Python pefile.get_sublang_name_for_lang() Examples
The following are 6
code examples of pefile.get_sublang_name_for_lang().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
pefile
, or try the search function
.
.
Example #1
| Source File: pescanner.py From CapTipper with GNU General Public License v3.0 | 6 votes |
|
def check_rsrc(self, pe):
ret = {}
if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return ret
Example #2
| Source File: peinfo.py From stoq-plugins-public with Apache License 2.0 | 6 votes |
|
def _parse_resource(self, type: str, entry, pe) -> Tuple[Dict, bytes]:
sublang = pefile.get_sublang_name_for_lang(entry.data.lang, entry.data.sublang)
rva = entry.data.struct.OffsetToData
size = entry.data.struct.Size
raw_data = pe.get_data(rva, size)
metadata = {
'type': type,
'resource_id': entry.id,
'resource_type': entry.data.struct.name,
'address': rva,
'offset': pe.get_offset_from_rva(rva),
'sha256': hashlib.sha256(raw_data).hexdigest(),
'sha1': hashlib.sha1(raw_data).hexdigest(),
'md5': hashlib.md5(raw_data).hexdigest(),
'language': pefile.LANG.get(entry.data.lang, 'unknown'),
'sub_language': sublang,
'size': size,
'name': f'resource_{type}_{entry.id}',
}
return (metadata, raw_data)
Example #3
| Source File: pescanner.py From codex-backend with MIT License | 6 votes |
|
def check_rsrc(self, pe):
ret = {}
if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return ret
Example #4
| Source File: static.py From mac-a-mal-cuckoo with MIT License | 5 votes |
|
def _get_resources(self):
"""Get resources.
@return: resources dict or None.
"""
resources = []
if hasattr(self.pe, "DIRECTORY_ENTRY_RESOURCE"):
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if hasattr(resource_type, "directory"):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, "directory"):
for resource_lang in resource_id.directory.entries:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = self._get_filetype(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
resource["name"] = name
resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData)
resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size)
resource["filetype"] = filetype
resource["language"] = language
resource["sublanguage"] = sublanguage
resources.append(resource)
except:
continue
return resources
Example #5
| Source File: static.py From CuckooSploit with GNU General Public License v3.0 | 5 votes |
|
def _get_resources(self):
"""Get resources.
@return: resources dict or None.
"""
if not self.pe:
return None
resources = []
if hasattr(self.pe, "DIRECTORY_ENTRY_RESOURCE"):
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if hasattr(resource_type, "directory"):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, "directory"):
for resource_lang in resource_id.directory.entries:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = self._get_filetype(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
resource["name"] = name
resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData)
resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size)
resource["filetype"] = filetype
resource["language"] = language
resource["sublanguage"] = sublanguage
resources.append(resource)
except:
continue
return resources
Example #6
| Source File: ResourceEntriesPlug.py From codex-backend with MIT License | 4 votes |
|
def process(self):
pelib = self._getLibrary(PEFileModule().getName())
if(pelib is None):
return ""
ret = []
if hasattr(pelib, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pelib.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(
resource_type.struct.Id)
if name is None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = pelib.get_data(
resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
# fd=open(name,'wb')
# fd.write(data)
# (data)
except pefile.PEFormatError:
return "corrupt"
filetype = MIME_TYPE(data, False)
lang = pefile.LANG.get(
resource_lang.data.lang, 'unknown')
sublang = pefile.get_sublang_name_for_lang(
resource_lang.data.lang, resource_lang.data.sublang)
entry = {}
entry["name"] = self._normalize(name)
entry["rva"] = self._normalize(
hex(resource_lang.data.struct.OffsetToData))
entry["size"] = self._normalize(
hex(resource_lang.data.struct.Size))
entry["type"] = self._normalize(filetype)
entry["lang"] = self._normalize(lang)
entry["sublang"] = self._normalize(sublang)
entry["sha1"] = SHA1(data)
ret.append(entry)
return ret
