Machine Learning for Cybersecurity Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

How to do it...

In the following steps, we will parse the PE header of a file, and then print out notable portions of it:

  1. Import the PE file and use it to parse the PE header of your desired file:
import pefile

desired_file = "python-3.7.2-amd64.exe"
pe = pefile.PE(desired_file)
  1. List the imports of the PE file:
for entry in pe.DIRECTORY_ENTRY_IMPORT:
    print(entry.dll)
    for imp in entry.imports:
        print("\t", hex(imp.address), imp.name)

A small portion of the output is shown here:

  1. List the sections of the PE file:
for section in pe.sections:
    print(
        section.Name,
        hex(section.VirtualAddress),
        hex(section.Misc_VirtualSize),
        section.SizeOfRawData,
    )

The output of the previous code is as follows:

  1. Print a full dump of the parsed information:
print(pe.dump_info())

A small portion of the output is displayed here:

本周热推:
智能制造系统及关键使能技术时序大数据平台TDengine核心原理与实战R Programming By ExampleWeb性能权威指南Python Data Science Essentials
上一章目录下一章