Module refinery.units.formats.pe.perc
Expand source code Browse git
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from __future__ import annotations
from typing import List, Dict, Tuple, Callable, Optional
import enum
import struct
from refinery.units.formats import UnpackResult, PathExtractorUnit, Arg
from refinery.lib import lief
from refinery.lib.lcid import LCID
from refinery.lib.structures import Struct, StructReader
from refinery.lib.types import ByteStr
class RSRC(enum.IntEnum):
CURSOR = 0x01 # noqa
BITMAP = 0x02 # noqa
ICON = 0x03 # noqa
MENU = 0x04 # noqa
DIALOG = 0x05 # noqa
STRING = 0x06 # noqa
FONTDIR = 0x07 # noqa
FONT = 0x08 # noqa
ACCELERATOR = 0x09 # noqa
RCDATA = 0x0A # noqa
MESSAGETABLE = 0x0B # noqa
ICON_GROUP = 0x0E # noqa
VERSION = 0x10 # noqa
DLGINCLUDE = 0x11 # noqa
PLUGPLAY = 0x13 # noqa
VXD = 0x14 # noqa
ANICURSOR = 0x15 # noqa
ANIICON = 0x16 # noqa
HTML = 0x17 # noqa
MANIFEST = 0x18 # noqa
def __str__(self):
return self.name
class GRPICONDIRENTRY(Struct):
def __init__(self, reader: StructReader):
self.width = reader.u8()
self.height = reader.u8()
self.color_count = reader.u8()
self.reserved = reader.u8()
self.planes = reader.u16()
self.bit_count = reader.u16()
self.bytes_in_res = reader.u32()
self.nid = reader.u16()
class GRPICONDIR(Struct):
def __init__(self, reader: StructReader):
self.reserved = reader.u16()
self.type = reader.u16()
count = reader.u16()
self.entries = [GRPICONDIRENTRY(reader) for _ in range(count)]
class perc(PathExtractorUnit):
"""
Extract PE file resources.
"""
def __init__(
self, *paths,
pretty: Arg.Switch('-p', help='Add missing headers to bitmap and icon resources.') = False,
**kwargs
):
super().__init__(*paths, pretty=pretty, **kwargs)
def _get_icon_dir(self, pe: lief.PE.Binary):
for manifest_entry in pe.resources.childs:
if manifest_entry.id != RSRC.ICON_GROUP.value:
continue
child: lief.PE.ResourceData = manifest_entry.childs[0].childs[0]
return GRPICONDIR(bytearray(child.content))
def _search(self, pe: lief.PE.Binary, directory: lief.PE.ResourceDirectory, *parts):
if directory.depth >= 3:
self.log_warn(F'unexpected resource tree level {directory.depth + 1:d}')
for entry in directory.childs:
entry: lief.PE.ResourceData
if entry.has_name:
identifier = str(entry.name)
elif directory.depth == 0 and entry.id in iter(RSRC):
identifier = RSRC(entry.id)
elif entry.id is not None:
identifier = entry.id
else:
self.log_warn(F'resource entry has name {entry.name} and id {entry.id} at level {directory.depth + 1:d}')
continue
if entry.is_directory:
yield from self._search(pe, entry, *parts, identifier)
else:
def extract(_=pe, e=entry):
return bytearray(e.content)
path = '/'.join(str(p) for p in (*parts, identifier))
if self.args.pretty:
if parts[0] is RSRC.BITMAP:
extract = self._handle_bitmap(extract)
elif parts[0] is RSRC.ICON:
extract = self._handle_icon(pe, extract, parts)
yield UnpackResult(
path,
extract,
lcid=self._get_lcid(entry),
offset=entry.offset,
)
def _get_lcid(self, node_data) -> Optional[str]:
try:
pid = node_data.id & 0x3FF
sid = node_data.id >> 0x0A
except AttributeError:
return None
try:
pid = self._LANG_ID_TO_LCID[pid]
except KeyError:
return None
lcid = pid.get(sid, 0)
return LCID.get(lcid)
def _handle_bitmap(self, extract_raw_data: Callable[[], ByteStr]) -> ByteStr:
def extract():
bitmap = extract_raw_data()
total = (len(bitmap) + 14).to_bytes(4, 'little')
return B'BM' + total + B'\0\0\0\0\x36\0\0\0' + bitmap
return extract
def _handle_icon(
self,
pe: lief.PE.Binary,
extract_raw_data: Callable[[], ByteStr],
parts: Tuple[RSRC, int, int]
) -> ByteStr:
try:
icondir = self._get_icon_dir(pe)
index = int(parts[1]) - 1
info = icondir.entries[index]
except Exception as E:
self.log_warn(F'unable to generate icon header: {E!s}')
return extract_raw_data
def extract(info=info):
icon = extract_raw_data()
if icon.startswith(B'(\0\0\0'):
header = struct.pack('<HHHBBBBHHII',
0,
1,
1,
info.width,
info.height,
info.color_count,
0,
info.planes,
info.bit_count,
len(icon),
0x16
)
icon = header + icon
return icon
return extract
def unpack(self, data):
pe = lief.load_pe_fast(data, parse_rsrc=True)
if not pe.has_resources:
return
yield from self._search(pe, pe.resources)
def _mktbl(ids: List[Tuple[int, int, int]]) -> Dict[int, Dict[int, int]]:
table = {}
for pid, sid, lcid in ids:
if pid not in table:
table[pid] = {0: lcid}
table[pid][sid] = lcid
return table
_LANG_ID_TO_LCID = _mktbl([
(0x00, 0x03, 0x0C00),
(0x00, 0x05, 0x1400),
(0x7F, 0x00, 0x007F),
(0x00, 0x00, 0x0000),
(0x02, 0x02, 0x0800),
(0x00, 0x04, 0x1000),
(0x00, 0x01, 0x0400),
(0x36, 0x01, 0x0436),
(0x1c, 0x01, 0x041C),
(0x84, 0x01, 0x0484),
(0x5E, 0x01, 0x045E),
(0x01, 0x05, 0x1401),
(0x01, 0x0f, 0x3C01),
(0x01, 0x03, 0x0C01),
(0x01, 0x02, 0x0801),
(0x01, 0x0B, 0x2C01),
(0x01, 0x0D, 0x3401),
(0x01, 0x0C, 0x3001),
(0x01, 0x04, 0x1001),
(0x01, 0x06, 0x1801),
(0x01, 0x08, 0x2001),
(0x01, 0x10, 0x4001),
(0x01, 0x01, 0x0401),
(0x01, 0x0A, 0x2801),
(0x01, 0x07, 0x1C01),
(0x01, 0x0E, 0x3801),
(0x01, 0x09, 0x2401),
(0x2B, 0x01, 0x042B),
(0x4D, 0x01, 0x044D),
(0x2C, 0x02, 0x082C),
(0x2C, 0x01, 0x042C),
(0x45, 0x02, 0x0445),
(0x6D, 0x01, 0x046D),
(0x2d, 0x01, 0x042D),
(0x23, 0x01, 0x0423),
(0x1A, 0x08, 0x201A),
(0x1A, 0x05, 0x141A),
(0x7E, 0x01, 0x047E),
(0x02, 0x01, 0x0402),
(0x92, 0x01, 0x0492),
(0x5C, 0x01, 0x045C),
(0x03, 0x01, 0x0403),
(0x04, 0x03, 0x0C04),
(0x04, 0x05, 0x1404),
(0x04, 0x04, 0x1004),
(0x04, 0x02, 0x0004),
(0x04, 0x01, 0x7C04),
(0x83, 0x01, 0x0483),
(0x1A, None, 0x001A),
(0x1a, 0x04, 0x101A),
(0x1a, 0x01, 0x041A),
(0x05, 0x01, 0x0405),
(0x06, 0x01, 0x0406),
(0x8C, 0x01, 0x048C),
(0x65, 0x01, 0x0465),
(0x13, 0x02, 0x0813),
(0x13, 0x01, 0x0413),
(0x09, 0x03, 0x0C09),
(0x09, 0x0A, 0x2809),
(0x09, 0x04, 0x1009),
(0x09, 0x09, 0x2409),
(0x09, 0x10, 0x4009),
(0x09, 0x06, 0x1809),
(0x09, 0x08, 0x2009),
(0x09, 0x11, 0x4409),
(0x09, 0x05, 0x1409),
(0x09, 0x0D, 0x3409),
(0x09, 0x12, 0x4809),
(0x09, 0x07, 0x1c09),
(0x09, 0x0B, 0x2C09),
(0x09, 0x02, 0x0809),
(0x09, 0x01, 0x0409),
(0x09, 0x0C, 0x3009),
(0x25, 0x01, 0x0425),
(0x38, 0x01, 0x0438),
(0x64, 0x01, 0x0464),
(0x0B, 0x01, 0x040B),
(0x0C, 0x02, 0x080c),
(0x0C, 0x03, 0x0C0C),
(0x0C, 0x01, 0x040c),
(0x0C, 0x05, 0x140C),
(0x0C, 0x06, 0x180C),
(0x0C, 0x04, 0x100C),
(0x62, 0x01, 0x0462),
(0x56, 0x01, 0x0456),
(0x37, 0x01, 0x0437),
(0x07, 0x03, 0x0C07),
(0x07, 0x01, 0x0407),
(0x07, 0x05, 0x1407),
(0x07, 0x04, 0x1007),
(0x07, 0x02, 0x0807),
(0x08, 0x01, 0x0408),
(0x6F, 0x01, 0x046F),
(0x47, 0x01, 0x0447),
(0x68, 0x01, 0x0468),
(0x75, 0x01, 0x0475),
(0x0D, 0x01, 0x040D),
(0x39, 0x01, 0x0439),
(0x0E, 0x01, 0x040E),
(0x0F, 0x01, 0x040F),
(0x70, 0x01, 0x0470),
(0x21, 0x01, 0x0421),
(0x5D, 0x02, 0x085D),
(0x5D, 0x01, 0x045D),
(0x3C, 0x02, 0x083C),
(0x34, 0x01, 0x0434),
(0x35, 0x01, 0x0435),
(0x10, 0x01, 0x0410),
(0x10, 0x02, 0x0810),
(0x11, 0x01, 0x0411),
(0x4B, 0x01, 0x044B),
(0x3F, 0x01, 0x043F),
(0x53, 0x01, 0x0453),
(0x86, 0x01, 0x0486),
(0x87, 0x01, 0x0487),
(0x57, 0x01, 0x0457),
(0x12, 0x01, 0x0412),
(0x40, 0x01, 0x0440),
(0x54, 0x01, 0x0454),
(0x26, 0x01, 0x0426),
(0x27, 0x01, 0x0427),
(0x2E, 0x02, 0x082E),
(0x6E, 0x01, 0x046E),
(0x2F, 0x01, 0x042F),
(0x3E, 0x02, 0x083E),
(0x3E, 0x01, 0x043e),
(0x4C, 0x01, 0x044C),
(0x3A, 0x01, 0x043A),
(0x81, 0x01, 0x0481),
(0x7A, 0x01, 0x047A),
(0x4E, 0x01, 0x044E),
(0x7C, 0x01, 0x047C),
(0x50, 0x01, 0x0450),
(0x50, 0x02, 0x0850),
(0x61, 0x01, 0x0461),
(0x14, 0x01, 0x0414),
(0x14, 0x02, 0x0814),
(0x82, 0x01, 0x0482),
(0x48, 0x01, 0x0448),
(0x63, 0x01, 0x0463),
(0x29, 0x01, 0x0429),
(0x15, 0x01, 0x0415),
(0x16, 0x01, 0x0416),
(0x16, 0x02, 0x0816),
(0x67, 0x02, 0x0867),
(0x46, 0x01, 0x0446),
(0x46, 0x02, 0x0846),
(0x6B, 0x01, 0x046B),
(0x6B, 0x02, 0x086B),
(0x6B, 0x03, 0x0C6B),
(0x18, 0x01, 0x0418),
(0x17, 0x01, 0x0417),
(0x19, 0x01, 0x0419),
(0x85, 0x01, 0x0485),
(0x3B, 0x09, 0x243B),
(0x3B, 0x04, 0x103B),
(0x3B, 0x05, 0x143B),
(0x3B, 0x03, 0x0C3B),
(0x3B, 0x01, 0x043B),
(0x3B, 0x02, 0x083B),
(0x3B, 0x08, 0x203B),
(0x3B, 0x06, 0x183B),
(0x3B, 0x07, 0x1C3B),
(0x4F, 0x01, 0x044F),
(0x1a, 0x07, 0x1C1A),
(0x1a, 0x06, 0x181A),
(0x1a, 0x03, 0x0C1A),
(0x1a, 0x02, 0x081A),
(0x6C, 0x01, 0x046C),
(0x32, 0x02, 0x0832),
(0x32, 0x01, 0x0432),
(0x32, 0x01, 0x0459),
(0x32, 0x02, 0x0859),
(0x5B, 0x01, 0x045B),
(0x1b, 0x01, 0x041B),
(0x24, 0x01, 0x0424),
(0x0A, 0x0b, 0x2C0A),
(0x0A, 0x10, 0x400A),
(0x0A, 0x0D, 0x340A),
(0x0A, 0x09, 0x240A),
(0x0A, 0x05, 0x140A),
(0x0A, 0x07, 0x1C0A),
(0x0A, 0x0C, 0x300A),
(0x0A, 0x11, 0x440A),
(0x0A, 0x04, 0x100A),
(0x0A, 0x12, 0x480A),
(0x0A, 0x02, 0x080A),
(0x0A, 0x13, 0x4C0A),
(0x0A, 0x06, 0x180A),
(0x0A, 0x0F, 0x3C0A),
(0x0A, 0x0A, 0x280A),
(0x0A, 0x14, 0x500A),
(0x0A, 0x03, 0x0C0A),
(0x0A, 0x01, 0x040A),
(0x0A, 0x15, 0x540A),
(0x0A, 0x0E, 0x380A),
(0x0A, 0x08, 0x200A),
(0x41, 0x01, 0x0441),
(0x1D, 0x02, 0x081D),
(0x1D, 0x01, 0x041D),
(0x5A, 0x01, 0x045A),
(0x28, 0x01, 0x0428),
(0x5F, 0x02, 0x085F),
(0x49, 0x01, 0x0449),
(0x49, 0x02, 0x0849),
(0x44, 0x01, 0x0444),
(0x4A, 0x01, 0x044A),
(0x1E, 0x01, 0x041E),
(0x51, 0x01, 0x0451),
(0x73, 0x02, 0x0873),
(0x73, 0x01, 0x0473),
(0x1F, 0x01, 0x041F),
(0x42, 0x01, 0x0442),
(0x22, 0x01, 0x0422),
(0x2E, 0x01, 0x042E),
(0x20, 0x02, 0x0820),
(0x20, 0x01, 0x0420),
(0x80, 0x01, 0x0480),
(0x43, 0x02, 0x0843),
(0x43, 0x01, 0x0443),
(0x03, 0x02, 0x0803),
(0x2A, 0x01, 0x042A),
(0x52, 0x01, 0x0452),
(0x88, 0x01, 0x0488),
(0x78, 0x01, 0x0478),
(0x6A, 0x01, 0x046A),
])Classes
class RSRC (value, names=None, *, module=None, qualname=None, type=None, start=1)-
An enumeration.
Expand source code Browse git
class RSRC(enum.IntEnum): CURSOR = 0x01 # noqa BITMAP = 0x02 # noqa ICON = 0x03 # noqa MENU = 0x04 # noqa DIALOG = 0x05 # noqa STRING = 0x06 # noqa FONTDIR = 0x07 # noqa FONT = 0x08 # noqa ACCELERATOR = 0x09 # noqa RCDATA = 0x0A # noqa MESSAGETABLE = 0x0B # noqa ICON_GROUP = 0x0E # noqa VERSION = 0x10 # noqa DLGINCLUDE = 0x11 # noqa PLUGPLAY = 0x13 # noqa VXD = 0x14 # noqa ANICURSOR = 0x15 # noqa ANIICON = 0x16 # noqa HTML = 0x17 # noqa MANIFEST = 0x18 # noqa def __str__(self): return self.nameAncestors
- enum.IntEnum
- builtins.int
- enum.Enum
Class variables
var CURSORvar BITMAPvar ICONvar MENUvar DIALOGvar STRINGvar FONTDIRvar FONTvar ACCELERATORvar RCDATAvar MESSAGETABLEvar ICON_GROUPvar VERSIONvar DLGINCLUDEvar PLUGPLAYvar VXDvar ANICURSORvar ANIICONvar HTMLvar MANIFEST
class GRPICONDIRENTRY (reader)-
A class to parse structured data. A
Structclass can be instantiated as follows:foo = Struct(data, bar=29)The initialization routine of the structure will be called with a single argument
reader. If the objectdatais already aStructReader, then it will be passed asreader. Otherwise, the argument will be wrapped in aStructReader. Additional arguments to the struct are passed through.Expand source code Browse git
class GRPICONDIRENTRY(Struct): def __init__(self, reader: StructReader): self.width = reader.u8() self.height = reader.u8() self.color_count = reader.u8() self.reserved = reader.u8() self.planes = reader.u16() self.bit_count = reader.u16() self.bytes_in_res = reader.u32() self.nid = reader.u16()Ancestors
class GRPICONDIR (reader)-
A class to parse structured data. A
Structclass can be instantiated as follows:foo = Struct(data, bar=29)The initialization routine of the structure will be called with a single argument
reader. If the objectdatais already aStructReader, then it will be passed asreader. Otherwise, the argument will be wrapped in aStructReader. Additional arguments to the struct are passed through.Expand source code Browse git
class GRPICONDIR(Struct): def __init__(self, reader: StructReader): self.reserved = reader.u16() self.type = reader.u16() count = reader.u16() self.entries = [GRPICONDIRENTRY(reader) for _ in range(count)]Ancestors
class perc (*paths, pretty=False, path=b'path', regex=False, exact=False, fuzzy=0, drop_path=False, join_path=False, list=False)-
Extract PE file resources.
Expand source code Browse git
class perc(PathExtractorUnit): """ Extract PE file resources. """ def __init__( self, *paths, pretty: Arg.Switch('-p', help='Add missing headers to bitmap and icon resources.') = False, **kwargs ): super().__init__(*paths, pretty=pretty, **kwargs) def _get_icon_dir(self, pe: lief.PE.Binary): for manifest_entry in pe.resources.childs: if manifest_entry.id != RSRC.ICON_GROUP.value: continue child: lief.PE.ResourceData = manifest_entry.childs[0].childs[0] return GRPICONDIR(bytearray(child.content)) def _search(self, pe: lief.PE.Binary, directory: lief.PE.ResourceDirectory, *parts): if directory.depth >= 3: self.log_warn(F'unexpected resource tree level {directory.depth + 1:d}') for entry in directory.childs: entry: lief.PE.ResourceData if entry.has_name: identifier = str(entry.name) elif directory.depth == 0 and entry.id in iter(RSRC): identifier = RSRC(entry.id) elif entry.id is not None: identifier = entry.id else: self.log_warn(F'resource entry has name {entry.name} and id {entry.id} at level {directory.depth + 1:d}') continue if entry.is_directory: yield from self._search(pe, entry, *parts, identifier) else: def extract(_=pe, e=entry): return bytearray(e.content) path = '/'.join(str(p) for p in (*parts, identifier)) if self.args.pretty: if parts[0] is RSRC.BITMAP: extract = self._handle_bitmap(extract) elif parts[0] is RSRC.ICON: extract = self._handle_icon(pe, extract, parts) yield UnpackResult( path, extract, lcid=self._get_lcid(entry), offset=entry.offset, ) def _get_lcid(self, node_data) -> Optional[str]: try: pid = node_data.id & 0x3FF sid = node_data.id >> 0x0A except AttributeError: return None try: pid = self._LANG_ID_TO_LCID[pid] except KeyError: return None lcid = pid.get(sid, 0) return LCID.get(lcid) def _handle_bitmap(self, extract_raw_data: Callable[[], ByteStr]) -> ByteStr: def extract(): bitmap = extract_raw_data() total = (len(bitmap) + 14).to_bytes(4, 'little') return B'BM' + total + B'\0\0\0\0\x36\0\0\0' + bitmap return extract def _handle_icon( self, pe: lief.PE.Binary, extract_raw_data: Callable[[], ByteStr], parts: Tuple[RSRC, int, int] ) -> ByteStr: try: icondir = self._get_icon_dir(pe) index = int(parts[1]) - 1 info = icondir.entries[index] except Exception as E: self.log_warn(F'unable to generate icon header: {E!s}') return extract_raw_data def extract(info=info): icon = extract_raw_data() if icon.startswith(B'(\0\0\0'): header = struct.pack('<HHHBBBBHHII', 0, 1, 1, info.width, info.height, info.color_count, 0, info.planes, info.bit_count, len(icon), 0x16 ) icon = header + icon return icon return extract def unpack(self, data): pe = lief.load_pe_fast(data, parse_rsrc=True) if not pe.has_resources: return yield from self._search(pe, pe.resources) def _mktbl(ids: List[Tuple[int, int, int]]) -> Dict[int, Dict[int, int]]: table = {} for pid, sid, lcid in ids: if pid not in table: table[pid] = {0: lcid} table[pid][sid] = lcid return table _LANG_ID_TO_LCID = _mktbl([ (0x00, 0x03, 0x0C00), (0x00, 0x05, 0x1400), (0x7F, 0x00, 0x007F), (0x00, 0x00, 0x0000), (0x02, 0x02, 0x0800), (0x00, 0x04, 0x1000), (0x00, 0x01, 0x0400), (0x36, 0x01, 0x0436), (0x1c, 0x01, 0x041C), (0x84, 0x01, 0x0484), (0x5E, 0x01, 0x045E), (0x01, 0x05, 0x1401), (0x01, 0x0f, 0x3C01), (0x01, 0x03, 0x0C01), (0x01, 0x02, 0x0801), (0x01, 0x0B, 0x2C01), (0x01, 0x0D, 0x3401), (0x01, 0x0C, 0x3001), (0x01, 0x04, 0x1001), (0x01, 0x06, 0x1801), (0x01, 0x08, 0x2001), (0x01, 0x10, 0x4001), (0x01, 0x01, 0x0401), (0x01, 0x0A, 0x2801), (0x01, 0x07, 0x1C01), (0x01, 0x0E, 0x3801), (0x01, 0x09, 0x2401), (0x2B, 0x01, 0x042B), (0x4D, 0x01, 0x044D), (0x2C, 0x02, 0x082C), (0x2C, 0x01, 0x042C), (0x45, 0x02, 0x0445), (0x6D, 0x01, 0x046D), (0x2d, 0x01, 0x042D), (0x23, 0x01, 0x0423), (0x1A, 0x08, 0x201A), (0x1A, 0x05, 0x141A), (0x7E, 0x01, 0x047E), (0x02, 0x01, 0x0402), (0x92, 0x01, 0x0492), (0x5C, 0x01, 0x045C), (0x03, 0x01, 0x0403), (0x04, 0x03, 0x0C04), (0x04, 0x05, 0x1404), (0x04, 0x04, 0x1004), (0x04, 0x02, 0x0004), (0x04, 0x01, 0x7C04), (0x83, 0x01, 0x0483), (0x1A, None, 0x001A), (0x1a, 0x04, 0x101A), (0x1a, 0x01, 0x041A), (0x05, 0x01, 0x0405), (0x06, 0x01, 0x0406), (0x8C, 0x01, 0x048C), (0x65, 0x01, 0x0465), (0x13, 0x02, 0x0813), (0x13, 0x01, 0x0413), (0x09, 0x03, 0x0C09), (0x09, 0x0A, 0x2809), (0x09, 0x04, 0x1009), (0x09, 0x09, 0x2409), (0x09, 0x10, 0x4009), (0x09, 0x06, 0x1809), (0x09, 0x08, 0x2009), (0x09, 0x11, 0x4409), (0x09, 0x05, 0x1409), (0x09, 0x0D, 0x3409), (0x09, 0x12, 0x4809), (0x09, 0x07, 0x1c09), (0x09, 0x0B, 0x2C09), (0x09, 0x02, 0x0809), (0x09, 0x01, 0x0409), (0x09, 0x0C, 0x3009), (0x25, 0x01, 0x0425), (0x38, 0x01, 0x0438), (0x64, 0x01, 0x0464), (0x0B, 0x01, 0x040B), (0x0C, 0x02, 0x080c), (0x0C, 0x03, 0x0C0C), (0x0C, 0x01, 0x040c), (0x0C, 0x05, 0x140C), (0x0C, 0x06, 0x180C), (0x0C, 0x04, 0x100C), (0x62, 0x01, 0x0462), (0x56, 0x01, 0x0456), (0x37, 0x01, 0x0437), (0x07, 0x03, 0x0C07), (0x07, 0x01, 0x0407), (0x07, 0x05, 0x1407), (0x07, 0x04, 0x1007), (0x07, 0x02, 0x0807), (0x08, 0x01, 0x0408), (0x6F, 0x01, 0x046F), (0x47, 0x01, 0x0447), (0x68, 0x01, 0x0468), (0x75, 0x01, 0x0475), (0x0D, 0x01, 0x040D), (0x39, 0x01, 0x0439), (0x0E, 0x01, 0x040E), (0x0F, 0x01, 0x040F), (0x70, 0x01, 0x0470), (0x21, 0x01, 0x0421), (0x5D, 0x02, 0x085D), (0x5D, 0x01, 0x045D), (0x3C, 0x02, 0x083C), (0x34, 0x01, 0x0434), (0x35, 0x01, 0x0435), (0x10, 0x01, 0x0410), (0x10, 0x02, 0x0810), (0x11, 0x01, 0x0411), (0x4B, 0x01, 0x044B), (0x3F, 0x01, 0x043F), (0x53, 0x01, 0x0453), (0x86, 0x01, 0x0486), (0x87, 0x01, 0x0487), (0x57, 0x01, 0x0457), (0x12, 0x01, 0x0412), (0x40, 0x01, 0x0440), (0x54, 0x01, 0x0454), (0x26, 0x01, 0x0426), (0x27, 0x01, 0x0427), (0x2E, 0x02, 0x082E), (0x6E, 0x01, 0x046E), (0x2F, 0x01, 0x042F), (0x3E, 0x02, 0x083E), (0x3E, 0x01, 0x043e), (0x4C, 0x01, 0x044C), (0x3A, 0x01, 0x043A), (0x81, 0x01, 0x0481), (0x7A, 0x01, 0x047A), (0x4E, 0x01, 0x044E), (0x7C, 0x01, 0x047C), (0x50, 0x01, 0x0450), (0x50, 0x02, 0x0850), (0x61, 0x01, 0x0461), (0x14, 0x01, 0x0414), (0x14, 0x02, 0x0814), (0x82, 0x01, 0x0482), (0x48, 0x01, 0x0448), (0x63, 0x01, 0x0463), (0x29, 0x01, 0x0429), (0x15, 0x01, 0x0415), (0x16, 0x01, 0x0416), (0x16, 0x02, 0x0816), (0x67, 0x02, 0x0867), (0x46, 0x01, 0x0446), (0x46, 0x02, 0x0846), (0x6B, 0x01, 0x046B), (0x6B, 0x02, 0x086B), (0x6B, 0x03, 0x0C6B), (0x18, 0x01, 0x0418), (0x17, 0x01, 0x0417), (0x19, 0x01, 0x0419), (0x85, 0x01, 0x0485), (0x3B, 0x09, 0x243B), (0x3B, 0x04, 0x103B), (0x3B, 0x05, 0x143B), (0x3B, 0x03, 0x0C3B), (0x3B, 0x01, 0x043B), (0x3B, 0x02, 0x083B), (0x3B, 0x08, 0x203B), (0x3B, 0x06, 0x183B), (0x3B, 0x07, 0x1C3B), (0x4F, 0x01, 0x044F), (0x1a, 0x07, 0x1C1A), (0x1a, 0x06, 0x181A), (0x1a, 0x03, 0x0C1A), (0x1a, 0x02, 0x081A), (0x6C, 0x01, 0x046C), (0x32, 0x02, 0x0832), (0x32, 0x01, 0x0432), (0x32, 0x01, 0x0459), (0x32, 0x02, 0x0859), (0x5B, 0x01, 0x045B), (0x1b, 0x01, 0x041B), (0x24, 0x01, 0x0424), (0x0A, 0x0b, 0x2C0A), (0x0A, 0x10, 0x400A), (0x0A, 0x0D, 0x340A), (0x0A, 0x09, 0x240A), (0x0A, 0x05, 0x140A), (0x0A, 0x07, 0x1C0A), (0x0A, 0x0C, 0x300A), (0x0A, 0x11, 0x440A), (0x0A, 0x04, 0x100A), (0x0A, 0x12, 0x480A), (0x0A, 0x02, 0x080A), (0x0A, 0x13, 0x4C0A), (0x0A, 0x06, 0x180A), (0x0A, 0x0F, 0x3C0A), (0x0A, 0x0A, 0x280A), (0x0A, 0x14, 0x500A), (0x0A, 0x03, 0x0C0A), (0x0A, 0x01, 0x040A), (0x0A, 0x15, 0x540A), (0x0A, 0x0E, 0x380A), (0x0A, 0x08, 0x200A), (0x41, 0x01, 0x0441), (0x1D, 0x02, 0x081D), (0x1D, 0x01, 0x041D), (0x5A, 0x01, 0x045A), (0x28, 0x01, 0x0428), (0x5F, 0x02, 0x085F), (0x49, 0x01, 0x0449), (0x49, 0x02, 0x0849), (0x44, 0x01, 0x0444), (0x4A, 0x01, 0x044A), (0x1E, 0x01, 0x041E), (0x51, 0x01, 0x0451), (0x73, 0x02, 0x0873), (0x73, 0x01, 0x0473), (0x1F, 0x01, 0x041F), (0x42, 0x01, 0x0442), (0x22, 0x01, 0x0422), (0x2E, 0x01, 0x042E), (0x20, 0x02, 0x0820), (0x20, 0x01, 0x0420), (0x80, 0x01, 0x0480), (0x43, 0x02, 0x0843), (0x43, 0x01, 0x0443), (0x03, 0x02, 0x0803), (0x2A, 0x01, 0x042A), (0x52, 0x01, 0x0452), (0x88, 0x01, 0x0488), (0x78, 0x01, 0x0478), (0x6A, 0x01, 0x046A), ])Ancestors
Class variables
var required_dependenciesvar optional_dependencies
Methods
def unpack(self, data)-
Expand source code Browse git
def unpack(self, data): pe = lief.load_pe_fast(data, parse_rsrc=True) if not pe.has_resources: return yield from self._search(pe, pe.resources)
Inherited members