当前位置: 首页>>代码示例>>Python>>正文


Python pefile.DIRECTORY_ENTRY属性代码示例

本文整理汇总了Python中pefile.DIRECTORY_ENTRY属性的典型用法代码示例。如果您正苦于以下问题:Python pefile.DIRECTORY_ENTRY属性的具体用法?Python pefile.DIRECTORY_ENTRY怎么用?Python pefile.DIRECTORY_ENTRY使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在pefile的用法示例。


在下文中一共展示了pefile.DIRECTORY_ENTRY属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: listimports

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def listimports(fname):

    I = []
    mype2=pefile.PE(fname,fast_load=True)
    if mype2.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress != 0:
        mype2.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
        if mype2.DIRECTORY_ENTRY_IMPORT is not None:
            for entry in mype2.DIRECTORY_ENTRY_IMPORT:
                for imptab in entry.imports:
                    if imptab.name is None:
                        imptab.name = "None"
                    if imptab.address is None :
                        imptab.address = int(0) 
                    x = hex(int(imptab.address)), imptab.name
                    I.append(x)
    return I 
开发者ID:alexandreborges,项目名称:malwoverview,代码行数:18,代码来源:malwoverview.py

示例2: _parse_pe_non_reloc_data_directories

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def _parse_pe_non_reloc_data_directories(self):
        """
        Parse data directories that is not DIRECTORY_ENTRY_BASERELOC since parsing relocations can take a long time in
        many PE binaries.
        """

        directory_names = (
            'IMAGE_DIRECTORY_ENTRY_EXPORT',
            'IMAGE_DIRECTORY_ENTRY_IMPORT',
            'IMAGE_DIRECTORY_ENTRY_RESOURCE',
            'IMAGE_DIRECTORY_ENTRY_EXCEPTION',
            'IMAGE_DIRECTORY_ENTRY_SECURITY',
            'IMAGE_DIRECTORY_ENTRY_DEBUG',
            'IMAGE_DIRECTORY_ENTRY_COPYRIGHT',
            'IMAGE_DIRECTORY_ENTRY_GLOBALPTR',
            'IMAGE_DIRECTORY_ENTRY_TLS',
            'IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG',
            'IMAGE_DIRECTORY_ENTRY_IAT',
            'IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT',
            'IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR',
            'IMAGE_DIRECTORY_ENTRY_RESERVED',
        )
        directories = tuple(pefile.DIRECTORY_ENTRY[n] for n in directory_names)
        self._pe.parse_data_directories(directories=directories) 
开发者ID:angr,项目名称:cle,代码行数:26,代码来源:pe.py

示例3: get_import_size_stats

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def get_import_size_stats(self):
        # self.pe.parse_data_directories() # si if has fast load.
        total = 0
        if (self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
            return 0, 0, 0
        for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
            total = total + len(entry.imports)
            # print entry.dll
            # for imp in entry.imports:
            # print '\t', hex(imp.address), imp.name

        cant_librerias = (len(self.pe.DIRECTORY_ENTRY_IMPORT))
        total_imports = total
        promedio = total / cant_librerias

        return total_imports, cant_librerias, promedio 
开发者ID:codexgigassys,项目名称:codex-backend,代码行数:18,代码来源:PEHeaderReader.py

示例4: getImports

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def getImports(self):
        if (self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
            return None

        d = {}
        # print(self.pe.DIRECTORY_ENTRY_IMPORT)
        for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
            aux = []
            for i in range(len(entry.dll)):
                if(ord(entry.dll[i]) >= 128):
                    aux.append('.')
                else:
                    aux.append(entry.dll[i])

            dll_name = "".join(aux)

            # print entry.dll
            # print entry.imports
            l = []
            for imp in entry.imports:
                l.append(str(imp.name))
                # print '\t', hex(imp.address), imp.name
            d[unicode(str(dll_name), "utf-8")] = l

        return d 
开发者ID:codexgigassys,项目名称:codex-backend,代码行数:27,代码来源:PEHeaderReader.py

示例5: initialize

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def initialize(self, sample):
        if(self.already_initialized):
            return self.library
        self.already_initialized = True
        try:
            self.library = pefile.PE(data=sample.getBinary(), fast_load=True)
            # see if this initializations can be done on plugins.
            self.library.parse_data_directories(directories=[
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT'],
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT'],
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_TLS'],
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY'],
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']])

        except pefile.PEFormatError:
            # print("parse fail")
            self.library = None
            # print(traceback.format_exc())
            logging.error("Error parsing pefileModule with sample:%s",
                          sample.getID(), exc_info=True) 
开发者ID:codexgigassys,项目名称:codex-backend,代码行数:22,代码来源:PEFileModule.py

示例6: META_PE_SIGNATURE

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def META_PE_SIGNATURE(s, buff):

   sig_buff = []

   pe = pefile.PE(data=buff)

   address = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress
   size = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].Size

   # Eight bytes in due to the struct spec
   # typedef struct _WIN_CERTIFICATE
   # {
   #     DWORD       dwLength;
   #     WORD        wRevision;
   #     WORD        wCertificateType;   
   #     BYTE        bCertificate[ANYSIZE_ARRAY];
   # } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
   sig_buff = buff[address + 8 : address + 8 + size]
   # Remove sequence and objid structures, 19 bytes
   signed_data, rest = decode(sig_buff[19:], asn1Spec=rfc2315.SignedData())

   return get_cert_info(signed_data) 
开发者ID:EmersonElectricCo,项目名称:fsf,代码行数:24,代码来源:META_PE_SIGNATURE.py

示例7: listexports

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def listexports(fname):

    E = []
    mype2=pefile.PE(fname,fast_load=True)
    if mype2.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']].VirtualAddress != 0:
        mype2.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']])
        for exptab in mype2.DIRECTORY_ENTRY_EXPORT.symbols:
            x = hex(mype2.OPTIONAL_HEADER.ImageBase + exptab.address), exptab.name
            E.append(x)
    return E 
开发者ID:alexandreborges,项目名称:malwoverview,代码行数:12,代码来源:malwoverview.py

示例8: load_dyn_sym

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def load_dyn_sym(self):
        try:
            self.pe.parse_data_directories(
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT'])
        except Exception as e:
            raise ExcPEFail(e)

        if hasattr(self.pe, 'DIRECTORY_ENTRY_IMPORT'):
            for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
                for imp in entry.imports:
                    if imp.name is None:
                        continue

                    name = imp.name

                    # erocarrera/pefile returns a bytes but mlaferrera/prefile
                    # returns a string.
                    if isinstance(name, bytes):
                        name = name.decode()

                    n = name

                    if name in self.symbols:
                        name = self.rename_sym(name)

                    self.reverse_symbols[imp.address] = name
                    self.symbols[name] = imp.address

                    # TODO: always a function ?
                    # set the index, but the object is currently None
                    self.func_add_flag(imp.address, n)
                    self.db.functions[imp.address] = None 
开发者ID:plasma-disassembler,项目名称:plasma,代码行数:34,代码来源:pe.py

示例9: checkTSL

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def checkTSL(self):
        _tls = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[
            pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_TLS']].VirtualAddress
        if _tls:
            return _tls
        else:
            return None 
开发者ID:secrary,项目名称:SSMA,代码行数:9,代码来源:check_file.py

示例10: process

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def process(self):
        pelib = self._getLibrary(PEFileModule().getName())
        if(pelib is None):
            return ""

        try:
            if (pelib.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
                return ""
        except Exception, e:
            print str(e)
            return "" 
开发者ID:codexgigassys,项目名称:codex-backend,代码行数:13,代码来源:ImportsPlug.py

示例11: get_debug_data

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def get_debug_data(pe, type=DEBUG_TYPE[u'IMAGE_DEBUG_TYPE_CODEVIEW']):
    retval = None
    if not hasattr(pe, u'DIRECTORY_ENTRY_DEBUG'):
        # fast loaded - load directory
        pe.parse_data_directories(DIRECTORY_ENTRY[u'IMAGE_DIRECTORY_ENTRY_DEBUG'])
    if not hasattr(pe, u'DIRECTORY_ENTRY_DEBUG'):
        raise PENoDebugDirectoryEntriesError()
    else:
        for entry in pe.DIRECTORY_ENTRY_DEBUG:
            off = entry.struct.PointerToRawData
            size = entry.struct.SizeOfData
            if entry.struct.Type == type:
                retval = pe.__data__[off:off+size]
                break
    return retval 
开发者ID:ax330d,项目名称:ida_pdb_loader,代码行数:17,代码来源:peinfo.py

示例12: test_write_header_fields

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def test_write_header_fields(self):
        """Verify correct field data modification."""

        # Test version information writing
        control_file = os.path.join(REGRESSION_TESTS_DIR, 'MSVBVM60.DLL')
        pe = pefile.PE(control_file, fast_load=True)
        pe.parse_data_directories(
            directories=[
                pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']])

        original_data = pe.write()

        str1 = b'string1'
        str2 = b'str2'
        str3 = b'string3'

        pe.FileInfo[0][0].StringTable[0].entries[b'FileDescription'] = str1
        pe.FileInfo[0][0].StringTable[0].entries[b'FileVersion'] = str2
        pe.FileInfo[0][0].StringTable[0].entries[b'InternalName'] = str3

        new_data = pe.write()

        diff, differences = 0, list()
        for idx in range(len(original_data)):
            if original_data[idx] != new_data[idx]:

                diff += 1
                # Skip the zeroes that pefile automatically adds to pad a new,
                # shorter string, into the space occupied by a longer one.
                if new_data[idx] != 0:
                    differences.append(chr(new_data[idx]))

        # Verify all modifications in the file were the ones we just made
        #
        self.assertEqual(''.join(differences).encode('utf-8', 'backslashreplace'),  str1+str2+str3)

        pe.close() 
开发者ID:erocarrera,项目名称:pefile,代码行数:39,代码来源:pefile_test.py

示例13: get_relocations

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def get_relocations(pe, proc, module_base_address):
    try:
        relocations = []
        relocation_table = pe.NT_HEADERS.OPTIONAL_HEADER.DATA_DIRECTORY[
            pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC']]
        rva = relocation_table.VirtualAddress
        size = relocation_table.Size

        if size == 0:
            return []

        rlc_size = pefile.Structure(pe.__IMAGE_BASE_RELOCATION_format__).sizeof()
        end = rva + size
        while rva < end:
            try:
                rlc = pe.__unpack_data__(
                    pe.__IMAGE_BASE_RELOCATION_format__,
                    proc.read(module_base_address + rva, rlc_size),
                    file_offset=pe.get_offset_from_rva(rva))
            except pefile.PEFormatError:
                rlc = None

            if not rlc:
                break
            relocation_entries = parse_relocations(proc, module_base_address, pe, rva + rlc_size, rlc.VirtualAddress,
                                                   rlc.SizeOfBlock - rlc_size)

            relocations.append(
                pefile.BaseRelocationData(
                    struct=rlc,
                    entries=relocation_entries))

            if not rlc.SizeOfBlock:
                break
            rva += rlc.SizeOfBlock

        return relocations
    except Exception as ex:
        print(str(ex)) 
开发者ID:intezer,项目名称:MemoryPatchDetector,代码行数:41,代码来源:windows_memory_patches.py

示例14: _get_signature

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def _get_signature(self):
        """If this executable is signed, get its signature(s)."""
        dir_index = pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]
        if len(self.pe.OPTIONAL_HEADER.DATA_DIRECTORY) < dir_index:
            return []

        dir_entry = self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[dir_index]
        if not dir_entry or not dir_entry.VirtualAddress or not dir_entry.Size:
            return []

        if not HAVE_MCRYPTO:
            log.critical("You do not have the m2crypto library installed "
                         "preventing certificate extraction: "
                         "pip install m2crypto")
            return []

        signatures = self.pe.write()[dir_entry.VirtualAddress+8:]
        bio = M2Crypto.BIO.MemoryBuffer(signatures)
        if not bio:
            return []

        pkcs7_obj = M2Crypto.m2.pkcs7_read_bio_der(bio.bio_ptr())
        if not pkcs7_obj:
            return []

        ret = []
        p7 = M2Crypto.SMIME.PKCS7(pkcs7_obj)
        for cert in p7.get0_signers(M2Crypto.X509.X509_Stack()) or []:
            subject = cert.get_subject()
            ret.append({
                "serial_number": "%032x" % cert.get_serial_number(),
                "common_name": subject.CN,
                "country": subject.C,
                "locality": subject.L,
                "organization": subject.O,
                "email": subject.Email,
                "sha1": "%040x" % int(cert.get_fingerprint("sha1"), 16),
                "md5": "%032x" % int(cert.get_fingerprint("md5"), 16),
            })

            if subject.GN and subject.SN:
                ret[-1]["full_name"] = "%s %s" % (subject.GN, subject.SN)
            elif subject.GN:
                ret[-1]["full_name"] = subject.GN
            elif subject.SN:
                ret[-1]["full_name"] = subject.SN

        return ret 
开发者ID:phdphuc,项目名称:mac-a-mal-cuckoo,代码行数:50,代码来源:static.py

示例15: __init__

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import DIRECTORY_ENTRY [as 别名]
def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.segments = self.sections # in a PE, sections and segments have the same meaning
        self.os = 'windows'
        if self.binary is None:
            self._pe = pefile.PE(data=self._binary_stream.read(), fast_load=True)
            self._parse_pe_non_reloc_data_directories()
        elif self.binary in self._pefile_cache: # these objects are not mutated, so they are reusable within a process
            self._pe = self._pefile_cache[self.binary]
        else:
            self._pe = pefile.PE(self.binary, fast_load=True)
            self._parse_pe_non_reloc_data_directories()
            if not self.is_main_bin:
                # only cache shared libraries, the main binary will not be reused
                self._pefile_cache[self.binary] = self._pe

        if self.arch is None:
            self.set_arch(archinfo.arch_from_id(pefile.MACHINE_TYPE[self._pe.FILE_HEADER.Machine]))

        self.mapped_base = self.linked_base = self._pe.OPTIONAL_HEADER.ImageBase

        self._entry = AT.from_rva(self._pe.OPTIONAL_HEADER.AddressOfEntryPoint, self).to_lva()

        if hasattr(self._pe, 'DIRECTORY_ENTRY_IMPORT'):
            self.deps = [entry.dll.decode().lower() for entry in self._pe.DIRECTORY_ENTRY_IMPORT]
        else:
            self.deps = []

        if self.binary is not None and not self.is_main_bin:
            self.provides = os.path.basename(self.binary).lower()
        else:
            self.provides = None

        self.tls_index_address = None
        self.tls_callbacks = None

        self.supports_nx = self._pe.OPTIONAL_HEADER.DllCharacteristics & 0x100 != 0
        self.pic = self.pic or self._pe.OPTIONAL_HEADER.DllCharacteristics & 0x40 != 0
        if hasattr(self._pe, 'DIRECTORY_ENTRY_LOAD_CONFIG'):
            self.load_config = {name: value['Value'] for name, value in self._pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.dump_dict().items() if name != 'Structure'}
        else:
            self.load_config = {}

        self._exports = {}
        self._ordinal_exports = {}
        self._symbol_cache = self._exports # same thing
        self._handle_imports()
        self._handle_exports()
        if self.loader._perform_relocations:
            # parse base relocs
            self._pe.parse_data_directories(directories=(pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC'],))
            self.__register_relocs()
        # parse TLS
        self._register_tls()
        # parse sections
        self._register_sections()

        self.linking = 'dynamic' if self.deps else 'static'
        self.jmprel = self._get_jmprel()
        self.memory.add_backer(0, self._pe.get_memory_mapped_image()) 
开发者ID:angr,项目名称:cle,代码行数:62,代码来源:pe.py


注:本文中的pefile.DIRECTORY_ENTRY属性示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。