How to use the pefile.IMAGE_CHARACTERISTICS function in pefile

To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

idiom / pftriage / pftriage.py View on Github

def get_image_flags(self, imageflags='IMAGE_FILE_'):
        iflags = pefile.retrieve_flags(pefile.IMAGE_CHARACTERISTICS, imageflags)
        flags = []
        for flag in iflags:
            if getattr(self.pe.FILE_HEADER, flag[0]):
                flags.append(flag[0])
        return flags

ohjeongwook / DarunGrim / Src / Scripts / Server / DarunGrim3Server.py View on Github

def Is32bitExecutable( self, filename):
		# determine the executable's base architecture, 32bit / 64bit
		# TODO - this function might be located in somewhere else
		import pefile
		pe = pefile.PE(filename)
		_32bitFlag = pefile.IMAGE_CHARACTERISTICS['IMAGE_FILE_32BIT_MACHINE']

		if ( _32bitFlag & pe.FILE_HEADER.Machine ) == _32bitFlag:
			return "32bit"
		return "64bit"

ohjeongwook / DarunGrim / Src / Scripts / FileManagement / FileStore.py View on Github

message = '%s %s -&gt; %s' % (op, src_filename, target_full_filename)

										if message_callback!=None:
											message_callback(message_callback_arg, message)
										else:
											print message

									if message_callback!=None:
										message_callback(message_callback_arg, traceback.format_exc())
									else:
										traceback.print_exc()

						import pefile
						pe = pefile.PE(src_filename)
						_32bitFlag = pefile.IMAGE_CHARACTERISTICS['IMAGE_FILE_32BIT_MACHINE']

						if ( pe.FILE_HEADER.Machine &amp; _32bitFlag ) == _32bitFlag:
							arch="x86"
						else:
							arch="64"

						if files and len(files)&gt;0:
							if self.DebugLevel &gt; 2:
								print 'Already there:', src_filename, version_info,sha1,files

							for file in files:
								# timestamp comparision and update
								if file.mtime &lt; mtime_dt or overwrite_mode:
									if self.DebugLevel &gt; 2:
										print 'Updating with older data:', src_filename, version_info

cuckoosandbox / cuckoo / cuckoo / processing / procmemory.py View on Github

section.SizeOfRawData = max(
                section.Misc_VirtualSize, section.SizeOfRawData
            )

        reloc = pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_BASERELOC"]
        if len(pe.OPTIONAL_HEADER.DATA_DIRECTORY) &lt; reloc:
            return

        reloc = pe.OPTIONAL_HEADER.DATA_DIRECTORY[reloc]
        if not reloc.VirtualAddress or not reloc.Size:
            return

        # Disable relocations as those have already been applied.
        reloc.VirtualAddress = reloc.Size = 0
        pe.FILE_HEADER.Characteristics |= (
            pefile.IMAGE_CHARACTERISTICS["IMAGE_FILE_RELOCS_STRIPPED"]
        )
        if not pe.sections:
            return
        return pe.sections[0].VirtualAddress

ohjeongwook / DarunGrim / Src / Scripts / DarunGrimEngine.py View on Github

def Is64(self,filename):
		import pefile
		pe = pefile.PE(filename)
		_32bitFlag = pefile.IMAGE_CHARACTERISTICS['IMAGE_FILE_32BIT_MACHINE']

		if ( pe.FILE_HEADER.Machine & _32bitFlag ) == _32bitFlag:
			return False
		else:
			return True

How to use the pefile.IMAGE_CHARACTERISTICS function in pefile

To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.

pefile

Package Health Score

Popular pefile functions

Similar packages