How to use the pefile.RESOURCE_TYPE.get function in pefile
To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
hyuunnn / Hyara / old_version / YaraGenerator_old.py View on Github 
self.label1 = QLabel("Start Offset : ")
self.label2 = QLabel("Length : ")
self.label3 = QLabel("Variable name : ")
self.LineEdit1 = QLineEdit()
self.LineEdit2 = QLineEdit()
self.LineEdit3 = QLineEdit()
self.PushButton1 = QPushButton("Enter")
self.PushButton1.clicked.connect(self.YaraMaker)
for section in self.pe.sections:
self.section_list[section.Name.decode("utf-8").replace("\x00","")] = [hex(section.VirtualAddress), hex(section.SizeOfRawData), hex(section.PointerToRawData)]
for entry in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
resource_type = entry.name
if resource_type is None:
resource_type = pefile.RESOURCE_TYPE.get(entry.struct.Id)
for directory in entry.directory.entries:
for resource in directory.directory.entries:
name = str(resource_type)
if name in "RT_ICON":
name = str(resource_type)
offset = resource.data.struct.OffsetToData
size = resource.data.struct.Size
RVA_ = int(self.section_list['.rsrc'][0],16) - int(self.section_list['.rsrc'][2],16)
real_offset = offset - RVA_
img_size = hex(size)[2:]
if len(img_size) % 2 == 1:
img_size = "0"+img_size
img_ = "\x00\x00\x01\x00\x01\x00\x30\x30\x00\x00\x01\x00\x08\x00" + bytearray.fromhex(img_size)[::-1] + "\x00\x00\x16\x00\x00\x00"
f = open(GetInputFilePath(),"rb")def get_resources(pe):
resources = []
if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
count = 1
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if name is None:
name = str(resource_type.struct.Id)
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_type(data)
md5 = get_md5(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
offset = ('%-8s' % hex(resource_lang.data.struct.OffsetToData)).strip()
size = ('%-8s' % hex(resource_lang.data.struct.Size)).strip()def get_resources_info(self):
res_array = []
printable = string.printable
try:
for resource_type in self.__pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = self.__pe.get_data(resource_lang.data.struct.OffsetToData,
resource_lang.data.struct.Size)
except:
pass
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang(resource_lang.data.lang,
resource_lang.data.sublang)if res1.name:
name = str(res1.name)
for res2 in res1.directory.entries:
lang = res2.data.lang
sub = res2.data.sublang
sub = pefile.get_sublang_name_for_lang(lang, sub)
lang = pefile.LANG.get(lang, '')
self.event['resources'].append({
'id': res1.id,
'name': name,
'language': {
'primary': lang.replace('LANG_', ''),
'sub': sub.replace('SUBLANG_', '')
},
'type': pefile.RESOURCE_TYPE.get(res0.id, '').replace('RT_', ''),
})
data = pe.get_data(res2.data.struct.OffsetToData, res2.data.struct.Size)
if len(data) > 0:
extract_file = strelka.File(
name=f'{name or res1.id}',
source=f'{self.name}::Resource',
)
for c in strelka.chunk_string(data):
self.upload_to_coordinator(
extract_file.pointer,
c,
expire_at,
)
self.files.append(extract_file)def extract_image(pe):
pe = pefile.PE(pe)
for entry in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if hasattr(entry, 'directory'):
resource_type = pefile.RESOURCE_TYPE.get(entry.struct.Id)
if resource_type == "RT_HTML":
for directory in entry.directory.entries:
if hasattr(directory, 'directory'):
resource = directory.directory.entries[0]
data_rva = resource.data.struct.OffsetToData
size = resource.data.struct.Size
data = pe.get_memory_mapped_image()[data_rva:data_rva+size]
with open("Stage 2/RT_HTML", "wb") as f:
f.write(data)def get_resources(pe):
resources = []
if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
count = 1
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id, "UNKNOWN"))
if name is None:
name = str(resource_type.struct.Id)
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData,
resource_lang.data.struct.Size)
entropy = get_entropy(data)
filetype = get_type(data)
md5 = get_md5(data)
sha256 = get_sha256(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
language_desc = LCID.get(resource_lang.id, 'unknown language')def check_rsrc(self):
""" Function needed to determine the compilation language """
try:
ret = {}
if hasattr(self.pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = magic.from_buffer(open(self.filename).read(1024))
lang = pefile.LANG.get(resource_lang.data.lang, 'qq_*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
except pefile.PEFormatError:
pass
except:
Popular pefile functions
- pefile.BaseRelocationData
- pefile.DataContainer
- pefile.DIRECTORY_ENTRY
- pefile.get_sublang_name_for_lang
- pefile.IMAGE_CHARACTERISTICS
- pefile.LANG
- pefile.LANG.get
- pefile.MACHINE_TYPE
- pefile.MACHINE_TYPE.get
- pefile.OPTIONAL_HEADER_MAGIC_PE
- pefile.OPTIONAL_HEADER_MAGIC_PE_PLUS
- pefile.PE
- pefile.PEFormatError
- pefile.RelocationData
- pefile.RESOURCE_TYPE
- pefile.RESOURCE_TYPE.get
- pefile.retrieve_flags
- pefile.SECTION_CHARACTERISTICS
- pefile.Structure
- pefile.SUBSYSTEM_TYPE.get