Module refinery.units.formats.pe.perc
Expand source code Browse git
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from typing import Tuple, Dict, List, Optional
import enum
import pefile
import struct
import json
from refinery.units.formats import UnpackResult, PathExtractorUnit, Arg
from refinery.units.formats.pe.pemeta import pemeta
from refinery.lib.structures import Struct, StructReader
class RSRC(enum.IntEnum):
CURSOR = 0x01 # noqa
BITMAP = 0x02 # noqa
ICON = 0x03 # noqa
MENU = 0x04 # noqa
DIALOG = 0x05 # noqa
STRING = 0x06 # noqa
FONTDIR = 0x07 # noqa
FONT = 0x08 # noqa
ACCELERATOR = 0x09 # noqa
RCDATA = 0x0A # noqa
MESSAGETABLE = 0x0B # noqa
ICON_GROUP = 0x0E # noqa
VERSION = 0x10 # noqa
DLGINCLUDE = 0x11 # noqa
PLUGPLAY = 0x13 # noqa
VXD = 0x14 # noqa
ANICURSOR = 0x15 # noqa
ANIICON = 0x16 # noqa
HTML = 0x17 # noqa
MANIFEST = 0x18 # noqa
def __str__(self):
return self.name
class GRPICONDIRENTRY(Struct):
def __init__(self, reader: StructReader):
self.width = reader.u8()
self.height = reader.u8()
self.color_count = reader.u8()
self.reserved = reader.u8()
self.planes = reader.u16()
self.bit_count = reader.u16()
self.bytes_in_res = reader.u32()
self.nid = reader.u16()
class GRPICONDIR(Struct):
def __init__(self, reader: StructReader):
self.reserved = reader.u16()
self.type = reader.u16()
count = reader.u16()
self.entries = [GRPICONDIRENTRY(reader) for _ in range(count)]
class perc(PathExtractorUnit):
"""
Extract PE file resources.
"""
def __init__(
self, *paths,
pretty: Arg.Switch('-p', help='Add missing headers to bitmap and icon resources.') = False,
**kwargs
):
super().__init__(*paths, pretty=pretty, **kwargs)
def _get_icon_dir(self, pe: pefile.PE):
try:
group, = (e for e in pe.DIRECTORY_ENTRY_RESOURCE.entries if e.id == RSRC.ICON_GROUP.value)
group = group.directory.entries[0].directory.entries[0].data.struct
return GRPICONDIR(pe.get_data(group.OffsetToData, group.Size))
except Exception:
return None
def _search(self, pe: pefile.PE, directory, level=0, *parts):
if level >= 3:
self.log_warn(F'unexpected resource tree level {level + 1:d}')
for entry in directory.entries:
if entry.name:
identifier = str(entry.name)
elif level == 0 and entry.id in iter(RSRC):
identifier = RSRC(entry.id)
elif entry.id is not None:
identifier = entry.id
else:
self.log_warn(F'resource entry has name {entry.name} and id {entry.id} at level {level + 1:d}')
continue
if entry.struct.DataIsDirectory:
yield from self._search(pe, entry.directory, level + 1, *parts, identifier)
else:
rva = entry.data.struct.OffsetToData
size = entry.data.struct.Size
path = '/'.join(str(p) for p in (*parts, identifier))
extract = None
if self.args.pretty:
if parts[0] is RSRC.BITMAP:
extract = self._handle_bitmap(pe, rva, size)
elif parts[0] is RSRC.ICON:
extract = self._handle_icon(pe, parts, rva, size)
elif parts[0] is RSRC.STRING:
extract = self._handle_strings(pe, parts, rva, size)
if extract is None:
def extract(pe=pe):
return pe.get_data(rva, size)
yield UnpackResult(
path,
extract,
offset=pe.get_offset_from_rva(rva),
lcid=self._get_lcid(entry.data),
)
def _get_lcid(self, node_data) -> Optional[str]:
try:
pid = node_data.lang or 0
sid = node_data.sublang or 0
except AttributeError:
return None
try:
pid = self._LANG_ID_TO_LCID[pid]
except KeyError:
return None
lcid = pid.get(sid, 0)
return pemeta._LCID.get(lcid)
def _handle_strings(self, pe: pefile.PE, parts: Tuple[RSRC, int, int], rva: int, size: int):
def extract(pe=pe):
self.log_debug(parts)
base = (parts[1] - 1) << 4
reader = StructReader(pe.get_data(rva, size))
table = {}
index = 0
while not reader.eof:
string = reader.read_exactly(reader.u16() * 2)
if not string:
break
key = F'{base + index:04X}'
table[key] = string.decode('utf-16le')
index += 1
return json.dumps(table, indent=4).encode(self.codec)
return extract
def _handle_bitmap(self, pe: pefile.PE, rva: int, size: int):
def extract(pe=pe):
bitmap = pe.get_data(rva, size)
total = (len(bitmap) + 14).to_bytes(4, 'little')
return B'BM' + total + B'\0\0\0\0\x36\0\0\0' + bitmap
return extract
def _handle_icon(self, pe: pefile.PE, parts: Tuple[RSRC, int, int], rva: int, size: int):
try:
icondir = self._get_icon_dir(pe)
index = int(parts[1]) - 1
info = icondir.entries[index]
icon = pe.get_data(rva, size)
except Exception:
return None
if icon.startswith(B'(\0\0\0'):
header = struct.pack('<HHHBBBBHHII',
0,
1,
1,
info.width,
info.height,
info.color_count,
0,
info.planes,
info.bit_count,
len(icon),
0x16
)
icon = header + icon
return icon
def unpack(self, data):
pe = pefile.PE(data=data, fast_load=True)
pe.parse_data_directories(
directories=pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE'])
try:
rsrc = pe.DIRECTORY_ENTRY_RESOURCE
except AttributeError:
pass
else:
yield from self._search(pe, rsrc)
def _mktbl(ids: List[Tuple[int, int, int]]) -> Dict[int, Dict[int, int]]:
table = {}
for pid, sid, lcid in ids:
if pid not in table:
table[pid] = {0: lcid}
table[pid][sid] = lcid
return table
_LANG_ID_TO_LCID = _mktbl([
(0x00, 0x03, 0x0C00),
(0x00, 0x05, 0x1400),
(0x7F, 0x00, 0x007F),
(0x00, 0x00, 0x0000),
(0x02, 0x02, 0x0800),
(0x00, 0x04, 0x1000),
(0x00, 0x01, 0x0400),
(0x36, 0x01, 0x0436),
(0x1c, 0x01, 0x041C),
(0x84, 0x01, 0x0484),
(0x5E, 0x01, 0x045E),
(0x01, 0x05, 0x1401),
(0x01, 0x0f, 0x3C01),
(0x01, 0x03, 0x0C01),
(0x01, 0x02, 0x0801),
(0x01, 0x0B, 0x2C01),
(0x01, 0x0D, 0x3401),
(0x01, 0x0C, 0x3001),
(0x01, 0x04, 0x1001),
(0x01, 0x06, 0x1801),
(0x01, 0x08, 0x2001),
(0x01, 0x10, 0x4001),
(0x01, 0x01, 0x0401),
(0x01, 0x0A, 0x2801),
(0x01, 0x07, 0x1C01),
(0x01, 0x0E, 0x3801),
(0x01, 0x09, 0x2401),
(0x2B, 0x01, 0x042B),
(0x4D, 0x01, 0x044D),
(0x2C, 0x02, 0x082C),
(0x2C, 0x01, 0x042C),
(0x45, 0x02, 0x0445),
(0x6D, 0x01, 0x046D),
(0x2d, 0x01, 0x042D),
(0x23, 0x01, 0x0423),
(0x1A, 0x08, 0x201A),
(0x1A, 0x05, 0x141A),
(0x7E, 0x01, 0x047E),
(0x02, 0x01, 0x0402),
(0x92, 0x01, 0x0492),
(0x5C, 0x01, 0x045C),
(0x03, 0x01, 0x0403),
(0x04, 0x03, 0x0C04),
(0x04, 0x05, 0x1404),
(0x04, 0x04, 0x1004),
(0x04, 0x02, 0x0004),
(0x04, 0x01, 0x7C04),
(0x83, 0x01, 0x0483),
(0x1A, None, 0x001A),
(0x1a, 0x04, 0x101A),
(0x1a, 0x01, 0x041A),
(0x05, 0x01, 0x0405),
(0x06, 0x01, 0x0406),
(0x8C, 0x01, 0x048C),
(0x65, 0x01, 0x0465),
(0x13, 0x02, 0x0813),
(0x13, 0x01, 0x0413),
(0x09, 0x03, 0x0C09),
(0x09, 0x0A, 0x2809),
(0x09, 0x04, 0x1009),
(0x09, 0x09, 0x2409),
(0x09, 0x10, 0x4009),
(0x09, 0x06, 0x1809),
(0x09, 0x08, 0x2009),
(0x09, 0x11, 0x4409),
(0x09, 0x05, 0x1409),
(0x09, 0x0D, 0x3409),
(0x09, 0x12, 0x4809),
(0x09, 0x07, 0x1c09),
(0x09, 0x0B, 0x2C09),
(0x09, 0x02, 0x0809),
(0x09, 0x01, 0x0409),
(0x09, 0x0C, 0x3009),
(0x25, 0x01, 0x0425),
(0x38, 0x01, 0x0438),
(0x64, 0x01, 0x0464),
(0x0B, 0x01, 0x040B),
(0x0C, 0x02, 0x080c),
(0x0C, 0x03, 0x0C0C),
(0x0C, 0x01, 0x040c),
(0x0C, 0x05, 0x140C),
(0x0C, 0x06, 0x180C),
(0x0C, 0x04, 0x100C),
(0x62, 0x01, 0x0462),
(0x56, 0x01, 0x0456),
(0x37, 0x01, 0x0437),
(0x07, 0x03, 0x0C07),
(0x07, 0x01, 0x0407),
(0x07, 0x05, 0x1407),
(0x07, 0x04, 0x1007),
(0x07, 0x02, 0x0807),
(0x08, 0x01, 0x0408),
(0x6F, 0x01, 0x046F),
(0x47, 0x01, 0x0447),
(0x68, 0x01, 0x0468),
(0x75, 0x01, 0x0475),
(0x0D, 0x01, 0x040D),
(0x39, 0x01, 0x0439),
(0x0E, 0x01, 0x040E),
(0x0F, 0x01, 0x040F),
(0x70, 0x01, 0x0470),
(0x21, 0x01, 0x0421),
(0x5D, 0x02, 0x085D),
(0x5D, 0x01, 0x045D),
(0x3C, 0x02, 0x083C),
(0x34, 0x01, 0x0434),
(0x35, 0x01, 0x0435),
(0x10, 0x01, 0x0410),
(0x10, 0x02, 0x0810),
(0x11, 0x01, 0x0411),
(0x4B, 0x01, 0x044B),
(0x3F, 0x01, 0x043F),
(0x53, 0x01, 0x0453),
(0x86, 0x01, 0x0486),
(0x87, 0x01, 0x0487),
(0x57, 0x01, 0x0457),
(0x12, 0x01, 0x0412),
(0x40, 0x01, 0x0440),
(0x54, 0x01, 0x0454),
(0x26, 0x01, 0x0426),
(0x27, 0x01, 0x0427),
(0x2E, 0x02, 0x082E),
(0x6E, 0x01, 0x046E),
(0x2F, 0x01, 0x042F),
(0x3E, 0x02, 0x083E),
(0x3E, 0x01, 0x043e),
(0x4C, 0x01, 0x044C),
(0x3A, 0x01, 0x043A),
(0x81, 0x01, 0x0481),
(0x7A, 0x01, 0x047A),
(0x4E, 0x01, 0x044E),
(0x7C, 0x01, 0x047C),
(0x50, 0x01, 0x0450),
(0x50, 0x02, 0x0850),
(0x61, 0x01, 0x0461),
(0x14, 0x01, 0x0414),
(0x14, 0x02, 0x0814),
(0x82, 0x01, 0x0482),
(0x48, 0x01, 0x0448),
(0x63, 0x01, 0x0463),
(0x29, 0x01, 0x0429),
(0x15, 0x01, 0x0415),
(0x16, 0x01, 0x0416),
(0x16, 0x02, 0x0816),
(0x67, 0x02, 0x0867),
(0x46, 0x01, 0x0446),
(0x46, 0x02, 0x0846),
(0x6B, 0x01, 0x046B),
(0x6B, 0x02, 0x086B),
(0x6B, 0x03, 0x0C6B),
(0x18, 0x01, 0x0418),
(0x17, 0x01, 0x0417),
(0x19, 0x01, 0x0419),
(0x85, 0x01, 0x0485),
(0x3B, 0x09, 0x243B),
(0x3B, 0x04, 0x103B),
(0x3B, 0x05, 0x143B),
(0x3B, 0x03, 0x0C3B),
(0x3B, 0x01, 0x043B),
(0x3B, 0x02, 0x083B),
(0x3B, 0x08, 0x203B),
(0x3B, 0x06, 0x183B),
(0x3B, 0x07, 0x1C3B),
(0x4F, 0x01, 0x044F),
(0x1a, 0x07, 0x1C1A),
(0x1a, 0x06, 0x181A),
(0x1a, 0x03, 0x0C1A),
(0x1a, 0x02, 0x081A),
(0x6C, 0x01, 0x046C),
(0x32, 0x02, 0x0832),
(0x32, 0x01, 0x0432),
(0x32, 0x01, 0x0459),
(0x32, 0x02, 0x0859),
(0x5B, 0x01, 0x045B),
(0x1b, 0x01, 0x041B),
(0x24, 0x01, 0x0424),
(0x0A, 0x0b, 0x2C0A),
(0x0A, 0x10, 0x400A),
(0x0A, 0x0D, 0x340A),
(0x0A, 0x09, 0x240A),
(0x0A, 0x05, 0x140A),
(0x0A, 0x07, 0x1C0A),
(0x0A, 0x0C, 0x300A),
(0x0A, 0x11, 0x440A),
(0x0A, 0x04, 0x100A),
(0x0A, 0x12, 0x480A),
(0x0A, 0x02, 0x080A),
(0x0A, 0x13, 0x4C0A),
(0x0A, 0x06, 0x180A),
(0x0A, 0x0F, 0x3C0A),
(0x0A, 0x0A, 0x280A),
(0x0A, 0x14, 0x500A),
(0x0A, 0x03, 0x0C0A),
(0x0A, 0x01, 0x040A),
(0x0A, 0x15, 0x540A),
(0x0A, 0x0E, 0x380A),
(0x0A, 0x08, 0x200A),
(0x41, 0x01, 0x0441),
(0x1D, 0x02, 0x081D),
(0x1D, 0x01, 0x041D),
(0x5A, 0x01, 0x045A),
(0x28, 0x01, 0x0428),
(0x5F, 0x02, 0x085F),
(0x49, 0x01, 0x0449),
(0x49, 0x02, 0x0849),
(0x44, 0x01, 0x0444),
(0x4A, 0x01, 0x044A),
(0x1E, 0x01, 0x041E),
(0x51, 0x01, 0x0451),
(0x73, 0x02, 0x0873),
(0x73, 0x01, 0x0473),
(0x1F, 0x01, 0x041F),
(0x42, 0x01, 0x0442),
(0x22, 0x01, 0x0422),
(0x2E, 0x01, 0x042E),
(0x20, 0x02, 0x0820),
(0x20, 0x01, 0x0420),
(0x80, 0x01, 0x0480),
(0x43, 0x02, 0x0843),
(0x43, 0x01, 0x0443),
(0x03, 0x02, 0x0803),
(0x2A, 0x01, 0x042A),
(0x52, 0x01, 0x0452),
(0x88, 0x01, 0x0488),
(0x78, 0x01, 0x0478),
(0x6A, 0x01, 0x046A),
])Classes
class RSRC (value, names=None, *, module=None, qualname=None, type=None, start=1)-
An enumeration.
Expand source code Browse git
class RSRC(enum.IntEnum): CURSOR = 0x01 # noqa BITMAP = 0x02 # noqa ICON = 0x03 # noqa MENU = 0x04 # noqa DIALOG = 0x05 # noqa STRING = 0x06 # noqa FONTDIR = 0x07 # noqa FONT = 0x08 # noqa ACCELERATOR = 0x09 # noqa RCDATA = 0x0A # noqa MESSAGETABLE = 0x0B # noqa ICON_GROUP = 0x0E # noqa VERSION = 0x10 # noqa DLGINCLUDE = 0x11 # noqa PLUGPLAY = 0x13 # noqa VXD = 0x14 # noqa ANICURSOR = 0x15 # noqa ANIICON = 0x16 # noqa HTML = 0x17 # noqa MANIFEST = 0x18 # noqa def __str__(self): return self.nameAncestors
- enum.IntEnum
- builtins.int
- enum.Enum
Class variables
var CURSORvar BITMAPvar ICONvar MENUvar DIALOGvar STRINGvar FONTDIRvar FONTvar ACCELERATORvar RCDATAvar MESSAGETABLEvar ICON_GROUPvar VERSIONvar DLGINCLUDEvar PLUGPLAYvar VXDvar ANICURSORvar ANIICONvar HTMLvar MANIFEST
class GRPICONDIRENTRY (reader)-
A class to parse structured data. A
Structclass can be instantiated as follows:foo = Struct(data, bar=29)The initialization routine of the structure will be called with a single argument
reader. If the objectdatais already aStructReader, then it will be passed asreader. Otherwise, the argument will be wrapped in aStructReader. Additional arguments to the struct are passed through.Expand source code Browse git
class GRPICONDIRENTRY(Struct): def __init__(self, reader: StructReader): self.width = reader.u8() self.height = reader.u8() self.color_count = reader.u8() self.reserved = reader.u8() self.planes = reader.u16() self.bit_count = reader.u16() self.bytes_in_res = reader.u32() self.nid = reader.u16()Ancestors
class GRPICONDIR (reader)-
A class to parse structured data. A
Structclass can be instantiated as follows:foo = Struct(data, bar=29)The initialization routine of the structure will be called with a single argument
reader. If the objectdatais already aStructReader, then it will be passed asreader. Otherwise, the argument will be wrapped in aStructReader. Additional arguments to the struct are passed through.Expand source code Browse git
class GRPICONDIR(Struct): def __init__(self, reader: StructReader): self.reserved = reader.u16() self.type = reader.u16() count = reader.u16() self.entries = [GRPICONDIRENTRY(reader) for _ in range(count)]Ancestors
class perc (*paths, pretty=False, path=b'path', regex=False, exact=False, fuzzy=0, drop_path=False, join_path=False, list=False)-
Extract PE file resources.
Expand source code Browse git
class perc(PathExtractorUnit): """ Extract PE file resources. """ def __init__( self, *paths, pretty: Arg.Switch('-p', help='Add missing headers to bitmap and icon resources.') = False, **kwargs ): super().__init__(*paths, pretty=pretty, **kwargs) def _get_icon_dir(self, pe: pefile.PE): try: group, = (e for e in pe.DIRECTORY_ENTRY_RESOURCE.entries if e.id == RSRC.ICON_GROUP.value) group = group.directory.entries[0].directory.entries[0].data.struct return GRPICONDIR(pe.get_data(group.OffsetToData, group.Size)) except Exception: return None def _search(self, pe: pefile.PE, directory, level=0, *parts): if level >= 3: self.log_warn(F'unexpected resource tree level {level + 1:d}') for entry in directory.entries: if entry.name: identifier = str(entry.name) elif level == 0 and entry.id in iter(RSRC): identifier = RSRC(entry.id) elif entry.id is not None: identifier = entry.id else: self.log_warn(F'resource entry has name {entry.name} and id {entry.id} at level {level + 1:d}') continue if entry.struct.DataIsDirectory: yield from self._search(pe, entry.directory, level + 1, *parts, identifier) else: rva = entry.data.struct.OffsetToData size = entry.data.struct.Size path = '/'.join(str(p) for p in (*parts, identifier)) extract = None if self.args.pretty: if parts[0] is RSRC.BITMAP: extract = self._handle_bitmap(pe, rva, size) elif parts[0] is RSRC.ICON: extract = self._handle_icon(pe, parts, rva, size) elif parts[0] is RSRC.STRING: extract = self._handle_strings(pe, parts, rva, size) if extract is None: def extract(pe=pe): return pe.get_data(rva, size) yield UnpackResult( path, extract, offset=pe.get_offset_from_rva(rva), lcid=self._get_lcid(entry.data), ) def _get_lcid(self, node_data) -> Optional[str]: try: pid = node_data.lang or 0 sid = node_data.sublang or 0 except AttributeError: return None try: pid = self._LANG_ID_TO_LCID[pid] except KeyError: return None lcid = pid.get(sid, 0) return pemeta._LCID.get(lcid) def _handle_strings(self, pe: pefile.PE, parts: Tuple[RSRC, int, int], rva: int, size: int): def extract(pe=pe): self.log_debug(parts) base = (parts[1] - 1) << 4 reader = StructReader(pe.get_data(rva, size)) table = {} index = 0 while not reader.eof: string = reader.read_exactly(reader.u16() * 2) if not string: break key = F'{base + index:04X}' table[key] = string.decode('utf-16le') index += 1 return json.dumps(table, indent=4).encode(self.codec) return extract def _handle_bitmap(self, pe: pefile.PE, rva: int, size: int): def extract(pe=pe): bitmap = pe.get_data(rva, size) total = (len(bitmap) + 14).to_bytes(4, 'little') return B'BM' + total + B'\0\0\0\0\x36\0\0\0' + bitmap return extract def _handle_icon(self, pe: pefile.PE, parts: Tuple[RSRC, int, int], rva: int, size: int): try: icondir = self._get_icon_dir(pe) index = int(parts[1]) - 1 info = icondir.entries[index] icon = pe.get_data(rva, size) except Exception: return None if icon.startswith(B'(\0\0\0'): header = struct.pack('<HHHBBBBHHII', 0, 1, 1, info.width, info.height, info.color_count, 0, info.planes, info.bit_count, len(icon), 0x16 ) icon = header + icon return icon def unpack(self, data): pe = pefile.PE(data=data, fast_load=True) pe.parse_data_directories( directories=pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']) try: rsrc = pe.DIRECTORY_ENTRY_RESOURCE except AttributeError: pass else: yield from self._search(pe, rsrc) def _mktbl(ids: List[Tuple[int, int, int]]) -> Dict[int, Dict[int, int]]: table = {} for pid, sid, lcid in ids: if pid not in table: table[pid] = {0: lcid} table[pid][sid] = lcid return table _LANG_ID_TO_LCID = _mktbl([ (0x00, 0x03, 0x0C00), (0x00, 0x05, 0x1400), (0x7F, 0x00, 0x007F), (0x00, 0x00, 0x0000), (0x02, 0x02, 0x0800), (0x00, 0x04, 0x1000), (0x00, 0x01, 0x0400), (0x36, 0x01, 0x0436), (0x1c, 0x01, 0x041C), (0x84, 0x01, 0x0484), (0x5E, 0x01, 0x045E), (0x01, 0x05, 0x1401), (0x01, 0x0f, 0x3C01), (0x01, 0x03, 0x0C01), (0x01, 0x02, 0x0801), (0x01, 0x0B, 0x2C01), (0x01, 0x0D, 0x3401), (0x01, 0x0C, 0x3001), (0x01, 0x04, 0x1001), (0x01, 0x06, 0x1801), (0x01, 0x08, 0x2001), (0x01, 0x10, 0x4001), (0x01, 0x01, 0x0401), (0x01, 0x0A, 0x2801), (0x01, 0x07, 0x1C01), (0x01, 0x0E, 0x3801), (0x01, 0x09, 0x2401), (0x2B, 0x01, 0x042B), (0x4D, 0x01, 0x044D), (0x2C, 0x02, 0x082C), (0x2C, 0x01, 0x042C), (0x45, 0x02, 0x0445), (0x6D, 0x01, 0x046D), (0x2d, 0x01, 0x042D), (0x23, 0x01, 0x0423), (0x1A, 0x08, 0x201A), (0x1A, 0x05, 0x141A), (0x7E, 0x01, 0x047E), (0x02, 0x01, 0x0402), (0x92, 0x01, 0x0492), (0x5C, 0x01, 0x045C), (0x03, 0x01, 0x0403), (0x04, 0x03, 0x0C04), (0x04, 0x05, 0x1404), (0x04, 0x04, 0x1004), (0x04, 0x02, 0x0004), (0x04, 0x01, 0x7C04), (0x83, 0x01, 0x0483), (0x1A, None, 0x001A), (0x1a, 0x04, 0x101A), (0x1a, 0x01, 0x041A), (0x05, 0x01, 0x0405), (0x06, 0x01, 0x0406), (0x8C, 0x01, 0x048C), (0x65, 0x01, 0x0465), (0x13, 0x02, 0x0813), (0x13, 0x01, 0x0413), (0x09, 0x03, 0x0C09), (0x09, 0x0A, 0x2809), (0x09, 0x04, 0x1009), (0x09, 0x09, 0x2409), (0x09, 0x10, 0x4009), (0x09, 0x06, 0x1809), (0x09, 0x08, 0x2009), (0x09, 0x11, 0x4409), (0x09, 0x05, 0x1409), (0x09, 0x0D, 0x3409), (0x09, 0x12, 0x4809), (0x09, 0x07, 0x1c09), (0x09, 0x0B, 0x2C09), (0x09, 0x02, 0x0809), (0x09, 0x01, 0x0409), (0x09, 0x0C, 0x3009), (0x25, 0x01, 0x0425), (0x38, 0x01, 0x0438), (0x64, 0x01, 0x0464), (0x0B, 0x01, 0x040B), (0x0C, 0x02, 0x080c), (0x0C, 0x03, 0x0C0C), (0x0C, 0x01, 0x040c), (0x0C, 0x05, 0x140C), (0x0C, 0x06, 0x180C), (0x0C, 0x04, 0x100C), (0x62, 0x01, 0x0462), (0x56, 0x01, 0x0456), (0x37, 0x01, 0x0437), (0x07, 0x03, 0x0C07), (0x07, 0x01, 0x0407), (0x07, 0x05, 0x1407), (0x07, 0x04, 0x1007), (0x07, 0x02, 0x0807), (0x08, 0x01, 0x0408), (0x6F, 0x01, 0x046F), (0x47, 0x01, 0x0447), (0x68, 0x01, 0x0468), (0x75, 0x01, 0x0475), (0x0D, 0x01, 0x040D), (0x39, 0x01, 0x0439), (0x0E, 0x01, 0x040E), (0x0F, 0x01, 0x040F), (0x70, 0x01, 0x0470), (0x21, 0x01, 0x0421), (0x5D, 0x02, 0x085D), (0x5D, 0x01, 0x045D), (0x3C, 0x02, 0x083C), (0x34, 0x01, 0x0434), (0x35, 0x01, 0x0435), (0x10, 0x01, 0x0410), (0x10, 0x02, 0x0810), (0x11, 0x01, 0x0411), (0x4B, 0x01, 0x044B), (0x3F, 0x01, 0x043F), (0x53, 0x01, 0x0453), (0x86, 0x01, 0x0486), (0x87, 0x01, 0x0487), (0x57, 0x01, 0x0457), (0x12, 0x01, 0x0412), (0x40, 0x01, 0x0440), (0x54, 0x01, 0x0454), (0x26, 0x01, 0x0426), (0x27, 0x01, 0x0427), (0x2E, 0x02, 0x082E), (0x6E, 0x01, 0x046E), (0x2F, 0x01, 0x042F), (0x3E, 0x02, 0x083E), (0x3E, 0x01, 0x043e), (0x4C, 0x01, 0x044C), (0x3A, 0x01, 0x043A), (0x81, 0x01, 0x0481), (0x7A, 0x01, 0x047A), (0x4E, 0x01, 0x044E), (0x7C, 0x01, 0x047C), (0x50, 0x01, 0x0450), (0x50, 0x02, 0x0850), (0x61, 0x01, 0x0461), (0x14, 0x01, 0x0414), (0x14, 0x02, 0x0814), (0x82, 0x01, 0x0482), (0x48, 0x01, 0x0448), (0x63, 0x01, 0x0463), (0x29, 0x01, 0x0429), (0x15, 0x01, 0x0415), (0x16, 0x01, 0x0416), (0x16, 0x02, 0x0816), (0x67, 0x02, 0x0867), (0x46, 0x01, 0x0446), (0x46, 0x02, 0x0846), (0x6B, 0x01, 0x046B), (0x6B, 0x02, 0x086B), (0x6B, 0x03, 0x0C6B), (0x18, 0x01, 0x0418), (0x17, 0x01, 0x0417), (0x19, 0x01, 0x0419), (0x85, 0x01, 0x0485), (0x3B, 0x09, 0x243B), (0x3B, 0x04, 0x103B), (0x3B, 0x05, 0x143B), (0x3B, 0x03, 0x0C3B), (0x3B, 0x01, 0x043B), (0x3B, 0x02, 0x083B), (0x3B, 0x08, 0x203B), (0x3B, 0x06, 0x183B), (0x3B, 0x07, 0x1C3B), (0x4F, 0x01, 0x044F), (0x1a, 0x07, 0x1C1A), (0x1a, 0x06, 0x181A), (0x1a, 0x03, 0x0C1A), (0x1a, 0x02, 0x081A), (0x6C, 0x01, 0x046C), (0x32, 0x02, 0x0832), (0x32, 0x01, 0x0432), (0x32, 0x01, 0x0459), (0x32, 0x02, 0x0859), (0x5B, 0x01, 0x045B), (0x1b, 0x01, 0x041B), (0x24, 0x01, 0x0424), (0x0A, 0x0b, 0x2C0A), (0x0A, 0x10, 0x400A), (0x0A, 0x0D, 0x340A), (0x0A, 0x09, 0x240A), (0x0A, 0x05, 0x140A), (0x0A, 0x07, 0x1C0A), (0x0A, 0x0C, 0x300A), (0x0A, 0x11, 0x440A), (0x0A, 0x04, 0x100A), (0x0A, 0x12, 0x480A), (0x0A, 0x02, 0x080A), (0x0A, 0x13, 0x4C0A), (0x0A, 0x06, 0x180A), (0x0A, 0x0F, 0x3C0A), (0x0A, 0x0A, 0x280A), (0x0A, 0x14, 0x500A), (0x0A, 0x03, 0x0C0A), (0x0A, 0x01, 0x040A), (0x0A, 0x15, 0x540A), (0x0A, 0x0E, 0x380A), (0x0A, 0x08, 0x200A), (0x41, 0x01, 0x0441), (0x1D, 0x02, 0x081D), (0x1D, 0x01, 0x041D), (0x5A, 0x01, 0x045A), (0x28, 0x01, 0x0428), (0x5F, 0x02, 0x085F), (0x49, 0x01, 0x0449), (0x49, 0x02, 0x0849), (0x44, 0x01, 0x0444), (0x4A, 0x01, 0x044A), (0x1E, 0x01, 0x041E), (0x51, 0x01, 0x0451), (0x73, 0x02, 0x0873), (0x73, 0x01, 0x0473), (0x1F, 0x01, 0x041F), (0x42, 0x01, 0x0442), (0x22, 0x01, 0x0422), (0x2E, 0x01, 0x042E), (0x20, 0x02, 0x0820), (0x20, 0x01, 0x0420), (0x80, 0x01, 0x0480), (0x43, 0x02, 0x0843), (0x43, 0x01, 0x0443), (0x03, 0x02, 0x0803), (0x2A, 0x01, 0x042A), (0x52, 0x01, 0x0452), (0x88, 0x01, 0x0488), (0x78, 0x01, 0x0478), (0x6A, 0x01, 0x046A), ])Ancestors
Class variables
var required_dependenciesvar optional_dependencies
Methods
def unpack(self, data)-
Expand source code Browse git
def unpack(self, data): pe = pefile.PE(data=data, fast_load=True) pe.parse_data_directories( directories=pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']) try: rsrc = pe.DIRECTORY_ENTRY_RESOURCE except AttributeError: pass else: yield from self._search(pe, rsrc)
Inherited members