Closed rothoma2 closed 4 weeks ago
I tried the app on some PEFiles and I can see it produces data for the current features.
However it seems to be missing, the import table. Can you look if the current parser is able to obtain the imports?
I did some exploration with ChatGPT and it provide me with a Script that is able to extract imports from PEFiles.
#!/usr/bin/env python3 import pefile import sys def list_imports(pe_file): pe = pefile.PE(pe_file) for entry in pe.DIRECTORY_ENTRY_IMPORT: print(f"Library: {entry.dll.decode('utf-8')}") for imp in entry.imports: print(f"\t{imp.name.decode('utf-8') if imp.name else 'Ordinal: ' + str(imp.ordinal)}") if __name__ == "__main__": if len(sys.argv) != 2: print(f"Usage: {sys.argv[0]} <PE file>") sys.exit(1) pe_file = sys.argv[1] list_imports(pe_file)
This is an example of what the script is able to generate.
Processing file: ./2b2dba893754d1e80e4fd6520017a706679796376cddcb37a09552e170e4ce21.exe Library: kernel32.dll lstrcpy Processing file: ./2fe668d613b90d65a43c7d1c476fa44a55e41873b5f954d20e937326afe52939.exe Library: KERNEL32.dll SetEnvironmentVariableA Sleep GetTickCount GetFileSize GetModuleFileNameA GetCurrentProcess CopyFileA GetFileAttributesA SetFileAttributesA GetWindowsDirectoryA GetTempPathA GetCommandLineA
Can we explore if we can do the same in Rust, with our current parser?
I tried the app on some PEFiles and I can see it produces data for the current features.
However it seems to be missing, the import table. Can you look if the current parser is able to obtain the imports?
I did some exploration with ChatGPT and it provide me with a Script that is able to extract imports from PEFiles.
This is an example of what the script is able to generate.
Can we explore if we can do the same in Rust, with our current parser?