.\r\n   * -string: Print string ids.\r\n   * -type: Print type ids.\r\n\r\n### Windows Context Menu\r\nIt may be convenient to add HeaderParser to the context menu to be able to right-click a file and header parse it.\r\nIn this scenario, you may use\r\n```bash\r\n$ addHeaderParserToShellCtxtMenu.bat /p \"c:\\HeaderParser.exe\" [/l \"Open in HeaderParser\"]\r\n```\r\n\r\n\r\n\r\n## EXAMPLE\r\n```bash\r\n$ ./headerParser a/file/name [-i 1]\r\n\r\nHeaderData:\r\ncoderegions:\r\n (1) .text: ( 0x0000000000000400 - 0x000000000000fc00 )\r\n (2) .init ...\r\n (3) ...\r\nheadertype: PE|ELF|... (32|64)\r\nbitness: 64-bit|32-bit|x-bit\r\nendian: little|big\r\nCPU_arch: Intel|Arm|...\r\nMachine: ...\r\n```\r\n\r\nThere is a difference between the header bitness (displayed in brackets following the `headertype`) and the bitness of the executable (program code). \r\nThe header bitness is 32 or 64 bit for ELF, MACH-O and PE. \r\nThe bitness of the executable (program code) may be different though.\r\n\r\nAn extended output will be printed, by setting \"-i 2\", which will cover the basic headers.\r\n```bash\r\n$ ./headerParser a/file.exe -i 2\r\n\r\nPE Image Dos Header:\r\n...\r\nCoff File Header:\r\n...\r\nOptional Header::\r\n...\r\nSection Header:\r\n1 / x\r\n...\r\n2 / x\r\n```\r\n\r\n```bash\r\n$ ./headerParser an/elf/file -i 2\r\n\r\nELF File header:\r\n...\r\nProgram Header Table:\r\n1 / x\r\n...\r\n2 / x\r\n...\r\nSection Header Table:\r\n1 / y\r\n...\r\n2 / y\r\n...\r\n```\r\n\r\nA more fine-grained and/or extended printout is available with the PE or ELF only options.\r\n\r\n### Offsets\r\nIf you think, the header starts somewhere in the file, you may pass an offset to it using the \"-s\" option.\r\n\r\n### Forcing\r\nIf you think it is a PE file but the MZ or PE00 magic values are broken, try the \"-f pe\" option.\r\n\r\n\r\n## LIBRARY USAGE\r\nHeaderParser may also be built as a shared or static library.  \r\n\r\n### Build\r\n*Linux*\r\n```bash\r\n$ ./linuxBuild.sh -t sh [-m Release|Debug] [-h]\r\nor\r\n$ ./linuxBuild.sh -t st [-m Release|Debug] [-h]\r\n```\r\nor plain:  \r\nshared  \r\n```bash\r\n$ mkdir build\r\n$ gcc -fPIC -Wl,-z,relro,-z,now -shared -Ofast -D_FILE_OFFSET_BITS=64 -Wall -o build/libheaderparser.so src/headerParserLib.c src/pe/PEHeader.c src/pe/PEHeaderOffsets.c\r\n```\r\n\r\nstatic  \r\n```bash\r\n$ mkdir build\r\n$ gcc -fPIC -Wl,-z,relro,-z,now -Ofast -D_FILE_OFFSET_BITS=64 -c -Wall -o build/headerParserLib.o src/headerParserLib.c \r\n$ gcc -fPIC -Wl,-z,relro,-z,now -Ofast -D_FILE_OFFSET_BITS=64 -c -Wall -o build/PEHeader.o src/pe/PEHeader.c\r\n$ gcc -fPIC -Wl,-z,relro,-z,now -Ofast -D_FILE_OFFSET_BITS=64 -c -Wall -o build/PEHeaderOffsets.o src/pe/PEHeaderOffsets.c\r\n$ ar rcs build/headerParser.a build/*.o\r\n```\r\n\r\n*Windows*\r\n```bash\r\n$ winBuild.bat /dll [/m Release|Debug] [/b 32|64]\r\n// or\r\n$ winBuild.bat /lib [/m Release|Debug] [/b 32|64]\r\n```\r\n\r\n### Usage\r\nAdditionally to the included header files `src\\exp.h` is needed in the same directory.\r\nThis may be removed soon.\r\n\r\n```c\r\n// link library when compiling\r\n// include\r\n#include \"src/HeaderData.h\"\r\n#include \"src/headerParserLib.h\"\r\n...\r\n// use library\r\nsize_t offset = 0;\r\nuint8_t force = FORCE_NONE; // or FORCE_PE\r\nHeaderData* data = getBasicHeaderParserInfo(\"a/file.path\", offset, force);\r\nif ( data )\r\n{\r\n// do stuff handling data\r\n// ...\r\n}\r\n// clean up\r\nfreeHeaderData(data);\r\n```\r\n\r\nFor PE files there is an extended parser available. \r\nThis one includes the basic data info.\r\n\r\nlayout\r\n```\r\nsrc/\r\n    HeaderData.h\r\n    PEHeaderData.h\r\n    headerParserLibPE.h\r\n    pe/PEHeader.h\r\n```\r\n\r\n```c\r\n// include\r\n#include \"src/HeaderData.h\"\r\n#include \"src/PEHeaderData.h\"\r\n#include \"src/headerParserLibPE.h\"\r\n...\r\n// use library\r\nsize_t offset = 0;\r\nPEHeaderData* data = getPEHeaderData(\"a/file.path\", offset);\r\nif ( data )\r\n{\r\n// do stuff handling data\r\n// ...\r\n}\r\n// clean up\r\nfreePEHeaderData(data);\r\n```\r\n\r\n### Python\r\nUsing the library is the preferred usage in python.  \r\nOn the python side, use [header_parser.py](src/header_parser.py).\r\n```python\r\nfrom src import header_parser\r\n\r\n# initialization\r\nheader_parser.init(\"src/of/libheaderparser.so\")\r\n# default usage\r\ndata = header_parser.get_basic_info('a/file.src')\r\n# passing a start offset\r\ndata = header_parser.get_basic_info('a/file.src', 10)\r\n# passing a start offset and forcing PE parsing\r\ndata = header_parser.get_basic_info('a/file.src', 10, header_parser.FORCE_PE)\r\n# convert cpu id and header type id into strings\r\ncpu = header_parser.lib_header_parser.getHeaderDataHeaderType(data['cpu'])\r\nheader_type = header_parser.lib_header_parser.getHeaderDataArchitecture(data['headertype'])\r\n```\r\n\r\n## COPYRIGHT, CREDITS \u0026 CONTACT\r\nPublished under [GNU GENERAL PUBLIC LICENSE](LICENSE).\r\n\r\n### Author\r\n- Henning Braun ([henning.braun@fkie.fraunhofer.de](mailto:henning.braun@fkie.fraunhofer.de)) \r\n\r\n### Co-Author, Icon Art\r\ncommon_codeio.h, Icon.ico\r\n- Viviane Zwanger ([viviane.zwanger@fkie.fraunhofer.de](mailto:viviane.zwanger@fkie.fraunhofer.de))\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffkie-cad%2Fheaderparser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffkie-cad%2Fheaderparser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffkie-cad%2Fheaderparser/lists"}