|
|
特性
- 尽可能多地解析,即使文件部分格式错误;
- 便于使用,开发时考虑了 IDE 自动完成功能;
快速开始
然后创建一个简单的程序来加载 .NET 二进制文件、解析它并显示有关流和元数据表的信息。
- import sys
- import dnfile
- filepath = sys.argv[1]
- pe = dnfile.dnPE(filepath)
- pe.print_info()
一切都是对象,原始结构值存储在对象的 "struct" 属性中,可以从 dnPE 对象的 "net" 属性访问 CLR 目录条目对象。
- import dnfile
- import hashlib
- pe = dnfile.dnPE(FILEPATH)
- # access the directory entry raw structure values
- pe.net.struct
- # access the metadata raw structure values
- pe.net.metadata.struct
- # access the streams
- for s in pe.net.metadata.streams_list:
- if isinstance(s, dnfile.stream.MetaDataTables):
- # how many Metadata tables are defined in the binary?
- num_of_tables = len(s.tables_list)
- # the last Metadata tables stream can also be accessed by a shortcut
- num_of_tables = len(pe.net.mdtables.tables_list)
- # create a set to hold the hashes of all resources
- res_hash = set()
- # access the resources
- for r in pe.net.resources:
- # if resource data is a simple byte stream
- if isinstance(r.data, bytes):
- # hash it and add the hash to the set
- res_hash.add(hashlib.sha256(r.data).hexdigest())
- # if resource data is a ResourceSet, a dotnet-specific datatype
- elif isinstance(r.data, dnfile.resource.ResourceSet):
- # if there are no entries
- if not r.data.entries:
- # skip it
- continue
- # for each entry in the ResourceSet
- for entry in r.data.entries:
- # if it has data
- if entry.data:
- # hash it and add the hash to the set
- res_hash.add(hashlib.sha256(entry.data).hexdigest())
|
|
窥视卡
雷达卡
发表于 2022-12-5 09:15:35
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜