mirror of
https://github.com/QuasarApp/pe-parse.git
synced 2025-04-26 04:14:32 +00:00
e5ba0165ab
* Add simple test and corkami test suite using Catch2 * Enable testing with CMake option '-DPEPARSE_ENABLE_TESTING=ON'. * The simple test is extremely basic just as an example of using Catch2. * Corkami test suite is a git submodule within assets and the tests can be run with or without cloning it. You are able to configure CMake without the submodule and it will warn you that the tests are not included, and then it will pick them up automatically on next cmake rebuild. There are a few Corkami files which pe-parse is unable to process. They have been added as exceptions for now (just to get this merged), but we can open new issues to track them. This will also catch any regressions that could prevent the successful parsing of files that have been parse-able in the past. * Raise C++ standard from 11 to 17 for easier filesystem handling in tests. Also included CMake script for handling how std::filesystem is found/linked. * Rename directory 'test' to 'tests'. * Update README with testing instructions. * Catch2 is downloaded and built unless otherwise specified (undocumented, aside from reading CMake).
100 lines
4.0 KiB
Python
Executable File
100 lines
4.0 KiB
Python
Executable File
#!/usr/bin/env python
|
|
|
|
import sys
|
|
import time
|
|
import pepy
|
|
import binascii
|
|
|
|
from hashlib import md5
|
|
|
|
try:
|
|
p = pepy.parse(sys.argv[1])
|
|
except pepy.error as e:
|
|
print(e)
|
|
sys.exit(1)
|
|
|
|
print("Magic: %s" % hex(p.magic))
|
|
print("Signature: %s" % hex(p.signature))
|
|
print("Machine: %s (%s)" % (hex(p.machine), p.get_machine_as_str()))
|
|
print("Number of sections: %s" % p.numberofsections)
|
|
print("Number of symbols: %s" % p.numberofsymbols)
|
|
print("Characteristics: %s" % hex(p.characteristics))
|
|
print("Timedatestamp: %s" % time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(p.timedatestamp)))
|
|
print("Major linker version: %s" % hex(p.majorlinkerver))
|
|
print("Minor linker version: %s" % hex(p.minorlinkerver))
|
|
print("Size of code: %s" % hex(p.codesize))
|
|
print("Size of initialized data: %s" % hex(p.initdatasize))
|
|
print("Size of uninitialized data: %s" % hex(p.uninitdatasize))
|
|
print("Address of entry point: %s" % hex(p.entrypointaddr))
|
|
print("Base address of code: %s" % hex(p.baseofcode))
|
|
try:
|
|
print("Base address of data: %s" % hex(p.baseofdata))
|
|
except:
|
|
# Not available on PE32+, ignore it.
|
|
pass
|
|
print("Image base address: %s" % hex(p.imagebase))
|
|
print("Section alignment: %s" % hex(p.sectionalignement))
|
|
print("File alignment: %s" % hex(p.filealignment))
|
|
print("Major OS version: %s" % hex(p.majorosver))
|
|
print("Minor OS version: %s" % hex(p.minorosver))
|
|
print("Win32 version: %s" % hex(p.win32ver))
|
|
print("Size of image: %s" % hex(p.imagesize))
|
|
print("Size of headers: %s" % hex(p.headersize))
|
|
print("Checksum: %s" % hex(p.checksum))
|
|
print("Subsystem: %s (%s)" % (hex(p.subsystem), p.get_subsystem_as_str()))
|
|
print("DLL characteristics: %s" % hex(p.dllcharacteristics))
|
|
print("Size of stack reserve: %s" % hex(p.stackreservesize))
|
|
print("Size of stack commit: %s" % hex(p.stackcommitsize))
|
|
print("Size of heap reserve: %s" % hex(p.heapreservesize))
|
|
print("Size of heap commit: %s" % hex(p.heapcommitsize))
|
|
print("Loader flags: %s" % hex(p.loaderflags))
|
|
print("Number of RVA and sizes: %s" % hex(p.rvasandsize))
|
|
ep = p.get_entry_point()
|
|
byts = p.get_bytes(ep, 8)
|
|
print("Bytes at %s: %s" % (hex(ep), ' '.join(['%#2x' % b for b in byts])))
|
|
sections = p.get_sections()
|
|
print("Sections: (%i)" % len(sections))
|
|
for sect in sections:
|
|
print("[+] %s" % sect.name)
|
|
print("\tBase: %s" % hex(sect.base))
|
|
print("\tLength: %s" % sect.length)
|
|
print("\tVirtual address: %s" % hex(sect.virtaddr))
|
|
print("\tVirtual size: %i" % sect.virtsize)
|
|
print("\tNumber of Relocations: %i" % sect.numrelocs)
|
|
print("\tNumber of Line Numbers: %i" % sect.numlinenums)
|
|
print("\tCharacteristics: %s" % hex(sect.characteristics))
|
|
if sect.length:
|
|
print("\tFirst 10 bytes: 0x%s" % binascii.hexlify(sect.data[:10]))
|
|
print("\tMD5: %s" % md5(sect.data).hexdigest())
|
|
imports = p.get_imports()
|
|
print("Imports: (%i)" % len(imports))
|
|
for imp in imports:
|
|
print("[+] Symbol: %s (%s %s)" % (imp.sym, imp.name, hex(imp.addr)))
|
|
exports = p.get_exports()
|
|
print("Exports: (%i)" % len(exports))
|
|
for exp in exports:
|
|
print("[+] Module: %s (%s %s)" % (exp.mod, exp.func, hex(exp.addr)))
|
|
relocations = p.get_relocations()
|
|
print("Relocations: (%i)" % len(relocations))
|
|
for reloc in relocations:
|
|
print("[+] Type: %s (%s)" % (reloc.type, hex(reloc.addr)))
|
|
resources = p.get_resources()
|
|
print("Resources: (%i)" % len(resources))
|
|
for resource in resources:
|
|
print("[+] MD5: (%i) %s" % (len(resource.data), md5(resource.data).hexdigest()))
|
|
if resource.type_str:
|
|
print("\tType string: %s" % resource.type_str)
|
|
else:
|
|
print("\tType: %s (%s)" % (hex(resource.type), resource.type_as_str()))
|
|
if resource.name_str:
|
|
print("\tName string: %s" % resource.name_str)
|
|
else:
|
|
print("\tName: %s" % hex(resource.name))
|
|
if resource.lang_str:
|
|
print("\tLang string: %s" % resource.lang_str)
|
|
else:
|
|
print("\tLang: %s" % hex(resource.lang))
|
|
print("\tCodepage: %s" % hex(resource.codepage))
|
|
print("\tRVA: %s" % hex(resource.RVA))
|
|
print("\tSize: %s" % hex(resource.size))
|