Here are a few examples of what a dump produced with pefile looks like for different types of files: a packed file kernel Dependencies pefile is self-contained. Recent changes Prompted by the move to GitHub, the need to support Python 3 in addition to resolving a slew of pending issues some having to do with the old versioning scheme , pefile has changed its version number scheme and from now on it will be using the release date as its version.
Projects and products using pefile Didier Stevens' pecheck , a tool for displaying PE file info, handles PEiD files better then pefile does. MAEC , a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns.
VirusTotal bbfreeze pyemu : download , whitepaper Immunity Debugger 1. Portable Executable Header Walkthrough shows the raw view of an executable file with the PE format fields laid out over the corresponding areas. MIT License.
Releases 13 pefile Packages 0 No packages published. Used by You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. It was created to assist in compiled program analysis, potentially of programs of unknown origins. This means that it should be resistant to malformed or maliciously crafted PE files, and it should support questions that analysis software would ask of an executable program container.
For example, listing relocations, describing imports and exports, and supporting byte reads from virtual addresses as well as file offsets.
Internally, the parser-library uses a bounded buffer abstraction to access information stored in the PE file. This should help in constructing a sane parser that allows for detection of the use of bogus values in the PE that would result in out of bounds accesses of the input buffer. Build, and then run with ctest or cmake --build. To run the full test suite with the Corkami test suite , you must clone the submodule with git submodule update --init. For example, to compile with both Address and Undefined sanitizers, use the following recommended for development and testing, and tested in CI :.
Once the library is installed, linking to it is easy! Add the following lines in your CMake project:. Skip to content. Star Branches Tags. Could not load branches. Could not load tags. Latest commit. Entropy calculations set on the section headers can be slow for very big files. To switch them off:. Aug 9, Download the file for your platform. If you're not sure which to choose, learn more about installing packages. Warning Some features may not work without JavaScript.
Please try enabling it if you encounter problems. Search PyPI Search. Latest version Released: Aug 9, Navigation Project description Release history Download files. Project links Homepage. Maintainers MatthewPeart. Development We are currently walking through the advice of the Corkami project to increase its likeness w.
0コメント