How to use the pefile.LANG.get function in pefile
To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
devwerks / Static-Malware-Analyses / malware-analyses.py View on Github 
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
print name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
for resource_id in resource_type.directory.entries:
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
lang = pefile.LANG.get(resource_lang.data.lang)
sublang = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang)
html.write("%s %s %s %s %s\n" % (name, hex(resource_lang.data.struct.OffsetToData), hex(resource_lang.data.struct.Size), lang, sublang))
html.write("\n")
insertSeperator(html)
# get printable strings in the binary file by calling the external program strings
strings = subprocess.check_output(["strings", filePath])
html.write("<br><b><a id="strings">Strings:</a></b><br>\n")
html.write("<br>\n".join(strings.split()))i = 0
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
try:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = magic.from_buffer(open(self.filename).read(1024))
lang = pefile.LANG.get(resource_lang.data.lang, 'qq_*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
except pefile.PEFormatError:
pass
except:
ret = False
pass
finally:
return retscanObject.addMetadata(self.module_name, 'Imports', imports)
# Parse resources
try:
for resource in pe.DIRECTORY_ENTRY_RESOURCE.entries:
res_type = pefile.RESOURCE_TYPE.get(resource.id, 'Unknown')
for entry in resource.directory.entries:
for e_entry in entry.directory.entries:
sublang = pefile.get_sublang_name_for_lang(
e_entry.data.lang,
e_entry.data.sublang,
)
offset = e_entry.data.struct.OffsetToData
size = e_entry.data.struct.Size
r_data = pe.get_data(offset, size)
language = pefile.LANG.get(
e_entry.data.lang, 'Unknown')
data = {
'Type': res_type,
'Id': e_entry.id,
'Name': e_entry.data.struct.name,
'Offset': offset,
'Size': size,
'SHA256': hashlib.sha256(r_data).hexdigest(),
'SHA1': hashlib.sha1(r_data).hexdigest(),
'MD5': hashlib.md5(r_data).hexdigest(),
'Language': language,
'Sub Language': sublang,
}
scanObject.addMetadata(
self.module_name, 'Resources', data)
except ScanError:if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return retself.metadata["importFunctions"].append(import_entry)
self.metadata.setdefault("resources", [])
try:
for resource in pe.DIRECTORY_ENTRY_RESOURCE.entries:
res_type = pefile.RESOURCE_TYPE.get(resource.id, "Unknown")
for entry in resource.directory.entries:
for e_entry in entry.directory.entries:
sublang = pefile.get_sublang_name_for_lang(
e_entry.data.lang,
e_entry.data.sublang,
)
offset = e_entry.data.struct.OffsetToData
size = e_entry.data.struct.Size
r_data = pe.get_data(offset, size)
language = pefile.LANG.get(e_entry.data.lang, "Unknown")
data = {
"type": res_type,
"id": e_entry.id,
"name": e_entry.data.struct.name,
"offset": offset,
"size": size,
"sha256": hashlib.sha256(r_data).hexdigest(),
"sha1": hashlib.sha1(r_data).hexdigest(),
"md5": hashlib.md5(r_data).hexdigest(),
"language": language,
"subLanguage": sublang,
}
if data not in self.metadata["resources"]:
self.metadata["resources"].append(data)
except AttributeError:if hasattr(self.pe, 'DIRECTORY_ENTRY_RESOURCE'):
i = 0
for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries:
if resource_type.name is not None:
name = "%s" % resource_type.name
else:
name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id)
if name == None:
name = "%d" % resource_type.struct.Id
if hasattr(resource_type, 'directory'):
for resource_id in resource_type.directory.entries:
if hasattr(resource_id, 'directory'):
for resource_lang in resource_id.directory.entries:
data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size)
filetype = self.get_filetype(data)
lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*')
sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang )
ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang)
i += 1
return ret
Popular pefile functions
- pefile.BaseRelocationData
- pefile.DataContainer
- pefile.DIRECTORY_ENTRY
- pefile.get_sublang_name_for_lang
- pefile.IMAGE_CHARACTERISTICS
- pefile.LANG
- pefile.LANG.get
- pefile.MACHINE_TYPE
- pefile.MACHINE_TYPE.get
- pefile.OPTIONAL_HEADER_MAGIC_PE
- pefile.OPTIONAL_HEADER_MAGIC_PE_PLUS
- pefile.PE
- pefile.PEFormatError
- pefile.RelocationData
- pefile.RESOURCE_TYPE
- pefile.RESOURCE_TYPE.get
- pefile.retrieve_flags
- pefile.SECTION_CHARACTERISTICS
- pefile.Structure
- pefile.SUBSYSTEM_TYPE.get