コード例 #1
0
 def parse_pe32(self):
     self.pe_section_utils = PESectionUtils(self.bin_contents)
     self.section_headers_info = self.pe_section_utils.get_sections_info()
     imported_dlls = self.get_imported_dlls()
     logging.info('PE Imported DLLs #: {}'.format(len(imported_dlls)))
     logging.info('PE Imported DLLs: \n- {}'.format(
         '\n- '.join(imported_dlls)))
コード例 #2
0
 def parse_pe32(self):
     self.pe_section_utils = PESectionUtils(self.bin_contents)
     self.section_headers_info = self.pe_section_utils.get_sections_info()
     imported_dlls_functions = self.get_pe_dll_imported_functions()
     logging.info('PE Imported DLLs #: {}'.format(
         len(imported_dlls_functions)))
     for imported_dll_functions in imported_dlls_functions:
         logging.info('- {}: {}'.format(
             imported_dll_functions['dll_name'],
             ', '.join(imported_dll_functions['imported_functions'])))
コード例 #3
0
 def parse_pe32(self):
     self.pe_section_utils = PESectionUtils(self.bin_contents)
     self.section_headers_info = self.pe_section_utils.get_sections_info()
     self.pe_data_directory_utils = PEDataDirectoryUtils(self.bin_contents)
     self.data_directory_info = self.pe_data_directory_utils.get_data_directories_info()
     self.image_base_relocation_foff = self.get_image_base_relocation_rva()
     max_reloc_rva = self.get_max_rva_for_relocs()
     logging.info('End RVA for relocation information: {}'.format(max_reloc_rva))
     relocation_rvas = self.get_relocation_rvas(max_reloc_rva)
     logging.info('Virtual Addresses where relocations should be applied ({} relocations):'.format(len(relocation_rvas)))
     for reloc_rva in relocation_rvas:
         logging.info('  0x{:x}'.format(reloc_rva))
コード例 #4
0
 def parse_pe32(self):
     self.pe_section_utils = PESectionUtils(self.bin_contents)
     self.section_headers_info = self.pe_section_utils.get_sections_info()
     self.pe_data_directory_utils = PEDataDirectoryUtils(self.bin_contents)
     self.data_directory_info = self.pe_data_directory_utils.get_data_directories_info()
     self.pe_optional_header_utils = PEOptionalHeaderUtils(self.bin_contents)
     self.image_tls_directory_foff = self.get_image_tls_directory_rva()
     tls_callback_vas = self.get_tls_callbacks()
     logging.info('TLS Callback addresses({} TLS callbacks):'.format(len(tls_callback_vas)))
     for callback_va in tls_callback_vas:
         callback_rva = callback_va - self.pe_optional_header_utils.get_image_base()
         callback_foff = PEGenericUtils.rva_to_file_offset(self.section_headers_info, callback_rva)
         logging.info('  VA: 0x{:x}, RVA: 0x{:x}, File Offset: {}'.format(callback_va, callback_rva, callback_foff))
コード例 #5
0
 def parse_pe32(self):
     self.pe_section_utils = PESectionUtils(self.bin_contents)
     self.section_headers_info = self.pe_section_utils.get_sections_info()
     self.pe_data_directory_utils = PEDataDirectoryUtils(self.bin_contents)
     self.data_directory_info = self.pe_data_directory_utils.get_data_directories_info(
     )
     self.export_directory_foff = self.get_export_descriptor_directory_foff(
     )
     if self.has_exports():
         number_of_functions = self.get_number_of_functions()
         logging.info('Number of Functions: {}'.format(number_of_functions))
         number_of_names = self.get_number_of_names()
         logging.info('Number of Names: {}'.format(number_of_names))
         exported_functions_by_name = self.get_pe_dll_exported_functions()
         logging.info('PE Exported Functions By Name: {}'.format(
             ', '.join(exported_functions_by_name)))
     else:
         logging.info('This DLL does not have exported functions')