LIEF/tests/GenerateConfigPE.py

#!/usr/bin/env python2
#-*- coding: utf-8 -*-

# This file is used to generate config file for LIEF test
# It use `pefile`(https://github.com/erocarrera/pefile) to generate yaml config file

import re
import yaml
import hashlib
import pefile
import sys
import os
import copy

def generate_node_config(node):
    node_y = dict()
    node_y["childs"] = []
    if type(node) == pefile.ResourceDirData:
        node_y["type"] = 0
        node_y["Characteristics"]      = node.struct.Characteristics
        node_y["TimeDateStamp"]        = node.struct.TimeDateStamp
        node_y["MajorVersion"]         = node.struct.MajorVersion
        node_y["MinorVersion"]         = node.struct.MinorVersion
        node_y["NumberOfNamedEntries"] = node.struct.NumberOfNamedEntries
        node_y["NumberOfIdEntries"]    = node.struct.NumberOfIdEntries
        for rsrc in node.entries:
            node_y["childs"].append(generate_node_config(rsrc))

    elif type(node) == pefile.ResourceDirEntryData:
        node_y["type"]          = 1
        node_y["Name"]          = str(node.name)
        node_y["id"]            = node.id
        node_y["OffsetToData"]  = node.struct.OffsetToData
        if hasattr(node, "directory"):
            node_y["childs"].append(generate_node_config(node.directory))
        else:
            node_y["childs"].append(generate_node_config(node.data))
    elif type(node) == pefile.ResourceDataEntryData:
        node_y["type"] = 2
        node_y["OffsetToData"] = node.struct.OffsetToData
        node_y["Size"]         = node.struct.Size
        node_y["CodePage"]     = node.struct.CodePage
        node_y["Reserved"]     = node.struct.Reserved
        node_y["Reserved"]     = node.struct.Reserved
        node_y["lang"]         = node.lang
        node_y["sublang"]      = node.sublang
    else:
        print "Unknown type"
        return

    return node_y

def generate_config(binary_path):
    pe     = pefile.PE(binary_path)

    binary = dict()

    dos_header = dict()

    dos_header["e_magic"]    = pe.DOS_HEADER.e_magic
    dos_header["e_cblp"]     = pe.DOS_HEADER.e_cblp
    dos_header["e_crlc"]     = pe.DOS_HEADER.e_crlc
    dos_header["e_cparhdr"]  = pe.DOS_HEADER.e_cparhdr
    dos_header["e_minalloc"] = pe.DOS_HEADER.e_minalloc
    dos_header["e_maxalloc"] = pe.DOS_HEADER.e_maxalloc
    dos_header["e_ss"]       = pe.DOS_HEADER.e_ss
    dos_header["e_sp"]       = pe.DOS_HEADER.e_sp
    dos_header["e_csum"]     = pe.DOS_HEADER.e_csum

    header = dict()

    header["Machine"]              = pe.FILE_HEADER.Machine
    header["NumberOfSections"]     = pe.FILE_HEADER.NumberOfSections
    header["TimeDateStamp"]        = pe.FILE_HEADER.TimeDateStamp
    header["PointerToSymbolTable"] = pe.FILE_HEADER.PointerToSymbolTable
    header["NumberOfSymbols"]      = pe.FILE_HEADER.NumberOfSymbols
    header["SizeOfOptionalHeader"] = pe.FILE_HEADER.SizeOfOptionalHeader
    header["Characteristics"]      = pe.FILE_HEADER.Characteristics

    optional_header = dict()

    optional_header["Magic"]                       = pe.OPTIONAL_HEADER.Magic
    optional_header["MajorLinkerVersion"]          = pe.OPTIONAL_HEADER.MajorLinkerVersion
    optional_header["MinorLinkerVersion"]          = pe.OPTIONAL_HEADER.MinorLinkerVersion
    optional_header["SizeOfCode"]                  = pe.OPTIONAL_HEADER.SizeOfCode
    optional_header["SizeOfInitializedData"]       = pe.OPTIONAL_HEADER.SizeOfInitializedData
    optional_header["SizeOfUninitializedData"]     = pe.OPTIONAL_HEADER.SizeOfUninitializedData
    optional_header["AddressOfEntryPoint"]         = pe.OPTIONAL_HEADER.AddressOfEntryPoint
    optional_header["BaseOfCode"]                  = pe.OPTIONAL_HEADER.BaseOfCode
    if pe.OPTIONAL_HEADER.Magic == pefile.OPTIONAL_HEADER_MAGIC_PE:
        optional_header["BaseOfData"]                  = pe.OPTIONAL_HEADER.BaseOfData
    optional_header["ImageBase"]                   = pe.OPTIONAL_HEADER.ImageBase
    optional_header["SectionAlignment"]            = pe.OPTIONAL_HEADER.SectionAlignment
    optional_header["FileAlignment"]               = pe.OPTIONAL_HEADER.FileAlignment
    optional_header["MajorOperatingSystemVersion"] = pe.OPTIONAL_HEADER.MajorOperatingSystemVersion
    optional_header["MinorOperatingSystemVersion"] = pe.OPTIONAL_HEADER.MinorOperatingSystemVersion
    optional_header["MajorImageVersion"]           = pe.OPTIONAL_HEADER.MajorImageVersion
    optional_header["MinorImageVersion"]           = pe.OPTIONAL_HEADER.MinorImageVersion
    optional_header["MajorSubsystemVersion"]       = pe.OPTIONAL_HEADER.MajorSubsystemVersion
    optional_header["MinorSubsystemVersion"]       = pe.OPTIONAL_HEADER.MinorSubsystemVersion
    optional_header["Reserved1"]                   = pe.OPTIONAL_HEADER.Reserved1
    optional_header["SizeOfImage"]                 = pe.OPTIONAL_HEADER.SizeOfImage
    optional_header["SizeOfHeaders"]               = pe.OPTIONAL_HEADER.SizeOfHeaders
    optional_header["CheckSum"]                    = pe.OPTIONAL_HEADER.CheckSum
    optional_header["Subsystem"]                   = pe.OPTIONAL_HEADER.Subsystem
    optional_header["DllCharacteristics"]          = pe.OPTIONAL_HEADER.DllCharacteristics
    optional_header["SizeOfStackReserve"]          = pe.OPTIONAL_HEADER.SizeOfStackReserve
    optional_header["SizeOfStackCommit"]           = pe.OPTIONAL_HEADER.SizeOfStackCommit
    optional_header["SizeOfHeapReserve"]           = pe.OPTIONAL_HEADER.SizeOfHeapReserve
    optional_header["SizeOfHeapCommit"]            = pe.OPTIONAL_HEADER.SizeOfHeapCommit
    optional_header["LoaderFlags"]                 = pe.OPTIONAL_HEADER.LoaderFlags
    optional_header["NumberOfRvaAndSizes"]         = pe.OPTIONAL_HEADER.NumberOfRvaAndSizes

    sections = []
    for section in pe.sections:
        sec = dict()
        sec["name"] = str(section.Name).replace("\0", "")
        sec["Misc_VirtualSize"]     = section.Misc_VirtualSize
        sec["VirtualAddress"]       = section.VirtualAddress
        sec["SizeOfRawData"]        = section.SizeOfRawData
        sec["PointerToRawData"]     = section.PointerToRawData
        sec["PointerToRelocations"] = section.PointerToRelocations
        sec["PointerToLinenumbers"] = section.PointerToLinenumbers
        sec["NumberOfRelocations"]  = section.NumberOfRelocations
        sec["NumberOfLinenumbers"]  = section.NumberOfLinenumbers
        sec["Characteristics"]      = section.Characteristics
        sections.append(sec)

    imports = []
    for entry in pe.DIRECTORY_ENTRY_IMPORT:
        import_ = dict()
        import_["name"]           = entry.dll
        import_["TimeDateStamp"]  = entry.struct.TimeDateStamp
        import_["ForwarderChain"] = entry.struct.ForwarderChain
        entries = []
        for imp in entry.imports:
            impo = dict()
            if not imp.import_by_ordinal:
                impo["name"] = imp.name
            else:
                impo["name"] = None

            entries.append(impo)
        import_["entries"] = entries
        imports.append(import_)

    tls = dict()
    if hasattr(pe, "DIRECTORY_ENTRY_TLS"):
        tls["StartAddressOfRawData"] = pe.DIRECTORY_ENTRY_TLS.struct.StartAddressOfRawData
        tls["EndAddressOfRawData"]   = pe.DIRECTORY_ENTRY_TLS.struct.EndAddressOfRawData
        tls["AddressOfIndex"]        = pe.DIRECTORY_ENTRY_TLS.struct.AddressOfIndex
        tls["AddressOfCallBacks"]    = pe.DIRECTORY_ENTRY_TLS.struct.AddressOfCallBacks
        tls["SizeOfZeroFill"]        = pe.DIRECTORY_ENTRY_TLS.struct.SizeOfZeroFill
        tls["Characteristics"]       = pe.DIRECTORY_ENTRY_TLS.struct.Characteristics

    resources = dict()
    if hasattr(pe, "DIRECTORY_ENTRY_RESOURCE"):
        node = pe.DIRECTORY_ENTRY_RESOURCE
        resources = generate_node_config(node)

    binary["dos_header"]      = dos_header
    binary["header"]          = header
    binary["optional_header"] = optional_header
    binary["sections"]        = sections
    binary["imports"]         = imports
    binary["tls"]             = tls
    binary["resources"]       = resources

    binary["filename"] = str(binary_path).split("/")[-1]
    binary["hash"]     = hashlib.md5(binary_path).hexdigest()

    output = open(binary_path + ".yaml", "w")
    yaml.dump(binary, stream=output)
    output.close()

if __name__ == "__main__":
    path_pe32_binaries = "./samples/PE/win32/"
    path_pe64_binaries = "./samples/PE/win64/"

    for binary in os.listdir(path_pe32_binaries):
        if binary.endswith(".exe") or binary.endswith(".dll"):
            print "[PE32] Dealing with:", binary
            generate_config(path_pe32_binaries + binary)

    for binary in os.listdir(path_pe64_binaries):
        if binary.endswith(".exe") or binary.endswith(".dll"):
            print "[PE64] Dealing with:", binary
            generate_config(path_pe64_binaries + binary)