This version adds onto the features provided by version 1.2.9 which introduced the ability to test and generate checksums for the PE file among a few other things.
Please refer to pefile's homepage for a detailed list of the changes.
Also, to get started with pefile it's often useful to take a look at usage examples. There's a wiki page in the project's page showing a few different recipes on how to go about doing different tasks. Some as simple as, for instance, extracing a DLL's exported symbols...
| import pefile pe = pefile.PE(‘/path/to/pefile.exe’) for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols: print hex(pe.OPTIONAL_HEADER.ImageBase + exp.address), exp.name, exp.ordinal |
An all the way into more complex examples.
Enjoy!
6 comments:
Maybe you do know if there is something like pefile for linux elf?
I'm not aware of such project, would love to hear about it if someone knows
This is exactly what you're looking for.
Thanks for info Joxean ;)
Thanks for the pointer Joxean! I wasn't aware of that one. Have you played with it? any good/bad experiences to share?
Yes, I'm using pyelf in Inguma. Is a good library although not very intuitive.
This is an example usage of the library, a tiny disassembler using pydasm.
Post a Comment