资源简介
pefile源码库
代码片段和文件信息
# -*- coding: Latin-1 -*-
“““pefile Portable Executable reader module
All the PE file basic structures are available with their default names
as attributes of the instance returned.
Processed elements such as the import table are made available with lowercase
names to differentiate them from the upper case basic structure names.
pefile has been tested against the limits of valid PE headers that is malware.
Lots of packed malware attempt to abuse the format way beyond its standard use.
To the best of my knowledge most of the abuses are handled gracefully.
Copyright (c) 2005-2013 Ero Carrera
All rights reserved.
For detailed copyright information see the file COPYING in
the root of the distribution archive.
“““
__revision__ = “$LastChangedRevision: 139 $“
__author__ = ‘Ero Carrera‘
__version__ = ‘1.2.10-%d‘ % int( __revision__[21:-2] )
__contact__ = ‘ero.carrera@gmail.com‘
import os
import struct
import time
import math
import re
import exceptions
import string
import array
import mmap
import ordlookup
sha1 sha256 sha512 md5 = None None None None
try:
import hashlib
sha1 = hashlib.sha1
sha256 = hashlib.sha256
sha512 = hashlib.sha512
md5 = hashlib.md5
except ImportError:
try:
import sha
sha1 = sha.new
except ImportError:
pass
try:
import md5
md5 = md5.new
except ImportError:
pass
try:
enumerate
except NameError:
def enumerate(iter):
L = list(iter)
return zip(range(0 len(L)) L)
def is_bytearray_available():
if isinstance(__builtins__ dict):
return (‘bytearray‘ in __builtins__)
return (‘bytearray‘ in __builtins__.__dict__)
fast_load = False
# This will set a maximum length of a string to be retrieved from the file.
# It‘s there to prevent loading massive amounts of data from memory mapped
# files. Strings longer than 1MB should be rather rare.
MAX_STRING_LENGTH = 0x100000 # 2^20
IMAGE_DOS_SIGNATURE = 0x5A4D
IMAGE_DOSZM_SIGNATURE = 0x4D5A
IMAGE_NE_SIGNATURE = 0x454E
IMAGE_LE_SIGNATURE = 0x454C
IMAGE_LX_SIGNATURE = 0x584C
IMAGE_TE_SIGNATURE = 0x5A56 # Terse Executables have a ‘VZ‘ signature
IMAGE_NT_SIGNATURE = 0x00004550
IMAGE_NUMBEROF_DIRECTORY_ENTRIES= 16
IMAGE_ORDINAL_FLAG = 0x80000000L
IMAGE_ORDINAL_FLAG64 = 0x8000000000000000L
OPTIONAL_HEADER_MAGIC_PE = 0x10b
OPTIONAL_HEADER_MAGIC_PE_PLUS = 0x20b
directory_entry_types = [
(‘IMAGE_DIRECTORY_ENTRY_EXPORT‘ 0)
(‘IMAGE_DIRECTORY_ENTRY_IMPORT‘ 1)
(‘IMAGE_DIRECTORY_ENTRY_RESOURCE‘ 2)
(‘IMAGE_DIRECTORY_ENTRY_EXCEPTION‘ 3)
(‘IMAGE_DIRECTORY_ENTRY_SECURITY‘ 4)
(‘IMAGE_DIRECTORY_ENTRY_baseRELOC‘ 5)
(‘IMAGE_DIRECTORY_ENTRY_DEBUG‘ 6)
(‘IMAGE_DIRECTORY_ENTRY_COPYRIGHT‘ 7) # Architecture on non-x86 platforms
(‘IMAGE_DIRECT 属性 大小 日期 时间 名称
----------- --------- ---------- ----- ----
文件 6531 2009-04-15 04:30 pefile-1.2.10-139\CHANGES_up_to_1.2.6
文件 1432 2013-12-11 10:30 pefile-1.2.10-139\COPYING
文件 53 2007-08-08 17:08 pefile-1.2.10-139\MANIFEST
文件 205824 2013-12-11 10:34 pefile-1.2.10-139\pefile.py
文件 17965 2013-12-11 10:32 pefile-1.2.10-139\peutils.py
文件 1534 2013-12-11 12:54 pefile-1.2.10-139\PKG-INFO
文件 2815 2013-12-11 10:32 pefile-1.2.10-139\README
文件 59 2013-12-11 12:54 pefile-1.2.10-139\setup.cfg
文件 1062 2013-12-03 17:18 pefile-1.2.10-139\setup.py
文件 659 2013-12-04 15:29 pefile-1.2.10-139\ordlookup\__init__.py
文件 10081 2013-11-20 07:43 pefile-1.2.10-139\ordlookup\oleaut32.py
文件 3032 2013-10-24 08:36 pefile-1.2.10-139\ordlookup\ws2_32.py
文件 1 2013-12-11 12:54 pefile-1.2.10-139\pefile.egg-info\dependency_li
文件 1534 2013-12-11 12:54 pefile-1.2.10-139\pefile.egg-info\PKG-INFO
文件 257 2013-12-11 12:54 pefile-1.2.10-139\pefile.egg-info\SOURCES.txt
文件 25 2013-12-11 12:54 pefile-1.2.10-139\pefile.egg-info\top_level.txt
- 上一篇:信息安全数学基础试题
- 下一篇:非常实用的一片关于锁相环,鉴频鉴相的文章!
川公网安备 51152502000135号
评论
共有 条评论