An implementation of the Windows executable (.exe) / Microsoft Portable Executable format for Okteta's structure view tool.
You can install this add-on from within Okteta via the KDE Store. Use the "Get New Structures..." button in the structures settings dialog.
You can also download it from the KDE Store directly.
If you want to install from source, you can clone this repository into the right location and it should be picked up when you restart Okteta.
An example of how you might do this on Linux follows.
# Create folder in case it does not already exist.
mkdir -p "$HOME/.local/share/okteta/structures/"
# Enter structures folder.
cd "$HOME/.local/share/okteta/structures/"
# Clone into the expected folder.
git clone https://github.com/jchv/okteta-portable-executable portable-executable
# Start/restart Okteta. You should be able to find "Portable Executable
# structure" in the Settings window for the Structure pane.- Supports PE32 and PE32+ (64-bit) executable files.
- Supports COFF object files.
- Detailed, human readable field names, enumerations, and flags.
- Automatically locks to offset 0 by default for convenience.
- Supports digging into data directories:
- Exports table
- Imports table (partially)
- Base Relocations (partially)
- Debug information
There's not much of a build process, although TypeScript is used. It is recommended to use direnv and Nix to develop. When using direnv and Nix, some useful commands are provided:
okteta-link: Links the structures from your development environment into Okteta's local folder so that you can test during development.okteta-unlink: Removes links created byokteta-link.build-structs: Runs the TypeScript compiler for each structure.build-structs -w: Runs the TypeScript compiler for each structure, in watch mode.
The Nix flake also can build the tarballs that are used for the KDE Store. To
do this, run nix build and the result symlink will contain the tarballs.
Some of the data directories are still not handled, including:
- Resources
- CLR descriptors
In addition, due to the lack of support for variable length arrays terminated by a sentinel value, there are some limitations when digging into various directories that need this:
- Only the first import thunk for each DLL is parsed.
- Only the first base relocation table is parsed.
Barring a nice hack, it seems likely that we will need to make changes to Okteta to get better support here. Both of these arrays can get large enough to make it impractical to try to apply hacks using arrays and nesting.