-
Notifications
You must be signed in to change notification settings - Fork 0
/
pefile.py
executable file
·18 lines (17 loc) · 1.15 KB
/
pefile.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from pefile import PE
from pefile import *
import sys
def getPE(file):
if(PE(file)==True):
PEFileInstance = PE(file, data='module.dll')
yeet = PEFileInstance.dump_info().strip().split('\n')
pedata = []
keys = ['SizeOfOptionalHeader','Characteristics','MajorLinkerVersion','MinorLinkerVersion','SizeOfCode','SizeOfInitializedData','SizeOfUninitializedData','AddressOfEntryPoint','BaseOfCode','BaseOfData','ImageBase','SectionAlignment','FileAlignment','MajorOperatingSystemVersion','MinorOperatingSystemVersion','MajorImageVersion','MinorImageVersion','MajorSubsystemVersion','MinorSubsystemVersion','SizeOfImage','SizeOfHeaders','CheckSum','Subsystem','DllCharacteristics','SizeOfStackReserve','SizeOfStackCommit','SizeOfHeapReserve','SizeOfHeapCommit','LoaderFlags','NumberOfRvaAndSizes','SectionsMeanVirtualsize','SectionsMinVirtualsize','SectionMaxVirtualsize']
for key in keys:
for x in range(len(yeet)):
if(yeet[x].find(key)!=-1):
pedata.append(int(str(yeet[x][48:].strip()),16))
break
print(pedata)
if __name__ == '__main__':
getPE(sys.argv[1])