forked from Te-k/analyst-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheckpesize.py
executable file
·70 lines (61 loc) · 2.25 KB
/
checkpesize.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
import pefile
import argparse
import sys
"""Check of the size of a PE file is correct
Author : Tek <[email protected]>
Date : 4/10/2016
"""
def get_pe_size(pe, verbose=True):
"""Return the PE size obtained from the file itself"""
return max(map(lambda x: x.PointerToRawData + x.SizeOfRawData, pe.sections))
def display_sections(pe):
"""Display information about the PE sections"""
print("Name\tVirtualSize\tVirtualAddress\tRawSize\t\tRawAddress")
for section in pe.sections:
print("%s\t%s\t\t%s\t\t%s\t\t%s" % (
section.Name,
hex(section.Misc_VirtualSize),
hex(section.VirtualAddress),
hex(section.PointerToRawData),
hex(section.SizeOfRawData)
))
print("")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Check PE size')
parser.add_argument('FILE', help='a PE file')
parser.add_argument('--quiet', '-q', action='store_true', help='Quiet output')
parser.add_argument('--extra', '-e', help='Dump extra data in another file')
parser.add_argument('--write', '-w', help='Copy the file with the right size')
args = parser.parse_args()
fin = open(args.FILE, 'rb')
data = fin.read()
fin.close()
pe = pefile.PE(data=data)
if not args.quiet:
display_sections(pe)
size = get_pe_size(pe)
if len(data) > size:
print("%i bytes of extra data (%i while it should be %i)" % (
len(data) - size,
len(data),
size
))
if args.write is not None:
fout = open(args.write, 'wb')
fout.write(data[:size])
fout.close()
print('Correct PE dumped in %s' % args.write)
if args.extra is not None:
fout = open(args.extra, 'wb')
fout.write(data[size:])
fout.close()
print('Dumped extra data in %s' % args.extra)
else:
if len(data) == size:
print('Correct size')
else:
print("File too short (%i while it should be %i)" % (len(data), size))
if args.write is not None or args.extra is not None:
print('No extradata, can\'t do anything for you, sorry!')