def get_long_line(data):
try:
raw_config = None
pe = pefile.PE(data=data)
for entry in pe.DIRECTORY_ENTRY_RESOURCE.entries:
if str(entry.name) == "RT_RCDATA":
new_dirs = entry.directory
for entry in new_dirs.entries:
if str(entry.name) == '0':
data_rva = entry.directory.entries[0].data.struct.OffsetToData
size = entry.directory.entries[0].data.struct.Size
data = pe.get_memory_mapped_image()[data_rva:data_rva+size]
raw_config = data
except:
raw_config = None
if raw_config != None:
return raw_config, 'V1'
try:
m = re.search('\x69\x00\x6F\x00\x6E\x00\x00\x59(.*)\x6F\x43\x00\x61\x00\x6E', data)
raw_config = m.group(0)[4:-12]
return raw_config, 'V2'
except:
return None, None
评论列表
文章目录
