def test_fields(self): """ test that we can correctly read TimeDateStamp and SizeOfImage fields from a PE file in particular, check that large TimeDateStamp are correctly read as unsigned integers, and don't become negative values """ # parse the PE file pefile = pe.PEFile(path.join(util.SYMFILES_DIR, "u32_test.dll")) # check that we got expected values self.assertEqual(pefile.TimeDateStamp, TIME_DATE_STAMP) self.assertEqual(pefile.SizeOfImage, SIZE_OF_IMAGE)
def _probe_pe_hash(fname): """ try to parse the specified file as PE file on success, return the PE-style hash for the file if can't parse as PE, returns None """ try: pefile = pe.PEFile(fname) except pe.PESignatureNotFoundError: # does not look like a PE file return None return _pe_hash(pefile)
def _pe_hash(file): pefile = pe.PEFile(file) return "%X%X" % (pefile.TimeDateStamp, pefile.SizeOfImage)