external/pefile.git
6 months ago-Added a check to verify the expected amount of data is read when parsing the import... master
ero.carrera@gmail.com [Mon, 10 Mar 2014 08:56:37 +0000 (08:56 +0000)]
-Added a check to verify the expected amount of data is read when parsing the import table (thanks to Angelo Dell'Aera for reporting it).

git-svn-id: http://pefile.googlecode.com/svn/trunk@141 8842bc4e-7134-0410-8230-5dc5194fb5c1

9 months ago-Updated date range in the copyright message.
ero.carrera@gmail.com [Wed, 11 Dec 2013 18:34:29 +0000 (18:34 +0000)]
-Updated date range in the copyright message.

git-svn-id: http://pefile.googlecode.com/svn/trunk@139 8842bc4e-7134-0410-8230-5dc5194fb5c1

9 months ago-Minor addition to ordLookup to make optional the creation of default names.
ero.carrera@gmail.com [Wed, 11 Dec 2013 18:29:24 +0000 (18:29 +0000)]
-Minor addition to ordLookup to make optional the creation of default names.

git-svn-id: http://pefile.googlecode.com/svn/trunk@138 8842bc4e-7134-0410-8230-5dc5194fb5c1

9 months ago-Improved the handling of PEs with vast number of invalid import symbols.
ero.carrera@gmail.com [Tue, 10 Dec 2013 07:06:07 +0000 (07:06 +0000)]
-Improved the handling of PEs with vast number of invalid import symbols.
-Improved the handling of invalid symbols in the export directory.
-Added an upper bound in the maximum number of entries to consider when parsing the delay import directory.
-Cleaned up some warning messages.

git-svn-id: http://pefile.googlecode.com/svn/trunk@137 8842bc4e-7134-0410-8230-5dc5194fb5c1

9 months ago-Better handling of the Rich Header.
ero.carrera@gmail.com [Fri, 6 Dec 2013 19:17:57 +0000 (19:17 +0000)]
-Better handling of the Rich Header.
-Fixed a problem when writing the contents of the VS_VERSIONINFO StringTable.
-StringTable key, value string pairs are no longer added to the StringTable struct, they polluted the namespace and potentially overwriting real entries.
-Added the option (False by default) of having ordLookup produce names for ordinals with unknown name.
-Simplified the computation of PE CheckSum.

git-svn-id: http://pefile.googlecode.com/svn/trunk@136 8842bc4e-7134-0410-8230-5dc5194fb5c1

9 months ago-Added Mandiant's ordlookup to resolve the names for some symbols that are exported...
ero.carrera@gmail.com [Wed, 4 Dec 2013 17:58:58 +0000 (17:58 +0000)]
-Added Mandiant's ordlookup to resolve the names for some symbols that are exported only by ordinal numbers.

git-svn-id: http://pefile.googlecode.com/svn/trunk@135 8842bc4e-7134-0410-8230-5dc5194fb5c1

9 months ago-Added Mandiant's ordlookup to resolve the names for some symbols that are exported...
ero.carrera@gmail.com [Wed, 4 Dec 2013 17:56:58 +0000 (17:56 +0000)]
-Added Mandiant's ordlookup to resolve the names for some symbols that are exported only by ordinal numbers.
-Added a feature requested in Issue 45 to produce a Python dictionary with all the information dumped by dump_info().
-Fixed a problem introduced when renaming the DLL Characteristics FLAGS that lead to them not being shown.
-The parsing of sections will now give up with more than a few errors are encountered, avoiding parsing too many invalid sections in some cases.
-Added better constraints to the maximum number of imports that will be parsed.

git-svn-id: http://pefile.googlecode.com/svn/trunk@134 8842bc4e-7134-0410-8230-5dc5194fb5c1

12 months ago-Fixed an issue that crashed pefile on Windows.
ero.carrera@gmail.com [Thu, 29 Aug 2013 20:59:01 +0000 (20:59 +0000)]
-Fixed an issue that crashed pefile on Windows.

git-svn-id: http://pefile.googlecode.com/svn/trunk@132 8842bc4e-7134-0410-8230-5dc5194fb5c1

12 months ago-Merged patch contributed by Ange Albertini.
ero.carrera@gmail.com [Wed, 28 Aug 2013 09:48:55 +0000 (09:48 +0000)]
-Merged patch contributed by Ange Albertini.

git-svn-id: http://pefile.googlecode.com/svn/trunk@131 8842bc4e-7134-0410-8230-5dc5194fb5c1

12 months ago-Added more subsystem types (contributed by Ange Albertini).
ero.carrera@gmail.com [Wed, 28 Aug 2013 08:54:47 +0000 (08:54 +0000)]
-Added more subsystem types (contributed by Ange Albertini).

git-svn-id: http://pefile.googlecode.com/svn/trunk@130 8842bc4e-7134-0410-8230-5dc5194fb5c1

12 months ago-Merged patch by Ange Albertini warning of Windows 8's problems loading PE files...
ero.carrera@gmail.com [Tue, 27 Aug 2013 08:16:13 +0000 (08:16 +0000)]
-Merged patch by Ange Albertini warning of Windows 8's problems loading PE files with the entrypoint pointing within the headers.

git-svn-id: http://pefile.googlecode.com/svn/trunk@129 8842bc4e-7134-0410-8230-5dc5194fb5c1

14 months ago-Minor tweaks to fix the regression tests.
ero.carrera@gmail.com [Wed, 17 Jul 2013 09:35:27 +0000 (09:35 +0000)]
-Minor tweaks to fix the regression tests.

git-svn-id: http://pefile.googlecode.com/svn/trunk@128 8842bc4e-7134-0410-8230-5dc5194fb5c1

14 months ago-Kept a working version of generate_checksum for Python versions < 2.6 (bytearray...
ero.carrera@gmail.com [Wed, 17 Jul 2013 09:25:34 +0000 (09:25 +0000)]
-Kept a working version of generate_checksum for Python versions < 2.6 (bytearray only was included in Python 2.6)

git-svn-id: http://pefile.googlecode.com/svn/trunk@127 8842bc4e-7134-0410-8230-5dc5194fb5c1

14 months ago-Merged path from ThreatGrid's Wesley Brown. Thanks! Summary: changed memory mapping...
ero.carrera@gmail.com [Wed, 17 Jul 2013 09:14:30 +0000 (09:14 +0000)]
-Merged path from ThreatGrid's Wesley Brown. Thanks! Summary: changed memory mapping usage, revamped to use bytearrays rather than list, complete rewrite of the checksum generation algorithm to be much more memory efficient, and less susceptible to PE bomb attacks
-Corrected some doctrings.

git-svn-id: http://pefile.googlecode.com/svn/trunk@126 8842bc4e-7134-0410-8230-5dc5194fb5c1

21 months ago-Improved parsing files with thousands of sections. Sections that appear to be invali...
ero.carrera@gmail.com [Sun, 16 Dec 2012 12:34:04 +0000 (12:34 +0000)]
-Improved parsing files with thousands of sections. Sections that appear to be invalid will now be ignored and some of the checks have been optimized for the cases where a file still has many possibly valid sections.

git-svn-id: http://pefile.googlecode.com/svn/trunk@125 8842bc4e-7134-0410-8230-5dc5194fb5c1

22 months ago-Added some safety checks.
ero.carrera@gmail.com [Tue, 6 Nov 2012 10:23:08 +0000 (10:23 +0000)]
-Added some safety checks.
-Small optimization of the checksum algorithm. Thanks to Emmanuel Bourg.

git-svn-id: http://pefile.googlecode.com/svn/trunk@123 8842bc4e-7134-0410-8230-5dc5194fb5c1

2 years ago-Fixed a problem parsing section headers. Added an extra check for section headers...
ero.carrera@gmail.com [Sun, 2 Sep 2012 22:46:33 +0000 (22:46 +0000)]
-Fixed a problem parsing section headers. Added an extra check for section headers containing only null bytes.
-Improved the detection of corrupt resource names.
-Fixed misspelled words.

git-svn-id: http://pefile.googlecode.com/svn/trunk@121 8842bc4e-7134-0410-8230-5dc5194fb5c1

2 years ago-Fixed the naming issue introduced in the last commit.
ero.carrera@gmail.com [Thu, 9 Aug 2012 00:36:49 +0000 (00:36 +0000)]
-Fixed the naming issue introduced in the last commit.

git-svn-id: http://pefile.googlecode.com/svn/trunk@120 8842bc4e-7134-0410-8230-5dc5194fb5c1

2 years ago-Improved the checks being done when parsing the exports and the bound imports direct...
ero.carrera@gmail.com [Wed, 8 Aug 2012 22:38:22 +0000 (22:38 +0000)]
-Improved the checks being done when parsing the exports and the bound imports directories. The potential data ranges to consider have been constrained further and only strings with certain characteristics will be allowed as module names in the bound forwarders.

git-svn-id: http://pefile.googlecode.com/svn/trunk@118 8842bc4e-7134-0410-8230-5dc5194fb5c1

2 years ago-Attempting to fix Issue 35 where a big memory allocation is attempted (which can... git-svn
ero.carrera@gmail.com [Sun, 22 Jan 2012 14:12:22 +0000 (14:12 +0000)]
-Attempting to fix Issue 35 where a big memory allocation is attempted (which can be avoided). When working with large files it could lead to MemoryError exceptions.

git-svn-id: http://pefile.googlecode.com/svn/trunk@117 8842bc4e-7134-0410-8230-5dc5194fb5c1

2 years ago-Added a check to make verify that a section's calculated ending address does not...
ero.carrera@gmail.com [Mon, 16 Jan 2012 23:53:54 +0000 (23:53 +0000)]
-Added a check to make verify that a section's calculated ending address does not overlap a subsequent section. If so cut it down to fit.

git-svn-id: http://pefile.googlecode.com/svn/trunk@116 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Added sanity checks for invalid relocation information. VirtualAddress and SizeOfBlo...
ero.carrera@gmail.com [Thu, 1 Sep 2011 22:21:00 +0000 (22:21 +0000)]
-Added sanity checks for invalid relocation information. VirtualAddress and SizeOfBlock are checked against a wide boundary that should never surpass (SizeOfImage)

git-svn-id: http://pefile.googlecode.com/svn/trunk@114 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Merged the patch from Issue 32 (and fixed some problems with it) regarding mmap...
ero.carrera@gmail.com [Wed, 24 Aug 2011 22:38:40 +0000 (22:38 +0000)]
-Merged the patch from Issue 32 (and fixed some problems with it) regarding mmap files left open on Python 2.5.x

git-svn-id: http://pefile.googlecode.com/svn/trunk@113 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Extended the fix for Issue 10 and Issue 29 to also handle the VarFileInfo structure
ero.carrera@gmail.com [Mon, 1 Aug 2011 07:15:31 +0000 (07:15 +0000)]
-Extended the fix for Issue 10 and Issue 29 to also handle the VarFileInfo structure

git-svn-id: http://pefile.googlecode.com/svn/trunk@111 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed Issue 10 and Issue 29 (related) by also parsing strings for stringfileinfo_str...
ero.carrera@gmail.com [Mon, 1 Aug 2011 06:44:31 +0000 (06:44 +0000)]
-Fixed Issue 10 and Issue 29 (related) by also parsing strings for stringfileinfo_struct.Type=0 in addition of Type=1
-Fixed Issue 26 as suggested by catching early parsing errors with a try in the PE constructor
-Fixed Issue 30 parsing 64-bit PE32+ imports
-As pointed out by Pedram Amini removed a warning about WRITE and EXECUTE flags set for a section if the section name is 'PAGE' and the PE is a driver. In drivers such combination is legitimate

git-svn-id: http://pefile.googlecode.com/svn/trunk@110 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed error in the reporting of the warning message in the alignment adjustment...
ero.carrera@gmail.com [Thu, 19 May 2011 15:35:54 +0000 (15:35 +0000)]
-Fixed error in the reporting of the warning message in the alignment adjustment functions. I've moved them into the PE class in order to make accessing the pe attributes more convenient

git-svn-id: http://pefile.googlecode.com/svn/trunk@109 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed Issue 27
ero.carrera@gmail.com [Thu, 5 May 2011 17:25:43 +0000 (17:25 +0000)]
-Fixed Issue 27
-Enhanced the processing of files with uncommon combinations of FileAligment and PointerToRawData values

git-svn-id: http://pefile.googlecode.com/svn/trunk@107 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed some exceptions occurring when attempting to work with variables not expected...
ero.carrera@gmail.com [Fri, 22 Apr 2011 11:13:19 +0000 (11:13 +0000)]
-Fixed some exceptions occurring when attempting to work with variables not expected to be None. Added the necessary checks

git-svn-id: http://pefile.googlecode.com/svn/trunk@106 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-As suggested in Issue 26 a close() method was added that closes the mmap of the...
ero.carrera@gmail.com [Wed, 20 Apr 2011 17:27:42 +0000 (17:27 +0000)]
-As suggested in Issue 26 a close() method was added that closes the mmap of the file (implementation is slightly different as suggested by the case opener)
-Added a check for zero-length files. A PEFormatError is now raised on those (Issue 25)

git-svn-id: http://pefile.googlecode.com/svn/trunk@105 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed a couple of small bugs in the parsing of resources where an object was not...
ero.carrera@gmail.com [Thu, 14 Apr 2011 15:00:31 +0000 (15:00 +0000)]
-Fixed a couple of small bugs in the parsing of resources where an object was not defined in a code-path and added an extra check for the existence of a valid object within the language entries
-The parsing of the resources' version strings had a small flaw where one character outside the range was not caught, fixed the comparison
-Copy-paste betrayal, parsing the version number had nearly the right check... but not quite, now it does

git-svn-id: http://pefile.googlecode.com/svn/trunk@104 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Added a (high) hard-coded limit to the number of directory entries to process. Some...
ero.carrera@gmail.com [Sun, 10 Apr 2011 14:11:49 +0000 (14:11 +0000)]
-Added a (high) hard-coded limit to the number of directory entries to process. Some specially crafted directories could lead to long processing times

git-svn-id: http://pefile.googlecode.com/svn/trunk@102 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Updated copyright notice
ero.carrera@gmail.com [Sun, 10 Apr 2011 14:03:58 +0000 (14:03 +0000)]
-Updated copyright notice

git-svn-id: http://pefile.googlecode.com/svn/trunk@101 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Added additional check in the resources string parser to avoid processing invalid...
ero.carrera@gmail.com [Thu, 3 Mar 2011 15:39:09 +0000 (15:39 +0000)]
-Added additional check in the resources string parser to avoid processing invalid entries

git-svn-id: http://pefile.googlecode.com/svn/trunk@100 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Added additional check in the resources string parser to avoid processing strings...
ero.carrera@gmail.com [Fri, 18 Feb 2011 05:25:20 +0000 (05:25 +0000)]
-Added additional check in the resources string parser to avoid processing strings of length zero

git-svn-id: http://pefile.googlecode.com/svn/trunk@99 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Added Ange Albertini's patch to provide more helpful error messages when pefile...
ero.carrera@gmail.com [Fri, 11 Feb 2011 11:11:25 +0000 (11:11 +0000)]
-Added Ange Albertini's patch to provide more helpful error messages when pefile meets NE/LE/LX files and ZM (as opposed to MZ) files. The PEFormatError() exception raised will inform about the type of file.

git-svn-id: http://pefile.googlecode.com/svn/trunk@98 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed Issue 12, there was a bug calculating the offset to the VS_VERSIONINFO structu...
ero.carrera@gmail.com [Wed, 9 Feb 2011 11:40:09 +0000 (11:40 +0000)]
-Fixed Issue 12, there was a bug calculating the offset to the VS_VERSIONINFO structure that would manifest in some files
-Updated copyright string and contact info

git-svn-id: http://pefile.googlecode.com/svn/trunk@96 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Improved handling of some more cases of unorthodox, although valid, FileAlignment...
ero.carrera@gmail.com [Tue, 8 Feb 2011 18:13:31 +0000 (18:13 +0000)]
-Improved handling of some more cases of unorthodox, although valid, FileAlignment and SectionAlignment values and combinations of those
-Added a method to peutils to scan for PEiD signatures in user-provided raw data as opposed to only allowing pefile.PE() instances, it comes handy when feeding data from other tools like IDA

git-svn-id: http://pefile.googlecode.com/svn/trunk@95 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Improved handling of cases of unorthodox, although valid, FileAlignment and SectionA...
ero.carrera@gmail.com [Fri, 28 Jan 2011 12:45:55 +0000 (12:45 +0000)]
-Improved handling of cases of unorthodox, although valid, FileAlignment and SectionAlignment values and combinations of those. It turns out that they have to be in certain relation for some value ranges

git-svn-id: http://pefile.googlecode.com/svn/trunk@94 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Added Ange Albertini's concept code to parse the strings contained in the resources...
ero.carrera@gmail.com [Tue, 25 Jan 2011 18:37:25 +0000 (18:37 +0000)]
-Added Ange Albertini's concept code to parse the strings contained in the resources directory. They will now be displayed when calling the dump_info() method. If an entry in the resources directory contains strings they will be accessible through entry.directory.strings. Also it's possible to retrieve at once all strings found by calling the PE instance's method get_resources_strings() which will return a list with all strings found or an empty string if none are found or the file has no resources directory
-Added Ange Albertini's patch to fix some crashes parsing the resources

git-svn-id: http://pefile.googlecode.com/svn/trunk@93 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Fixed a bug parsing small invalid PE files where the proper exception (PEFormatError...
ero.carrera@gmail.com [Mon, 13 Dec 2010 15:55:22 +0000 (15:55 +0000)]
-Fixed a bug parsing small invalid PE files where the proper exception (PEFormatError) would not be raised and instead pefile would crash
-Fixed Issue 22. Some PE files reconstructed from memory dumps contained invalid export entries that led to a crash. Invalid entries are not properly ignored.
-Added a new method "get_overlay_data_start_offset()". It will return the offset where data starts that it is not described by the PE headers. Commonly referred to as overlay data. If there's no overlay data the method will simply return EOF offset.
-Added a new method "get_overlay()" which will return the data appended to the file and not contained within the area described in the headers
-Added a new method "trim()" which will return the just data defined by the PE headers, removing any overlay data

git-svn-id: http://pefile.googlecode.com/svn/trunk@91 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Small fix to be able to retrieve strings outside section boundaries i.e., when a...
ero.carrera@gmail.com [Mon, 8 Nov 2010 17:25:26 +0000 (17:25 +0000)]
-Small fix to be able to retrieve strings outside section boundaries i.e., when a packer keeps strings overlapping headers or in overlays

git-svn-id: http://pefile.googlecode.com/svn/trunk@89 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago-Implemented fixes for sections at unaligned raw offsets. As pointed out by Ange...
ero.carrera@gmail.com [Mon, 8 Nov 2010 16:58:48 +0000 (16:58 +0000)]
-Implemented fixes for sections at unaligned raw offsets. As pointed out by Ange Albertini if those offsets are smaller than the FileAlignment they are rounded to 0 by the Windows loader. pefile now emulates such behavior
-Miscellaneous other fixes and tweaks

git-svn-id: http://pefile.googlecode.com/svn/trunk@88 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago- Minor changes
ero.carrera@gmail.com [Sat, 6 Nov 2010 22:02:28 +0000 (22:02 +0000)]
- Minor changes

git-svn-id: http://pefile.googlecode.com/svn/trunk@87 8842bc4e-7134-0410-8230-5dc5194fb5c1

3 years ago- mmap is now used to not load into memory the whole file unless working with it...
ero.carrera@gmail.com [Sat, 6 Nov 2010 21:48:34 +0000 (21:48 +0000)]
- mmap is now used to not load into memory the whole file unless working with it requires it. This should enable pefile to parse much larger images in systems with limited memory
- Thanks to the patch provided by the user mzibricky, pefile should now run in Python 2.2
- Improved handling of flags. Now section flags can be set by directly assigning to the convenience attributes, i.e. (pe.sections[0].IMAGE_SCN_MEM_EXECUTE = True) and the changes will be propagated to the section Characteristics field
- Minor improvements in string handling
- Minor improvements to the peutils module

git-svn-id: http://pefile.googlecode.com/svn/trunk@85 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Small tweak to correctly generate memory mapped images ( through get_memory_mapped...
ero.carrera@gmail.com [Tue, 17 Aug 2010 04:45:47 +0000 (04:45 +0000)]
 - Small tweak to correctly generate memory mapped images ( through get_memory_mapped_image() ) of files with no sections or with data in the gap after the header and before the first section

git-svn-id: http://pefile.googlecode.com/svn/trunk@83 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Improved the fetching of overlay raw data from the file. In some cases data might...
ero.carrera@gmail.com [Tue, 17 Aug 2010 02:05:05 +0000 (02:05 +0000)]
 - Improved the fetching of overlay raw data from the file. In some cases data might lay beyond the areas described by the sections, or sections might be missing altogether, and still be a valid PE file. If the data lies within the file's whole length it will now be fetched regardless of whether it is within a section's boundaries

git-svn-id: http://pefile.googlecode.com/svn/trunk@82 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Added small patch contributed by nriva to store the thunk's offset and RVA as...
ero.carrera@gmail.com [Tue, 17 Aug 2010 01:19:07 +0000 (01:19 +0000)]
 - Added small patch contributed by nriva to store the thunk's offset and RVA as thunk_offset and thunk_rva in each of the import thunks

git-svn-id: http://pefile.googlecode.com/svn/trunk@81 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Long due! but finally merged Ange Albertini's patch to parse the Rich header
ero.carrera@gmail.com [Tue, 17 Aug 2010 00:38:28 +0000 (00:38 +0000)]
 - Long due! but finally merged Ange Albertini's patch to parse the Rich header

git-svn-id: http://pefile.googlecode.com/svn/trunk@80 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Minor additional improvements to the parsing of language IDs. Added handling of...
ero.carrera@gmail.com [Mon, 16 Aug 2010 23:12:50 +0000 (23:12 +0000)]
 - Minor additional improvements to the parsing of language IDs. Added handling of incorrect IDs, now reported as "*unknown*"
 - (bugfix) Fixed problems reported in issue 14 (http://code.google.com/p/pefile/issues/detail?id=14). The file should now be successfully parsed

git-svn-id: http://pefile.googlecode.com/svn/trunk@78 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Improved parsing of language IDs in the resource strings. Language pairs (LANG...
ero.carrera@gmail.com [Mon, 16 Aug 2010 22:54:05 +0000 (22:54 +0000)]
 - Improved parsing of language IDs in the resource strings. Language pairs (LANG, SUBLANG) are now reported when dumping a PE's information
 - Added heuristics to aid deciding which DLL filenames and imported symbols are valid. Discarding those that do not conform to valid character sets. Also help dealing with issue 17 (http://code.google.com/p/pefile/issues/detail?id=17). The parsing of imports is aborted when certain malformed entries are detected, no longer leading to the subsequent high memory consumption

git-svn-id: http://pefile.googlecode.com/svn/trunk@77 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago-Added an upper bound on the number of export entries that will be handled. If there...
ero.carrera@gmail.com [Thu, 3 Jun 2010 00:02:50 +0000 (00:02 +0000)]
-Added an upper bound on the number of export entries that will be handled. If there are more entries than what would fit in what's left until the end of the file we don't attempt to process any more

git-svn-id: http://pefile.googlecode.com/svn/trunk@76 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago-Added a warning message when entries typical of packed files are found in the import...
ero.carrera@gmail.com [Wed, 2 Jun 2010 18:14:10 +0000 (18:14 +0000)]
-Added a warning message when entries typical of packed files are found in the import table
-Offsets are now shown when printing out information about a PE's headers/contents. Both absolute within the file and relative to the structure's start
-Fixed a bug parsing import table entries

git-svn-id: http://pefile.googlecode.com/svn/trunk@75 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - bugfix: if found, trailing wildcards are removed from signatures at load time...
ero.carrera@gmail.com [Mon, 26 Apr 2010 16:04:36 +0000 (16:04 +0000)]
 - bugfix: if found, trailing wildcards are removed from signatures at load time. They don't make much sense and, if present, led to the signature not matching byte sequences that should. Any sequence of '??' after the last non-'??' byte in the signature is ignored.

git-svn-id: http://pefile.googlecode.com/svn/trunk@74 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Added support for writing back to the PE file any modifications made to the entrie...
ero.carrera@gmail.com [Sun, 4 Apr 2010 01:53:52 +0000 (01:53 +0000)]
 - Added support for writing back to the PE file any modifications made to the entries in the imports table. Beware that adding name strings longer than the existing one will probably lead to trouble

git-svn-id: http://pefile.googlecode.com/svn/trunk@73 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Added support for writing back to the PE file any modifications made to the entrie...
ero.carrera@gmail.com [Sat, 3 Apr 2010 23:07:44 +0000 (23:07 +0000)]
 - Added support for writing back to the PE file any modifications made to the entries in the exports table. Beware that adding name strings longer than the existing one will probably lead to trouble

git-svn-id: http://pefile.googlecode.com/svn/trunk@72 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Added support for writing back to the PE file any modifications made to the entrie...
ero.carrera@gmail.com [Sat, 3 Apr 2010 22:10:38 +0000 (22:10 +0000)]
 - Added support for writing back to the PE file any modifications made to the entries in the relocations table. If the RVA of an entry is modified outside the ranges where it can be applied it's automatically readjusted to fit

git-svn-id: http://pefile.googlecode.com/svn/trunk@71 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years agogit-svn-id: http://pefile.googlecode.com/svn/trunk@70 8842bc4e-7134-0410-8230-5dc5194...
ero.carrera@gmail.com [Sat, 3 Apr 2010 20:53:31 +0000 (20:53 +0000)]
git-svn-id: pefile.googlecode.com/svn/trunk@70 8842bc4e-7134-0410-8230-5dc5194fb5c1

4 years ago - Aesthetic fixes for some warning messages
ero.carrera@gmail.com [Sat, 3 Apr 2010 20:52:41 +0000 (20:52 +0000)]
 - Aesthetic fixes for some warning messages
 - Additional checks for invalid export directory entries' address
 - Additional checks for invalid import tables and imported symbols
 - Improved the check to tell whether a PE file might be a driver

git-svn-id: http://pefile.googlecode.com/svn/trunk@69 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Added convenience methods to identify DLLs, standard EXEs and Windows drivers
ero.carrera@gmail.com [Tue, 16 Jun 2009 13:59:32 +0000 (13:59 +0000)]
-Added convenience methods to identify DLLs, standard EXEs and Windows drivers

git-svn-id: http://pefile.googlecode.com/svn/trunk@68 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years agoMore spelling errors fixed by Ange Albertini
ero.carrera@gmail.com [Wed, 15 Apr 2009 11:33:52 +0000 (11:33 +0000)]
More spelling errors fixed by Ange Albertini

git-svn-id: http://pefile.googlecode.com/svn/trunk@67 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years agoLots of spelling errors fixed by Ange Albertini
ero.carrera@gmail.com [Wed, 15 Apr 2009 08:53:17 +0000 (08:53 +0000)]
Lots of spelling errors fixed by Ange Albertini

git-svn-id: http://pefile.googlecode.com/svn/trunk@66 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years agoFixed bug reported by clita at bitdefender.com when calculating the checksum of...
ero.carrera@gmail.com [Fri, 27 Mar 2009 11:57:03 +0000 (11:57 +0000)]
Fixed bug reported by clita at  bitdefender.com when calculating the checksum of files that were not dword-aligned. It was necessary to zero-pad them for the checksum to be correctly calculated

git-svn-id: http://pefile.googlecode.com/svn/trunk@65 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Fixed an "index out of range" problem when parsing some unusual import tables
ero.carrera@gmail.com [Mon, 2 Mar 2009 01:33:04 +0000 (01:33 +0000)]
-Fixed an "index out of range" problem when parsing some unusual import tables
-Fixed struct module's types to work properly on 64bit architectures. As it was reported by James on the pefile googlegroup, the 'L' type tried to decode 8 bytes into a 64bit long instead of the expected 4 bytes for a dword. 'I' behaves as expected decoding 4 bytes when pefile runs in both 32bit and 64bit architectures

git-svn-id: http://pefile.googlecode.com/svn/trunk@63 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years agoFixed infinite loop parsing version information triggered by a sample
ero.carrera@gmail.com [Tue, 3 Feb 2009 10:19:18 +0000 (10:19 +0000)]
Fixed infinite loop parsing version information triggered by a sample

git-svn-id: http://pefile.googlecode.com/svn/trunk@62 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Some improvements made to unicode string processing. When random data was added...
ero.carrera@gmail.com [Fri, 23 Jan 2009 00:12:12 +0000 (00:12 +0000)]
-Some improvements made to unicode string processing. When random data was added where unicode strings should be in a standard PE file, the data wasn't being re-assembled correctly

git-svn-id: http://pefile.googlecode.com/svn/trunk@60 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Added processing of the LOAD_CONFIG data directory
ero.carrera@gmail.com [Thu, 22 Jan 2009 16:57:37 +0000 (16:57 +0000)]
-Added processing of the LOAD_CONFIG data directory
-Improved error handling of parsing errors when handling the TLS data directory, a warning is now added to the warnings list if it can't be parsed
-Improved setup script to avoid bundling OSX's resource forks

git-svn-id: http://pefile.googlecode.com/svn/trunk@59 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years agoUpdated copyright string and set version to 1.2.10-REVISION#
ero.carrera@gmail.com [Wed, 7 Jan 2009 16:05:57 +0000 (16:05 +0000)]
Updated copyright string and set version to 1.2.10-REVISION#

git-svn-id: http://pefile.googlecode.com/svn/trunk@56 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Fixed bug in contains_offset(). The end of the section's data on disk was being...
ero.carrera@gmail.com [Fri, 2 Jan 2009 13:49:18 +0000 (13:49 +0000)]
-Fixed bug in contains_offset(). The end of the section's data on disk was being calculated as VirtualAddress + SizeOfRawData instead of the correct: PointerToRawData + SizeOfRawData

git-svn-id: http://pefile.googlecode.com/svn/trunk@55 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Started using the subversion revision keyword
ero.carrera@gmail.com [Fri, 2 Jan 2009 00:49:30 +0000 (00:49 +0000)]
-Started using the subversion revision keyword

git-svn-id: http://pefile.googlecode.com/svn/trunk@54 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Started using the subversion revision keyword
ero.carrera@gmail.com [Fri, 2 Jan 2009 00:46:53 +0000 (00:46 +0000)]
-Started using the subversion revision keyword

git-svn-id: http://pefile.googlecode.com/svn/trunk@53 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Upped version to 1.2.9.3
ero.carrera@gmail.com [Fri, 2 Jan 2009 00:38:17 +0000 (00:38 +0000)]
-Upped version to 1.2.9.3
-Improved the redering when dumping the file's contents in textual form. The performance of the operation has greatly improved
-get_data() calls now use a fixed size argument when possible. Improves the speed of those calls in large files. Fix suggested by Paul, barnabas79 (http://groups.google.com/group/pefile/browse_thread/thread/4b289227042d3f14?hl=en)

git-svn-id: http://pefile.googlecode.com/svn/trunk@52 8842bc4e-7134-0410-8230-5dc5194fb5c1

5 years ago-Whitespace clean-up
ero.carrera@gmail.com [Mon, 29 Sep 2008 23:35:44 +0000 (23:35 +0000)]
-Whitespace clean-up
-Version number set to 1.2.9.2
-get_memory_mapped_image() can now properly return rebased images. The rebased image data is temporary and will be discarded (won't be saved in the instance). To achieve this one should call relocate_image() which will make the changes permanent
-Improved parsing of import table for PEI-format DLLs (http://www.google.com/codesearch?q=show:Wtes7TbvpLo:co7CX9I5Z0E:YjjyzLSVues)
-Added methods to handle the updating of the section's data upon modification of values in the image's data. (Section's and image's data are kept separately)
-generate_checksum() now makes sure it processes the image with all modifications made to it
-The write() method now only returns the file data if no filename is provided, which is a more intuitive behavior
-'parse_data_directories()' now supports an optional argument to specify with directories to parse. For instance:

# 'fast_load' makes pefile to not load any directory
#
pe = pefile.PE(filepath, fast_load=True)

# the following line will tell pefile to only process the
# resource directory, where the version information is located
#
pe.parse_data_directories( directories=[¬†DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']¬†] )

git-svn-id: http://pefile.googlecode.com/svn/trunk@50 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Fixed parsing problem on files specifying a FileAligment of zero
ero.carrera [Fri, 7 Mar 2008 15:19:17 +0000 (15:19 +0000)]
-Fixed parsing problem on files specifying a FileAligment of zero
-Fixed problem parsing the Bound Imports directory when it contained invalid data. In some instances pefile would get caught up trying to make sense of arbitrary data. Now when empty strings are found as module names in the Bound Import structures, the parsing is aborted

git-svn-id: http://pefile.googlecode.com/svn/trunk@48 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Version bumped up to: 1.2.9
ero.carrera [Thu, 28 Feb 2008 21:54:20 +0000 (21:54 +0000)]
-Version bumped up to: 1.2.9
-Now it's possible to modify the version information by directly assigning new values to the keys, for instance
pe.FileInfo[0].StringTable[0].entries['OriginalFilename'] = 'NewName.exe'
The other common keys are: LegalCopyright, InternalName, FileVersion, CompanyName, ProductName, ProductVersion, FileDescription, OriginalFilename

git-svn-id: http://pefile.googlecode.com/svn/trunk@46 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Added support for setuptools
ero.carrera [Sun, 17 Feb 2008 02:09:21 +0000 (02:09 +0000)]
-Added support for setuptools

git-svn-id: http://pefile.googlecode.com/svn/trunk@45 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Added __str__() and __repr__() methods to pefile's structures. Now it's possible...
ero.carrera [Sun, 17 Feb 2008 02:08:49 +0000 (02:08 +0000)]
-Added __str__() and __repr__() methods to pefile's structures. Now it's possible to navigate through the contents much more comfortably from an interactive Python command line. Just typing the name of a structure or doing a print on it will return all the fields and their contents.
-Bugs fixed when parsing the resource information
-Improved parsing of imported symbols. Import by ordinal and name is much more clear now. The ImportData instances have a new attribute, 'import_by_ordinal', indicating whether a symbol is imported by name, in that case the 'ordinal' attributes will contain the ordinal. Otherwise the attribute 'name' will contain the name of the imported symbol.
-Added CheckSum verification and generation methods. verify_checksum() will return True/False indicating whether the value in the file's OptionalHeader CheckSum field contains the real CheckSum of the file. generate_checksum() will calculate the checksum over the file's data. If one modifies fields and writes the changes to disk it's possible to update the checksum by reloading the modified field and setting the CheckSum field to generate_checksum()'s result.
-Other minor fixes

git-svn-id: http://pefile.googlecode.com/svn/trunk@44 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Bumped version to 1.2.9a
ero.carrera [Tue, 11 Dec 2007 15:34:55 +0000 (15:34 +0000)]
-Bumped version to 1.2.9a
-Added missing information when parsing import directory entries. Now the RVA of the Hint/Name entries is reported as an attribute named "hint_name_table_rva"; as well the hint, if present, will be exposed as the atribute "hint"
-Fixed a minor bug retrieving the relative virtual address of the Hint/Name entries. Only the lower 16 bits where being fetched as opposed to the 31 that had to be read. It seldom was the case that the entries where farther then 64KiB, but it could have happened. Thanks to Halvar for spotting this one.

git-svn-id: http://pefile.googlecode.com/svn/trunk@42 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years agoAdded computation of MD5, SHA-1, SHA-256 and SHA-512 on a per-section basis. The...
ero.carrera [Sun, 25 Nov 2007 22:39:50 +0000 (22:39 +0000)]
Added computation of MD5, SHA-1, SHA-256 and SHA-512 on a per-section basis. The results are always reported when invoking the dump_info() method in the PE instance.
SHA-256 and SHA-512 are calculated only in Python 2.5 onwards which includes them in the hashlib module.
The SectionStructure instances now sport the following methods: get_hash_sha1(), get_hash_sha256(), get_hash_sha512(), get_hash_md5()

git-svn-id: http://pefile.googlecode.com/svn/trunk@39 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Changed defaults in ep_only keyword argument so it will do entry point only checks...
ero.carrera [Thu, 22 Nov 2007 15:37:52 +0000 (15:37 +0000)]
-Changed defaults in ep_only keyword argument so it will do entry point only checks by default. Those are the fastest and more reliable ones, so it makes sense for them to be the default.

git-svn-id: http://pefile.googlecode.com/svn/trunk@35 8842bc4e-7134-0410-8230-5dc5194fb5c1

6 years ago-Bumped version number to 1.2.8
ero.carrera [Thu, 22 Nov 2007 15:37:32 +0000 (15:37 +0000)]
-Bumped version number to 1.2.8
-Faster entropy calculation by Gergely Erdelyi
-Added some intelligence handling unicode strings in the resources information. Strings in the resources seem to always be Pascal style, added support for those
-Changed some loops iterating using range() to use xrange() instead. It will make the code more robust/faster whenever invalid large numbers of elements are specified in different arrays
-As per c1de0x suggestion, added set_data() method to SectionStructure
-Added get_entropy() method to SectionStructure. Now it's only calculated on demand or when doing a dump_info()
-c1de0x pointed out a redundant length check in __unpack_data__ and __unpack__. Now the exception raised by the latter is caught by the former and a warning added if a structure can't be parsed because of missing data
-Fixed bug parsing export directory. Warning messages are added if it's found to be invalid
-Fixed bug parsing the IAT. Some broken samples could crash pefile. The invalid IAT is now reported in the warnings
-New method: relocate_image(new_ImageBase) will apply the relocation information, if any, to the image
-get_memory_mapped_image() now supports and additional keyword argument, "ImageBase". By specifying an address it will return a data relocated (if the PE contains relocation information) as if it had been relocated to the new ImageBase
-Added full family of bytes/word/dword/qword manipulation methods (used by the relocation functionality):
-get_data_from_dword(dword), get_dword_from_data(data, offset), get_dword_at_rva(rva), get_dword_from_offset(offset), set_dword_at_rva(rva, dword), set_dword_at_offset(offset, dword)
-get_data_from_word(word), get_word_from_data(data, offset), get_word_at_rva(rva), get_word_from_offset(offset), set_word_at_rva(rva, word), set_word_at_offset(offset, word)
-get_data_from_qword(qword), get_qword_from_data(data, offset), get_qword_at_rva(rva), get_qword_from_offset(offset), set_qword_at_rva(rva, qword), set_qword_at_offset(offset, qword)
-set_bytes_at_rva(rva, data), set_bytes_at_offset(offset, data)

git-svn-id: http://pefile.googlecode.com/svn/trunk@34 8842bc4e-7134-0410-8230-5dc5194fb5c1

7 years ago-Version bumped to 1.2.7
ero.carrera [Tue, 21 Aug 2007 23:14:35 +0000 (23:14 +0000)]
-Version bumped to 1.2.7
-Added additional IMAGE_SUBSYSTEM_* flags
-Added processing of the Optional Header's DllCharacteristics
-Time/date fileds are now reported as UTC times
-Added warning message for suspicious entry point addresses
-Several minor parsing bugs fixed
-The URLs in the setup.py file now point to the Google Core project website

git-svn-id: http://pefile.googlecode.com/svn/trunk@27 8842bc4e-7134-0410-8230-5dc5194fb5c1

7 years agoAdded changes prior to moving to Google Code
ero.carrera [Thu, 9 Aug 2007 00:10:06 +0000 (00:10 +0000)]
Added changes prior to moving to Google Code

git-svn-id: http://pefile.googlecode.com/svn/trunk@3 8842bc4e-7134-0410-8230-5dc5194fb5c1

7 years agoInitial import
ero.carrera [Thu, 9 Aug 2007 00:01:34 +0000 (00:01 +0000)]
Initial import

git-svn-id: http://pefile.googlecode.com/svn/trunk@2 8842bc4e-7134-0410-8230-5dc5194fb5c1

7 years agoInitial directory structure.
(no author) [Wed, 4 Jul 2007 14:59:23 +0000 (14:59 +0000)]
Initial directory structure.

git-svn-id: http://pefile.googlecode.com/svn/trunk@1 8842bc4e-7134-0410-8230-5dc5194fb5c1