theintern
Reputation: 541
How do I find the offset and signature of the PE header in python?
I am not sure how to go about this. I do know that the signature is 50 45 00 00 but I am not sure how to take an .exe file and count the amount of times it is used in python.
By the end of it, it should have the magic number, offset of the PE header, PE signature, entrypoint, image base, number of sections with the PE, name of each sections with offset.
Here is what I have so far (it is only for the magic number):
def sig(content):
content = content.encode("hex")
content = str(content)
signature = content[0:2].upper()
sig2 = content[2:4].upper()
print "Magic Number: " + str(signature) + " " + str(sig2)
If you can help, please let me know!
Upvotes: 1
Views: 3497
Answers (1)
theintern
Reputation: 541
it's everything besides the offset
import struct
import pefile
import pydasm
pe = pefile.PE(filename)
print "PE Signature: " + hex(pe.VS_FIXEDFILEINFO.Signature)
print "Image Base: " + hex(pe.OPTIONAL_HEADER.ImageBase)
print "Address of EntryPoint: " + hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint)
print "RVA Number and Size: " + hex(pe.OPTIONAL_HEADER.NumberOfRvaAndSizes)
print "Number of Sections within PE: " + hex(pe.FILE_HEADER.NumberOfSections)
for section in pe.sections:
print 'Section Name: ' + (section.Name)
Upvotes: 3
Related Questions
- How to resolve Python Pex binary file location
- How can I obtain a PE file's instructions using Python?
- How to find magic bytes for the .pyc header in Python 3.7
- Grabbing program header information with pyelftools
- how to extract and remove the header of a windows PE (portable executable) file?
- PE File Optional Header Magic Number
- How to get PE file signature offset?
- Retrieve header information from exe
- Find out where PE file ends through PE header?
- How do I read the PE header of a module loaded in memory?