本文整理汇总了Python中pefile.DIRECTORY_ENTRY属性的典型用法代码示例。如果您正苦于以下问题:Python pefile.DIRECTORY_ENTRY属性的具体用法?Python pefile.DIRECTORY_ENTRY怎么用?Python pefile.DIRECTORY_ENTRY使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类pefile的用法示例。
在下文中一共展示了pefile.DIRECTORY_ENTRY属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: listimports
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def listimports(fname):
I = []
mype2=pefile.PE(fname,fast_load=True)
if mype2.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress != 0:
mype2.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
if mype2.DIRECTORY_ENTRY_IMPORT is not None:
for entry in mype2.DIRECTORY_ENTRY_IMPORT:
for imptab in entry.imports:
if imptab.name is None:
imptab.name = "None"
if imptab.address is None :
imptab.address = int(0)
x = hex(int(imptab.address)), imptab.name
I.append(x)
return I 示例2: _parse_pe_non_reloc_data_directories
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def _parse_pe_non_reloc_data_directories(self):
"""
Parse data directories that is not DIRECTORY_ENTRY_BASERELOC since parsing relocations can take a long time in
many PE binaries.
"""
directory_names = (
'IMAGE_DIRECTORY_ENTRY_EXPORT',
'IMAGE_DIRECTORY_ENTRY_IMPORT',
'IMAGE_DIRECTORY_ENTRY_RESOURCE',
'IMAGE_DIRECTORY_ENTRY_EXCEPTION',
'IMAGE_DIRECTORY_ENTRY_SECURITY',
'IMAGE_DIRECTORY_ENTRY_DEBUG',
'IMAGE_DIRECTORY_ENTRY_COPYRIGHT',
'IMAGE_DIRECTORY_ENTRY_GLOBALPTR',
'IMAGE_DIRECTORY_ENTRY_TLS',
'IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG',
'IMAGE_DIRECTORY_ENTRY_IAT',
'IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT',
'IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR',
'IMAGE_DIRECTORY_ENTRY_RESERVED',
)
directories = tuple(pefile.DIRECTORY_ENTRY[n] for n in directory_names)
self._pe.parse_data_directories(directories=directories) 示例3: get_import_size_stats
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def get_import_size_stats(self):
# self.pe.parse_data_directories() # si if has fast load.
total = 0
if (self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
return 0, 0, 0
for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
total = total + len(entry.imports)
# print entry.dll
# for imp in entry.imports:
# print '\t', hex(imp.address), imp.name
cant_librerias = (len(self.pe.DIRECTORY_ENTRY_IMPORT))
total_imports = total
promedio = total / cant_librerias
return total_imports, cant_librerias, promedio 示例4: getImports
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def getImports(self):
if (self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
return None
d = {}
# print(self.pe.DIRECTORY_ENTRY_IMPORT)
for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
aux = []
for i in range(len(entry.dll)):
if(ord(entry.dll[i]) >= 128):
aux.append('.')
else:
aux.append(entry.dll[i])
dll_name = "".join(aux)
# print entry.dll
# print entry.imports
l = []
for imp in entry.imports:
l.append(str(imp.name))
# print '\t', hex(imp.address), imp.name
d[unicode(str(dll_name), "utf-8")] = l
return d 示例5: initialize
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def initialize(self, sample):
if(self.already_initialized):
return self.library
self.already_initialized = True
try:
self.library = pefile.PE(data=sample.getBinary(), fast_load=True)
# see if this initializations can be done on plugins.
self.library.parse_data_directories(directories=[
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT'],
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT'],
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_TLS'],
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY'],
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']])
except pefile.PEFormatError:
# print("parse fail")
self.library = None
# print(traceback.format_exc())
logging.error("Error parsing pefileModule with sample:%s",
sample.getID(), exc_info=True) 示例6: META_PE_SIGNATURE
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def META_PE_SIGNATURE(s, buff):
sig_buff = []
pe = pefile.PE(data=buff)
address = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress
size = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].Size
# Eight bytes in due to the struct spec
# typedef struct _WIN_CERTIFICATE
# {
# DWORD dwLength;
# WORD wRevision;
# WORD wCertificateType;
# BYTE bCertificate[ANYSIZE_ARRAY];
# } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
sig_buff = buff[address + 8 : address + 8 + size]
# Remove sequence and objid structures, 19 bytes
signed_data, rest = decode(sig_buff[19:], asn1Spec=rfc2315.SignedData())
return get_cert_info(signed_data) 示例7: listexports
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def listexports(fname):
E = []
mype2=pefile.PE(fname,fast_load=True)
if mype2.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']].VirtualAddress != 0:
mype2.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']])
for exptab in mype2.DIRECTORY_ENTRY_EXPORT.symbols:
x = hex(mype2.OPTIONAL_HEADER.ImageBase + exptab.address), exptab.name
E.append(x)
return E 示例8: load_dyn_sym
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def load_dyn_sym(self):
try:
self.pe.parse_data_directories(
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT'])
except Exception as e:
raise ExcPEFail(e)
if hasattr(self.pe, 'DIRECTORY_ENTRY_IMPORT'):
for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
for imp in entry.imports:
if imp.name is None:
continue
name = imp.name
# erocarrera/pefile returns a bytes but mlaferrera/prefile
# returns a string.
if isinstance(name, bytes):
name = name.decode()
n = name
if name in self.symbols:
name = self.rename_sym(name)
self.reverse_symbols[imp.address] = name
self.symbols[name] = imp.address
# TODO: always a function ?
# set the index, but the object is currently None
self.func_add_flag(imp.address, n)
self.db.functions[imp.address] = None 示例9: checkTSL
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def checkTSL(self):
_tls = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_TLS']].VirtualAddress
if _tls:
return _tls
else:
return None 示例10: process
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if(pelib is None):
return ""
try:
if (pelib.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
return ""
except Exception, e:
print str(e)
return "" 示例11: get_debug_data
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def get_debug_data(pe, type=DEBUG_TYPE[u'IMAGE_DEBUG_TYPE_CODEVIEW']):
retval = None
if not hasattr(pe, u'DIRECTORY_ENTRY_DEBUG'):
# fast loaded - load directory
pe.parse_data_directories(DIRECTORY_ENTRY[u'IMAGE_DIRECTORY_ENTRY_DEBUG'])
if not hasattr(pe, u'DIRECTORY_ENTRY_DEBUG'):
raise PENoDebugDirectoryEntriesError()
else:
for entry in pe.DIRECTORY_ENTRY_DEBUG:
off = entry.struct.PointerToRawData
size = entry.struct.SizeOfData
if entry.struct.Type == type:
retval = pe.__data__[off:off+size]
break
return retval 示例12: test_write_header_fields
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def test_write_header_fields(self):
"""Verify correct field data modification."""
# Test version information writing
control_file = os.path.join(REGRESSION_TESTS_DIR, 'MSVBVM60.DLL')
pe = pefile.PE(control_file, fast_load=True)
pe.parse_data_directories(
directories=[
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']])
original_data = pe.write()
str1 = b'string1'
str2 = b'str2'
str3 = b'string3'
pe.FileInfo[0][0].StringTable[0].entries[b'FileDescription'] = str1
pe.FileInfo[0][0].StringTable[0].entries[b'FileVersion'] = str2
pe.FileInfo[0][0].StringTable[0].entries[b'InternalName'] = str3
new_data = pe.write()
diff, differences = 0, list()
for idx in range(len(original_data)):
if original_data[idx] != new_data[idx]:
diff += 1
# Skip the zeroes that pefile automatically adds to pad a new,
# shorter string, into the space occupied by a longer one.
if new_data[idx] != 0:
differences.append(chr(new_data[idx]))
# Verify all modifications in the file were the ones we just made
#
self.assertEqual(''.join(differences).encode('utf-8', 'backslashreplace'), str1+str2+str3)
pe.close() 示例13: get_relocations
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def get_relocations(pe, proc, module_base_address):
try:
relocations = []
relocation_table = pe.NT_HEADERS.OPTIONAL_HEADER.DATA_DIRECTORY[
pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC']]
rva = relocation_table.VirtualAddress
size = relocation_table.Size
if size == 0:
return []
rlc_size = pefile.Structure(pe.__IMAGE_BASE_RELOCATION_format__).sizeof()
end = rva + size
while rva < end:
try:
rlc = pe.__unpack_data__(
pe.__IMAGE_BASE_RELOCATION_format__,
proc.read(module_base_address + rva, rlc_size),
file_offset=pe.get_offset_from_rva(rva))
except pefile.PEFormatError:
rlc = None
if not rlc:
break
relocation_entries = parse_relocations(proc, module_base_address, pe, rva + rlc_size, rlc.VirtualAddress,
rlc.SizeOfBlock - rlc_size)
relocations.append(
pefile.BaseRelocationData(
struct=rlc,
entries=relocation_entries))
if not rlc.SizeOfBlock:
break
rva += rlc.SizeOfBlock
return relocations
except Exception as ex:
print(str(ex)) 示例14: _get_signature
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def _get_signature(self):
"""If this executable is signed, get its signature(s)."""
dir_index = pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]
if len(self.pe.OPTIONAL_HEADER.DATA_DIRECTORY) < dir_index:
return []
dir_entry = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[dir_index]
if not dir_entry or not dir_entry.VirtualAddress or not dir_entry.Size:
return []
if not HAVE_MCRYPTO:
log.critical("You do not have the m2crypto library installed "
"preventing certificate extraction: "
"pip install m2crypto")
return []
signatures = self.pe.write()[dir_entry.VirtualAddress+8:]
bio = M2Crypto.BIO.MemoryBuffer(signatures)
if not bio:
return []
pkcs7_obj = M2Crypto.m2.pkcs7_read_bio_der(bio.bio_ptr())
if not pkcs7_obj:
return []
ret = []
p7 = M2Crypto.SMIME.PKCS7(pkcs7_obj)
for cert in p7.get0_signers(M2Crypto.X509.X509_Stack()) or []:
subject = cert.get_subject()
ret.append({
"serial_number": "%032x" % cert.get_serial_number(),
"common_name": subject.CN,
"country": subject.C,
"locality": subject.L,
"organization": subject.O,
"email": subject.Email,
"sha1": "%040x" % int(cert.get_fingerprint("sha1"), 16),
"md5": "%032x" % int(cert.get_fingerprint("md5"), 16),
})
if subject.GN and subject.SN:
ret[-1]["full_name"] = "%s %s" % (subject.GN, subject.SN)
elif subject.GN:
ret[-1]["full_name"] = subject.GN
elif subject.SN:
ret[-1]["full_name"] = subject.SN
return ret 示例15: __init__
# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.segments = self.sections # in a PE, sections and segments have the same meaning
self.os = 'windows'
if self.binary is None:
self._pe = pefile.PE(data=self._binary_stream.read(), fast_load=True)
self._parse_pe_non_reloc_data_directories()
elif self.binary in self._pefile_cache: # these objects are not mutated, so they are reusable within a process
self._pe = self._pefile_cache[self.binary]
else:
self._pe = pefile.PE(self.binary, fast_load=True)
self._parse_pe_non_reloc_data_directories()
if not self.is_main_bin:
# only cache shared libraries, the main binary will not be reused
self._pefile_cache[self.binary] = self._pe
if self.arch is None:
self.set_arch(archinfo.arch_from_id(pefile.MACHINE_TYPE[self._pe.FILE_HEADER.Machine]))
self.mapped_base = self.linked_base = self._pe.OPTIONAL_HEADER.ImageBase
self._entry = AT.from_rva(self._pe.OPTIONAL_HEADER.AddressOfEntryPoint, self).to_lva()
if hasattr(self._pe, 'DIRECTORY_ENTRY_IMPORT'):
self.deps = [entry.dll.decode().lower() for entry in self._pe.DIRECTORY_ENTRY_IMPORT]
else:
self.deps = []
if self.binary is not None and not self.is_main_bin:
self.provides = os.path.basename(self.binary).lower()
else:
self.provides = None
self.tls_index_address = None
self.tls_callbacks = None
self.supports_nx = self._pe.OPTIONAL_HEADER.DllCharacteristics & 0x100 != 0
self.pic = self.pic or self._pe.OPTIONAL_HEADER.DllCharacteristics & 0x40 != 0
if hasattr(self._pe, 'DIRECTORY_ENTRY_LOAD_CONFIG'):
self.load_config = {name: value['Value'] for name, value in self._pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.dump_dict().items() if name != 'Structure'}
else:
self.load_config = {}
self._exports = {}
self._ordinal_exports = {}
self._symbol_cache = self._exports # same thing
self._handle_imports()
self._handle_exports()
if self.loader._perform_relocations:
# parse base relocs
self._pe.parse_data_directories(directories=(pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC'],))
self.__register_relocs()
# parse TLS
self._register_tls()
# parse sections
self._register_sections()
self.linking = 'dynamic' if self.deps else 'static'
self.jmprel = self._get_jmprel()
self.memory.add_backer(0, self._pe.get_memory_mapped_image())