[Wisp-cvs] wisp/users/dig pedump.py,1.3,1.4
Status: Alpha
Brought to you by:
digg
Menu
▾
▴
[Wisp-cvs] wisp/users/dig pedump.py,1.3,1.4
|
From: <di...@us...> - 2003-04-15 21:04:06
|
Update of /cvsroot/wisp/wisp/users/dig
In directory sc8-pr-cvs1:/tmp/cvs-serv27358
Modified Files:
pedump.py
Log Message:
advanced pedump.py yet more
Index: pedump.py
===================================================================
RCS file: /cvsroot/wisp/wisp/users/dig/pedump.py,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- pedump.py 15 Apr 2003 00:50:38 -0000 1.3
+++ pedump.py 15 Apr 2003 21:04:02 -0000 1.4
@@ -120,7 +120,8 @@
shtable_ofs = f.tell() + dict_entries * 8
print ' ======== ========'
print '00. Export table: %08x %08x' % take('tt')
- print '01. Import table: %08x %08x' % take('tt')
+ imports_rva, imports_size = take('tt')
+ print '01. Import table: %08x %08x' % (imports_rva, imports_size)
print '02. Resource table: %08x %08x' % take('tt')
print '03. Exception table: %08x %08x' % take('tt')
print '04. Certificate table: %08x %08x' % take('tt')
@@ -140,19 +141,73 @@
f.seek(shtable_ofs)
print 'name memsz RVA filesz offset !rel !ln #rel #ln flags'
print '======== ====== ====== ====== ====== ==== ==== ==== ==== ========'
+ section_table = []
for i in range(section_count):
name = f.read(8)
while '\0' in name: name = name[:-1]
print '%-8s' % name,
- print '%6x' % take('t'), # memory size
- print '%6x' % take('t'), # RVA
- print '%6x' % take('t'), # file size
- print '%6x' % take('t'), # offset
+ memsize = take('t'); print '%6x' % memsize,
+ rva = take('t'); print '%6x' % rva,
+ filesize = take('t'); print '%6x' % filesize,
+ offset = take('t'); print '%6x' % offset,
+ section_table.append((name, offset, filesize, rva, memsize))
print '%4x' % take('t'), # reloc offset
print '%4x' % take('t'), # line number data offset
print '%4x' % take('w'), # reloc count
print '%4x' % take('w'), # line number count
print '%8x' % take('t'), # flags
+ print
+ print 'Loading',
+ by_rva = ''
+ for name, offset, filesize, rva, memsize in section_table:
+ print name,
+ f.seek(offset)
+ section = f.read(filesize)
+ if len(section) <> filesize: raise 'Broken file'
+ # grow/shrink the section to memsize
+ section = section[:memsize]
+ section += '\0' * (memsize - len(section))
+ if rva > len(by_rva): by_rva += '\0' * (rva - len(by_rva))
+ by_rva = by_rva[:rva] + section + by_rva[rva + memsize:]
+ print
+ print 'len(by_rva) = 0x%08x' % len(by_rva)
+ def string_by_rva (loc):
+ stop = by_rva.index('\0', loc)
+ return by_rva[loc:stop]
+ print '=== Import table: 0x%08x bytes at 0x%08x ===' % (imports_size, imports_rva)
+ i = imports_rva
+ hint_name, timestamp, fwdr_chain, dll_name, first_thunk = \
+ struct.unpack('<LLLLL', by_rva[i:i + 20])
+ i += 20
+ while hint_name <> 0 or timestamp <> 0 or fwdr_chain <> 0 or \
+ dll_name <> 0 or first_thunk <> 0:
+ print 'Hint/name table: 0x%08x' % hint_name
+ print 'Timestamp: %i (%s)' % \
+ (timestamp, time.strftime('%Y-%m-%d %H:%M:%S GMT',
+ time.gmtime(timestamp)))
+ print 'Forwarder chain: 0x%08x' % fwdr_chain
+ print 'DLL name: 0x%08x %r' % (dll_name, string_by_rva(dll_name))
+ print 'First thunk: 0x%08x' % first_thunk
+ print 'Hint name array:'
+ h = hint_name
+ herva, = struct.unpack('<L', by_rva[h:h + 4]); h += 4
+ while herva <> 0:
+ exord, = struct.unpack('<H', by_rva[herva:herva + 2])
+ print ' [%08x] %04x %r' % (herva, exord,
+ string_by_rva(herva + 2))
+ herva, = struct.unpack('<L', by_rva[h:h + 4]); h += 4
+ print 'Thunk array:'
+ t = first_thunk
+ terva, = struct.unpack('<L', by_rva[t:t + 4]); t += 4
+ while terva <> 0:
+ exord, = struct.unpack('<H', by_rva[terva:terva + 2])
+ print ' [%08x] %04x %r' % (terva, exord,
+ string_by_rva(terva + 2))
+ terva, = struct.unpack('<L', by_rva[t:t + 4]); t += 4
+
+ hint_name, timestamp, fwdr_chain, dll_name, first_thunk = \
+ struct.unpack('<LLLLL', by_rva[i:i + 20])
+ i += 20
print
else:
print 'Usage: pedump.py file ...'
|
