1. Advisor
  2. vivisect
  3. functions
  4. vivisect.parsers.pe
View all vivisect analysis

How to use the vivisect.parsers.pe function in vivisect

To help you get started, we’ve selected a few vivisect examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github fireeye / flare-dbg / flaredbg / flaredbg.py View on Github external
if utils.is_legit_pe(bytes) and use_pe_load:
                import vivisect.parsers.pe
                fname = '%s\\%s.mem' % (temp_dir, storage_name)
                open(fname, 'wb').write(bytes)
                f = file(fname, 'rb')
                peobj = PE.PE(f, inmem=True)
                peobj.filesize = len(bytes)
                vivisect.parsers.pe.loadPeIntoWorkspace(self.vw, peobj, fname)
                if entry_point:
                    self.vw.addEntryPoint(entry_point)
                self.vw._snapInAnalysisModules()
            else:
                import vivisect.parsers.pe
                import envi.memory
                import vivisect.const
                defcall = vivisect.parsers.pe.defcalls.get(self.arch)
                self.vw.setMeta("DefaultCall", defcall)
                self.vw.addMemoryMap(va, envi.memory.MM_RWX, "", bytes)
                pe = None
                if utils.is_legit_pe(bytes):
                    pe = utils.get_pe_obj(va)
                if not entry_point and pe:
                    entry_point = pe.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint + va
                if entry_point:
                    self.vw.addEntryPoint(entry_point)
                    self.vw.addExport(entry_point, vivisect.const.EXP_FUNCTION, '__entry', '')
                if pe:
                    self.vw.addVaSet("Library Loads",
                                     (("Address", vivisect.const.VASET_ADDRESS), ("Library", vivisect.const.VASET_STRING)))
                    self.vw.addVaSet('pe:ordinals',
                                     (('Address', vivisect.const.VASET_ADDRESS), ('Ordinal', vivisect.const.VASET_INTEGER)))
                    # Add exports
github fireeye / flare-dbg / flaredbg / flaredbg.py View on Github external
self.vw.loadWorkspace(storage_fname)
        # Reanalyze and create new workspace
        else:
            self.vw.setMeta('Architecture', self.arch)
            self.vw.setMeta('Platform', 'windows')
            self.vw.setMeta('Format', 'pe')
            self.vw.config.viv.parsers.pe.nx = True

            if utils.is_legit_pe(bytes) and use_pe_load:
                import vivisect.parsers.pe
                fname = '%s\\%s.mem' % (temp_dir, storage_name)
                open(fname, 'wb').write(bytes)
                f = file(fname, 'rb')
                peobj = PE.PE(f, inmem=True)
                peobj.filesize = len(bytes)
                vivisect.parsers.pe.loadPeIntoWorkspace(self.vw, peobj, fname)
                if entry_point:
                    self.vw.addEntryPoint(entry_point)
                self.vw._snapInAnalysisModules()
            else:
                import vivisect.parsers.pe
                import envi.memory
                import vivisect.const
                defcall = vivisect.parsers.pe.defcalls.get(self.arch)
                self.vw.setMeta("DefaultCall", defcall)
                self.vw.addMemoryMap(va, envi.memory.MM_RWX, "", bytes)
                pe = None
                if utils.is_legit_pe(bytes):
                    pe = utils.get_pe_obj(va)
                if not entry_point and pe:
                    entry_point = pe.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint + va
                if entry_point:

vivisect

Pure python disassembler, debugger, emulator, and static analysis framework

GitHub
Apache-2.0
Latest version published 2 months ago

Package Health Score

80 / 100
Full package analysis

Popular vivisect functions

Similar packages