#include // Need this for fopen(..) fwrite(..) etc // We use this simple function to write data to our file. void fileout(char *str) { FILE *fp; fp=fopen("output.txt", "a+"); // a+ -> if file doesn't exist create it, else fprintf(fp, "%s", str); // append to the end of the file fclose(fp); }// End fileout(..) long FileSize( char * szFileName ) { FILE *file = fopen(szFileName, "rb"); // Open the file fseek(file, 0, SEEK_END); // Seek to the end long file_size = ftell(file); // Get the current position fclose(file); return file_size; // We have the file size, so return it }// End FileSize(..) void ProcessXBE( unsigned char *pXBE, long iSizeXBE ) { char buf[500]; // Large temp char buffer int iOffset = 0; unsigned int * ptr = (unsigned int*)pXBE; // Write out the first 3 char's of the xbe to see what they are sprintf(buf, "Sig (0x4) pXBE[0..3] = %c%c%c%c\n", pXBE[0], pXBE[1], pXBE[2], pXBE[3] ); fileout(buf); // Skip the 0x100 bytes that are the authentication signature fileout("Authentication Signature (0x100) (skipped)\n"); //Remember 256 bytes is 64 dwords, and the 1 dword which is the XBEH at the start ptr +=0x41; sprintf(buf, "Base Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Size of Headers (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Size of Image (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Size of Image Header (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Time&Date Stamp (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Certificate Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Number of Sections (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Section Headers Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Initialization Flags (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Entry Point (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "TLS Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE Stack Commit (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE Heap Reserve (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE Heap Commit (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE Base Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE Size of Image (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE Checksum (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "PE TimeDate (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Debug PathName Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Debug FileName Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Debug Unicode FileName Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Kernel Image Thunk Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Non-Kernel Import Directory Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Number of Library Versions (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Library Versions Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Kernel Library Version Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "XAPI Library Version Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Logo Bitmap Address (0x4) : 0x%08X\n", *ptr++); fileout(buf); sprintf(buf, "Logo Bitmap Size (0x4) : 0x%08X\n", *ptr++); fileout(buf); }// End ProcessXBE(..) //Program Entry Point void main(int argc, char* argv[]) { char szFileName[] = "default.xbe"; // Our input xbe char buf[500]; // Large temp char buffer long iFileSize = FileSize(szFileName); sprintf(buf, "File: %s - xbe filesize: %d bytes\n\n", szFileName, iFileSize); fileout(buf); // Lets allocate enough memory for the whole xbe and read it all in unsigned char * pXBE = new unsigned char[iFileSize]; // Open our xbe file FILE* fp = fopen( szFileName, "r" ); fseek(fp, 0, SEEK_SET); // Read all the contents into our allocated memory fread(pXBE, iFileSize, 1, fp); // Close our file. fclose( fp ); //------------------------Our XBE Analysis Code-------------------------// ProcessXBE( pXBE, iFileSize ); //------------------------End of XBE Analysis---------------------------// // Goodbye // Remember, before exiting the program, release the memory we allcoated for // the xbe data we read in delete[] pXBE; }// End main(..)