# pefile
|Master|Develop|
|------|-------|
|[![Build Status](https://travis-ci.org/erocarrera/pefile.svg?branch=master)](https://travis-ci.org/erocarrera/pefile)|[![Build Status](https://travis-ci.org/erocarrera/pefile.svg?branch=develop)](https://travis-ci.org/erocarrera/pefile)|
|[![Coverage Status](https://coveralls.io/repos/github/erocarrera/pefile/badge.svg?branch=master)](https://coveralls.io/github/erocarrera/pefile?branch=master)|[![Coverage Status](https://coveralls.io/repos/erocarrera/pefile/badge.svg?branch=develop)](https://coveralls.io/r/erocarrera/pefile?branch=develop)|
_pefile_ is a multi-platform Python module to parse and work with [Portable Executable (PE) files](http://en.wikipedia.org/wiki/Portable_Executable). Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data.
The structures defined in the Windows header files will be accessible as attributes in the PE instance. The naming of fields/attributes will try to adhere to the naming scheme in those headers. Only shortcuts added for convenience will depart from that convention.
_pefile_ requires some basic understanding of the layout of a PE file — with it, it's possible to explore nearly every single feature of the PE file format.
## Features
Some of the tasks that pefile makes possible are:
* Inspecting headers
* Analyzing of sections' data
* Retrieving embedded data
* [Reading strings from the resources](https://github.com/erocarrera/pefile/blob/wiki/ReadingResourceStrings.md)
* Warnings for suspicious and malformed values
* Basic butchering of PEs, like [writing to some fields](https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#reading-and-writing-standard-header-members) and [other parts](https://github.com/erocarrera/pefile/blob/wiki/ModifyingPEImageData.md) of the PE
* This functionality won't rearrange PE file structures to make room for new fields, so use it with care.
* Overwriting fields should mostly be safe.
* Packer detection with [PEiD’s signatures](https://github.com/erocarrera/pefile/blob/wiki/PEiDSignatures.md)
* [PEiD signature](https://github.com/erocarrera/pefile/blob/wiki/PEiDSignatures.md) generation
Please, refer to [Usage Examples](https://github.com/erocarrera/pefile/blob/wiki/UsageExamples.md#introduction) for some code snippets that demonstrate how to use _pefile_.
Here are a few examples of what a dump produced with _pefile_ looks like for different types of files:
* [a packed file](https://github.com/erocarrera/pefile/blob/wiki/FullDump0x90.md)
* [kernel32.dll](https://github.com/erocarrera/pefile/blob/wiki/FullDumpKernel32.md)
* [TinyPE](https://github.com/erocarrera/pefile/blob/wiki/FullDumpTinyPE.md)
To work with authenticated binaries, including **Authenticode signatures**, please check the project [verify-sigs](http://code.google.com/p/verify-sigs).
_pefile_ runs in several pipelines scanning hundreds of thousands of new PE files every day, and, while not perfect, it has grown to be pretty robust over time. That being said, small glitches are found now and then. If you bump into a PE that does not appear to be processed correctly, do report it, please! It will help make pefile a tiny bit more powerful.
## Dependencies
_pefile_ is self-contained. The module has no dependencies; it is endianness independent; and it works on OS X, Windows, and Linux.
## Recent changes
Prompted by the move to GitHub, the need to support Python 3 in addition to resolving a slew of pending issues (some having to do with the old versioning scheme), _pefile_ has changed its version number scheme and from now on it will be using the release date as its version.
## Projects and products using _pefile_
* Didier Stevens' [pecheck](https://blog.didierstevens.com/2018/06/12/update-pecheck-py-version-0-7-3/), a tool for displaying PE file info, handles PEiD files better then _pefile_ does.
* [MAEC](http://maec.mitre.org), a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns. MAEC [converts](https://github.com/MAECProject/pefile-to-maec) _pefile_'s output into their XML format.
* [Qiew](https://github.com/mtivadar/qiew), a Hex/File format viewer.
* [VirusTotal](http://www.virustotal.com/)
* [bbfreeze](http://pypi.python.org/pypi/bbfreeze)
* **pyemu**: [download](http://www.openrce.org/repositories/browse/codypierce), [whitepaper](https://www.blackhat.com/presentations/bh-usa-07/Pierce/Whitepaper/bh-usa-07-pierce-WP.pdf)
* [Immunity Debugger 1.1](http://www.openrce.org/blog/view/882/Immunity_Debugger_v1.1_Release)
* [PyInstaller](http://www.pyinstaller.org)
* [Cuckoo](http://docs.cuckoosandbox.org/en/latest)
* [MultiScanner](https://github.com/MITRECND/multiscanner)
## Additional resources
PDFs of posters depicting the PE file format:
* [Portable Executable Format Layout](https://docs.google.com/open?id=0B3_wGJkuWLytbnIxY1J5WUs4MEk) shows the full view of the headers and structures defined by the PE format.
* [Portable Executable Header Walkthrough](https://docs.google.com/open?id=0B3_wGJkuWLytQmc2di0wajB1Xzg) shows the raw view of an executable file with the PE format fields laid out over the corresponding areas.
The following links provide detailed information about the PE format and its structures.
* [corkami's wiki page about the PE format](https://code.google.com/p/corkami/wiki/PE) has grown to be one of the most in-depth repositories of information about the PE format.
* [corkami's treasure trove of PE weirdness](https://github.com/corkami/pocs/tree/master/PE)
* corkami's copy of Solar Eclipse's [Tiny PE](https://code.google.com/p/corkami/source/browse/trunk/misc/MakePE/examples/PE/tinype.asm?r=179)
* [An In-Depth Look into the Win32 Portable Executable File Format](https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/february/inside-windows-win32-portable-executable-file-format-in-detail)
* [An In-Depth Look into the Win32 Portable Executable File Format, Part 2](https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2%20)
* [The Portable Executable File Format](http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile.html)
* [Get icons from Exe or DLL the PE way](https://www.codeproject.com/Articles/9303/Get-icons-from-Exe-or-DLL-the-PE-way)
没有合适的资源?快使用搜索试试~ 我知道了~
pefile:pefile是一个Python模块,用于读取和使用PE(便携式可执行文件)文件
共15个文件
py:8个
in:1个
gitignore:1个
需积分: 39 8 下载量 152 浏览量
2021-05-06
10:37:04
上传
评论
收藏 56.74MB ZIP 举报
温馨提示
pefile 掌握 开发 pefile是一个多平台Python模块,用于解析和使用。 PE文件头中包含的大多数信息以及所有部分的详细信息和数据都是可访问的。 Windows头文件中定义的结构将作为PE实例中的属性进行访问。 字段/属性的命名将尝试遵循那些标头中的命名方案。 只有为方便起见而添加的快捷方式才会脱离该约定。 pefile需要对PE文件的布局有一些基本的了解-借助它,可以探索PE文件格式的几乎每个功能。 特征 pefile使某些任务成为可能: 检查头 分析部分数据 检索嵌入式数据 可疑和格式错误的警告 PE的基本屠宰,例如PE的和 此功能不会重新排列PE文件结构,以便为新字段腾出空间,因此请谨慎使用。 覆盖字段大部分应该是安全的。 带有打包程序检测 生成 请参阅以获取一些演示如何使用pefile的代码段。 以下是使用pefile生成的转储针对不同类型的文件的外观的
资源推荐
资源详情
资源评论
收起资源包目录
pefile-master.zip (15个子文件)
pefile-master
.gitignore 243B
README.md 6KB
tests
test_data.tar.bz2.enc 56.67MB
pefile_test.py 20KB
LICENSE 1KB
ordlookup
ws2_32.py 3KB
oleaut32.py 11KB
__init__.py 954B
pefile.py 229KB
README 6KB
MANIFEST.in 138B
setup.py 3KB
peutils.py 18KB
.travis.yml 1005B
run_tests.py 411B
共 15 条
- 1
资源评论
文清的男友
- 粉丝: 26
- 资源: 4654
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 202304910142原道明(1).pbix
- 文本.txt
- 基于Lua的聊天过滤修改版设计源码
- A1_SSE_123090177.py
- Uibot6.0 (RPA财务机器人师资培训第5天 ) 报销汇总机器人案例实战
- 基于Vue的西安美食攻略应用程序设计源码
- tensorflow-2.6.2-cp38-cp38-win-amd64.whl
- 2023-04-06-项目笔记 - 第八十六阶段 - 4.4.2.84全局变量的作用域-84 -2024.03.28
- 基于C语言解决九宫重排问题(源码+剖析)
- 考研分数计算神器(通过考研分数计算规则制作出来的计算工具,结果精准,操作简单,并且还可以与第二个人进行比较)
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功