libTriton  version 0.4 build 1356
Pe

Table of Contents

[python api] All information about the Pe python object.

Description


This object is used to represent the PE binary format.

Example

>>> b = Pe('C:/Windows/System32/notepad.exe')
>>> for lib in b.getSharedLibraries():
... print lib
...
ADVAPI32.dll
KERNEL32.dll
GDI32.dll
USER32.dll
msvcrt.dll
api-ms-win-core-com-l1-1-1.dll
OLEAUT32.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-errorhandling-l1-1-1.dll
api-ms-win-core-processthreads-l1-1-2.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-profile-l1-1-0.dll
api-ms-win-core-sysinfo-l1-2-1.dll
api-ms-win-core-heap-l1-2-0.dll
api-ms-win-core-winrt-string-l1-1-0.dll
api-ms-win-core-winrt-error-l1-1-1.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-winrt-l1-1-0.dll
api-ms-win-core-debug-l1-1-1.dll
COMCTL32.dll
COMDLG32.dll
FeClient.dll
ntdll.dll
PROPSYS.dll
SHELL32.dll
SHLWAPI.dll
WINSPOOL.DRV
urlmon.dll
>>> hex(b.getHeader().getEntry())
'0x1a410L'
>>> for section in b.getSectionHeaders():
... print section.getName(), '\t', hex(section.getVirtualAddress())
...
.text 0x1000L
.data 0x1c000L
.idata 0x1f000L
.rsrc 0x22000L
.reloc 0x3c000L

Constructor

>>> binary = Pe('C:/Windows/System32/notepad.exe')

Python API - Methods of the Pe class