# ---------------------------------------------------------------------- import os import loadfile try: import pefile import peutils except ImportError: print 'Error: import pefile or peutils modules failed.' exit(0) # Load array by file antidbg.txt - Suspicious Functions Anti Debug fn_antidbg = os.path.abspath('signatures' + os.sep + 'antidbg.txt') # return pathname antidbgs = loadfile.get_apilist(fn_antidbg) def get(pe): array = [] DEI = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT') if DEI: for lib in pe.DIRECTORY_ENTRY_IMPORT: for imp in lib.imports: for antidbg in antidbgs: if antidbg: if str(imp.name).startswith(antidbg): array.append(imp.name) return sorted(set(array))
import os import loadfile try: import pefile import peutils except ImportError: print 'Error: import pefile or peutils modules failed.' exit(0) # Load array by file antidbg.txt - Suspicious Functions Anti Debug fn_antidbg = os.path.abspath('signatures' + os.sep + 'antidbg.txt') # return pathname antidbgs = loadfile.get_apilist(fn_antidbg) def get(pe): array = [] DEI = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT') if DEI: for lib in pe.DIRECTORY_ENTRY_IMPORT: for imp in lib.imports: for antidbg in antidbgs: if antidbg: if str(imp.name).startswith(antidbg): array.append(imp.name) return sorted(set(array))
# along with PEframe. If not, see <http://www.gnu.org/licenses/>. # ---------------------------------------------------------------------- import os import loadfile from peframe import get_data try: import pefile import peutils except ImportError: print 'Error: import pefile or peutils modules failed.' exit(0) # Load array by file antidbg.txt - Suspicious Functions Anti Debug antidbgs = loadfile.get_apilist(get_data('antidbg.txt')) def get(pe): array = [] DEI = hasattr(pe, 'DIRECTORY_ENTRY_IMPORT') if DEI: for lib in pe.DIRECTORY_ENTRY_IMPORT: for imp in lib.imports: for antidbg in antidbgs: if antidbg: if str(imp.name).startswith(antidbg): array.append(imp.name) return sorted(set(array))