def entryPointCalls(path): pyew = CPyew(batch=True) pyew.codeanalysis = True try: pyew.loadFile(path) except KeyboardInterrupt: print "Abort" sys.exit(0) except: print "ERROR loading file %s" % path return if pyew.format != "PE": return calls = [] # Get the disassembl of the first 100 lines l = pyew.disasm(pyew.ep, processor=pyew.processor, type=pyew.type, lines=100, bsize=1600) for i in l: mnem = str(i.mnemonic) # Is it a direct or indirect jump or call? if mnem == "CALL" or mnem.startswith("J") or mnem.startswith("LOOP"): operands = str(i.operands).replace("[", "").replace("]", "") try: if pyew.imports.has_key(int(operands, 16)): x = pyew.imports[int(operands, 16)] if x not in calls: calls.append(x) except: pass if len(calls) > 0: printData(pyew, path, "Library calls at Entry Point") print "Library Calls:", ",".join(calls) print