Python BaseRelocationData Examples

Programming Language: Python

Namespace/Package Name: pefile

Method/Function: BaseRelocationData

Examples at hotexamples.com: 3

Python BaseRelocationData - 3 examples found. These are the top rated real world Python examples of pefile.BaseRelocationData extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

def add_to_reloc(addr, type):
    for x in updated_reloc:
        if (addr & ~0xFFF) == x.struct.VirtualAddress:
            # insert new entry into existed base reloc
            x.entries.append(new_reloc_entry(addr, type))
            x.struct.SizeOfBlock += 2
            return

    # new a entry
    s = pefile.Structure(pe.__IMAGE_BASE_RELOCATION_format__)
    setattr(s, 'VirtualAddress', addr & ~0xFFF)
    setattr(s, 'SizeOfBlock', 8 + 2)
    s.set_file_offset(0)

    # insert new base reloc
    entries = []
    entries.append(new_reloc_entry(addr, type))
    updated_reloc.append(pefile.BaseRelocationData(struct=s, entries=entries))

Example #2

Show file

File: Type2_Deobfuscate.py Project: mvs-training/levan_PEFile

def get_relocations(pe, image, image_base):
    try:
        relocations = []
        relocation_table = pe.NT_HEADERS.OPTIONAL_HEADER.DATA_DIRECTORY[
            pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC']]
        rva = relocation_table.VirtualAddress
        size = relocation_table.Size
        if size == 0:
            return []

        rlc_size = pefile.Structure(
            pe.__IMAGE_BASE_RELOCATION_format__).sizeof()
        end = rva + size

        while rva < end:
            try:
                rlc = pe.__unpack_data__(
                    pe.__IMAGE_BASE_RELOCATION_format__,
                    image[rva:rva + rlc_size],
                    file_offset=pe.get_offset_from_rva(rva))
            except pefile.PEFormatError:
                rlc = None

            if not rlc:
                break
            print("rlc.VirtualAddress: %x, rlc.SizeOfBlock: %x" %
                  (rlc.VirtualAddress, rlc.SizeOfBlock))
            relocation_entries = parse_relocations(image, image_base, pe,
                                                   rva + rlc_size,
                                                   rlc.VirtualAddress,
                                                   rlc.SizeOfBlock - rlc_size)

            relocations.append(
                pefile.BaseRelocationData(struct=rlc,
                                          entries=relocation_entries))

            if not rlc.SizeOfBlock:
                break
            rva += rlc.SizeOfBlock

        return relocations
    except Exception as ex:
        print(str(ex))

Example #3

Show file

def get_relocations(pe, proc, moduleBaseAddress):
    try:
        relocations = []
        relocTable = pe.NT_HEADERS.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC']]
        rva = relocTable.VirtualAddress
        size = relocTable.Size

        if (size == 0):
            return []
        rlc_size = pefile.Structure(pe.__IMAGE_BASE_RELOCATION_format__).sizeof()
        end = rva + size
        while rva<end:
            try:
                rlc = pe.__unpack_data__(
                    pe.__IMAGE_BASE_RELOCATION_format__,
                    proc.read(moduleBaseAddress + rva, rlc_size),
                    file_offset = pe.get_offset_from_rva(rva) )
            except PEFormatError:
                rlc = None
            
            if not rlc:
                break
            reloc_entries = parse_relocations(proc, moduleBaseAddress, pe, rva+rlc_size, rlc.VirtualAddress, rlc.SizeOfBlock-rlc_size )

            relocations.append(
                pefile.BaseRelocationData(
                    struct = rlc,
                    entries = reloc_entries))

            if not rlc.SizeOfBlock:
                break
            rva += rlc.SizeOfBlock

        return relocations
    except Exception as ex:
        print(str(ex))