Description
PEslice is a Windows PE32 Portable Executable (PE) parser/analyzer/extractor. It can either be run from command line or imported as a class into another program. The goal of PEslice is to provide a quick method for extracting information from Windows executable files on the Linux platform.
Syntax
Usage: peslice.py <exe/dll> <option>
>>> import peslice
>>> pslice = peslice.peslice("putty.exe")
>>> pe = pslice.pe
help(peslice) lists all the available classes/functions and the required parameters.
Requirements
Python
PEfile
Sample Output
PE32 Headers: dos = DOS HEADER file = FILE HEADER nt = NT HEADERS optional = OPTIONAL HEADER Options: --check = Check if binary is a DLL or EXE --data = List allocated and unallocated data directories --export = List Export Address Table (EAT) --field=HEADER = List all fields in header --get=HEADER <field> = Retrieve field value from header --import = List Import Address Table (IAT) --sections = List all sections mece@strongbad:~/development$ ./peslice.py putty.exe --get=optional addressofentrypoint
AddressOfEntryPoint=0x49cdf
mece@strongbad:~/development$
Download --> peslice.py |
c0de >