Python pefile.MACHINE_TYPE Examples
The following are 9
code examples of pefile.MACHINE_TYPE().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
pefile
, or try the search function
.
Example #1
Source File: pecore.py From malwareHunter with GNU General Public License v2.0 | 6 votes |
def get_info(filename): pe = pefile.PE(filename) fn = os.path.basename(filename) # file name fs = os.path.getsize(filename) # file size (in byte) ts = pe.FILE_HEADER.TimeDateStamp # timestamp dl = pe.FILE_HEADER.IMAGE_FILE_DLL # dll sc = pe.FILE_HEADER.NumberOfSections # sections #print "Optional Header:\t\t", hex(pe.OPTIONAL_HEADER.ImageBase) #print "Address Of Entry Point:\t\t", hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint) #print "Subsystem:\t\t\t", pefile.SUBSYSTEM_TYPE[pe.OPTIONAL_HEADER.Subsystem] #machine = 0 #machine = pe.FILE_HEADER.Machine #print "Required CPU type:\t\t", pefile.MACHINE_TYPE[machine] #print "Number of RVA and Sizes:\t", pe.OPTIONAL_HEADER.NumberOfRvaAndSizes return fn, fs, ts, dl, sc # Check for version info & metadata
Example #2
Source File: pe.py From plasma with GNU General Public License v3.0 | 5 votes |
def set_arch_name(self): # TODO ARM # TODO Should we check these flags ? # pefile.OPTIONAL_HEADER_MAGIC_PE # pefile.OPTIONAL_HEADER_MAGIC_PE_PLUS # return pefile.MACHINE_TYPE[self.pe.FILE_HEADER.Machine] if self.pe.FILE_HEADER.Machine == 0x014c: self.arch = "x86" if self.pe.FILE_HEADER.Machine == 0x8664: self.arch = "x64"
Example #3
Source File: pe.py From qiew with GNU General Public License v2.0 | 5 votes |
def hintDisasm(self): if self.PE.FILE_HEADER.Machine & pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_AMD64'] == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_AMD64']: return DisasmViewMode.Disasm_x86_64bit if self.PE.FILE_HEADER.Machine & pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_I386'] == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_I386']: return DisasmViewMode.Disasm_x86_32bit return DisasmViewMode.Disasm_x86_32bit
Example #4
Source File: bindiff.py From ida_haru with Apache License 2.0 | 5 votes |
def _get_machine_type(self, path): try: pe = pefile.PE(path) format_ = 'PE' if pefile.MACHINE_TYPE[pe.FILE_HEADER.Machine].find('I386') != -1: arch = '32-bit' else: arch = '64-bit' except pefile.PEFormatError, detail: try: self._dprint(detail) m = MachO(path) format_ = 'Mach-O' for header in m.headers: if CPU_TYPE_NAMES.get(header.header.cputype,header.header.cputype) == 'x86_64': #if header.MH_MAGIC == MH_MAGIC_64: arch = '64-bit' else: arch = '32-bit' except: try: elffile = ELFFile(open(path, 'rb')) format_ = 'ELF' e_ident = elffile.header['e_ident'] if e_ident['EI_CLASS'] == 'ELFCLASS64': arch = '64-bit' else: arch = '32-bit' except: return None, None #format_ = 'shellcode' #arch = '32-bit' # 32-bit fixed
Example #5
Source File: binary.py From barf-project with BSD 2-Clause "Simplified" License | 5 votes |
def _get_arch_pe(self, pe_file): # get arch if pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_I386']: return arch.ARCH_X86 elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_AMD64']: return arch.ARCH_X86 elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_ARM']: return arch.ARCH_ARM elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_THUMB']: return arch.ARCH_ARM else: raise Exception("Machine not supported.")
Example #6
Source File: binary.py From barf-project with BSD 2-Clause "Simplified" License | 5 votes |
def _get_arch_mode_pe(self, pe_file): # get arch mode if pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_I386']: return arch.ARCH_X86_MODE_32 elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_AMD64']: return arch.ARCH_X86_MODE_64 elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_ARM']: return arch.ARCH_ARM_MODE_ARM elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_THUMB']: return arch.ARCH_ARM_MODE_THUMB else: raise Exception("Machine not supported.")
Example #7
Source File: pe.py From cle with BSD 2-Clause "Simplified" License | 5 votes |
def check_compatibility(cls, spec, obj): if hasattr(spec, 'read') and hasattr(spec, 'seek'): pe = pefile.PE(data=spec.read(), fast_load=True) else: pe = pefile.PE(spec, fast_load=True) arch = archinfo.arch_from_id(pefile.MACHINE_TYPE[pe.FILE_HEADER.Machine]) return arch == obj.arch # # Public methods #
Example #8
Source File: pe_executable.py From dispatch with MIT License | 5 votes |
def _identify_arch(self): machine = pefile.MACHINE_TYPE[self.helper.FILE_HEADER.Machine] if machine == 'IMAGE_FILE_MACHINE_I386': return ARCHITECTURE.X86 elif machine == 'IMAGE_FILE_MACHINE_AMD64': return ARCHITECTURE.X86_64 elif machine == 'IMAGE_FILE_MACHINE_ARM': return ARCHITECTURE.ARM else: return None
Example #9
Source File: pe.py From cle with BSD 2-Clause "Simplified" License | 4 votes |
def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.segments = self.sections # in a PE, sections and segments have the same meaning self.os = 'windows' if self.binary is None: self._pe = pefile.PE(data=self._binary_stream.read(), fast_load=True) self._parse_pe_non_reloc_data_directories() elif self.binary in self._pefile_cache: # these objects are not mutated, so they are reusable within a process self._pe = self._pefile_cache[self.binary] else: self._pe = pefile.PE(self.binary, fast_load=True) self._parse_pe_non_reloc_data_directories() if not self.is_main_bin: # only cache shared libraries, the main binary will not be reused self._pefile_cache[self.binary] = self._pe if self.arch is None: self.set_arch(archinfo.arch_from_id(pefile.MACHINE_TYPE[self._pe.FILE_HEADER.Machine])) self.mapped_base = self.linked_base = self._pe.OPTIONAL_HEADER.ImageBase self._entry = AT.from_rva(self._pe.OPTIONAL_HEADER.AddressOfEntryPoint, self).to_lva() if hasattr(self._pe, 'DIRECTORY_ENTRY_IMPORT'): self.deps = [entry.dll.decode().lower() for entry in self._pe.DIRECTORY_ENTRY_IMPORT] else: self.deps = [] if self.binary is not None and not self.is_main_bin: self.provides = os.path.basename(self.binary).lower() else: self.provides = None self.tls_index_address = None self.tls_callbacks = None self.supports_nx = self._pe.OPTIONAL_HEADER.DllCharacteristics & 0x100 != 0 self.pic = self.pic or self._pe.OPTIONAL_HEADER.DllCharacteristics & 0x40 != 0 if hasattr(self._pe, 'DIRECTORY_ENTRY_LOAD_CONFIG'): self.load_config = {name: value['Value'] for name, value in self._pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct.dump_dict().items() if name != 'Structure'} else: self.load_config = {} self._exports = {} self._ordinal_exports = {} self._symbol_cache = self._exports # same thing self._handle_imports() self._handle_exports() if self.loader._perform_relocations: # parse base relocs self._pe.parse_data_directories(directories=(pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC'],)) self.__register_relocs() # parse TLS self._register_tls() # parse sections self._register_sections() self.linking = 'dynamic' if self.deps else 'static' self.jmprel = self._get_jmprel() self.memory.add_backer(0, self._pe.get_memory_mapped_image())