def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if (pelib is None):
return ""
ret = {}
# print(dir(pelib.DIRECTORY_ENTRY_EXPORT))
# print(dir(pelib.DIRECTORY_ENTRY_EXPORT.symbols))
if not hasattr(pelib, 'DIRECTORY_ENTRY_EXPORT'):
return ret
ret["characteristics"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.Characteristics
ret["timeDateStamp"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.TimeDateStamp
ret["majorVersion"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.MajorVersion
ret["minorVersion"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.MinorVersion
ret["name"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.Name
ret["base"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.Base
ret["numberOfFunctions"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.NumberOfFunctions
ret["numberOfNames"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.NumberOfNames
ret["addressOfFunctions"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.AddressOfFunctions
ret["AddressOfNames"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.AddressOfNames
ret["AddressOfOrdinals"] = pelib.DIRECTORY_ENTRY_EXPORT.struct.AddressOfNameOrdinals
symbols = []
# print(dir(pelib.DIRECTORY_ENTRY_EXPORT.symbols))
for export in pelib.DIRECTORY_ENTRY_EXPORT.symbols:
# print(dir(export))
# print(export.address)
# print(hex(export.address))
symbol = {}
symbol["ordinal"] = export.ordinal
symbol["name"] = str(export.name).lower()
symbol["RVA"] = export.address
if (export.forwarder is not None):
if (export.forwarder.find('.') != -1):
symbol["forwarder_dll"] = repr(
str(export.forwarder).lower().split('.')[0] + ".dll")
symbol["forwarder_function"] = repr(
str(export.forwarder).lower().split('.')[1])
# symbol["address"]=hex(export.address)
# symbol["address_offset"]=hex(export.address_offset)
# symbol["forwarder_offset"]=hex(export.forwarder_offset)
# symbol["name_offset"]=hex(export.name_offset)
# symbol["ordinal_offset"]=hex(export.ordinal_offset)
# symbol["pe"]=export.pe
symbols.append(symbol)
# print(symbol)
# raw_input()
ret["symbols"] = symbols
return ret
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if (pelib == None): return ""
crc_claimed = pelib.OPTIONAL_HEADER.CheckSum
crc_actual = pelib.generate_checksum()
s = "Claimed: 0x%x, Actual: 0x%x" % (crc_claimed, crc_actual)
return self._normalize(s)
def process2(self):
pe = self._getLibrary(PEFileModule().getName())
if (pe is None):
return ""
# get the security directory entry
address = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY[
'IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress
if address > 0:
# Always in DER format AFAIK
derData = pe.write()[address + 8:]
else:
logging.debug("address 0")
return
(contentInfo, rest) = decoder.decode(derData,
asn1Spec=rfc2315.ContentInfo())
contentType = contentInfo.getComponentByName('contentType')
if contentType == rfc2315.signedData:
signedData = decode(contentInfo.getComponentByName('content'),
asn1Spec=rfc2315.SignedData())
for sd in signedData:
if sd == '':
continue
signerInfos = sd.getComponentByName('signerInfos')
for si in signerInfos:
issuerAndSerial = si.getComponentByName(
'issuerAndSerialNumber')
issuer = issuerAndSerial.getComponentByName(
'issuer').getComponent()
for i in issuer:
for r in i:
at = r.getComponentByName('type')
if rfc2459.id_at_countryName == at:
cn = decode(r.getComponentByName('value'),
asn1Spec=rfc2459.X520countryName())
print(cn[0])
elif rfc2459.id_at_organizationName == at:
on = decode(
r.getComponentByName('value'),
asn1Spec=rfc2459.X520OrganizationName())
print(on[0].getComponent())
elif rfc2459.id_at_organizationalUnitName == at:
ou = decode(
r.getComponentByName('value'),
asn1Spec=rfc2459.X520OrganizationalUnitName())
print(ou[0].getComponent())
elif rfc2459.id_at_commonName == at:
cn = decode(r.getComponentByName('value'),
asn1Spec=rfc2459.X520CommonName())
print(cn[0].getComponent())
else:
print at
def process(self):
pelib=self._getLibrary(PEFileModule().getName())
if(pelib==None):return ""
try:
if (pelib.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']].VirtualAddress == 0):
return ""
except Exception, e:
print str(e)
return ""
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if (pelib is None):
return ""
ret = []
if hasattr(pelib, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pelib.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(
resource_type.struct.Id)
if name is None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = pelib.get_data(
resource_lang.data.struct.OffsetToData,
resource_lang.data.struct.Size)
# fd=open(name,'wb')
# fd.write(data)
# (data)
except pefile.PEFormatError:
return "corrupt"
filetype = MIME_TYPE(data, False)
lang = pefile.LANG.get(resource_lang.data.lang,
'unknown')
sublang = pefile.get_sublang_name_for_lang(
resource_lang.data.lang,
resource_lang.data.sublang)
entry = {}
entry["name"] = self._normalize(name)
entry["rva"] = self._normalize(
hex(resource_lang.data.struct.OffsetToData)
)
entry["size"] = self._normalize(
hex(resource_lang.data.struct.Size))
entry["type"] = self._normalize(filetype)
entry["lang"] = self._normalize(lang)
entry["sublang"] = self._normalize(sublang)
entry["sha1"] = SHA1(data)
ret.append(entry)
return ret
def process(self):
pelib=self._getLibrary(PEFileModule().getName())
if(pelib==None):return ""
name = ''
ep = pelib.OPTIONAL_HEADER.AddressOfEntryPoint
pos = 0
for sec in pelib.sections:
if (ep >= sec.VirtualAddress) and \
(ep < (sec.VirtualAddress + sec.Misc_VirtualSize)):
name = sec.Name.replace('\x00', '')
break
else:
pos += 1
s = "%s %s %d/%d" % (hex(ep+pelib.OPTIONAL_HEADER.ImageBase), name, pos, len(pelib.sections))
return self._normalize(s)
def process(self):
# print("SECTIONS")
# logging.debug("loading pefile")
pelib = self._getLibrary(PEFileModule().getName())
if (pelib is None):
return ""
# logging.debug("iterating sections")
ret = []
number = 0
for section in pelib.sections:
# print(section)
dic_sec = {}
dic_sec["name"] = repr(section.Name)
dic_sec["size_raw_data"] = int(hex(section.SizeOfRawData), 16)
dic_sec["virtual_size"] = int(hex(section.Misc_VirtualSize), 16)
dic_sec["characteristics"] = hex(section.Characteristics)
if (section.__dict__.get('IMAGE_SCN_MEM_WRITE', False)
and section.__dict__.get('IMAGE_SCN_MEM_EXECUTE', False)):
dic_sec["write_executable"] = "True"
else:
dic_sec["write_executable"] = "False"
data = section.get_data()
# logging.debug("calculating hashes")
dic_sec["sha1"] = SHA1(data)
dic_sec["sha2"] = SHA256(data)
dic_sec["md5"] = MD5(data)
# logging.debug("calculating fuzzy")
dic_sec["fuzzy_hash"] = getSsdeep(data)
dic_sec["entropy"] = entropy.shannon_entropy(data) * 8
# logging.debug("finished calculating")
ret.append(dic_sec)
return ret
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if (pelib is None):
return ""
dos = {}
dos["magic"] = self._normalize(pelib.DOS_HEADER.e_magic)
dos["cblp"] = self._normalize(pelib.DOS_HEADER.e_cblp)
dos["cp"] = self._normalize(pelib.DOS_HEADER.e_cp)
dos["crlc"] = self._normalize(pelib.DOS_HEADER.e_crlc)
dos["cparhdr"] = self._normalize(pelib.DOS_HEADER.e_cparhdr)
dos["minalloc"] = self._normalize(pelib.DOS_HEADER.e_minalloc)
dos["maxalloc"] = self._normalize(pelib.DOS_HEADER.e_maxalloc)
dos["ss"] = self._normalize(pelib.DOS_HEADER.e_ss)
dos["sp"] = self._normalize(pelib.DOS_HEADER.e_sp)
dos["csum"] = self._normalize(pelib.DOS_HEADER.e_csum)
dos["ip"] = self._normalize(pelib.DOS_HEADER.e_ip)
dos["cs"] = self._normalize(pelib.DOS_HEADER.e_cs)
dos["lfarlc"] = self._normalize(pelib.DOS_HEADER.e_lfarlc)
dos["ovno"] = self._normalize(pelib.DOS_HEADER.e_ovno)
dos["res"] = self._normalize(pelib.DOS_HEADER.e_res)
dos["oemid"] = self._normalize(pelib.DOS_HEADER.e_oemid)
dos["oeminfo"] = self._normalize(pelib.DOS_HEADER.e_oeminfo)
dos["res2"] = self._normalize(pelib.DOS_HEADER.e_res2)
dos["lfanew"] = self._normalize(pelib.DOS_HEADER.e_lfanew)
nt = {}
nt["Signature"] = self._normalize(pelib.NT_HEADERS.Signature)
fh = {}
fh["Machine"] = self._normalize(pelib.FILE_HEADER.Machine)
fh["NumberOfSections"] = self._normalize(
pelib.FILE_HEADER.NumberOfSections)
fh["TimeDateStamp"] = self._normalize(pelib.FILE_HEADER.TimeDateStamp)
fh["PointerToSymbolTable"] = self._normalize(
pelib.FILE_HEADER.PointerToSymbolTable)
fh["NumberOfSymbols"] = self._normalize(
pelib.FILE_HEADER.NumberOfSymbols)
fh["SizeOfOptionalHeader"] = self._normalize(
pelib.FILE_HEADER.SizeOfOptionalHeader)
fh["Characteristics"] = self._normalize(
pelib.FILE_HEADER.Characteristics)
oh = {}
oh["Magic"] = self._normalize(pelib.OPTIONAL_HEADER.Magic)
oh["MajorLinkerVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MajorLinkerVersion)
oh["MinorLinkerVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MinorLinkerVersion)
oh["SizeOfCode"] = self._normalize(pelib.OPTIONAL_HEADER.SizeOfCode)
oh["SizeOfInitializedData"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfInitializedData)
oh["SizeOfUninitializedData"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfUninitializedData)
oh["AddressOfEntryPoint"] = self._normalize(
pelib.OPTIONAL_HEADER.AddressOfEntryPoint)
oh["BaseOfCode"] = self._normalize(pelib.OPTIONAL_HEADER.BaseOfCode)
oh["ImageBase"] = self._normalize(pelib.OPTIONAL_HEADER.ImageBase)
oh["SectionAlignment"] = self._normalize(
pelib.OPTIONAL_HEADER.SectionAlignment)
oh["FileAlignment"] = self._normalize(
pelib.OPTIONAL_HEADER.FileAlignment)
oh["MajorOperatingSystemVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MajorOperatingSystemVersion)
oh["MinorOperatingSystemVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MinorOperatingSystemVersion)
oh["MajorImageVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MajorImageVersion)
oh["MinorImageVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MinorImageVersion)
oh["MajorSubsystemVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MajorSubsystemVersion)
oh["MinorSubsystemVersion"] = self._normalize(
pelib.OPTIONAL_HEADER.MinorSubsystemVersion)
oh["Reserved1"] = self._normalize(pelib.OPTIONAL_HEADER.Reserved1)
oh["SizeOfImage"] = self._normalize(pelib.OPTIONAL_HEADER.SizeOfImage)
oh["SizeOfHeaders"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfHeaders)
oh["CheckSum"] = self._normalize(pelib.OPTIONAL_HEADER.CheckSum)
oh["Subsystem"] = self._normalize(pelib.OPTIONAL_HEADER.Subsystem)
oh["DllCharacteristics"] = self._normalize(
pelib.OPTIONAL_HEADER.DllCharacteristics)
oh["SizeOfStackReserve"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfStackReserve)
oh["SizeOfStackCommit"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfStackCommit)
oh["SizeOfHeapReserve"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfHeapReserve)
oh["SizeOfHeapCommit"] = self._normalize(
pelib.OPTIONAL_HEADER.SizeOfHeapCommit)
oh["LoaderFlags"] = self._normalize(pelib.OPTIONAL_HEADER.LoaderFlags)
oh["NumberOfRvaAndSizes"] = self._normalize(
pelib.OPTIONAL_HEADER.NumberOfRvaAndSizes)
res = {}
res["dos_header"] = dos
res["nt_header"] = nt
res["file_header"] = fh
res["optional_header"] = oh
return res
print(cn[0])
elif rfc2459.id_at_organizationName == at:
on = decode(r.getComponentByName('value'),asn1Spec=rfc2459.X520OrganizationName())
print(on[0].getComponent())
elif rfc2459.id_at_organizationalUnitName == at:
ou = decode(r.getComponentByName('value'),asn1Spec=rfc2459.X520OrganizationalUnitName())
print(ou[0].getComponent())
elif rfc2459.id_at_commonName == at:
cn = decode(r.getComponentByName('value'),asn1Spec=rfc2459.X520CommonName())
print(cn[0].getComponent())
else:
print at
if __name__=="__main__":
data=open(source_path+"/Test_files/certificate5.codex","rb").read()
sample=Sample()
sample.setBinary(data)
modules={}
pfm=PEFileModule()
modules[pfm.getName()]=pfm
plug=CertficatePlug()
plug.setModules(modules)
plug.setSample(sample)
res=plug.process()
print(res)
#fd=open("certficado.out","wb")
#fd.write(res["bCertificate"])
#fd.close()
str(export.forwarder).lower().split('.')[1])
# symbol["address"]=hex(export.address)
# symbol["address_offset"]=hex(export.address_offset)
# symbol["forwarder_offset"]=hex(export.forwarder_offset)
# symbol["name_offset"]=hex(export.name_offset)
# symbol["ordinal_offset"]=hex(export.ordinal_offset)
# symbol["pe"]=export.pe
symbols.append(symbol)
# print(symbol)
# raw_input()
ret["symbols"] = symbols
return ret
if __name__ == "__main__":
data = open(source_path + "/Test_files/kernel32.dll", "rb").read()
sample = Sample()
sample.setBinary(data)
modules = {}
pfm = PEFileModule()
modules[pfm.getName()] = pfm
plug = ExportsPlug()
plug.setModules(modules)
plug.setSample(sample)
res = plug.process()
# print(res)
def process(self):
raw_certificate_file = "./certPlug.temp"
pelib = self._getLibrary(PEFileModule().getName())
if (pelib is None):
return ""
# reset the offset to the table containing the signature
sigoff = 0
# reset the lenght of the table
siglen = 0
# search for the 'IMAGE_DIRECTORY_ENTRY_SECURITY' directory
# probably there is a direct way to find that directory
# but I am not aware of it at the moment
found = False
for s in pelib.__structures__:
if s.name == 'IMAGE_DIRECTORY_ENTRY_SECURITY':
# set the offset to the signature table
sigoff = s.VirtualAddress
# set the length of the table
siglen = s.Size
# print(siglen)
if (siglen >= 8):
found = True
if not found:
return {}
bin_data = self.sample.getBinary()
totsize = len(bin_data)
if sigoff < totsize:
# hmmm, okay we could possibly read this from the PE object
# but is straightforward to just open the file again
# as a file object
# f = open(a,'rb')
# move to the beginning of signature table
# f.seek(sigoff)
# read the signature table
# thesig = f.read(siglen)
thesig = bin_data[sigoff:(sigoff + siglen)]
# close the file
# f.close()
# now the 'thesig' variable should contain the table with
# the following structure
# DWORD dwLength - this is the length of bCertificate
# WORD wRevision
# WORD wCertificateType
# BYTE bCertificate[dwLength] - this contains the PKCS7 signature
# with all the
# lets dump only the PKCS7 signature (without checking the lenght
# with dwLength)
res = {}
length_raw = thesig[:4]
revision_raw = thesig[4:6]
type_raw = thesig[6:8]
raw_certificate = thesig[8:]
res["length"] = int(binascii.hexlify(length_raw), 16)
res["revision"] = int(binascii.hexlify(revision_raw), 16)
res["type"] = int(binascii.hexlify(type_raw), 16)
res["signed"] = True
fd = open(raw_certificate_file, "w")
fd.write(raw_certificate)
fd.close()
cmd = [
"openssl", "pkcs7", "-inform", "DER", "-print_certs", "-text",
"-in", raw_certificate_file
]
try:
output = check_output(cmd)
except Exception, e:
logging.exception("Plugins: Cert")
return {}
# print(output)
certificates = []
one_cert = {}
iterator = iter(output.split('\n'))
while True:
try:
actual = iterator.next().strip()
# print(actual)
except Exception, e:
break
if (actual.find("Certificate:") == 0):
if (len(one_cert) > 0):
certificates.append(one_cert)
one_cert = {}
elif (actual.find("Serial Number:") == 0):
if (len(actual) > len("Serial Number:") + 2):
hasta = actual.find("(")
serial = actual[len("Serial Number:"):hasta]
serial = serial.strip()
else:
serial = iterator.next().strip()
# print("##%s##"%serial)
one_cert["serial"] = serial.lower()
elif (actual.find("Issuer:") == 0):
s_pos = actual.find(", O=")
if (s_pos >= 0):
f_pos = actual.find(',', s_pos + 1)
if (f_pos < 0):
f_pos = None
issuer_o = actual[s_pos + 4:f_pos]
else:
issuer_o = ""
one_cert["issuer"] = issuer_o.lower()
elif (actual.find("Validity") == 0):
val_in = iterator.next().strip()
val_fin = iterator.next().strip()
one_cert["validity_beg"] = val_in[12:].lower()
one_cert["validity_end"] = val_fin[12:].lower()
elif (actual.find("Subject:") == 0):
s_pos = actual.find(", O=")
if (s_pos >= 0):
f_pos = actual.find(',', s_pos + 1)
if (f_pos < 0):
f_pos = None
subject_o = actual[s_pos + 4:f_pos]
else:
subject_o = ""
one_cert["subject"] = subject_o.lower()
def process(self):
ret={}
data=""
pelib=self._getLibrary(PEFileModule().getName())
if(pelib==None):data=self.sample.getBinary()
else:
for section in pelib.sections:
data=data+section.get_data()
regexp='[A-Za-z0-9/\-:.,_$&@=?%()[\]<> ]{4,}'
strings=re.findall(regexp,data)
aux={}
for s in strings:
aux[repr(s).lower()]=True
unique_strings=[]
for k in aux:
unique_strings.append(k)
mdc=self._getLibrary(MetaDataModule().getName())
if(mdc==None):return ret
searchUsed={}
imports=self.sample.getLastValue("particular_header.imports")
if(imports!=None ):
for i in imports:
searchUsed[i["lib"]]=True
for f in i["functions"]:
searchUsed[f]=True
exports=self.sample.getLastValue("particular_header.exports.symbols")
if(exports!=None ):
#print("No exports")
for i in exports:
searchUsed[i["name"]]=True
if(hasattr(i,"forwarder_dll") and hasattr(i,"forwarder_function")):
searchUsed[i["forwarder_dll"]]=True
searchUsed[i["forwarder_function"]]=True
version_p=self.sample.getLastValue("particular_header.version.string_file_info")
if(version_p!=None ):
for k in version_p.keys():
searchUsed["'"+str(version_p[k])+"'"]=True
raw=[]
hidden=[]
email=[]
url=[]
ip_l=[]
dll=[]
domain=[]
interesting=[]
registry=[]
for s in unique_strings:
#viendo si declara el import o no
#print(s)
#print(searchUsed.get(repr(s).lower()))
#raw_input()
if(searchUsed.get(s)==True): continue
raw.append(s)
#buscando si es un import o no
r=mdc.searchImportByName(s)
if(r!=None):
hidden.append(s)
continue
evaluado=eval(s)
#buscando dll
r=mdc.searchDllByName(s)
if(r!=None):
dll.append(s)
continue
#buscando cosas nombres de archivos
types=["exe","dll","bat","sys","htm","html","js","jar","jpg",
"png","vb","scr","pif","chm","zip","rar","cab","pdf",
"doc","docx","ppt","pptx","xls","xlsx","swf","gif","pdb","cpp"]
salir=False
for pat in types:
if(s.find("."+pat)!=-1):
interesting.append(s)
salir=True
break
if salir: continue
#buscando email
if(validators.email(evaluado)):
email.append(s)
continue
#buscando url
if(validators.url(evaluado)):
url.append(s)
continue
#buscando ip
if(validators.ipv4(evaluado)): #or validators.ipv6(evaluado)):
ip_l.append(s)
continue
#buscando registry
if(s.find("HKLM\\")!=-1 or s.find("HKCU\\")!=-1 ):
registry.append(s)
continue
#buscando dominios
if(validators.domain(evaluado)):
domain.append(s)
continue
ret["raw_strings"]=sorted(raw)
if(len(hidden)>0):ret["hidden_imports"]=sorted(hidden)
if(len(email)>0):ret["emails"]=sorted(email)
if(len(url)>0):ret["urls"]=sorted(url)
if(len(ip_l)>0):ret["ips"]=sorted(ip_l)
if(len(dll)>0):ret["hidden_dll"]=sorted(dll)
if(len(domain)>0):ret["domains"]=sorted(domain)
if(len(interesting)>0):ret["interesting"]=sorted(interesting)
if(len(registry)>0):ret["registry"]=sorted(registry)
return ret
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if (pelib == None): return ""
res = {}
if (hasattr(pelib, "VS_VERSIONINFO")):
vi = {}
vi["Length"] = self._normalize(pelib.VS_VERSIONINFO.Length)
vi["ValueLength"] = self._normalize(
pelib.VS_VERSIONINFO.ValueLength)
vi["Type"] = self._normalize(pelib.VS_VERSIONINFO.Type)
res["version_info"] = vi
if (hasattr(pelib, "VS_FIXEDFILEINFO")):
ffi = {}
ffi["Signature"] = self._normalize(
pelib.VS_FIXEDFILEINFO.Signature)
ffi["StrucVersion"] = self._normalize(
pelib.VS_FIXEDFILEINFO.StrucVersion)
ffi["FileVersionMS"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileVersionMS)
ffi["FileVersionLS"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileVersionLS)
ffi["ProductVersionMS"] = self._normalize(
pelib.VS_FIXEDFILEINFO.ProductVersionMS)
ffi["ProductVersionLS"] = self._normalize(
pelib.VS_FIXEDFILEINFO.ProductVersionLS)
ffi["FileFlagsMask"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileFlagsMask)
ffi["FileFlags"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileFlags)
ffi["FileOS"] = self._normalize(pelib.VS_FIXEDFILEINFO.FileOS)
ffi["FileType"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileType)
ffi["FileSubtype"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileSubtype)
ffi["FileDateMS"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileDateMS)
ffi["FileDateLS"] = self._normalize(
pelib.VS_FIXEDFILEINFO.FileDateLS)
res["fixed_file_info"] = ffi
if (hasattr(pelib, "FileInfo")):
fst = {}
for entry in pelib.FileInfo:
if (hasattr(entry, "StringTable")):
for str_entry in entry.StringTable: # check this. its an array.
#print(str_entry.entries)
#print(dir(str_entry))
fst["LangID"] = str(str_entry.LangID)
fst["LegalCopyright"] = str(
str_entry.entries.get("LegalCopyright"))
fst["InternalName"] = str(
str_entry.entries.get("InternalName"))
fst["FileVersion"] = str(
str_entry.entries.get("FileVersion"))
fst["CompanyName"] = str(
str_entry.entries.get("CompanyName"))
fst["ProductName"] = str(
str_entry.entries.get("ProductName"))
fst["ProductVersion"] = str(
str_entry.entries.get("ProductVersion"))
fst["FileDescription"] = str(
str_entry.entries.get("FileDescription"))
fst["OriginalFilename"] = str(
str_entry.entries.get("OriginalFilename"))
fst["Comments"] = str(
str_entry.entries.get("Comments"))
fst["LegalTrademarks"] = str(
str_entry.entries.get("LegalTrademarks"))
fst["PrivateBuild"] = str(
str_entry.entries.get("PrivateBuild"))
fst["SpecialBuild"] = str(
str_entry.entries.get("SpecialBuild"))
res["string_file_info"] = fst
return res