我们从Python开源项目中,提取了以下6个代码示例,用于说明如何使用pefile.get_sublang_name_for_lang()。
def check_rsrc(self, pe): ret = {} if hasattr(pe, 'DIRECTORY_ENTRY_RESOURCE'): i = 0 for resource_type in pe.DIRECTORY_ENTRY_RESOURCE.entries: if resource_type.name is not None: name = "%s" % resource_type.name else: name = "%s" % pefile.RESOURCE_TYPE.get(resource_type.struct.Id) if name == None: name = "%d" % resource_type.struct.Id if hasattr(resource_type, 'directory'): for resource_id in resource_type.directory.entries: if hasattr(resource_id, 'directory'): for resource_lang in resource_id.directory.entries: data = pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size) filetype = get_filetype(data) lang = pefile.LANG.get(resource_lang.data.lang, '*unknown*') sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang ) ret[i] = (name, resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size, filetype, lang, sublang) i += 1 return ret
def resource(level, r): """Recursive printing of resources""" if hasattr(r, "data"): # resource offset = r.data.struct.OffsetToData size = r.data.struct.Size data = pe.get_memory_mapped_image()[offset:offset+size] m = hashlib.md5() m.update(data) print(" "*level + "-%s\t%i\t%i\t%s\t%s\t%s" % ( str(r.name), r.id, size, m.hexdigest(), pefile.LANG.get(r.data.lang, 'UNKNOWN'), pefile.get_sublang_name_for_lang(r.data.lang, r.data.sublang) ) ) else: # directory if r.name is None: print(" "*level + "-" + str(r.id)) else: print(" "*level + "-" + str(r.name)) for r2 in r.directory.entries: resource(level+1, r2)
def _get_resources(self): """Get resources. @return: resources dict or None. """ resources = [] if hasattr(self.pe, "DIRECTORY_ENTRY_RESOURCE"): for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries: try: resource = {} if resource_type.name is not None: name = str(resource_type.name) else: name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id)) if hasattr(resource_type, "directory"): for resource_id in resource_type.directory.entries: if hasattr(resource_id, "directory"): for resource_lang in resource_id.directory.entries: data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size) filetype = self._get_filetype(data) language = pefile.LANG.get(resource_lang.data.lang, None) sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang) resource["name"] = name resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData) resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size) resource["filetype"] = filetype resource["language"] = language resource["sublanguage"] = sublanguage resources.append(resource) except: continue return resources
def _get_resources(self): """Get resources. @return: resources dict or None. """ if not self.pe: return None resources = [] if hasattr(self.pe, "DIRECTORY_ENTRY_RESOURCE"): for resource_type in self.pe.DIRECTORY_ENTRY_RESOURCE.entries: try: resource = {} if resource_type.name is not None: name = str(resource_type.name) else: name = str(pefile.RESOURCE_TYPE.get(resource_type.struct.Id)) if hasattr(resource_type, "directory"): for resource_id in resource_type.directory.entries: if hasattr(resource_id, "directory"): for resource_lang in resource_id.directory.entries: data = self.pe.get_data(resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size) filetype = _get_filetype(data) language = pefile.LANG.get(resource_lang.data.lang, None) sublanguage = pefile.get_sublang_name_for_lang(resource_lang.data.lang, resource_lang.data.sublang) resource["name"] = name resource["offset"] = "0x{0:08x}".format(resource_lang.data.struct.OffsetToData) resource["size"] = "0x{0:08x}".format(resource_lang.data.struct.Size) resource["filetype"] = filetype resource["language"] = language resource["sublanguage"] = sublanguage resource["entropy"] = "{0:.02f}".format(float(_get_entropy(data))) resources.append(resource) except: continue return resources
def process(self): pelib = self._getLibrary(PEFileModule().getName()) if(pelib is None): return "" ret = [] if hasattr(pelib, 'DIRECTORY_ENTRY_RESOURCE'): i = 0 for resource_type in pelib.DIRECTORY_ENTRY_RESOURCE.entries: if resource_type.name is not None: name = "%s" % resource_type.name else: name = "%s" % pefile.RESOURCE_TYPE.get( resource_type.struct.Id) if name is None: name = "%d" % resource_type.struct.Id if hasattr(resource_type, 'directory'): for resource_id in resource_type.directory.entries: if hasattr(resource_id, 'directory'): for resource_lang in resource_id.directory.entries: try: data = pelib.get_data( resource_lang.data.struct.OffsetToData, resource_lang.data.struct.Size) # fd=open(name,'wb') # fd.write(data) # (data) except pefile.PEFormatError: return "corrupt" filetype = MIME_TYPE(data, False) lang = pefile.LANG.get( resource_lang.data.lang, 'unknown') sublang = pefile.get_sublang_name_for_lang( resource_lang.data.lang, resource_lang.data.sublang) entry = {} entry["name"] = self._normalize(name) entry["rva"] = self._normalize( hex(resource_lang.data.struct.OffsetToData)) entry["size"] = self._normalize( hex(resource_lang.data.struct.Size)) entry["type"] = self._normalize(filetype) entry["lang"] = self._normalize(lang) entry["sublang"] = self._normalize(sublang) entry["sha1"] = SHA1(data) ret.append(entry) return ret
