def _get_overlay(self):
"""Get information on the PE overlay
@return: overlay dict or None.
"""
if not self.pe:
return None
try:
off = self.pe.get_overlay_data_start_offset()
except:
log.error("Your version of pefile is out of date. Please update to the latest version on https://github.com/erocarrera/pefile")
return None
if off is None:
return None
overlay = {}
overlay["offset"] = "0x{0:08x}".format(off)
overlay["size"] = "0x{0:08x}".format(len(self.pe.__data__) - off)
return overlay
评论列表
文章目录
