PE/COFF 4J is a java engineering library for portable executables, the format used by Windows. It has the following features:
- Parser for Windows executables and DLLs.
- Assembler for creating and modifying executables and DLLs.
- Resource directory parser - understands version info, icons.
This is a fork of http://sourceforge.net/projects/pecoff4j/
Imported from CVS on May 24th, 2014
This fork of PECOFF4J is available on Maven Central.
<dependency>
<groupId>com.kichik.pecoff4j</groupId>
<artifactId>pecoff4j</artifactId>
<version>0.4.1</version>
</dependency>
See Maven Central for more installation options like Gradle, SBT, Ivy, etc.
Sources are licensed under Common Public License v1.0
The project was forked to implement version string parsing for a StackOverflow question.
Recently, support for modifying the resource directory has been added (e.g. adding or removing icons). See
the ResourceDirectoryTest
for some basic examples. Use the rebuild
method to re-calculate the internal structures prior to creating the binary
using the write
method.
import java.io.IOException;
import com.kichik.pecoff4j.PE;
import com.kichik.pecoff4j.ResourceDirectory;
import com.kichik.pecoff4j.ResourceEntry;
import com.kichik.pecoff4j.constant.ResourceType;
import com.kichik.pecoff4j.io.DataReader;
import com.kichik.pecoff4j.io.PEParser;
import com.kichik.pecoff4j.resources.StringFileInfo;
import com.kichik.pecoff4j.resources.StringPair;
import com.kichik.pecoff4j.resources.StringTable;
import com.kichik.pecoff4j.resources.VersionInfo;
import com.kichik.pecoff4j.util.ResourceHelper;
public class Main {
public static void main(String[] args) throws IOException {
PE pe = PEParser.parse("C:/windows/system32/notepad.exe");
ResourceDirectory rd = pe.getImageData().getResourceTable();
ResourceEntry[] entries = ResourceHelper.findResources(rd, ResourceType.VERSION_INFO);
for (ResourceEntry entry : entries) {
byte[] data = entry.getData();
VersionInfo version = VersionInfo.read(new DataReader(data));
StringFileInfo strings = version.getStringFileInfo();
StringTable table = strings.getTables().get(0);
for (List<StringPair> pair : table.getStrings()){
System.out.println(pair.getKey() + " = " + pair.getValue());
}
}
}
}
Will print:
CompanyName = Microsoft Corporation
FileDescription = Notepad
FileVersion = 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName = Notepad
LegalCopyright = © Microsoft Corporation. All rights reserved.
OriginalFilename = NOTEPAD.EXE
ProductName = Microsoft® Windows® Operating System
ProductVersion = 6.1.7600.16385