pefile | Python module to read and work with PE ( Portable Executable | Dataset library
kandi X-RAY | pefile Summary
kandi X-RAY | pefile Summary
pefile is a multi-platform Python module to parse and work with Portable Executable (PE) files. Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data. The structures defined in the Windows header files will be accessible as attributes in the PE instance. The naming of fields/attributes will try to adhere to the naming scheme in those headers. Only shortcuts added for convenience will depart from that convention. pefile requires some basic understanding of the layout of a PE file — with it, it's possible to explore nearly every single feature of the PE file format.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Dump information about this image
- Add text to the text
- Add a line of text
- Add a list of lines
- Parse the export directory
- Return the data at the given RVA
- Unpack data
- Unpack a PE file
- Check if the file is packed
- Parse a TLS directory Tls
- Return the first matching match
- Parse a directory load configuration
- Check if the image is an exe
- Merge modified section data
- Return the name for the given ordinal
- Read attribute from file
- Generate signatures for a section
- Parse an import directory
- Parse debug directory
- Parse a directory bound imports
- Parse the Delay import directory
- Match code data
- Parse exceptions directory
- Set the bitfield format
- Parse relocation directory
- Check if the given section of the file is suspicious
pefile Key Features
pefile Examples and Code Snippets
Lines of Code : 21License : Permissive (MIT)
Copy$ python ta505_unpacker.py -h
▄▄▄█████▓▄▄▄ █████▒█████ █████▒ █ ██ ███▄ █ ██▓███ ▄████▄ ██ ▄█▀██▀███
▓ ██▒ ▓▒████▄ ▓██ ▒██▒ ██▓██ ▒ ██ ▓██▒██ ▀█ █▓██░ ██▒██▀ ▀█ ██▄█▒▓██ ▒ ██▒
▒ ▓██░ ▒▒██ ▀█▄ ▒████ ▒██░ ██▒████ ░ pefile, err := pe.NewPEFile(args[0])
if err != nil {
log.Println("Ooopss looks like there was a problem")
log.Println(err)
return
}
log.Println("Imphash : ", pefile.GetImpHash())
for _, section := range pefile.Sections {
fmt.Println("- 
License : No LicenseCopy#pragma comment(linker, "/export:GetFileVersionInfoA=\"C:\\Windows\\System32\\version.GetFileVersionInfoA\"")
#pragma comment(linker, "/export:GetFileVersionInfoByHandle=\"C:\\Windows\\System32\\version.GetFileVersionInfoByHandle\"")
#pragma comment( pip list
files:
"/opt/elasticbeanstalk/hooks/appdeploy/pre/02a_upgrade_pip.sh":
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
source /opt/python/run/venv/bin/activate
python3 -m pip instalimport pefile
from capstone import *
exe_file = 'C:\\Users\\Philip\\file.exe'
pe = pefile.PE(exe_file)
# find text section
offset = False
for section in pe.sections:
if section.Name == b'.text\x00\x00\x00':
offset = section.V# This alows for packages to be accessed from the **globally** installed Python (NOT the tox env).
sitepackages = True
# This alows for commands to be used available outside tox. Typically used for non-python callables.
whitelist_externaerror: Microsoft Visual C++ 14.0 is required. Get it with "Build Tools for Visual Studio":
https://visualstudio.microsoft.com/downloads/
cd dist/cefapp/cefpython3
ln -s ../* .
pip install -r requirement.txt
#requirement.txt
numpy==1.18.4
openpyxl==3.0.3
pandas==1.0.3
pefile==2019.4.18
PyInstaller==3.6
pylint==2.5.3
Community Discussions
Trending Discussions on pefile
QUESTION
Line:3 Import "sympy" couldn't be resolved
I have installed sympy using pip in my virtual environment. Why am I getting this error? When I run this code I am am getting the following error:
...ANSWER
Answered 2021-May-22 at 12:44The first step is to check whether you are running the code in the virtual environment, to verify that refer the below image
If you are not in a virtual environment that you have created just click that red box that I have marked in that pic and select the respective virtual environment Interpreter (python.exe).
QUESTION
I've been having this problem for a couple of days now, I'm trying to deploy a django app in Elastic Beanstalk but every time I try to do it this particular error shows up:
...ANSWER
Answered 2021-May-18 at 18:55UPDATE:
adding a file to my .ebextensions directory with this command fixed my issue:
QUESTION
I am trying to disassambe a PE file using capstone with python bindings.
...ANSWER
Answered 2021-Feb-10 at 16:19Disasm will disassemble from start of code. You should pass raw data corresponding to code section, not the beginning of PE file, where PE headers reside:
QUESTION
I am using the PeNet nuget package to work with a pe file, there was a problem when creating or deleting a section, I take the code from the author's example, but nothing works. (No errors appear, but no files are written/overwritten.)
Using a C # console application, here's the code:
...ANSWER
Answered 2021-Feb-09 at 15:21From this GitHub issue about a similar topic:
PeNet works internally by loading the whole PE file into a buffer. All changes you make are done to this buffer in memory. If you want to save your changes, you just have to save the buffer.
Unfortunately, the code offered there is incorrect. PEFile has no Buff property. So use:
QUESTION
How do I specify explicitly to MSVC compiler / linker to link against API sets (*ms-win* pattern matcing dlls) instead kernel32.dll, ntdll.dll etc.?
For example, I've created a simple dll, which just calls a few basic WinAPIs. When examining it's IAT (via CFF Explorer, python pefile library etc.) there's only kernel32.dll. What I'd like to happen, is to see *ms-win* dlls instead.
...ANSWER
Answered 2021-Jan-11 at 08:51API sets are used internally even with the 'legacy' system DLLs on Windows 8/Windows 10, so there's no reason you need to use them directly.
That said, there are a number of 'umbrella' libraries you can use instead of linking against classic KERNEL32.DLL, etc.:
- onecore.lib
- onecoreuap.lib
- onecore_apiset.lib
Keep in mind that these are intended to match the same Windows build as the Windows 10 SDK they ship in (i.e. they are forward compatible, not backward). There are *_downlevel.lib versions as well which support older builds of Windows. These are all mostly intended for consumption by driver developers per Microsoft Docs
UWP apps use their own umbrella library WindowsApps.lib / WindowsApps_downlevel.lib.
See Microsoft Docs for more on umbrella libraries.
Not that you should not link with more than one umbrella library, and you shouldn't mix kernel32.lib with umbrella libraries in the same link.
QUESTION
here is the part of the files that are important for this question:
...ANSWER
Answered 2020-Jul-21 at 20:31My compliments on such an extensive report. Your issue lies probably in this weird setup you've got going on.
QUESTION
I am trying to pip install auto-py-to-exe, but got following error.
ANSWER
Answered 2020-Oct-22 at 10:58Try to install Microsoft Visual C++ 14.0.
QUESTION
I have some simple cefpython code opening a url and am trying to create a stand alone executable with pyinstaller:
I copied files from https://github.com/cztomczak/cefpython/tree/master/examples/pyinstaller to a a directry named pyinstaller
I made following minor changes to pyinstaller.spec
...ANSWER
Answered 2020-Oct-14 at 11:32This is not really the answer I would like to accept, but it is at least one solution and contains information, that might lead to a better fix, a better answer.
After debugging with strace I found out, that the executable searches many files like for example icudtl.dat, v8_context_snapshot.bin, locales/* were searched in
'dist/cefapp/cefpython3but were copied todist/cefapp/`
An ugly work around is to do following after compilation
QUESTION
I am attempting to push my flask app to heroku for hosting. All was going well until the PUSH to heroku. I am receiving an error during remote:Building source: and the requirement for exiv2==0.3.1 cannot be satisfied. exiv2==0.3.1 I understand that the requirements section is usually where errors occur, based on the reading I've been doing. However, I am unsure how to proceed besides removing the exiv2 reliant code and losing some functionality...???
requirements.txt
...ANSWER
Answered 2020-Aug-23 at 20:03QUESTION
My Question Is:
I am trying to package a simple code which is mentioned below that has import ibm_db, but I am not able to do it, as it is giving me the below-mentioned error. I have researched a lot on SO and other websites, but most of the solutions that I have encountered say to add the DLL's using --add-binary, I have tried that as well, but still, I am getting the below-mentioned error.
I am using a Windows 10 64-Bit OS, x64-based processor.
I am using a virtual environment created using python -m venv env
The packages mentioned below are installed in my virtual environment.
I hope all these details are enough and qualify as a question.
-- PYTHON VERSION --
Python 3.7.8
-- PYTHON PACKAGES INSTALLED --
altgraph 0.17
future 0.18.2
ibm-db 3.0.2
pefile 2019.4.18
pip 20.1.1
PyInstaller 3.6
pywin32-ctypes 0.2.0
setuptools 47.1.0
-- MY CODE --
ANSWER
Answered 2020-Jul-24 at 12:51Your question does not mention whether the build hostname is the same as the run hostname.
This answer assumes you are running the built executable (output of pyinstaller) on an Microsoft-Windows hostname different from the build hostname.
If you are using the IBM supplied clidriver (which is the default for python ibm_db) , and if this is not already installed on the target environment, and if an alternative IBM supplied Db2 CLI driver is also not preinstalled on the target environment then you must bundle clidriver with your pyinstaller output at build time.
You can include the clidriver tree contents with the following additional argument to pyinstaller:
--add-data="c:\path\to\clidriver;.\clidriver" ^
You can find the path to the clidriver with pip show ibm_db and append clidriver to the Location: name.
If you do bundle like this, there are some considerations:
your bundle is "frozen in time". When IBM updates its clidriver then your previously built executables won't benefit from the security fixes ,defect fixes and enhancements until and unless you re-run pystaller to include the latest clidriver, and redistribute. IBM typically updates this clidriver at least twice per year. This is particularly important if you are using encrypted connections (TLS/SSL).
your bundle size will increase in size due to the inclusion of clidriver within it.
on the target Microsoft-Windows environment, after you unzip your
dist\$name, you may need to run theclidriver\bin\db2cli install -setupto register the component with Microsoft Windows. This allows theodbcad32to be aware of the driver and allow some configuration functionality via theodbcad32GUI.Any dependencies of clidriver must also be met on each target hostname.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install pefile
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
