Sunday, February 13, 2011

PE Info Python Snippet

Trying to dump the PE header info for an unknown Windows PE binary on a linux box?

Solution:


$ sudo aptitude install python-pefile
$ python
>>> import pefile
>>> pe = pefile.PE('/path/to/pefile.exe')
>>> print pe.dump_info()



If you just want to see the imports:


>>> for entry in pe.DIRECTORY_ENTRY_IMPORT:
... print entry.dll
... for imp in entry.imports:
... print '\t', hex(imp.address), imp.name
Posted by at No comments:
Subscribe to: Posts (Atom)