1. Advisor
  2. pefile
  3. functions
  4. pefile.MACHINE_TYPE.get
View all pefile analysis

How to use the pefile.MACHINE_TYPE.get function in pefile

To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github target / strelka / src / python / strelka / scanners / scan_pe.py View on Github external
'code': pe.OPTIONAL_HEADER.BaseOfCode,
                'entry_point': pe.OPTIONAL_HEADER.AddressOfEntryPoint,
                'image': pe.OPTIONAL_HEADER.ImageBase,
            },
            'alignment': {
                'file': pe.OPTIONAL_HEADER.FileAlignment,
                'section': pe.OPTIONAL_HEADER.SectionAlignment,
            },
            'characteristics': {
                'dll': [],
                'image': [],
            },
            'checksum': pe.OPTIONAL_HEADER.CheckSum,
            'machine': {
                'id': pe.FILE_HEADER.Machine,
                'type': pefile.MACHINE_TYPE.get(pe.FILE_HEADER.Machine).replace('IMAGE_FILE_MACHINE_', ''),
            },
            'magic': {
                'dos': MAGIC_DOS.get(pe.DOS_HEADER.e_magic, ''),
                'image': MAGIC_IMAGE.get(pe.OPTIONAL_HEADER.Magic, ''),
            },
            'size': {
                'code': pe.OPTIONAL_HEADER.SizeOfCode,
                'data': {
                    'initialized': pe.OPTIONAL_HEADER.SizeOfInitializedData,
                    'uninitialized': pe.OPTIONAL_HEADER.SizeOfUninitializedData,
                },
                'headers': pe.OPTIONAL_HEADER.SizeOfHeaders,
                'heap': {
                    'reserve': pe.OPTIONAL_HEADER.SizeOfHeapReserve,
                    'commit': pe.OPTIONAL_HEADER.SizeOfHeapCommit,
                },
github target / strelka / server / scanners / scan_pe.py View on Github external
def scan(self, file_object, options):
        self.metadata["total"] = {"sections": 0}

        try:
            pe = pefile.PE(data=file_object.data)
            pe_dictionary = pe.dump_dict()

            self.metadata["total"]["sections"] = pe.FILE_HEADER.NumberOfSections
            self.metadata["warnings"] = pe.get_warnings()
            self.metadata["timestamp"] = datetime.utcfromtimestamp(pe.FILE_HEADER.TimeDateStamp).isoformat(timespec="seconds")
            machine = pe.FILE_HEADER.Machine
            self.metadata["machine"] = {"id": machine, "type": pefile.MACHINE_TYPE.get(machine)}
            # Reference: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680339%28v=vs.85%29.aspx
            self.metadata["imageMagic"] = IMAGE_MAGIC_LOOKUP.get(pe.OPTIONAL_HEADER.Magic, "Unknown")
            subsystem = pe.OPTIONAL_HEADER.Subsystem
            self.metadata["subsystem"] = pefile.SUBSYSTEM_TYPE.get(subsystem)
            self.metadata["stackReserveSize"] = pe.OPTIONAL_HEADER.SizeOfStackReserve
            self.metadata["stackCommitSize"] = pe.OPTIONAL_HEADER.SizeOfStackCommit
            self.metadata["heapReserveSize"] = pe.OPTIONAL_HEADER.SizeOfHeapReserve
            self.metadata["heapCommitSize"] = pe.OPTIONAL_HEADER.SizeOfHeapCommit
            self.metadata["entryPoint"] = pe.OPTIONAL_HEADER.AddressOfEntryPoint
            self.metadata["imageBase"] = pe.OPTIONAL_HEADER.ImageBase
            self.metadata["entryPoint"] = pe.OPTIONAL_HEADER.AddressOfEntryPoint
            self.metadata["entryPoint"] = pe.OPTIONAL_HEADER.AddressOfEntryPoint

            image_characteristics = pe_dictionary.get("Flags")
            if image_characteristics is not None:
                self.metadata["imageCharacteristics"] = image_characteristics
github lmco / laikaboss / laikaboss / modules / meta_pe.py View on Github external
logging.debug('Unable to identify imphash')

            imgChars = dump_dict.get('Flags', [])
            scanObject.addMetadata(
                self.module_name, 'Image Characteristics', imgChars)
            # Make a pretty date format
            date = datetime.fromtimestamp(pe.FILE_HEADER.TimeDateStamp)
            isoDate = date.isoformat()
            scanObject.addMetadata(self.module_name, 'Date', isoDate)
            scanObject.addMetadata(
                self.module_name, 'Timestamp', pe.FILE_HEADER.TimeDateStamp)

            machine = pe.FILE_HEADER.Machine
            machineData = {
                'Id': machine,
                'Type': pefile.MACHINE_TYPE.get(machine)
            }
            scanObject.addMetadata(
                self.module_name, 'Machine Type', machineData)

            # Reference: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680339%28v=vs.85%29.aspx
            scanObject.addMetadata(
                self.module_name,
                'Image Magic',
                IMAGE_MAGIC_LOOKUP.get(pe.OPTIONAL_HEADER.Magic, 'Unknown'))

            dllChars = dump_dict.get('DllCharacteristics', [])
            scanObject.addMetadata(
                self.module_name, 'DLL Characteristics', dllChars)

            subsystem = pe.OPTIONAL_HEADER.Subsystem
            subName = pefile.SUBSYSTEM_TYPE.get(subsystem)

pefile

Python PE parsing module

GitHub
MIT
Latest version published 2 months ago

Package Health Score

83 / 100
Full package analysis

Popular pefile functions

Similar packages