How to use the pefile.Structure function in pefile
To help you get started, we’ve selected a few pefile examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
CERT-Polska / malduck / malduck / pe.py View on Github 
def structure(self, rva: int, format: Any) -> Any:
"""
Get internal pefile Structure from specified rva
:param rva: Relative virtual address of structure
:param format: :class:`pefile.Structure` format
(e.g. :py:attr:`pefile.PE.__IMAGE_LOAD_CONFIG_DIRECTORY64_format__`)
:rtype: :class:`pefile.Structure`
"""
structure = pefile.Structure(format)
structure.__unpack__(self.pe.get_data(rva, structure.sizeof()))
return structuredef parse_directory_bound_imports(self, rva, size):
""""""
bnd_descr = Structure(self.__IMAGE_BOUND_IMPORT_DESCRIPTOR_format__)
bnd_descr_size = bnd_descr.sizeof()
start = rva
bound_imports = []
while True:
bnd_descr = self.__unpack_data__(
self.__IMAGE_BOUND_IMPORT_DESCRIPTOR_format__,
self.__data__[rva:rva+bnd_descr_size],
file_offset = rva)
if bnd_descr is None:
# If can't parse directory then silently return.
# This directory does not necesarily have to be valid to
# still have a valid PE file
self.__warnings.append(def get_relocations(pe, proc, moduleBaseAddress):
try:
relocations = []
relocTable = pe.NT_HEADERS.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_BASERELOC']]
rva = relocTable.VirtualAddress
size = relocTable.Size
if (size == 0):
return []
rlc_size = pefile.Structure(pe.__IMAGE_BASE_RELOCATION_format__).sizeof()
end = rva + size
while rvadef __init__(self):
fmt = ('LPCK_HEADER', ('L,e_magic', '536s,e_reserved', 'L,e_count'))
pefile.Structure.__init__(self, fmt)def parse_debug_directory(self, rva, size):
""""""
dbg = Structure(self.__IMAGE_DEBUG_DIRECTORY_format__)
dbg_size = dbg.sizeof()
debug = []
for idx in range(size/dbg_size):
try:
data = self.get_data(rva+dbg_size*idx, dbg_size)
except PEFormatError, e:
self.__warnings.append(
'Invalid debug information. Can\'t read ' +
'data at RVA: 0x%x' % rva)
return None
dbg = self.__unpack_data__(
self.__IMAGE_DEBUG_DIRECTORY_format__,
data, file_offset = self.get_offset_from_rva(rva+dbg_size*idx))def __init__(self):
fmt = ('FILE_HEADER', ('520s,e_path', 'L,e_size'))
pefile.Structure.__init__(self, fmt)
Popular pefile functions
- pefile.BaseRelocationData
- pefile.DataContainer
- pefile.DIRECTORY_ENTRY
- pefile.get_sublang_name_for_lang
- pefile.IMAGE_CHARACTERISTICS
- pefile.LANG
- pefile.LANG.get
- pefile.MACHINE_TYPE
- pefile.MACHINE_TYPE.get
- pefile.OPTIONAL_HEADER_MAGIC_PE
- pefile.OPTIONAL_HEADER_MAGIC_PE_PLUS
- pefile.PE
- pefile.PEFormatError
- pefile.RelocationData
- pefile.RESOURCE_TYPE
- pefile.RESOURCE_TYPE.get
- pefile.retrieve_flags
- pefile.SECTION_CHARACTERISTICS
- pefile.Structure
- pefile.SUBSYSTEM_TYPE.get