def OnProcessListListItemSelected(self, event):
item_id = self.processList.GetFirstSelected()
item = self.processList.GetItem(item_id, 1)
base = self.type_pid_ch == "decimal" and 10 or 16
pid = int(item.GetText(), base)
self.moduleList.DeleteAllItems()
i = 0
try:
process = running_tasks.get_process_from_pid(pid)
modules = process.get_modules()
for m in modules:
i += 1
# the entry point act as a key
ep = m.get_entry_point()
m_id = ep and hex_up(ep) or '-'
name = m.get_filename()
image_base = hex_up(m.get_base())
size_image = hex_up(m.get_size())
# create the listctrl item
index = self.moduleList.InsertStringItem(sys.maxint, name)
self.moduleList.SetStringItem(index, 1, m_id)
self.moduleList.SetStringItem(index, 2, image_base)
self.moduleList.SetStringItem(index, 3, size_image)
self.moduleList.SetItemData(index, i)
except:
# couldn't load modules
wx.MessageBox('Could not load modules for %s' % pid, 'Error')
self.taskStatus.SetStatusText(str(i), 3)
def loadDlls(self, pe):
dlls = pedata.getAllDllInstances(pe)
idx = 0
for dll in dlls:
dll_name = dll.dll
index = self.dllList.InsertStringItem(sys.maxint, str(idx))
dllStruct = pedata.getDllStructInstance(dll)
oft = dllStruct.OriginalFirstThunk
tds = dllStruct.TimeDateStamp
fc = dllStruct.ForwarderChain
name = dllStruct.Name
ft = dllStruct.FirstThunk
self.dllList.SetStringItem(index, 0, dll_name)
self.dllList.SetStringItem(index, 1, hex_up(oft))
self.dllList.SetStringItem(index, 2, hex_up(tds))
self.dllList.SetStringItem(index, 3, hex_up(fc))
self.dllList.SetStringItem(index, 4, hex_up(name))
self.dllList.SetStringItem(index, 5, hex_up(ft))
self.dllList.SetItemData(index, idx)
idx += 1
def loadDlls(self, pe):
dlls = pedata.getAllDllInstances(pe)
idx = 0
for dll in dlls:
dll_name = dll.dll
index = self.dllList.InsertStringItem(sys.maxint, str(idx))
dllStruct = pedata.getDllStructInstance(dll)
oft = dllStruct.OriginalFirstThunk
tds = dllStruct.TimeDateStamp
fc = dllStruct.ForwarderChain
name = dllStruct.Name
ft = dllStruct.FirstThunk
self.dllList.SetStringItem(index, 0, dll_name)
self.dllList.SetStringItem(index, 1, hex_up(oft))
self.dllList.SetStringItem(index, 2, hex_up(tds))
self.dllList.SetStringItem(index, 3, hex_up(fc))
self.dllList.SetStringItem(index, 4, hex_up(name))
self.dllList.SetStringItem(index, 5, hex_up(ft))
self.dllList.SetItemData(index, idx)
idx += 1
def OnBlockSelected(self, event):
self.BlocksItems.DeleteAllItems()
item_id = self.Blocks.GetFirstSelected()
item = self.Blocks.GetItem(item_id, 0)
index = item.GetText()
#wx.MessageBox("index: %d" % int(index), "index")
reloc_dir = pedata.getRelocDirectory(self.__pe)
items_index = 1
entries = pedata.getRelocDataEntry(
reloc_dir[int(index) - 1]) # -1 because index starts in 1
for entry in entries:
index = self.BlocksItems.InsertStringItem(sys.maxint,
str(items_index))
entry_rva = entry.rva
entry_type = entry.type
if entry_type >= 0:
entry_far_address = self.__pe.get_dword_at_rva(entry_rva)
entry_offset = self.__pe.get_offset_from_rva(entry_rva)
entry_rva_data = entry_far_address - self.__pe.OPTIONAL_HEADER.ImageBase
try:
entry_data = self.__pe.get_data(entry_rva_data, 10)
bytes = get_hex_bytes(entry_data)
if not bytes:
bytes = "-"
except pefile.PEFormatError:
bytes = "-"
self.BlocksItems.SetStringItem(index, 5, "%s" % bytes)
if entry_type == 0: # ABSOLUTE
self.BlocksItems.SetStringItem(index, 0, str(items_index))
self.BlocksItems.SetStringItem(index, 1, "-")
self.BlocksItems.SetStringItem(index, 2, "-")
self.BlocksItems.SetStringItem(
index, 3,
"%s (%d)" % (reloc_types[entry_type], entry_type))
self.BlocksItems.SetStringItem(index, 4, "-")
else:
self.BlocksItems.SetStringItem(index, 0, str(items_index))
self.BlocksItems.SetStringItem(index, 1, hex_up(entry_rva))
self.BlocksItems.SetStringItem(index, 2,
hex_up(entry_offset))
self.BlocksItems.SetStringItem(
index, 3,
"%s (%d)" % (reloc_types[entry_type], entry_type))
self.BlocksItems.SetStringItem(index, 4,
hex_up(entry_far_address))
items_index += 1
def LoadSectionHdrInfo(self):
hdr_data = self.parent.get_section_hdr_data()
self.set_section_flags(hdr_data["Characteristics"])
self._name.SetValue(hdr_data["SectionName"])
self._virtual_size.SetValue(hex_up(hdr_data["VirtualSize"]))
self._virtual_address.SetValue(hex_up(hdr_data["VirtualOffset"]))
self._raw_offset.SetValue(hex_up(hdr_data["RawOffset"]))
self._raw_size.SetValue(hex_up(hdr_data["RawSize"]))
self._flags.SetValue(hex_up(hdr_data["Characteristics"]))
def PrintDataInCtrls(self, rva, va, offset, section, bytes):
to_len = 8
if self.parentDlg.Parent._PE64:
to_len = 16
self._rva.SetValue(hex_up(rva, to_len))
self._va.SetValue(hex_up(va, to_len))
self._offset.SetValue(hex_up(offset, to_len))
self._section.SetValue(section)
self._bytes.SetValue(bytes)
def OnBlockSelected(self, event):
self.BlocksItems.DeleteAllItems()
item_id = self.Blocks.GetFirstSelected()
item = self.Blocks.GetItem(item_id, 0)
index = item.GetText()
#wx.MessageBox("index: %d" % int(index), "index")
reloc_dir = pedata.getRelocDirectory(self.__pe)
items_index = 1
entries = pedata.getRelocDataEntry(reloc_dir[int(index) - 1]) # -1 because index starts in 1
for entry in entries:
index = self.BlocksItems.InsertStringItem(sys.maxint, str(items_index))
entry_rva = entry.rva
entry_type = entry.type
if entry_type >= 0:
entry_far_address = self.__pe.get_dword_at_rva(entry_rva)
entry_offset = self.__pe.get_offset_from_rva(entry_rva)
entry_rva_data = entry_far_address - self.__pe.OPTIONAL_HEADER.ImageBase
try:
entry_data = self.__pe.get_data(entry_rva_data, 10)
bytes = get_hex_bytes(entry_data)
if not bytes:
bytes = "-"
except pefile.PEFormatError:
bytes = "-"
self.BlocksItems.SetStringItem(index, 5, "%s" % bytes)
if entry_type == 0: # ABSOLUTE
self.BlocksItems.SetStringItem(index, 0, str(items_index))
self.BlocksItems.SetStringItem(index, 1, "-")
self.BlocksItems.SetStringItem(index, 2, "-")
self.BlocksItems.SetStringItem(index, 3, "%s (%d)" % (reloc_types[entry_type], entry_type))
self.BlocksItems.SetStringItem(index, 4, "-")
else:
self.BlocksItems.SetStringItem(index, 0, str(items_index))
self.BlocksItems.SetStringItem(index, 1, hex_up(entry_rva))
self.BlocksItems.SetStringItem(index, 2, hex_up(entry_offset))
self.BlocksItems.SetStringItem(index, 3, "%s (%d)" % (reloc_types[entry_type], entry_type))
self.BlocksItems.SetStringItem(index, 4, hex_up(entry_far_address))
items_index += 1
def loadExportSymbols(self, export_data):
e_symbols = export_data.symbols
for symbol in e_symbols:
ordinal = symbol.ordinal
index = self.exports_list.InsertStringItem(sys.maxint, hex_up(ordinal, 4))
symbol_rva = symbol.address
offset = self.__pe.get_offset_from_rva(symbol_rva)
symbol_name = symbol.name
self.exports_list.SetStringItem(index, 0, hex_up(ordinal, 4))
self.exports_list.SetStringItem(index, 1, hex_up(symbol_rva))
self.exports_list.SetStringItem(index, 2, hex_up(offset))
self.exports_list.SetStringItem(index, 3, symbol_name)
def OndllListItemSelected(self, event):
self.functionList.DeleteAllItems()
item_id = self.dllList.GetFirstSelected()
item = self.dllList.GetItem(item_id, 0)
dll = item.GetText()
import_list = pedata.getImports(pedata.getDllInstance(self.__pe, dll))
idx = 0
self.taskStatus.SetStatusText(number=4,
text='Total Number of Functions in %s:' %
dll)
self.taskStatus.SetStatusText(number=5, text='%d' % len(import_list))
for imprt in import_list:
if imprt.import_by_ordinal:
api_name = "Ordinal: %dh / %dd " % (imprt.ordinal,
imprt.ordinal)
else:
api_name = imprt.name
index = self.functionList.InsertStringItem(sys.maxint, str(idx))
thunk_rva = imprt.thunk_rva
thunk_offset = imprt.thunk_offset
thunk_value = self.__pe.get_dword_at_rva(
thunk_rva) # imprt.hint_name_table_rva
hint = imprt.hint
self.functionList.SetStringItem(index, 0, hex_up(thunk_rva))
self.functionList.SetStringItem(index, 1, hex_up(thunk_offset))
if thunk_value != None:
self.functionList.SetStringItem(index, 2, hex_up(thunk_value))
else:
self.functionList.SetStringItem(index, 2, "-")
if hint != None:
self.functionList.SetStringItem(index, 3, hex_up(hint, 4))
else:
self.functionList.SetStringItem(index, 3, "-")
self.functionList.SetStringItem(index, 4, api_name)
self.functionList.SetItemData(index, idx)
idx += 1
def loadData(self):
data = self.parent.getCurrentItemData()
self._rva.SetValue(hex_up(data["RVA"]))
self._name_ordinal.SetValue(hex_up(data["Ordinal"], 4))
self._function_name.SetValue(data["Name"])
p = self.parent.getPeInstance()
e = p.DIRECTORY_ENTRY_EXPORT.struct
raw_data = p.get_data(e.AddressOfNames, 4 * e.NumberOfNames)
addr_of_names = list()
for i in range(0, len(raw_data), 4):
addr_of_names.append(unpack("<L", raw_data[i:i + 4])[0])
self._name_rva.SetValue(hex_up(addr_of_names[data["Ordinal"] - 1]))
def loadExportData(self, export_data):
e_struct = export_data.struct
end = self.__pe.get_data(e_struct.Name).find("\x00") + 1
self._name_string.SetValue(self.__pe.get_data(e_struct.Name, end))
self._offset_to_export_table.SetValue(hex_up(e_struct.get_file_offset()))
self._characteristics.SetValue(hex_up(e_struct.Characteristics))
self._base.SetValue(hex_up(e_struct.Base))
self._name.SetValue(hex_up(e_struct.Name))
self._address_of_functions.SetValue(hex_up(e_struct.AddressOfFunctions))
self._address_of_names.SetValue(hex_up(e_struct.AddressOfNames))
self._number_of_functions.SetValue(hex_up(e_struct.NumberOfFunctions))
self._number_of_names.SetValue(hex_up(e_struct.NumberOfNames))
self._address_of_name_ordinals.SetValue(hex_up(e_struct.AddressOfNameOrdinals))
self._time_date_stamp.SetValue(hex_up(e_struct.TimeDateStamp))
self._minor_version.SetValue(str(e_struct.MinorVersion))
self._major_version.SetValue(str(e_struct.MajorVersion))
def OnExtendedRelocs(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_LNK_NRELOC_OVFL
if not event.IsChecked():
cv -= 2**IMAGE_SCN_LNK_NRELOC_OVFL
self.current_val.SetValue(hex_up(cv))
def OnDiscardable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_DISCARDABLE
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_DISCARDABLE
self.current_val.SetValue(hex_up(cv))
def OnExtendedRelocs(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_LNK_NRELOC_OVFL
if not event.IsChecked():
cv -= 2**IMAGE_SCN_LNK_NRELOC_OVFL
self.current_val.SetValue(hex_up(cv))
def OnNoPageable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_NOT_PAGED
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_NOT_PAGED
self.current_val.SetValue(hex_up(cv))
def OnDiscardable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_DISCARDABLE
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_DISCARDABLE
self.current_val.SetValue(hex_up(cv))
def OnReadeable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_READ
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_READ
self.current_val.SetValue(hex_up(cv))
def OnNotPadded(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_NOPADDED
if not event.IsChecked():
cv -= 2**IMAGE_NOPADDED
self.current_val.SetValue(hex_up(cv))
def OnOtherInfo(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_LNK_INFO
if not event.IsChecked():
cv -= 2**IMAGE_SCN_LNK_INFO
self.current_val.SetValue(hex_up(cv))
def OnComData(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_LNK_COMDAT
if not event.IsChecked():
cv -= 2**IMAGE_SCN_LNK_COMDAT
self.current_val.SetValue(hex_up(cv))
def OnContainsIData(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_CNT_INITIALIZED_DATA
if not event.IsChecked():
cv -= 2**IMAGE_SCN_CNT_INITIALIZED_DATA
self.current_val.SetValue(hex_up(cv))
def OnReadeable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_READ
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_READ
self.current_val.SetValue(hex_up(cv))
def OnOtherInfo(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_LNK_INFO
if not event.IsChecked():
cv -= 2**IMAGE_SCN_LNK_INFO
self.current_val.SetValue(hex_up(cv))
def OnContainsCode(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_CNT_CODE
if not event.IsChecked():
cv -= 2**IMAGE_SCN_CNT_CODE
self.current_val.SetValue(hex_up(cv))
def OnNoImage(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_FARDATA
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_FARDATA
self.current_val.SetValue(hex_up(cv))
def OnWriteable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_WRITE
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_WRITE
self.current_val.SetValue(hex_up(cv))
def OnComData(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_LNK_COMDAT
if not event.IsChecked():
cv -= 2**IMAGE_SCN_LNK_COMDAT
self.current_val.SetValue(hex_up(cv))
def OnWriteable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_WRITE
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_WRITE
self.current_val.SetValue(hex_up(cv))
def OnNoPageable(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_NOT_PAGED
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_NOT_PAGED
self.current_val.SetValue(hex_up(cv))
def loadData(self):
data = self.parent.getCurrentItemData()
self._rva.SetValue(hex_up(data["RVA"]))
self._name_ordinal.SetValue(hex_up(data["Ordinal"], 4))
self._function_name.SetValue(data["Name"])
p = self.parent.getPeInstance()
e = p.DIRECTORY_ENTRY_EXPORT.struct
raw_data = p.get_data(e.AddressOfNames, 4 * e.NumberOfNames)
addr_of_names = list()
for i in range(0, len(raw_data), 4):
addr_of_names.append(unpack("<L", raw_data[i:i+4])[0])
self._name_rva.SetValue(hex_up(addr_of_names[data["Ordinal"] - 1]))
def OnContainsCode(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_CNT_CODE
if not event.IsChecked():
cv -= 2**IMAGE_SCN_CNT_CODE
self.current_val.SetValue(hex_up(cv))
def OnNoImage(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_MEM_FARDATA
if not event.IsChecked():
cv -= 2**IMAGE_SCN_MEM_FARDATA
self.current_val.SetValue(hex_up(cv))
def OnContainsIData(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_SCN_CNT_INITIALIZED_DATA
if not event.IsChecked():
cv -= 2**IMAGE_SCN_CNT_INITIALIZED_DATA
self.current_val.SetValue(hex_up(cv))
def OndllListItemSelected(self, event):
self.functionList.DeleteAllItems()
item_id = self.dllList.GetFirstSelected()
item = self.dllList.GetItem(item_id, 0)
dll = item.GetText()
import_list = pedata.getImports(pedata.getDllInstance(self.__pe, dll))
idx = 0
self.taskStatus.SetStatusText(number=4, text='Total Number of Functions in %s:' % dll)
self.taskStatus.SetStatusText(number=5, text='%d' % len(import_list))
for imprt in import_list:
if imprt.import_by_ordinal:
api_name = "Ordinal: %dh / %dd " % (imprt.ordinal, imprt.ordinal)
else:
api_name = imprt.name
index = self.functionList.InsertStringItem(sys.maxint, str(idx))
thunk_rva = imprt.thunk_rva
thunk_offset = imprt.thunk_offset
thunk_value = self.__pe.get_dword_at_rva(thunk_rva)# imprt.hint_name_table_rva
hint = imprt.hint
self.functionList.SetStringItem(index, 0, hex_up(thunk_rva))
self.functionList.SetStringItem(index, 1, hex_up(thunk_offset))
if thunk_value != None:
self.functionList.SetStringItem(index, 2, hex_up(thunk_value))
else:
self.functionList.SetStringItem(index, 2, "-")
if hint != None:
self.functionList.SetStringItem(index, 3, hex_up(hint, 4))
else:
self.functionList.SetStringItem(index, 3, "-")
self.functionList.SetStringItem(index, 4, api_name)
self.functionList.SetItemData(index,idx)
idx +=1
def OnNotPadded(self, event):
cv = int(self.current_val.GetValue(), 16)
if event.IsChecked():
cv += 2**IMAGE_NOPADDED
if not event.IsChecked():
cv -= 2**IMAGE_NOPADDED
self.current_val.SetValue(hex_up(cv))
def showSectionData(self):
sec_data = getSectionData(self.parent.peInstance)
number_of_sections = self.get_pe_instance().FILE_HEADER.NumberOfSections
for i in range(number_of_sections):
section_name = sec_data[i].Name
v_size = hex_up(sec_data[i].Misc_VirtualSize)
v_offset = hex_up(sec_data[i].VirtualAddress)
r_size = hex_up(sec_data[i].SizeOfRawData)
r_offset = hex_up(sec_data[i].PointerToRawData)
chars = hex_up(sec_data[i].Characteristics)
index = self.sectionList.InsertStringItem(sys.maxint, section_name)
self.sectionList.SetStringItem(index, 0, section_name)
self.sectionList.SetStringItem(index, 1, v_size)
self.sectionList.SetStringItem(index, 2, v_offset)
self.sectionList.SetStringItem(index, 3, r_size)
self.sectionList.SetStringItem(index, 4, r_offset)
self.sectionList.SetStringItem(index, 5, chars)
def loadRelocsInfo(self):
reloc_dir = pedata.getRelocDirectory(self.__pe)
block_index = 1
for entry in reloc_dir:
index = self.Blocks.InsertStringItem(sys.maxint, str(block_index))
entry_rva = entry.struct.VirtualAddress
entry_size_of_block = entry.struct.SizeOfBlock
entry_len = len(entry.entries)
entry_section = self.__pe.sections[pedata.guess_section_from_rva(self.__pe, entry_rva)].Name
self.Blocks.SetStringItem(index, 0, str(block_index))
self.Blocks.SetStringItem(index, 1, entry_section)
self.Blocks.SetStringItem(index, 2, hex_up(entry_rva))
self.Blocks.SetStringItem(index, 3, hex_up(entry_size_of_block, 4))
self.Blocks.SetStringItem(index, 4, "%sh / %sd" % (hex_up(len(entry.entries), 4), len(entry.entries)))
block_index += 1
def showSectionData(self):
sec_data = getSectionData(self.parent.peInstance)
number_of_sections = self.get_pe_instance(
).FILE_HEADER.NumberOfSections
for i in range(number_of_sections):
section_name = sec_data[i].Name
v_size = hex_up(sec_data[i].Misc_VirtualSize)
v_offset = hex_up(sec_data[i].VirtualAddress)
r_size = hex_up(sec_data[i].SizeOfRawData)
r_offset = hex_up(sec_data[i].PointerToRawData)
chars = hex_up(sec_data[i].Characteristics)
index = self.sectionList.InsertStringItem(sys.maxint, section_name)
self.sectionList.SetStringItem(index, 0, section_name)
self.sectionList.SetStringItem(index, 1, v_size)
self.sectionList.SetStringItem(index, 2, v_offset)
self.sectionList.SetStringItem(index, 3, r_size)
self.sectionList.SetStringItem(index, 4, r_offset)
self.sectionList.SetStringItem(index, 5, chars)
def loadProcesses(self):
self.processList.DeleteAllItems()
self.moduleList.DeleteAllItems()
procs = running_tasks.get_processes_list()
i = 0
for p in procs:
i += 1
# the pid act as a key
pid = p.get_pid()
if p.get_filename():
try:
name = os.path.basename(p.get_filename())
image_base = hex_up(p.get_image_base())
size_image = hex_up(p.get_image_size())
except KeyError, e:
wx.MessageBox("Error in: %s, %s" % (name, str(e)), "Error",
wx.ICON_ERROR)
else:
name = '[System]'
image_base = hex_up(0)
size_image = hex_up(0)
owner = p.get_owner()
# create the listctrl item
index = self.processList.InsertStringItem(sys.maxint, name)
if self.type_pid_ch == "decimal":
self.processList.SetStringItem(index, 1, "%d" % pid)
#index = self.processList.InsertStringItem(sys.maxint, "%d" % pid)
else:
self.processList.SetStringItem(index, 1, hex_up(pid))
#index = self.processList.InsertStringItem(sys.maxint, hex_up_8(pid))
#self.processList.SetStringItem(index, 1, name)
self.processList.SetStringItem(index, 2, image_base)
self.processList.SetStringItem(index, 3, size_image)
self.processList.SetStringItem(index, 4, owner)
self.processList.SetItemData(index, i)
self.itemDataMap[i] = (name, pid, image_base, size_image, owner)
def loadTlsInfo(self):
tlsStruct = pedata.getTlsStruct(self.__pe)
self._data_block_start_va.SetValue(hex_up(tlsStruct.StartAddressOfRawData))
self._data_block_end_va.SetValue(hex_up(tlsStruct.EndAddressOfRawData))
self._index_variable_va.SetValue(hex_up(tlsStruct.AddressOfIndex))
self._callback_table_va.SetValue(hex_up(tlsStruct.AddressOfCallBacks))
self._size_of_zero_fill.SetValue(hex_up(tlsStruct.SizeOfZeroFill))
self._characteristics.SetValue(hex_up(tlsStruct.Characteristics))
def loadRelocsInfo(self):
reloc_dir = pedata.getRelocDirectory(self.__pe)
block_index = 1
for entry in reloc_dir:
index = self.Blocks.InsertStringItem(sys.maxint, str(block_index))
entry_rva = entry.struct.VirtualAddress
entry_size_of_block = entry.struct.SizeOfBlock
entry_len = len(entry.entries)
entry_section = self.__pe.sections[pedata.guess_section_from_rva(
self.__pe, entry_rva)].Name
self.Blocks.SetStringItem(index, 0, str(block_index))
self.Blocks.SetStringItem(index, 1, entry_section)
self.Blocks.SetStringItem(index, 2, hex_up(entry_rva))
self.Blocks.SetStringItem(index, 3, hex_up(entry_size_of_block, 4))
self.Blocks.SetStringItem(
index, 4, "%sh / %sd" %
(hex_up(len(entry.entries), 4), len(entry.entries)))
block_index += 1
def loadDebugInfo(self):
dbg_info = pedata.getDebugDirectory(self.__pe)
for entry in dbg_info:
addrOfRawData = entry.struct.AddressOfRawData
index = self.debug_list.InsertStringItem(sys.maxint, hex_up(addrOfRawData))
mjVersion = entry.struct.MajorVersion
miVersion = entry.struct.MinorVersion
Charact = entry.struct.Characteristics
ptrToRawData = entry.struct.PointerToRawData
_type = entry.struct.Type
timeDateStamp = entry.struct.TimeDateStamp
sizeOfData = entry.struct.SizeOfData
self.debug_list.SetStringItem(index, 0, hex_up(Charact))
self.debug_list.SetStringItem(index, 1, hex_up(timeDateStamp))
self.debug_list.SetStringItem(index, 2, hex_up(mjVersion, 4))
self.debug_list.SetStringItem(index, 3, hex_up(miVersion, 4))
self.debug_list.SetStringItem(index, 4, hex_up(_type, 4))
self.debug_list.SetStringItem(index, 5, hex_up(sizeOfData))
self.debug_list.SetStringItem(index, 6, hex_up(addrOfRawData))
self.debug_list.SetStringItem(index, 7, hex_up(ptrToRawData))
def populateComTree(self):
## http://www.ntcore.com/Files/dotnetformat.htm
root = self.com_tree.AddRoot("COM Directory Data")
self.set_py_data(root)
comHdr = COMHeader(self._pe)
CLRHeaderItem = self.com_tree.AppendItem(root, "CLR Header")
self.set_py_data(CLRHeaderItem)
cb = self.com_tree.AppendItem(CLRHeaderItem, "cb: %s" % hex_up(comHdr.get_com_cb()))
self.set_py_data(cb)
minor_version = comHdr.get_minor_runtime_version()
major_version = comHdr.get_major_runtime_version()
versionItem = self.com_tree.AppendItem(CLRHeaderItem, "Version: %d.%d" % (major_version, minor_version))
self.set_py_data(versionItem)
MjVersionRuntimeItem = self.com_tree.AppendItem(versionItem, "MajorRuntimeVersion: %s" % hex_up(major_version, 4))
self.set_py_data(MjVersionRuntimeItem)
MinorVersionRuntimeItem = self.com_tree.AppendItem(versionItem, "MinorRuntimeVersion: %s" % hex_up(minor_version, 4))
self.set_py_data(MinorVersionRuntimeItem)
FlagsItem = self.com_tree.AppendItem(CLRHeaderItem, "Flags: %s" % hex_up(comHdr.get_com_flags()))
self.set_py_data(FlagsItem)
EntryPointTokenItem = self.com_tree.AppendItem(CLRHeaderItem, "EntryPointToken: %s" % hex_up(comHdr.get_entry_point_token()))
self.set_py_data(EntryPointTokenItem)
MetaDataItem = self.com_tree.AppendItem(CLRHeaderItem, "MetaData DataDirectory")
self.set_py_data(MetaDataItem)
#### metadata struct ####
metaDataStruct = comHdr.get_metadata()
MetaDataRvaItem = self.com_tree.AppendItem(MetaDataItem, "VirtualAddress: %s" % hex_up(metaDataStruct[0]))
self.set_py_data(MetaDataRvaItem)
MetaDataSizeItem = self.com_tree.AppendItem(MetaDataItem, "VirtualSize: %s" % hex_up(metaDataStruct[1]))
self.set_py_data(MetaDataSizeItem)
#### resources struct ####
ResourceDirStruct = comHdr.get_resources()
ResourceDataItem = self.com_tree.AppendItem(CLRHeaderItem, "Resources DataDirectory")
self.set_py_data(ResourceDataItem )
ResourceRva = self.com_tree.AppendItem(ResourceDataItem, "VirtualAddress: %s" % hex_up(ResourceDirStruct[0]))
self.set_py_data(ResourceRva)
ResourceSize = self.com_tree.AppendItem(ResourceDataItem, "VirtualSize: %s" % hex_up(ResourceDirStruct[1]))
self.set_py_data(ResourceSize)
#### strongnames struct ####
StrongNameStruct = comHdr.get_strong_name_signature()
StrongNamesItem = self.com_tree.AppendItem(CLRHeaderItem, "StrongNameSignature DataDirectory")
self.set_py_data(StrongNamesItem )
SNRvaItem = self.com_tree.AppendItem(StrongNamesItem, "VirtualAddress: %s" % hex_up(StrongNameStruct[0]))
self.set_py_data(SNRvaItem)
SNSizeItem = self.com_tree.AppendItem(StrongNamesItem, "VirtualSize: %s" % hex_up(StrongNameStruct[1]))
self.set_py_data(SNSizeItem)
#### code manager table struct ####
cmts = comHdr.get_code_manager_table()
cmtItem = self.com_tree.AppendItem(CLRHeaderItem, "CodeManagerTable DataDirectory")
self.set_py_data(cmtItem)
cmtrvaItem = self.com_tree.AppendItem(cmtItem, "VirtualAddress: %s" % hex_up(cmts[0]))
self.set_py_data(cmtrvaItem)
cmtsizeItem = self.com_tree.AppendItem(cmtItem, "VirtualSize: %s" % hex_up(cmts[1]))
self.set_py_data(cmtsizeItem)
#### vtable fixups struct ####
vtfs = comHdr.get_vtable_fixups()
vtfItem = self.com_tree.AppendItem(CLRHeaderItem, "VtableFixups DataDirectory")
self.set_py_data(vtfItem)
vtfrvaItem = self.com_tree.AppendItem(vtfItem, "VirtualAddress: %s" % hex_up(vtfs[0]))
self.set_py_data(vtfrvaItem)
vtfsizeItem = self.com_tree.AppendItem(vtfItem, "VirtualSize: %s" % hex_up(vtfs[1]))
self.set_py_data(vtfsizeItem)
#### export address table jmps struct ####
eatjs = comHdr.get_vtable_fixups()
eatjItem = self.com_tree.AppendItem(CLRHeaderItem, "ExportAddressTableJumps DataDirectory")
self.set_py_data(eatjItem)
eatjrvaItem = self.com_tree.AppendItem(eatjItem, "VirtualAddress: %s" % hex_up(eatjs[0]))
self.set_py_data(eatjrvaItem)
eatjsizeItem = self.com_tree.AppendItem(eatjItem, "VirtualSize: %s" % hex_up(eatjs[1]))
self.set_py_data(eatjsizeItem)
#### managed native header struct ####
mnhs = comHdr.get_vtable_fixups()
mnhItem = self.com_tree.AppendItem(CLRHeaderItem, "ManagedNativeHeader DataDirectory")
self.set_py_data(mnhItem)
mnhrvaItem = self.com_tree.AppendItem(mnhItem, "VirtualAddress: %s" % hex_up(mnhs[0]))
self.set_py_data(mnhrvaItem)
mnhsizeItem = self.com_tree.AppendItem(mnhItem, "VirtualSize: %s" % hex_up(mnhs[1]))
self.set_py_data(mnhsizeItem)
####################################
### METADATA HEADER
####################################
metadataHdrItem = self.com_tree.AppendItem(CLRHeaderItem, "MetaData Header")
self.set_py_data(metadataHdrItem)
mdHdr = comparser.MetaDataHeader(self._pe)
md_sig = self.com_tree.AppendItem(metadataHdrItem, "Signature: %s" % hex_up(mdHdr.get_signature()))
self.set_py_data(md_sig)
md_mj_version = self.com_tree.AppendItem(metadataHdrItem, "Major Version: %s" % hex_up(mdHdr.get_major_version(), 4))
self.set_py_data(md_mj_version)
md_mn_version = self.com_tree.AppendItem(metadataHdrItem, "Minor Version: %s" % hex_up(mdHdr.get_minor_version(), 4))
self.set_py_data(md_mn_version)
md_reserved = self.com_tree.AppendItem(metadataHdrItem, "Reserved: %s" % hex_up(mdHdr.get_reserved()))
self.set_py_data(md_reserved)
md_version_len = self.com_tree.AppendItem(metadataHdrItem, "Version Length: %s" % hex_up(mdHdr.get_version_length()))
self.set_py_data(md_version_len)
md_version_str = self.com_tree.AppendItem(metadataHdrItem, "Version String: %s" % mdHdr.get_version_string())
self.set_py_data(md_version_str)
md_flags = self.com_tree.AppendItem(metadataHdrItem, "Flags: %s" % hex_up(mdHdr.get_metadata_flags(), 4))
self.set_py_data(md_flags)
md_number_of_streams = self.com_tree.AppendItem(metadataHdrItem, "Number of Streams: %s" % hex_up(mdHdr.get_number_of_streams(), 4))
self.set_py_data(md_number_of_streams)
# METADATA STREAM HEADERS
streams = comparser.MetadataStreams(self._pe)
streams.get_headers()
self.com_tree.Expand(root)
def populateTree(self, parent):
root = parent.AddRoot("Bound Imports")
parent.SetPyData(root, None)
for entry in self.__pe.DIRECTORY_ENTRY_BOUND_IMPORT:
child = parent.AppendItem(root, entry.name)
parent.SetPyData(child, None)
timeDateStampItem = parent.AppendItem(child, "TimeDateStamp: %sh [%s UTC]" % (hex_up(entry.struct.TimeDateStamp), time.asctime(time.gmtime(entry.struct.TimeDateStamp))))
parent.SetPyData(timeDateStampItem, None)
offsetModuleNameItem = parent.AppendItem(child, "OffsetModuleName: %sh" % hex_up(entry.struct.OffsetModuleName, 4))
parent.SetPyData(offsetModuleNameItem, None)
fowarderRefsItem = parent.AppendItem(child, "NumberOfModuleForwarderRefs: %sh / %s" % (hex_up(entry.struct.NumberOfModuleForwarderRefs, 4), entry.struct.NumberOfModuleForwarderRefs))
parent.SetPyData(fowarderRefsItem, None)
parent.Expand(root)
def populateComTree(self):
## http://www.ntcore.com/Files/dotnetformat.htm
root = self.com_tree.AddRoot("COM Directory Data")
self.set_py_data(root)
comHdr = COMHeader(self._pe)
CLRHeaderItem = self.com_tree.AppendItem(root, "CLR Header")
self.set_py_data(CLRHeaderItem)
cb = self.com_tree.AppendItem(CLRHeaderItem,
"cb: %s" % hex_up(comHdr.get_com_cb()))
self.set_py_data(cb)
minor_version = comHdr.get_minor_runtime_version()
major_version = comHdr.get_major_runtime_version()
versionItem = self.com_tree.AppendItem(
CLRHeaderItem, "Version: %d.%d" % (major_version, minor_version))
self.set_py_data(versionItem)
MjVersionRuntimeItem = self.com_tree.AppendItem(
versionItem, "MajorRuntimeVersion: %s" % hex_up(major_version, 4))
self.set_py_data(MjVersionRuntimeItem)
MinorVersionRuntimeItem = self.com_tree.AppendItem(
versionItem, "MinorRuntimeVersion: %s" % hex_up(minor_version, 4))
self.set_py_data(MinorVersionRuntimeItem)
FlagsItem = self.com_tree.AppendItem(
CLRHeaderItem, "Flags: %s" % hex_up(comHdr.get_com_flags()))
self.set_py_data(FlagsItem)
EntryPointTokenItem = self.com_tree.AppendItem(
CLRHeaderItem,
"EntryPointToken: %s" % hex_up(comHdr.get_entry_point_token()))
self.set_py_data(EntryPointTokenItem)
MetaDataItem = self.com_tree.AppendItem(CLRHeaderItem,
"MetaData DataDirectory")
self.set_py_data(MetaDataItem)
#### metadata struct ####
metaDataStruct = comHdr.get_metadata()
MetaDataRvaItem = self.com_tree.AppendItem(
MetaDataItem, "VirtualAddress: %s" % hex_up(metaDataStruct[0]))
self.set_py_data(MetaDataRvaItem)
MetaDataSizeItem = self.com_tree.AppendItem(
MetaDataItem, "VirtualSize: %s" % hex_up(metaDataStruct[1]))
self.set_py_data(MetaDataSizeItem)
#### resources struct ####
ResourceDirStruct = comHdr.get_resources()
ResourceDataItem = self.com_tree.AppendItem(CLRHeaderItem,
"Resources DataDirectory")
self.set_py_data(ResourceDataItem)
ResourceRva = self.com_tree.AppendItem(
ResourceDataItem,
"VirtualAddress: %s" % hex_up(ResourceDirStruct[0]))
self.set_py_data(ResourceRva)
ResourceSize = self.com_tree.AppendItem(
ResourceDataItem, "VirtualSize: %s" % hex_up(ResourceDirStruct[1]))
self.set_py_data(ResourceSize)
#### strongnames struct ####
StrongNameStruct = comHdr.get_strong_name_signature()
StrongNamesItem = self.com_tree.AppendItem(
CLRHeaderItem, "StrongNameSignature DataDirectory")
self.set_py_data(StrongNamesItem)
SNRvaItem = self.com_tree.AppendItem(
StrongNamesItem,
"VirtualAddress: %s" % hex_up(StrongNameStruct[0]))
self.set_py_data(SNRvaItem)
SNSizeItem = self.com_tree.AppendItem(
StrongNamesItem, "VirtualSize: %s" % hex_up(StrongNameStruct[1]))
self.set_py_data(SNSizeItem)
#### code manager table struct ####
cmts = comHdr.get_code_manager_table()
cmtItem = self.com_tree.AppendItem(CLRHeaderItem,
"CodeManagerTable DataDirectory")
self.set_py_data(cmtItem)
cmtrvaItem = self.com_tree.AppendItem(
cmtItem, "VirtualAddress: %s" % hex_up(cmts[0]))
self.set_py_data(cmtrvaItem)
cmtsizeItem = self.com_tree.AppendItem(
cmtItem, "VirtualSize: %s" % hex_up(cmts[1]))
self.set_py_data(cmtsizeItem)
#### vtable fixups struct ####
vtfs = comHdr.get_vtable_fixups()
vtfItem = self.com_tree.AppendItem(CLRHeaderItem,
"VtableFixups DataDirectory")
self.set_py_data(vtfItem)
vtfrvaItem = self.com_tree.AppendItem(
vtfItem, "VirtualAddress: %s" % hex_up(vtfs[0]))
self.set_py_data(vtfrvaItem)
vtfsizeItem = self.com_tree.AppendItem(
vtfItem, "VirtualSize: %s" % hex_up(vtfs[1]))
self.set_py_data(vtfsizeItem)
#### export address table jmps struct ####
eatjs = comHdr.get_vtable_fixups()
eatjItem = self.com_tree.AppendItem(
CLRHeaderItem, "ExportAddressTableJumps DataDirectory")
self.set_py_data(eatjItem)
eatjrvaItem = self.com_tree.AppendItem(
eatjItem, "VirtualAddress: %s" % hex_up(eatjs[0]))
self.set_py_data(eatjrvaItem)
eatjsizeItem = self.com_tree.AppendItem(
eatjItem, "VirtualSize: %s" % hex_up(eatjs[1]))
self.set_py_data(eatjsizeItem)
#### managed native header struct ####
mnhs = comHdr.get_vtable_fixups()
mnhItem = self.com_tree.AppendItem(
CLRHeaderItem, "ManagedNativeHeader DataDirectory")
self.set_py_data(mnhItem)
mnhrvaItem = self.com_tree.AppendItem(
mnhItem, "VirtualAddress: %s" % hex_up(mnhs[0]))
self.set_py_data(mnhrvaItem)
mnhsizeItem = self.com_tree.AppendItem(
mnhItem, "VirtualSize: %s" % hex_up(mnhs[1]))
self.set_py_data(mnhsizeItem)
####################################
### METADATA HEADER
####################################
metadataHdrItem = self.com_tree.AppendItem(CLRHeaderItem,
"MetaData Header")
self.set_py_data(metadataHdrItem)
mdHdr = comparser.MetaDataHeader(self._pe)
md_sig = self.com_tree.AppendItem(
metadataHdrItem, "Signature: %s" % hex_up(mdHdr.get_signature()))
self.set_py_data(md_sig)
md_mj_version = self.com_tree.AppendItem(
metadataHdrItem,
"Major Version: %s" % hex_up(mdHdr.get_major_version(), 4))
self.set_py_data(md_mj_version)
md_mn_version = self.com_tree.AppendItem(
metadataHdrItem,
"Minor Version: %s" % hex_up(mdHdr.get_minor_version(), 4))
self.set_py_data(md_mn_version)
md_reserved = self.com_tree.AppendItem(
metadataHdrItem, "Reserved: %s" % hex_up(mdHdr.get_reserved()))
self.set_py_data(md_reserved)
md_version_len = self.com_tree.AppendItem(
metadataHdrItem,
"Version Length: %s" % hex_up(mdHdr.get_version_length()))
self.set_py_data(md_version_len)
md_version_str = self.com_tree.AppendItem(
metadataHdrItem, "Version String: %s" % mdHdr.get_version_string())
self.set_py_data(md_version_str)
md_flags = self.com_tree.AppendItem(
metadataHdrItem,
"Flags: %s" % hex_up(mdHdr.get_metadata_flags(), 4))
self.set_py_data(md_flags)
md_number_of_streams = self.com_tree.AppendItem(
metadataHdrItem,
"Number of Streams: %s" % hex_up(mdHdr.get_number_of_streams(), 4))
self.set_py_data(md_number_of_streams)
# METADATA STREAM HEADERS
streams = comparser.MetadataStreams(self._pe)
streams.get_headers()
self.com_tree.Expand(root)
def loadDirectoryData(self):
dirData = pedata.getDataDirectory(self.__pe)
self._exporttable_rva.SetValue(hex_up(dirData[0].VirtualAddress))
self._exporttable_size.SetValue(hex_up(dirData[0].Size))
self._importtable_rva.SetValue(hex_up(dirData[1].VirtualAddress))
self._importtable_size.SetValue(hex_up(dirData[1].Size))
self._resource_rva.SetValue(hex_up(dirData[2].VirtualAddress))
self._resource_size.SetValue(hex_up(dirData[2].Size))
self._exception_rva.SetValue(hex_up(dirData[3].VirtualAddress))
self._exception_size.SetValue(hex_up(dirData[3].Size))
self._security_rva.SetValue(hex_up(dirData[4].VirtualAddress))
self._security_size.SetValue(hex_up(dirData[4].Size))
self._basereloc_rva.SetValue(hex_up(dirData[5].VirtualAddress))
self._basereloc_size.SetValue(hex_up(dirData[5].Size))
self._debug_rva.SetValue(hex_up(dirData[6].VirtualAddress))
self._debug_size.SetValue(hex_up(dirData[6].Size))
self._copyright_rva.SetValue(hex_up(dirData[7].VirtualAddress))
self._copyright_size.SetValue(hex_up(dirData[7].Size))
self._globalptr_rva.SetValue(hex_up(dirData[8].VirtualAddress))
self._globalptr_size.SetValue(hex_up(dirData[8].Size))
self._tlstable_rva.SetValue(hex_up(dirData[9].VirtualAddress))
self._tlstable_size.SetValue(hex_up(dirData[9].Size))
self._loadconfig_rva.SetValue(hex_up(dirData[10].VirtualAddress))
self._loadconfig_size.SetValue(hex_up(dirData[10].Size))
self._boundimport_rva.SetValue(hex_up(dirData[11].VirtualAddress))
self._boundimport_size.SetValue(hex_up(dirData[11].Size))
self._iat_rva.SetValue(hex_up(dirData[12].VirtualAddress))
self._iat_size.SetValue(hex_up(dirData[12].Size))
self._com_rva.SetValue(hex_up(dirData[14].VirtualAddress))
self._com_size.SetValue(hex_up(dirData[14].Size))
def populate_checkboxes(self):
current_flags = self.parent.get_section_flags()
current_value = 0
if current_flags & 2**IMAGE_SCN_CNT_CODE != 0:
self.cb_containscode.SetValue(True)
current_value += 2**IMAGE_SCN_CNT_CODE
if current_flags & 2**IMAGE_SCN_CNT_INITIALIZED_DATA != 0:
self.cb_containsidata.SetValue(True)
current_value += 2**IMAGE_SCN_CNT_INITIALIZED_DATA
if current_flags & 2**IMAGE_SCN_CNT_UNINITIALIZED_DATA != 0:
self.cb_containsudata.SetValue(True)
current_value += 2**IMAGE_SCN_CNT_UNINITIALIZED_DATA
if current_flags & 2**IMAGE_SCN_LNK_INFO != 0:
self.cb_otherinfo.SetValue(True)
current_value += 2**IMAGE_SCN_LNK_INFO
if current_flags & 2**IMAGE_SCN_LNK_COMDAT != 0:
self.cb_comdata.SetValue(True)
current_value += 2**IMAGE_SCN_LNK_COMDAT
if current_flags & 2**IMAGE_SCN_LNK_NRELOC_OVFL != 0:
self.cb_exetended_relocs.SetValue(True)
current_value += 2**IMAGE_SCN_LNK_NRELOC_OVFL
if current_flags & 2**IMAGE_SCN_MEM_DISCARDABLE != 0:
self.cb_discardable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_DISCARDABLE
if current_flags & 2**IMAGE_SCN_MEM_NOT_CACHED != 0:
self.cb_nocached.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_NOT_CACHED
if current_flags & 2**IMAGE_SCN_MEM_NOT_PAGED != 0:
self.cb_nopageable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_NOT_PAGED
if current_flags & 2**IMAGE_SCN_MEM_SHARED != 0:
self.cb_shareable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_SHARED
if current_flags & 2**IMAGE_SCN_MEM_EXECUTE != 0:
self.cb_executable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_EXECUTE
if current_flags & 2**IMAGE_SCN_MEM_READ != 0:
self.cb_readable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_READ
if current_flags & 2**IMAGE_SCN_MEM_WRITE != 0:
self.cb_writeable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_WRITE
if current_flags & 2**IMAGE_SCN_MEM_FARDATA != 0:
self.cb_noimage.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_FARDATA
if current_flags & 2**IMAGE_NOPADDED != 0:
self.cb_notpadded.SetValue(True)
current_value += 2**IMAGE_NOPADDED
self.current_val.SetValue(hex_up(current_value))
def loadDirectoryData(self):
dirData = pedata.getDataDirectory(self.__pe)
self._exporttable_rva.SetValue(hex_up(dirData[0].VirtualAddress))
self._exporttable_size.SetValue(hex_up(dirData[0].Size))
self._importtable_rva.SetValue(hex_up(dirData[1].VirtualAddress))
self._importtable_size.SetValue(hex_up(dirData[1].Size))
self._resource_rva.SetValue(hex_up(dirData[2].VirtualAddress))
self._resource_size.SetValue(hex_up(dirData[2].Size))
self._exception_rva.SetValue(hex_up(dirData[3].VirtualAddress))
self._exception_size.SetValue(hex_up(dirData[3].Size))
self._security_rva.SetValue(hex_up(dirData[4].VirtualAddress))
self._security_size.SetValue(hex_up(dirData[4].Size))
self._basereloc_rva.SetValue(hex_up(dirData[5].VirtualAddress))
self._basereloc_size.SetValue(hex_up(dirData[5].Size))
self._debug_rva.SetValue(hex_up(dirData[6].VirtualAddress))
self._debug_size.SetValue(hex_up(dirData[6].Size))
self._copyright_rva.SetValue(hex_up(dirData[7].VirtualAddress))
self._copyright_size.SetValue(hex_up(dirData[7].Size))
self._globalptr_rva.SetValue(hex_up(dirData[8].VirtualAddress))
self._globalptr_size.SetValue(hex_up(dirData[8].Size))
self._tlstable_rva.SetValue(hex_up(dirData[9].VirtualAddress))
self._tlstable_size.SetValue(hex_up(dirData[9].Size))
self._loadconfig_rva.SetValue(hex_up(dirData[10].VirtualAddress))
self._loadconfig_size.SetValue(hex_up(dirData[10].Size))
self._boundimport_rva.SetValue(hex_up(dirData[11].VirtualAddress))
self._boundimport_size.SetValue(hex_up(dirData[11].Size))
self._iat_rva.SetValue(hex_up(dirData[12].VirtualAddress))
self._iat_size.SetValue(hex_up(dirData[12].Size))
self._com_rva.SetValue(hex_up(dirData[14].VirtualAddress))
self._com_size.SetValue(hex_up(dirData[14].Size))
def populate_checkboxes(self):
current_flags = self.parent.get_section_flags()
current_value = 0
if current_flags & 2**IMAGE_SCN_CNT_CODE != 0:
self.cb_containscode.SetValue(True)
current_value += 2**IMAGE_SCN_CNT_CODE
if current_flags & 2**IMAGE_SCN_CNT_INITIALIZED_DATA != 0:
self.cb_containsidata.SetValue(True)
current_value += 2**IMAGE_SCN_CNT_INITIALIZED_DATA
if current_flags & 2**IMAGE_SCN_CNT_UNINITIALIZED_DATA != 0:
self.cb_containsudata.SetValue(True)
current_value += 2**IMAGE_SCN_CNT_UNINITIALIZED_DATA
if current_flags & 2**IMAGE_SCN_LNK_INFO != 0:
self.cb_otherinfo.SetValue(True)
current_value += 2**IMAGE_SCN_LNK_INFO
if current_flags & 2**IMAGE_SCN_LNK_COMDAT != 0:
self.cb_comdata.SetValue(True)
current_value += 2**IMAGE_SCN_LNK_COMDAT
if current_flags & 2**IMAGE_SCN_LNK_NRELOC_OVFL != 0:
self.cb_exetended_relocs.SetValue(True)
current_value += 2**IMAGE_SCN_LNK_NRELOC_OVFL
if current_flags & 2**IMAGE_SCN_MEM_DISCARDABLE != 0:
self.cb_discardable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_DISCARDABLE
if current_flags & 2**IMAGE_SCN_MEM_NOT_CACHED != 0:
self.cb_nocached.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_NOT_CACHED
if current_flags & 2**IMAGE_SCN_MEM_NOT_PAGED != 0:
self.cb_nopageable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_NOT_PAGED
if current_flags & 2**IMAGE_SCN_MEM_SHARED != 0:
self.cb_shareable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_SHARED
if current_flags & 2**IMAGE_SCN_MEM_EXECUTE != 0:
self.cb_executable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_EXECUTE
if current_flags & 2**IMAGE_SCN_MEM_READ != 0:
self.cb_readable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_READ
if current_flags & 2**IMAGE_SCN_MEM_WRITE != 0:
self.cb_writeable.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_WRITE
if current_flags & 2**IMAGE_SCN_MEM_FARDATA != 0:
self.cb_noimage.SetValue(True)
current_value += 2**IMAGE_SCN_MEM_FARDATA
if current_flags & 2**IMAGE_NOPADDED != 0:
self.cb_notpadded.SetValue(True)
current_value += 2**IMAGE_NOPADDED
self.current_val.SetValue(hex_up(current_value))
def loadDosHdrInfo(self):
dos_header = pedata.getDosHeader(self._pe)
self._e_magic.SetValue(hex_up(dos_header.e_magic, 4))
self._e_cblp.SetValue(hex_up(dos_header.e_cblp, 1))
self._e_cp.SetValue(hex_up(dos_header.e_cp, 1))
self._e_crlc.SetValue(hex_up(dos_header.e_crlc, 1))
self._e_cparhdr.SetValue(hex_up(dos_header.e_cparhdr, 1))
self._e_minalloc.SetValue(hex_up(dos_header.e_minalloc, 1))
self._e_maxalloc.SetValue(hex_up(dos_header.e_maxalloc, 4))
self._e_ss.SetValue(hex_up(dos_header.e_ss, 1))
self._e_sp.SetValue(hex_up(dos_header.e_sp, 1))
self._e_csum.SetValue(hex_up(dos_header.e_csum, 1))
self._e_ip.SetValue(hex_up(dos_header.e_ip, 1))
self._e_cs.SetValue(hex_up(dos_header.e_cs, 1))
self._e_lfarlc.SetValue(hex_up(dos_header.e_lfarlc, 1))
self._e_ovno.SetValue(hex_up(dos_header.e_ovno, 1))
self._e_res.SetValue(str(dos_header.e_res))
self._e_oemid.SetValue(hex_up(dos_header.e_oemid, 1))
self._e_oeminfo.SetValue(hex_up(dos_header.e_oeminfo, 1))
self._e_res2.SetValue(str(dos_header.e_res2))
self._e_lfanew.SetValue(hex_up(dos_header.e_lfanew, 1))
def printPeHeaderData(self, pdata):
self.entrypoint.SetValue(hex_up(pdata["EntryPoint"]))
self.imagebase.SetValue(hex_up(pdata["ImageBase"]))
self.baseofcode.SetValue(hex_up(pdata["BaseOfCode"]))
if not self.isIA64:
self.baseofdata.SetValue(hex_up(pdata["BaseOfData"]))
self.sizeofimage.SetValue(hex_up(pdata["SizeOfImage"]))
self.sizeofheaders.SetValue(hex_up(pdata["SizeOfHeaders"]))
self.secalignment.SetValue(hex_up(pdata["SectionAlignment"]))
self.falignment.SetValue(hex_up(pdata["FileAlignment"]))
self.subsystem.SetValue(hex_up(pdata["Subsystem"], 4))
self.machinetype.SetValue(hex_up(pdata["MachineType"], 4))
self.numberofsections.SetValue(hex_up(pdata["NumberOfSections"], 4))
self.timadatestamp.SetValue(hex_up(pdata["TimeDateStamp"]))
self.symboltable.SetValue(hex_up(pdata["PointerToSymbolTable"]))
self.numberofsymbols.SetValue(hex_up(pdata["NumberOfSymbols"]))
self.sizeofoptionalhdr.SetValue(hex_up(pdata["SizeOfOptionalHeader"], 4))
self.characteristics.SetValue(hex_up(pdata["Characteristics"], 4))
def loadDosHdrInfo(self):
dos_header = pedata.getDosHeader(self._pe)
self._e_magic.SetValue(hex_up(dos_header.e_magic, 4))
self._e_cblp.SetValue(hex_up(dos_header.e_cblp, 1))
self._e_cp.SetValue(hex_up(dos_header.e_cp, 1))
self._e_crlc.SetValue(hex_up(dos_header.e_crlc, 1))
self._e_cparhdr.SetValue(hex_up(dos_header.e_cparhdr, 1))
self._e_minalloc.SetValue(hex_up(dos_header.e_minalloc, 1))
self._e_maxalloc.SetValue(hex_up(dos_header.e_maxalloc, 4))
self._e_ss.SetValue(hex_up(dos_header.e_ss, 1))
self._e_sp.SetValue(hex_up(dos_header.e_sp, 1))
self._e_csum.SetValue(hex_up(dos_header.e_csum, 1))
self._e_ip.SetValue(hex_up(dos_header.e_ip, 1))
self._e_cs.SetValue(hex_up(dos_header.e_cs, 1))
self._e_lfarlc.SetValue(hex_up(dos_header.e_lfarlc, 1))
self._e_ovno.SetValue(hex_up(dos_header.e_ovno, 1))
self._e_res.SetValue(str(dos_header.e_res))
self._e_oemid.SetValue(hex_up(dos_header.e_oemid, 1))
self._e_oeminfo.SetValue(hex_up(dos_header.e_oeminfo, 1))
self._e_res2.SetValue(str(dos_header.e_res2))
self._e_lfanew.SetValue(hex_up(dos_header.e_lfanew, 1))