def hash_imports(hashfun, path, data=None):
if data:
pe = pefile.PE(data=data)
else:
pe = pefile.PE(path)
dll_name = os.path.split(path)[-1].split('.')[0]
try:
x = pe.IMAGE_DIRECTORY_ENTRY_EXPORT
except:
if pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']].VirtualAddress != 0:
pe.parse_data_directories(
directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']])
ret = {}
# write name of library as well
h = hashfun(dll_name)
ret[h] = dll_name
h = hashfun(dll_name.lower())
ret[h] = dll_name.lower()
h = hashfun(dll_name.upper())
ret[h] = dll_name.upper()
if dll_name[-3:].lower() != 'dll':
h = hashfun(dll_name.lower() + '.dll')
h = hashfun(dll_name.upper() + '.DLL')
for entry in pe.DIRECTORY_ENTRY_EXPORT.symbols:
if entry.name != None:
for n in [entry.name.lower(), entry.name.upper(), entry.name]:
h = hashfun(n)
ret[h] = n
return {dll_name: ret}
评论列表
文章目录
