- Machine Learning for Cybersecurity Cookbook
- Emmanuel Tsukerman
- 121字
- 2021-06-24 12:29:03
How to do it...
In the following steps, we will parse the PE header of a file, and then print out notable portions of it:
- Import the PE file and use it to parse the PE header of your desired file:
import pefile
desired_file = "python-3.7.2-amd64.exe"
pe = pefile.PE(desired_file)
- List the imports of the PE file:
for entry in pe.DIRECTORY_ENTRY_IMPORT:
print(entry.dll)
for imp in entry.imports:
print("\t", hex(imp.address), imp.name)
A small portion of the output is shown here:
- List the sections of the PE file:
for section in pe.sections:
print(
section.Name,
hex(section.VirtualAddress),
hex(section.Misc_VirtualSize),
section.SizeOfRawData,
)
The output of the previous code is as follows:
- Print a full dump of the parsed information:
print(pe.dump_info())
A small portion of the output is displayed here:
