How to use the pefile.LANG function in pefile
To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
PUNCH-Cyber / stoq-plugins-public / peinfo / peinfo / peinfo.py View on Github 
def _parse_resource(self, type: str, entry, pe) -> Tuple[Dict, bytes]:
sublang = pefile.get_sublang_name_for_lang(entry.data.lang, entry.data.sublang)
rva = entry.data.struct.OffsetToData
size = entry.data.struct.Size
raw_data = pe.get_data(rva, size)
metadata = {
'type': type,
'resource_id': entry.id,
'resource_type': entry.data.struct.name,
'address': rva,
'offset': pe.get_offset_from_rva(rva),
'sha256': hashlib.sha256(raw_data).hexdigest(),
'sha1': hashlib.sha1(raw_data).hexdigest(),
'md5': hashlib.md5(raw_data).hexdigest(),
'language': pefile.LANG.get(entry.data.lang, 'unknown'),
'sub_language': sublang,
'size': size,
'name': f'resource_{type}_{entry.id}',
}
return (metadata, raw_data)def resource(pe, level, r, parents):
"""Recursive printing of resources"""
if hasattr(r, "data"):
# resource
offset = r.data.struct.OffsetToData
size = r.data.struct.Size
data = pe.get_memory_mapped_image()[offset:offset + size]
m = hashlib.md5()
m.update(data)
result = ("-".join(parents + [str(r.id)]), str(r.name), "%i B" % size, pefile.LANG.get(r.data.lang, 'UNKNOWN'),
pefile.get_sublang_name_for_lang(r.data.lang, r.data.sublang), magic.from_buffer(data),
m.hexdigest())
res.append(result)
# print tabulate(result, headers=['Id', 'Name', 'Size', 'Lang', 'Sublang', 'Type', 'MD5'])
else:
# directory
#try:
parents = copy.copy(parents)
if r.id:
parents.append(str(r.id))
elif r.name:
parents.append(r.name.string.decode('utf-8'))if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return retname = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if name is None:
name = str(resource_type.struct.Id)
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData,
resource_lang.data.struct.Size)
filetype = get_type(data)
md5 = get_md5(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(
resource_lang.data.lang, resource_lang.data.sublang)
offset = ('%-8s' % hex(resource_lang.data.struct.OffsetToData)).strip()
size = ('%-8s' % hex(resource_lang.data.struct.Size)).strip()
resource = [count, name, offset, md5, size, filetype, language, sublanguage]
# Dump resources if requested to and if the file currently being
# processed is the opened session file.
# This is to avoid that during a --scan all the resources being
# scanned are dumped as well.
if (self.args.open or self.args.dump) and pe == self.pe:
if self.args.dump:
folder = self.args.dump
else:
folder = tempfile.mkdtemp()if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return retfor resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
try:
resource = {}
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
if hasattr(resource_type, "directory"):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, "directory"):
for resource_lang in resource_id.directory.entries:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = self._get_filetype(data)
language = pefile.LANG.get(resource_lang.data.lang, None)
sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
resource["name"] = name
resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData)
resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size)
resource["filetype"] = filetype
resource["language"] = language
resource["sublanguage"] = sublanguage
resources.append(resource)
except:
continue
return resources"Offset",
"Size",
"Code Page",
"Type")
for resname in entry.directory.entries:
if resname.id is not None:
data += ' {:<12}'.format(hex(resname.id))
else:
data += ' {:<12}'.format(resname.name)
for resentry in resname.directory.entries:
if hasattr(resentry, 'data'):
offset = '{0:#0{1}x}'.format(resentry.data.struct.OffsetToData, 10)
try:
data += '{:16}'.format(pefile.LANG[resentry.data.lang])
except KeyError:
data += '{:16}'.format('Unknown (%s)' % resentry.data.lang)
data += '{:20}'.format(pefile.get_sublang_name_for_lang(resentry.data.lang,
resentry.data.sublang).replace('SUBLANG_', ''))
data += '{:12}'.format(offset)
data += '{:12}'.format("{0:#0{1}x}".format(resentry.data.struct.Size, 10))
data += '{:12}'.format("{0:#0{1}x}".format(resentry.data.struct.CodePage, 10))
#data += '{:64}'.format(target.magic_type(target.extractdata(resentry.data.struct.OffsetToData,
#resentry.data.struct.Size)[:64], True))
if dumpaddress == 'ALL' or dumpaddress == offset:
data += '\n\n Matched offset[%s] -- dumping resource' % dumpaddress
tmpdata = target.extractdata(resentry.data.struct.OffsetToData, resentry.data.struct.Size)
filename = 'export-%s.bin' % offset
f = open(filename, 'wb')try:
if resource_type.name is not None:
name = str(resource_type.name)
else:
name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id))
except TypeError:
name = 'unknown'
if hasattr(resource_type, "directory"):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, "directory"):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData,
resource_lang.data.struct.Size)
language = pefile.LANG.get(resource_lang.data.lang, None)
sub_language = pefile.get_sublang_name_for_lang(resource_lang.data.lang,
resource_lang.data.sublang)
resource["name"] = name
resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData)
resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size)
resource["language"] = language
resource["sublanguage"] = sub_language
resource['filetype'] = magic.from_buffer(pe.get_memory_mapped_image()[
resource_lang.data.struct.OffsetToData:resource_lang.data.struct.OffsetToData + 1024])
resources.append(resource)
return resourcesif hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return retif name is None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = pelib.get_data(
resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
# fd=open(name,'wb')
# fd.write(data)
# (data)
except pefile.PEFormatError:
return "corrupt"
filetype = MIME_TYPE(data, False)
lang = pefile.LANG.get(
resource_lang.data.lang, 'unknown')
sublang = pefile.get_sublang_name_for_lang(
resource_lang.data.lang, resource_lang.data.sublang)
entry = {}
entry["name"] = self._normalize(name)
entry["rva"] = self._normalize(
hex(resource_lang.data.struct.OffsetToData))
entry["size"] = self._normalize(
hex(resource_lang.data.struct.Size))
entry["type"] = self._normalize(filetype)
entry["lang"] = self._normalize(lang)
entry["sublang"] = self._normalize(sublang)
entry["sha1"] = SHA1(data)
ret.append(entry)
return ret
Popular pefile functions
- pefile.BaseRelocationData
- pefile.DataContainer
- pefile.DIRECTORY_ENTRY
- pefile.get_sublang_name_for_lang
- pefile.IMAGE_CHARACTERISTICS
- pefile.LANG
- pefile.LANG.get
- pefile.MACHINE_TYPE
- pefile.MACHINE_TYPE.get
- pefile.OPTIONAL_HEADER_MAGIC_PE
- pefile.OPTIONAL_HEADER_MAGIC_PE_PLUS
- pefile.PE
- pefile.PEFormatError
- pefile.RelocationData
- pefile.RESOURCE_TYPE
- pefile.RESOURCE_TYPE.get
- pefile.retrieve_flags
- pefile.SECTION_CHARACTERISTICS
- pefile.Structure
- pefile.SUBSYSTEM_TYPE.get