如何在python中找到PE头的偏移量和签名?
How do I find the offset and signature of the PE header in python?
我不知道该怎么做。我知道签名是 50 45 00 00,但我不确定如何获取 .exe 文件并计算它在 python 中使用的次数。
到最后,它应该有幻数,PE头的偏移量,PE签名,入口点,图像库,PE的部分数,每个部分的名称和偏移量。
这是我目前所拥有的(仅用于幻数):
def sig(content):
content = content.encode("hex")
content = str(content)
signature = content[0:2].upper()
sig2 = content[2:4].upper()
print "Magic Number: " + str(signature) + " " + str(sig2)
如果你能帮到我,请告诉我!
除了偏移之外的一切
import struct
import pefile
import pydasm
pe = pefile.PE(filename)
print "PE Signature: " + hex(pe.VS_FIXEDFILEINFO.Signature)
print "Image Base: " + hex(pe.OPTIONAL_HEADER.ImageBase)
print "Address of EntryPoint: " + hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint)
print "RVA Number and Size: " + hex(pe.OPTIONAL_HEADER.NumberOfRvaAndSizes)
print "Number of Sections within PE: " + hex(pe.FILE_HEADER.NumberOfSections)
for section in pe.sections:
print 'Section Name: ' + (section.Name)
我不知道该怎么做。我知道签名是 50 45 00 00,但我不确定如何获取 .exe 文件并计算它在 python 中使用的次数。
到最后,它应该有幻数,PE头的偏移量,PE签名,入口点,图像库,PE的部分数,每个部分的名称和偏移量。
这是我目前所拥有的(仅用于幻数):
def sig(content):
content = content.encode("hex")
content = str(content)
signature = content[0:2].upper()
sig2 = content[2:4].upper()
print "Magic Number: " + str(signature) + " " + str(sig2)
如果你能帮到我,请告诉我!
除了偏移之外的一切
import struct
import pefile
import pydasm
pe = pefile.PE(filename)
print "PE Signature: " + hex(pe.VS_FIXEDFILEINFO.Signature)
print "Image Base: " + hex(pe.OPTIONAL_HEADER.ImageBase)
print "Address of EntryPoint: " + hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint)
print "RVA Number and Size: " + hex(pe.OPTIONAL_HEADER.NumberOfRvaAndSizes)
print "Number of Sections within PE: " + hex(pe.FILE_HEADER.NumberOfSections)
for section in pe.sections:
print 'Section Name: ' + (section.Name)