forked from guelfoweb/peframe
/
peframe.py
executable file
·120 lines (99 loc) · 3.04 KB
/
peframe.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/usr/bin/env python
# ----------------------------------------------------------------------
# PEframe is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# PEframe is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PEframe. If not, see <http://www.gnu.org/licenses/>.
# ----------------------------------------------------------------------
import os, sys
import time, datetime
import json
sys.path.insert(0, 'modules')
import pefile
import peutils
import pecore
import stdoutput
import help
def is_pe(filename):
try:
global pe
pe = pefile.PE(filename)
return True
except:
print "Error: invalid file"
exit(0)
def autoanalysis(pe, filename, json=False):
if json:
print pecore.get_info(pe, filename), \
pecore.get_cert(pe), \
pecore.get_packer(pe), \
pecore.get_antidbg(pe), \
pecore.get_antivm(filename), \
pecore.get_apialert(pe), \
pecore.get_secalert(pe), \
pecore.get_fileurl(filename), \
pecore.get_meta(pe)
else:
stdoutput.show_auto(
pecore.get_info(pe, filename), \
pecore.get_cert(pe), \
pecore.get_packer(pe), \
pecore.get_antidbg(pe), \
pecore.get_antivm(filename), \
pecore.get_apialert(pe), \
pecore.get_secalert(pe), \
pecore.get_fileurl(filename), \
pecore.get_meta(pe))
#______________________Main______________________
# Manage Args
if len(sys.argv) == 1 or len(sys.argv) > 3:
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-h" or sys.argv[1] == "--help":
help.help()
exit(0)
if len(sys.argv) == 2 and sys.argv[1] == "-v" or sys.argv[1] == "--version":
print help.VERSION
exit(0)
# Auto Analysis
if len(sys.argv) == 2:
filename = sys.argv[1]
is_pe(filename)
autoanalysis(pe, filename)
# Options
if len(sys.argv) == 3:
option = sys.argv[1]
filename = sys.argv[2]
is_pe(filename)
if option == "--json":
autoanalysis(pe, filename, json=True); exit(0)
elif option == "--import":
stdoutput.show_import(pe); exit(0)
elif option == "--export":
stdoutput.show_export(pe); exit(0)
elif option == "--dir-import":
stdoutput.show_directory(pe, "import"); exit(0)
elif option == "--dir-export":
stdoutput.show_directory(pe, "export"); exit(0)
elif option == "--dir-resource":
stdoutput.show_directory(pe, "resource"); exit(0)
elif option == "--dir-debug":
stdoutput.show_directory(pe, "debug"); exit(0)
elif option == "--dir-tls":
stdoutput.show_directory(pe, "tls"); exit(0)
elif option == "--strings":
print pecore.get_strings(filename); sys.exit(0)
elif option == "--sections":
print pecore.get_sections(pe); sys.exit(0)
elif option == "--dump":
print pecore.get_dump(pe); sys.exit(0)
else:
help.help()