pe

simple PE parser

Features

IMAGE_DIRECTORY_ENTRY_IMPORT
IMAGE_DIRECTORY_ENTRY_EXPORT
mapped data extracted to memory
support both 32bit and 64bit binary

sample code

from pe import PE

# list export functions
pe = PE('kernel32.dll')
print "ImageBaseAddr: 0x{0:08x}".format(pe.imagebase)
for api, addr in pe.exports.items():
    print "{0} @ 0x{1:08x}".format(api, addr)

# list import functions
pe = PE('test.exe')
print "ImageBaseAddr: 0x{0:08x}".format(pe.imagebase)
for dllname in pe.imports:
    for api, addr in pe.imports[dllname].items():
        print "{0} ({1}) @ 0x{2:08x} (IAT)".format(api, dllname, addr)

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.gitignore		.gitignore
README.md		README.md
__init__.py		__init__.py
defines.py		defines.py
pe.py		pe.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

pe

Features

sample code

About

Releases

Packages

Languages

icchy/pe

Folders and files

Latest commit

History

Repository files navigation

pe

Features

sample code

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages