File: pefile-match

package info (click to toggle)
python-pefile 1.2.9.1-1
  • links: PTS
  • area: main
  • in suites: lenny, squeeze, wheezy
  • size: 260 kB
  • ctags: 226
  • sloc: python: 2,337; makefile: 35
file content (42 lines) | stat: -rw-r--r-- 1,195 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
#!/usr/bin/env python

import os
import pefile
import peutils
import sys

def dirwalk(path):
    for f in os.listdir(path):
        fullpath = os.path.join(path, f)
        if os.path.isdir(fullpath) and not os.path.islink(fullpath):
            for x in dirwalk(fullpath):
                yield x
        else:
            yield fullpath

def main(sigfile, path):
    sigs = peutils.SignatureDatabase(sigfile)

    def print_match(f):
            try:
                res = sigs.match_all(pefile.PE(f, fast_load=True), ep_only=True)
                if not res:
                    res = 'no match'
                print '%s: %s' % (f, res)
            except pefile.PEFormatError, e:
                print '%s: %s' % (f, str(e).strip("'"))
            except KeyboardInterrupt:
                sys.exit(1)
    
    if os.path.isfile(path):
        print_match(path)
    elif os.path.isdir(path):
        for f in dirwalk(path):
            if os.path.isfile(f):
                print_match(f)

if __name__ == '__main__':
    if len(sys.argv) != 3:
        print >>sys.stderr, 'usage: %s <signature file> <file or directory>' % sys.argv[0]
        sys.exit(1)
    main(sys.argv[1], sys.argv[2])