def extract_config(raw_data, key):
config = BASE_CONFIG
pe = pefile.PE(data=raw_data)
rt_string_idx = [
entry.id for entry in pe.DIRECTORY_ENTRY_RESOURCE.entries
].index(pefile.RESOURCE_TYPE['RT_RCDATA'])
rt_string_directory = pe.DIRECTORY_ENTRY_RESOURCE.entries[rt_string_idx]
for entry in rt_string_directory.directory.entries:
if str(entry.name) == 'DCDATA':
data_rva = entry.directory.entries[0].data.struct.OffsetToData
size = entry.directory.entries[0].data.struct.Size
data = pe.get_memory_mapped_image()[data_rva:data_rva+size]
config = v51_data(data, key)
elif str(entry.name) in config.keys():
data_rva = entry.directory.entries[0].data.struct.OffsetToData
size = entry.directory.entries[0].data.struct.Size
data = pe.get_memory_mapped_image()[data_rva:data_rva+size]
dec = rc4crypt(unhexlify(data), key)
config[str(entry.name)] = filter(lambda x: x in string.printable, dec)
return config
评论列表
文章目录
