当前位置: 首页>>代码示例>>Python>>正文


Python pefile.PE属性代码示例

本文整理汇总了Python中pefile.PE属性的典型用法代码示例。如果您正苦于以下问题:Python pefile.PE属性的具体用法?Python pefile.PE怎么用?Python pefile.PE使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在pefile的用法示例。


在下文中一共展示了pefile.PE属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: listimports

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def listimports(fname):

    I = []
    mype2=pefile.PE(fname,fast_load=True)
    if mype2.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress != 0:
        mype2.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
        if mype2.DIRECTORY_ENTRY_IMPORT is not None:
            for entry in mype2.DIRECTORY_ENTRY_IMPORT:
                for imptab in entry.imports:
                    if imptab.name is None:
                        imptab.name = "None"
                    if imptab.address is None :
                        imptab.address = int(0) 
                    x = hex(int(imptab.address)), imptab.name
                    I.append(x)
    return I 
开发者ID:alexandreborges,项目名称:malwoverview,代码行数:18,代码来源:malwoverview.py

示例2: listsections

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def listsections(fname):

    pe=pefile.PE(fname)

    if(windows == 1):
        print("Sections: ", end='')
        print("\t\tEntropy\n")
        for sect in pe.sections:
            print("%17s" % (sect.Name).decode('utf-8'), end='')
            print(("\t%5.2f" % sect.get_entropy()))
    else:
        print("Sections: ", end='')
        print("\t\tEntropy\n")
        for sect in pe.sections:
            print("%17s" % (sect.Name).decode('utf-8'), end='')
            print(("\t\t%5.2f" % sect.get_entropy())) 
开发者ID:alexandreborges,项目名称:malwoverview,代码行数:18,代码来源:malwoverview.py

示例3: pe_resource_by_name

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def pe_resource_by_name(self, resource_name):
        """
        Extract a PE Resource from a binary by name
        :param resource_name: str
        :return: byte array
        """
        offset = 0x00
        size = 0x00

        pe = pefile.PE(data=self.file_data)
        for rsrc in pe.DIRECTORY_ENTRY_RESOURCE.entries:
            for entry in rsrc.directory.entries:
                if entry.name is not None:
                    if entry.name.__str__() == resource_name:
                        offset = entry.directory.entries[0].data.struct.OffsetToData
                        size = entry.directory.entries[0].data.struct.Size

        return pe.get_memory_mapped_image()[offset:offset + size] 
开发者ID:kevthehermit,项目名称:RATDecoders,代码行数:20,代码来源:fileparser.py

示例4: check_verinfo

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def check_verinfo(self, pe):
        """ Determine the version info in a PE file """
        ret = []
        
        if hasattr(pe, 'VS_VERSIONINFO'):
            if hasattr(pe, 'FileInfo'):
                for entry in pe.FileInfo:
                    if hasattr(entry, 'StringTable'):
                        for st_entry in entry.StringTable:
                            for str_entry in st_entry.entries.items():
                                ret.append(convert_to_printable(str_entry[0]) + ': ' + convert_to_printable(str_entry[1]) )
                    elif hasattr(entry, 'Var'):
                        for var_entry in entry.Var:
                            if hasattr(var_entry, 'entry'):
                                ret.append(convert_to_printable(var_entry.entry.keys()[0]) + ': ' + var_entry.entry.values()[0])
        return '\n'.join(ret) 
开发者ID:omriher,项目名称:CapTipper,代码行数:18,代码来源:pescanner.py

示例5: disasmSymbol

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def disasmSymbol(self, va):
        if not hasattr(self.PE, 'DIRECTORY_ENTRY_IMPORT'):
            return None

        # TODO: should implement with a lookup table
        for i, entry in enumerate(self.PE.DIRECTORY_ENTRY_IMPORT):

            for imp in entry.imports:
                if imp.address == va:
                    name = ''
                    if imp.name:
                        name = imp.name

                    if imp.ordinal:
                        name = bytes(imp.ordinal)

                    return '{0}:{1}'.format(entry.dll.decode('cp437'), name.decode('cp437'))

        return None 
开发者ID:mtivadar,项目名称:qiew,代码行数:21,代码来源:pe.py

示例6: kEND

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def kEND(self, k):
        gtype = str(self.ui.comboBox.currentText())

        if gtype == 'FileAddress':
            return self.plugin.dataModel.getDataSize()

        elif gtype == 'VirtualAddress':
            offset = self.plugin.dataModel.getDataSize()
            return self.plugin.PE.get_rva_from_offset(offset) + self.plugin.PE.OPTIONAL_HEADER.ImageBase
        elif gtype == 'RVA':
            offset = self.plugin.dataModel.getDataSize()
            return self.plugin.PE.get_rva_from_offset(offset)
        else:
            return None

    # goto address type fa/va/rva 
开发者ID:mtivadar,项目名称:qiew,代码行数:18,代码来源:pe.py

示例7: eventFilter

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def eventFilter(self, watched, event):
        if event.type() == QtCore.QEvent.KeyPress:
            if event.key() == QtCore.Qt.Key_Return:

                # get RVA column from treeView
                item = self.widget.currentItem()
                rva = self.widget.indexFromItem(item, 1).data()
                if rva:
                    rva = str(rva)
                    # strip 0x
                    rva = int(rva, 0)

                    offset = self.plugin.PE.get_offset_from_rva(rva)

                    self.plugin._viewMode.goTo(offset)

        return False 
开发者ID:mtivadar,项目名称:qiew,代码行数:19,代码来源:pe.py

示例8: run

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def run(self):
        """Run analysis.
        @return: analysis results dict or None.
        """
        if not os.path.exists(self.file_path):
            return {}

        try:
            self.pe = pefile.PE(self.file_path)
        except pefile.PEFormatError:
            return {}

        results = {}
        results["peid_signatures"] = self._get_peid_signatures()
        results["pe_imports"] = self._get_imported_symbols()
        results["pe_exports"] = self._get_exported_symbols()
        results["pe_sections"] = self._get_sections()
        results["pe_resources"] = self._get_resources()
        results["pe_versioninfo"] = self._get_versioninfo()
        results["pe_imphash"] = self._get_imphash()
        results["pe_timestamp"] = self._get_timestamp()
        results["pdb_path"] = self._get_pdb_path()
        results["signature"] = self._get_signature()
        results["imported_dll_count"] = len([x for x in results["pe_imports"] if x.get("dll")])
        return results 
开发者ID:phdphuc,项目名称:mac-a-mal-cuckoo,代码行数:27,代码来源:static.py

示例9: _GetSectionNames

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def _GetSectionNames(self, pefile_object):
    """Retrieves all PE section names.

    Args:
      pefile_object (pefile.PE): pefile object.

    Returns:
      list[str]: names of the sections.
    """
    section_names = []
    for section in pefile_object.sections:
      section_name = getattr(section, 'Name', b'')
      # Ensure the name is decoded correctly.
      try:
        section_name = '{0:s}'.format(section_name.decode('unicode_escape'))
      except UnicodeDecodeError:
        section_name = '{0:s}'.format(repr(section_name))
      section_names.append(section_name)

    return section_names 
开发者ID:log2timeline,项目名称:plaso,代码行数:22,代码来源:pe.py

示例10: _GetImportTimestamps

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def _GetImportTimestamps(self, pefile_object):
    """Retrieves timestamps from the import directory, if available.

    Args:
      pefile_object (pefile.PE): pefile object.

    Returns:
      list[int]: import timestamps.
    """
    import_timestamps = []
    if not hasattr(pefile_object, 'DIRECTORY_ENTRY_IMPORT'):
      return import_timestamps
    for importdata in pefile_object.DIRECTORY_ENTRY_IMPORT:
      dll_name = getattr(importdata, 'dll', '')
      try:
        dll_name = dll_name.decode('ascii')
      except UnicodeDecodeError:
        dll_name = dll_name.decode('ascii', errors='replace')
      if not dll_name:
        dll_name = '<NO DLL NAME>'

      timestamp = getattr(importdata.struct, 'TimeDateStamp', 0)
      if timestamp:
        import_timestamps.append([dll_name, timestamp])
    return import_timestamps 
开发者ID:log2timeline,项目名称:plaso,代码行数:27,代码来源:pe.py

示例11: _GetResourceTimestamps

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def _GetResourceTimestamps(self, pefile_object):
    """Retrieves timestamps from resource directory entries, if available.

    Args:
      pefile_object (pefile.PE): pefile object.

    Returns:
      list[int]: resource timestamps.
    """
    timestamps = []
    if not hasattr(pefile_object, 'DIRECTORY_ENTRY_RESOURCE'):
      return timestamps
    for entrydata in pefile_object.DIRECTORY_ENTRY_RESOURCE.entries:
      directory = entrydata.directory
      timestamp = getattr(directory, 'TimeDateStamp', 0)
      if timestamp:
        timestamps.append(timestamp)
    return timestamps 
开发者ID:log2timeline,项目名称:plaso,代码行数:20,代码来源:pe.py

示例12: _GetDelayImportTimestamps

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def _GetDelayImportTimestamps(self, pefile_object):
    """Retrieves timestamps from delay import entries, if available.

    Args:
      pefile_object (pefile.PE): pefile object.

    Returns:
      tuple[str, int]: name of the DLL being imported and the second is
          the timestamp of the entry.
    """
    delay_import_timestamps = []
    if not hasattr(pefile_object, 'DIRECTORY_ENTRY_DELAY_IMPORT'):
      return delay_import_timestamps
    for importdata in pefile_object.DIRECTORY_ENTRY_DELAY_IMPORT:
      dll_name = importdata.dll
      try:
        dll_name = dll_name.decode('ascii')
      except UnicodeDecodeError:
        dll_name = dll_name.decode('ascii', errors='replace')

      timestamp = getattr(importdata.struct, 'dwTimeStamp', 0)
      delay_import_timestamps.append([dll_name, timestamp])
    return delay_import_timestamps 
开发者ID:log2timeline,项目名称:plaso,代码行数:25,代码来源:pe.py

示例13: decrypt_strings

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def decrypt_strings(algo, str_tuple, bin_path):
    try:
        data = open(bin_path, "rb").read()
        pe = pefile.PE(data=data)
        base_addr = pe.OPTIONAL_HEADER.ImageBase
    except:
        print("error: pefile")
        sys.exit(1)

    decrypted = []
    for size, addr in str_tuple:
        d = pe.get_data(addr - base_addr, size)
        decrypted_str = decrypt_str(d, algo)
        if decrypted_str is not None:
            decrypted.append(decrypted_str)

    return decrypted 
开发者ID:AirbusCyber,项目名称:grap,代码行数:19,代码来源:analyze_backspace.py

示例14: dis

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def dis(self, data, offset, iat_api, bin_instance, verbose=False):
        '''
            data: raw binary of full PE
            va: va of the instruction located at <data[index]>
            iat_api: dict of imported API like {VA_IN_IAT: API_NAME}
        '''

        insts = dict()
        insts = self.linear_sweep_cache(data=data, offset=offset, insts=insts, bin_instance=bin_instance, verbose=verbose)
        insts = self._dis(data=data, offset=offset, iat_api=iat_api, bin_instance=bin_instance, insts=insts, verbose=verbose)

        # Exploration of the exported functions
        self._dis_exported_funcs(bin_instance=bin_instance, insts=insts, data=data, verbose=verbose, iat_api=iat_api)

        # Search for unrecognized functions from their prolog function
        insts = self.dis_prologues(data=data, bin_instance=bin_instance, iat_api=iat_api, insts=insts, verbose=verbose)

        return insts 
开发者ID:AirbusCyber,项目名称:grap,代码行数:20,代码来源:disassembler.py

示例15: open_executable

# 需要导入模块: import pefile [as 别名]
# 或者: from pefile import PE [as 别名]
def open_executable(self):
        try:
            if not os.path.exists(self.file_path):
                raise FileNotFoundException 

            pe_file = pefile.PE(self.file_path)
            if not (pe_file.is_dll() or pe_file.is_exe()):
                raise FileFormatException    

            self.fPtr = open(self.file_path, 'rb')
            self.fileSize = os.stat(self.file_path).st_size
        except FileFormatException:
            print("[-] Not an executable")
            sys.exit(1)
        except FileNotFoundException:
            print("[-] No such file")
            sys.exit(1)
        except:
            print("[-] Error: Could not open {0}".format(self.file_path))
            sys.exit(1) 
开发者ID:countercept,项目名称:python-exe-unpacker,代码行数:22,代码来源:python_exe_unpack.py


注:本文中的pefile.PE属性示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。