c0de‎ > ‎

peslice.py

posted Feb 4, 2012, 3:28 PM by Ramece Cave   [ updated Feb 9, 2012, 5:17 AM ]
Description
PEslice is a Windows PE32 Portable Executable (PE)  parser/analyzer/extractor. It can either be run from command line or imported as a class into another program. The goal of PEslice is to provide a quick method for extracting information from Windows executable files on the Linux platform.

Syntax
Usage: peslice.py <exe/dll> <option>

>>> import peslice
>>> pslice = peslice.peslice("putty.exe")
>>> pe = pslice.pe

help(peslice) lists all the available classes/functions and the required parameters.

Requirements
Python
PEfile

Sample Output
PE32 Headers:
        dos = DOS HEADER
        file = FILE HEADER
        nt = NT HEADERS
        optional = OPTIONAL HEADER

Options:
        --check = Check if binary is a DLL or EXE
        --data = List allocated and unallocated data directories
        --export = List Export Address Table (EAT)
        --field=HEADER = List all fields in header
        --get=HEADER <field> = Retrieve field value from header
        --import = List Import Address Table (IAT)
        --sections = List all sections
 
mece@strongbad:~/development$ ./peslice.py putty.exe --get=optional addressofentrypoint
AddressOfEntryPoint=0x49cdf
mece@strongbad:~/development$

Download --> peslice.py