code_caves.py 文件源码-python代码片段

code_caves.py 文件源码

python

阅读 19 收藏 0 点赞 0 评论 0

项目：find_pe_caves 作者: marcoramilli 项目源码文件源码

def get_sections(binary_file):
    """
    Gets file sections => thanks to PE.
    Returns an multiDimensional array: [binary_file, sections_exe, sections_data]
    """
    sections_exe = []
    sections_data = []
    pe = pefile.PE(data=binary_file)
    sections = pe.sections
    for section in sections:
        # 0x20000000 IMAGE_SCN_MEM_EXECUTE
        # 0x40000000 IMAGE_SCN_MEM_READ
        # 0x00000020 IMAGE_SCN_CNT_CODE
        if all(section.Characteristics & n for n in [0x20000000, 0x40000000, 0x00000020]):
            sections_exe.append(section)
        else:
            sections_data.append(section)
    return [binary_file, sections_exe, sections_data]