/
__main__.py
73 lines (54 loc) · 2.21 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# __author__ = 'ximera'
import pefile
import sys
import os
from colors import red, green, yellow, blue, magenta, cyan
import time
def main():
path = sys.argv[1]
if path == 0:
usage(sys.argv[0])
exit()
files_count = len([name for name in os.listdir(path) if os.path.isfile(os.path.join(path, name))])
sys.stdout.write("Total files in dir: %s\n" % str(files_count))
for pe_file in os.listdir(path):
if os.path.isfile(os.path.join(path, pe_file)):
sys.stdout.write(cyan(("\nFile: " + pe_file + "\n")))
if is_pe_file(os.path.join(path, pe_file)):
print_eq_sections(os.path.join(path, pe_file), True)
else:
print_msg(1, "File is not valid PE")
time.sleep(2)
def print_eq_sections(in_file, flag=True, section_name=""):
if not in_file:
print_msg(-1, "File is't exist")
return
sample = pefile.PE(in_file)
for section in sample.sections:
if (section.Misc_VirtualSize == section.SizeOfRawData) and (section_name in section.Name):
sys.stdout.write(magenta("Name: %0s" % section.Name + "\tRawSize = 0x%08x" % section.SizeOfRawData))
sys.stdout.write(magenta("\tVirtualSize = 0x%08x" % section.Misc_VirtualSize))
sys.stdout.write(magenta("\tEntropy = %02d" % section.get_entropy() + "\n"))
elif flag == False:
print_msg(1, "No sections with equal RSize and VSize")
elif flag == True:
sys.stdout.write(blue("Name: %0s" % section.Name + "\tRawSize = 0x%08x" % section.SizeOfRawData))
sys.stdout.write(blue("\tVirtualSize = 0x%08x" % section.Misc_VirtualSize))
sys.stdout.write(blue("\tEntropy = %02d" % section.get_entropy() + "\n"))
def is_pe_file(in_file):
readed_file = open(in_file, 'r')
if readed_file.read(2) == 'MZ':
return 1
else:
return 0
def print_msg(code, msg):
if code == -1:
print red("[ERROR]\t" + msg)
elif code == 1:
print yellow("[WARNING]\t"+msg)
else:
print green("[INFO]\t" + msg)
def usage(module_name):
print 'Usage: ' + module_name + " <folder_with_pe_files>"
if __name__ == '__main__':
main()