Module `refinery.units.formats.pe.pecdb`

Expand source code Browse git

from __future__ import annotations

from refinery.units import Unit


class pecdb(Unit):
    """
    Clear the ASLR flag and set integrity in a PE header to fix the image base.

    Short for "PE: Clear Dynamic Base"; this unit will clear the bit in the PE header that
    allows for address space layout randomization. It will also set the integrity flag. With
    both bits set, this DLL when loaded into memory will usually be loaded at its
    header-defined base address, which can make debugging easier.
    """
    @classmethod
    def handles(cls, data) -> bool | None:
        from refinery.lib.id import is_likely_pe
        if is_likely_pe(data):
            return True

    def process(self, data: bytearray):
        from refinery.lib.shared.pefile import pefile
        pe = pefile.PE(data=data, fast_load=True)
        dc = pe.OPTIONAL_HEADER.DllCharacteristics
        dc = dc & ~0x40 # IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
        dc = dc & +0x80 # IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
        pe.OPTIONAL_HEADER.DllCharacteristics = dc
        return pe.write()

Classes

class pecdb

Clear the ASLR flag and set integrity in a PE header to fix the image base.

Short for "PE: Clear Dynamic Base"; this unit will clear the bit in the PE header that allows for address space layout randomization. It will also set the integrity flag. With both bits set, this DLL when loaded into memory will usually be loaded at its header-defined base address, which can make debugging easier.

Expand source code Browse git

class pecdb(Unit):
    """
    Clear the ASLR flag and set integrity in a PE header to fix the image base.

    Short for "PE: Clear Dynamic Base"; this unit will clear the bit in the PE header that
    allows for address space layout randomization. It will also set the integrity flag. With
    both bits set, this DLL when loaded into memory will usually be loaded at its
    header-defined base address, which can make debugging easier.
    """
    @classmethod
    def handles(cls, data) -> bool | None:
        from refinery.lib.id import is_likely_pe
        if is_likely_pe(data):
            return True

    def process(self, data: bytearray):
        from refinery.lib.shared.pefile import pefile
        pe = pefile.PE(data=data, fast_load=True)
        dc = pe.OPTIONAL_HEADER.DllCharacteristics
        dc = dc & ~0x40 # IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
        dc = dc & +0x80 # IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
        pe.OPTIONAL_HEADER.DllCharacteristics = dc
        return pe.write()

Ancestors

Subclasses

pecdb

Class variables

var reverse: The type of the None singleton.

Inherited members

Unit:
- console
- handles
- optional_dependencies
- required_dependencies
Unit:
- FilterEverything
- Requires
- act
- assemble
- codec
- finish
- is_quiet
- is_reversible
- isatty
- labelled
- leniency
- log_always
- log_debug
- log_detach
- log_fail
- log_info
- log_level
- log_warn
- logger
- name
- nozzle
- read
- read1
- reset
- run
- source
- superinit
UnitBase:
- process
UnitBase:
- filter