From 5e86f97c96fecc1aa54e4ec0edd60241fa33f627 Mon Sep 17 00:00:00 2001 From: Wesley Shields Date: Sat, 30 Nov 2013 22:21:10 -0500 Subject: [PATCH] Implement a bunch of parsed attributes. These are all the things the dump-prog pulls out already. --- python/pepy.cpp | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ python/test.py | 26 +++++++++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/python/pepy.cpp b/python/pepy.cpp index 1f67734..265b0d1 100644 --- a/python/pepy.cpp +++ b/python/pepy.cpp @@ -556,6 +556,32 @@ PEPY_PARSED_GET(numberofsections, nt.FileHeader.NumberOfSections) PEPY_PARSED_GET(timedatestamp, nt.FileHeader.TimeDateStamp) PEPY_PARSED_GET(numberofsymbols, nt.FileHeader.NumberOfSymbols) PEPY_PARSED_GET(characteristics, nt.FileHeader.Characteristics) +PEPY_PARSED_GET(magic, nt.OptionalHeader.Magic) +PEPY_PARSED_GET(majorlinkerver, nt.OptionalHeader.MajorLinkerVersion) +PEPY_PARSED_GET(minorlinkerver, nt.OptionalHeader.MinorLinkerVersion) +PEPY_PARSED_GET(codesize, nt.OptionalHeader.SizeOfCode); +PEPY_PARSED_GET(initdatasize, nt.OptionalHeader.SizeOfInitializedData); +PEPY_PARSED_GET(uninitdatasize, nt.OptionalHeader.SizeOfUninitializedData); +PEPY_PARSED_GET(entrypointaddr, nt.OptionalHeader.AddressOfEntryPoint); +PEPY_PARSED_GET(baseofcode, nt.OptionalHeader.BaseOfCode); +PEPY_PARSED_GET(baseofdata, nt.OptionalHeader.BaseOfData); +PEPY_PARSED_GET(imagebase, nt.OptionalHeader.ImageBase); +PEPY_PARSED_GET(sectionalignement, nt.OptionalHeader.SectionAlignment); +PEPY_PARSED_GET(filealingment, nt.OptionalHeader.FileAlignment); +PEPY_PARSED_GET(majorosver, nt.OptionalHeader.MajorOperatingSystemVersion); +PEPY_PARSED_GET(minorosver, nt.OptionalHeader.MinorOperatingSystemVersion); +PEPY_PARSED_GET(win32ver, nt.OptionalHeader.Win32VersionValue); +PEPY_PARSED_GET(imagesize, nt.OptionalHeader.SizeOfImage); +PEPY_PARSED_GET(headersize, nt.OptionalHeader.SizeOfHeaders); +PEPY_PARSED_GET(checksum, nt.OptionalHeader.CheckSum); +PEPY_PARSED_GET(subsystem, nt.OptionalHeader.Subsystem); +PEPY_PARSED_GET(dllcharacteristics, nt.OptionalHeader.DllCharacteristics); +PEPY_PARSED_GET(stackreservesize, nt.OptionalHeader.SizeOfStackReserve); +PEPY_PARSED_GET(stackcommitsize, nt.OptionalHeader.SizeOfStackCommit); +PEPY_PARSED_GET(heapreservesize, nt.OptionalHeader.SizeOfHeapReserve); +PEPY_PARSED_GET(heapcommitsize, nt.OptionalHeader.SizeOfHeapCommit); +PEPY_PARSED_GET(loaderflags, nt.OptionalHeader.LoaderFlags); +PEPY_PARSED_GET(rvasandsize, nt.OptionalHeader.NumberOfRvaAndSizes); static PyGetSetDef pepy_parsed_getseters[] = { OBJECTGETTER(parsed, signature, "PE Signature"), @@ -564,6 +590,32 @@ static PyGetSetDef pepy_parsed_getseters[] = { OBJECTGETTER(parsed, timedatestamp, "Timedate stamp"), OBJECTGETTER(parsed, numberofsymbols, "Number of symbols"), OBJECTGETTER(parsed, characteristics, "Characteristics"), + OBJECTGETTER(parsed, magic, "Magic"), + OBJECTGETTER(parsed, majorlinkerver, "Major linker version"), + OBJECTGETTER(parsed, minorlinkerver, "Minor linker version"), + OBJECTGETTER(parsed, codesize, "Size of code"), + OBJECTGETTER(parsed, initdatasize, "Size of initialized data"), + OBJECTGETTER(parsed, uninitdatasize, "Size of uninitialized data"), + OBJECTGETTER(parsed, entrypointaddr, "Address of entry point"), + OBJECTGETTER(parsed, baseofcode, "Base address of code"), + OBJECTGETTER(parsed, baseofdata, "Base address of data"), + OBJECTGETTER(parsed, imagebase, "Image base address"), + OBJECTGETTER(parsed, sectionalignement, "Section alignment"), + OBJECTGETTER(parsed, filealingment, "File alignment"), + OBJECTGETTER(parsed, majorosver, "Major OS version"), + OBJECTGETTER(parsed, minorosver, "Minor OS version"), + OBJECTGETTER(parsed, win32ver, "Win32 version"), + OBJECTGETTER(parsed, imagesize, "Size of image"), + OBJECTGETTER(parsed, headersize, "Size of headers"), + OBJECTGETTER(parsed, checksum, "Checksum"), + OBJECTGETTER(parsed, subsystem, "Subsystem"), + OBJECTGETTER(parsed, dllcharacteristics, "DLL characteristics"), + OBJECTGETTER(parsed, stackreservesize, "Size of stack reserve"), + OBJECTGETTER(parsed, stackcommitsize, "Size of stack commit"), + OBJECTGETTER(parsed, heapreservesize, "Size of heap reserve"), + OBJECTGETTER(parsed, heapcommitsize, "Size of heap commit"), + OBJECTGETTER(parsed, loaderflags, "Loader flags"), + OBJECTGETTER(parsed, rvasandsize, "Number of RVA and sizes"), { NULL } }; diff --git a/python/test.py b/python/test.py index 52f6bbf..37725d4 100755 --- a/python/test.py +++ b/python/test.py @@ -7,12 +7,38 @@ import pepy p = pepy.parse(sys.argv[1]) ep = p.get_entry_point() byts = p.get_bytes(ep, 8) +print "Magic: %s" % hex(p.magic) print "Signature: %s" % hex(p.signature) print "Machine: %s" % hex(p.machine) print "Number of sections: %s" % p.numberofsections print "Number of symbols: %s" % p.numberofsymbols print "Characteristics: %s" % hex(p.characteristics) print "Timedatestamp: %s" % time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(p.timedatestamp)) +print "Major linker version: %s" % hex(p.majorlinkerver) +print "Minor linker version: %s" % hex(p.minorlinkerver) +print "Size of code: %s" % hex(p.codesize) +print "Size of initialized data: %s" % hex(p.initdatasize) +print "Size of uninitialized data: %s" % hex(p.uninitdatasize) +print "Address of entry point: %s" % hex(p.entrypointaddr) +print "Base address of code: %s" % hex(p.baseofcode) +print "Base address of data: %s" % hex(p.baseofdata) +print "Image base address: %s" % hex(p.imagebase) +print "Section alignment: %s" % hex(p.sectionalignement) +print "File alignment: %s" % hex(p.filealingment) +print "Major OS version: %s" % hex(p.majorosver) +print "Minor OS version: %s" % hex(p.minorosver) +print "Win32 version: %s" % hex(p.win32ver) +print "Size of image: %s" % hex(p.imagesize) +print "Size of headers: %s" % hex(p.headersize) +print "Checksum: %s" % hex(p.checksum) +print "Subsystem: %s" % hex(p.subsystem) +print "DLL characteristics: %s" % hex(p.dllcharacteristics) +print "Size of stack reserve: %s" % hex(p.stackreservesize) +print "Size of stack commit: %s" % hex(p.stackcommitsize) +print "Size of heap reserve: %s" % hex(p.heapreservesize) +print "Size of heap commit: %s" % hex(p.heapcommitsize) +print "Loader flags: %s" % hex(p.loaderflags) +print "Number of RVA and sizes: %s" % hex(p.rvasandsize) print "Bytes at 0x%x: %s" % (ep, byts) sections = p.get_sections() print "Sections: (%i)" % len(sections)