My favorites | Sign in
Project Home Issues Source
Repository:
Checkout   Browse   Changes   Clones    
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
from struc import Struc, BYTE, WORD, DWORD
from win32con import *

class IMAGE_DOS_HEADER(Struc):
    WORD.e_magic
    WORD.e_cblp
    WORD.e_cp
    WORD.e_crlc
    WORD.e_cparhdr
    WORD.e_minalloc
    WORD.e_maxalloc
    WORD.e_ss
    WORD.e_sp
    WORD.e_csum
    WORD.e_ip 
    WORD.e_cs 
    WORD.e_lfarlc 
    WORD.e_ovno   
    WORD.e_res[4]
    WORD.e_oemid  
    WORD.e_oeminfo
    WORD.e_res2[10]
    DWORD.e_lfanew


class IMAGE_FILE_HEADER(Struc):
    WORD.Machine
    WORD.NumberOfSections
    DWORD.TimeDateStamp
    DWORD.PointerToSymbolTable
    DWORD.NumberOfSymbols
    WORD.SizeOfOptionalHeader
    WORD.Characteristics


class IMAGE_DATA_DIRECTORY(Struc):
    DWORD.VirtualAddress
    DWORD.Size


class IMAGE_OPTIONAL_HEADER32(Struc):
    WORD.Magic
    BYTE.MajorLinkerVersion
    BYTE.MinorLinkerVersion
    DWORD.SizeOfCode
    DWORD.SizeOfInitializedData
    DWORD.SizeOfUninitializedData
    DWORD.AddressOfEntryPoint
    DWORD.BaseOfCode
    DWORD.BaseOfData
    DWORD.ImageBase
    DWORD.SectionAlignment
    DWORD.FileAlignment
    WORD.MajorOperatingSystemVersion
    WORD.MinorOperatingSystemVersion
    WORD.MajorImageVersion
    WORD.MinorImageVersion
    WORD.MajorSubsystemVersion
    WORD.MinorSubsystemVersion
    DWORD.Win32VersionValue
    DWORD.SizeOfImage
    DWORD.SizeOfHeaders
    DWORD.CheckSum
    WORD.Subsystem
    WORD.DllCharacteristics
    DWORD.SizeOfStackReserve
    DWORD.SizeOfStackCommit
    DWORD.SizeOfHeapReserve
    DWORD.SizeOfHeapCommit
    DWORD.LoaderFlags
    DWORD.NumberOfRvaAndSizes
    IMAGE_DATA_DIRECTORY.DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]


class IMAGE_NT_HEADERS(Struc):
    DWORD.Signature
    IMAGE_FILE_HEADER.FileHeader
    IMAGE_OPTIONAL_HEADER32.OptionalHeader
    

if __name__ == '__main__':
    f = open('C:/windows/notepad.exe', 'rb')
    mz = IMAGE_DOS_HEADER()
    f.readinto(mz)
    f.seek(mz.e_lfanew)
    pe = IMAGE_NT_HEADERS()
    f.readinto(pe)
    print pe    
    print buffer(pe)[:].encode('hex')

Change log

0157dc6b5be6 by invlpg on Mar 29, 2011   Diff 
builtin BYTE/WORD/DWORD
Go to: 
Project members, sign in to write a code review

Older revisions

bb89ba9ed9ab by invlpg on Mar 28, 2011   Diff 
first version
All revisions of this file

File info

Size: 2098 bytes, 90 lines
Powered by Google Project Hosting