API tools faq
paste
Advertisement
okayboaa

Untitled

okayboaa
Jan 27th, 2020
288
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.38 KB | None | 0 0
raw download clone embed print report
  1. import pefile
  2.  
  3. class Binary:
  4.  
  5.     def __init__(self, file):
  6.         self.file = file
  7.         self.pe   = pefile.PE(file)
  8.     @staticmethod
  9.     def __help__():    
  10.         print("""
  11.            Binary is a wrapper on top of pefile; static analysis utility
  12.            Exposed methods:
  13.                dataDir -> returns the data directories names, used by the OS for example the import table
  14.                and export table to define the imports and exports of a portable executable
  15.                exportTab and importTab -> returns the exported functions from a DLL and the imported DLLs
  16.                of an executable.
  17.                importTabFuncs -> returns a dictionary of the imported DLLs and the included exported functions
  18.                sections -> returns a dictionary of the available sections in the executable, with additional data
  19.        """)
  20.  
  21.     def dataDir(self):
  22.         data_dirs = []
  23.         for data_directory in self.pe.OPTIONAL_HEADER.DATA_DIRECTORY:
  24.             data_dirs.append(data_directory.name)
  25.         return data_dirs
  26.     def exportTab(self):
  27.         funcs = []
  28.         for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols:
  29.             funcs.append([hex(pe.OPTIONAL_HEADER.ImageBase + exp.address),exp.name.decode('utf-8')])
  30.         return funcs
  31.  
  32.     def importTab(self):
  33.         imported = []
  34.         for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
  35.             imported.append(entry.dll.decode('utf-8'))
  36.         return imported
  37.     def importTabFuncs(self):
  38.         """
  39.        listing symobls ; import table
  40.        hash table:
  41.            dll => [function names]
  42.            useful to determine the capabilities of a malware sample
  43.        """
  44.         funcs = {}
  45.         for entry in self.pe.DIRECTORY_ENTRY_IMPORT:
  46.             dll_name = entry.dll.decode('utf-8')
  47.             if dll_name not in funcs.keys(): funcs[dll_name] = []
  48.             funcs[dll_name] = []
  49.             for func in entry.imports:
  50.                 tmp = []
  51.                 tmp.append(func.name.decode('utf-8'))
  52.                 tmp.append(func.address)
  53.                 funcs[dll_name].append(tmp)
  54.         return funcs
  55.     def sections(self):
  56.         sections = {}
  57.         for section in self.pe.sections:
  58.             sections[section.Name.decode('utf-8').strip("\x00")] = [hex(section.VirtualAddress), hex(section.Misc_VirtualSize), hex(section.SizeOfRawData)]
  59.         return sections
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!