當前位置: 首頁>>代碼示例>>Python>>正文

Python PE.peFromFileName方法代碼示例

本文整理匯總了Python中PE.peFromFileName方法的典型用法代碼示例。如果您正苦於以下問題:Python PE.peFromFileName方法的具體用法?Python PE.peFromFileName怎麽用?Python PE.peFromFileName使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在PE的用法示例。


在下文中一共展示了PE.peFromFileName方法的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: test_export_by_ordinal_base_45

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
 def test_export_by_ordinal_base_45(self):
     file_path = helpers.getTestPath('windows', 'i386', 'export_by_ordinal_base_45.dll')
     pe = PE.peFromFileName(file_path)
     export_list = pe.getExports()
     self.assertEquals(len(export_list), 2, "expecting 2 exported functions")
     self.assertEquals(export_list[0][1], 45, "exported function with ordinal 45 not found")
     self.assertEquals(export_list[1][1], 55, "exported function with ordinal 55 not found")
開發者ID:BwRy,項目名稱:vivisect,代碼行數:9,代碼來源:testpe.py

示例2: deAslr

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
def deAslr(trace, va):
    '''
    Given an address in an ASLR'd library, rebase
    it back to the address as it would be if the
    given PE were at it's suggested address...
    '''

    if vtrace.remote:
        raise Exception('deAslr only works for local debuggers!')

    map = trace.getMemoryMap(va)
    if map == None:
        return va

    mapva, mapsize, mapperm, mapfname = map
    if not mapfname:
        return va

    normname = trace.normFileName(mapfname)
    sym = trace.getSymByName(normname)
    if sym == None:
        return va

    membase = long(sym)

    pe = PE.peFromFileName(mapfname)
    filebase = pe.IMAGE_NT_HEADERS.OptionalHeader.ImageBase

    rva = va - membase

    return filebase + rva
開發者ID:Anstep,項目名稱:pyew,代碼行數:33,代碼來源:win32aslr.py

示例3: main

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
def main():
    parser = optparse.OptionParser()
    parser.add_option('--version', dest='version', default=False, action='store_true')
    parser.add_option('--resources', dest='resources', default=False, action='store_true')

    opts, argv = parser.parse_args()

    for fname in argv:

        print('Parsing: %s' % fname)

        vsver = None
        expname = None

        pe = PE.peFromFileName(fname)

        if opts.resources:
            print('Type Nameid - rva size sample')
            for rtype, nameid, (rva, size, codepage) in pe.getResources():
                hexstr = pe.readAtRva(rva, max(size, 8)).encode('hex')
                print(('0x%.4x 0x%.4x - 0x%.8x 0x%.8x %s' % (rtype, nameid, rva, size, hexstr)))

        if opts.version:
            vs = pe.getVS_VERSIONINFO()
            if vs is None:
                print('No VS_VERSIONINFO found!')

            else:
                keys = vs.getVersionKeys()
                keys.sort()
                for k in keys:
                    val = vs.getVersionValue(k)
                    print('%s: %r' % (k, val))

        code.interact(local=locals())
開發者ID:bat-serjo,項目名稱:vivisect,代碼行數:37,代碼來源:petool.py

示例4: test_export_by_name

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
 def test_export_by_name(self):
     file_path = helpers.getTestPath('windows', 'i386', 'export_by_name.dll')
     pe = PE.peFromFileName(file_path)
     export_list = pe.getExports()
     self.assertEquals(len(export_list), 2, "expecting 2 exported functions")
     self.assertEquals(export_list[0][1], 0, "exported function with ordinal 0 not found")
     self.assertEquals(export_list[0][2], "Func1", "exported function with name 'Func1' not found")
     self.assertEquals(export_list[1][1], 1, "exported function with ordinal 1 not found")
     self.assertEquals(export_list[1][2], "Func2", "exported function with name 'Func2' not found")
開發者ID:BwRy,項目名稱:vivisect,代碼行數:11,代碼來源:testpe.py

示例5: test_pe_vsersion

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
 def test_pe_vsersion(self):
     fpath = os.path.join('test_pe','bins','wwaninst.dll')
     pe = PE.peFromFileName(fpath)
     vs = pe.getVS_VERSIONINFO()
     self.assertIsNotNone(vs)
     keys = vs.getVersionKeys()
     self.assertEqual(len(keys), len(vs_version))
     for key in vs.getVersionKeys():
         self.assertEqual(vs_version.get(key), vs.getVersionValue(key))
開發者ID:BwRy,項目名稱:vivisect,代碼行數:11,代碼來源:test_version.py

示例6: getOEP

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
def getOEP(trace, filepath):
    base = None

    libs = trace.getMeta("LibraryPaths")
    for k, v in libs.iteritems():
        if filepath in v:
            base = k
    
    if base is None:
        p = PE.peFromFileName(filepath)
        base = p.IMAGE_NT_HEADERS.OptionalHeader.ImageBase
    else:
        p = PE.peFromMemoryObject(trace, base)

    ep = p.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint
    oep = base + ep
    return oep
開發者ID:hoangcuongflp,項目名稱:vtrace_scripts,代碼行數:19,代碼來源:simpleAPI.py

示例7: 

# 需要導入模塊: import PE [as 別名]
# 或者: from PE import peFromFileName [as 別名]
'''
For now, all this does is rename files to their exportname and version info.
(more to come is likely)
'''

if __name__ == "__main__":

    for fname in sys.argv[1:]:

        print 'Parsing: %s' % fname

        vsver = None
        expname = None

        pe = PE.peFromFileName(fname)

        expname = pe.getExportName()

        dirname = os.path.dirname(fname)

        vs = pe.getVS_VERSIONINFO()
        if vs == None:
            print 'No VS_VERSIONINFO found!'

        else:
            keys = vs.getVersionKeys()
            keys.sort()
            for k in keys:
                val = vs.getVersionValue(k)
                print '%s: %s' % (k, val)
開發者ID:Fitblip,項目名稱:SocketSniff,代碼行數:32,代碼來源:petool.py


注:本文中的PE.peFromFileName方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。