diff --git a/src/peid/VERSION.txt b/src/peid/VERSION.txt index b2d5e87..fd3d3ec 100644 --- a/src/peid/VERSION.txt +++ b/src/peid/VERSION.txt @@ -1 +1 @@ -2.1.0 +2.1.1 diff --git a/src/peid/__init__.py b/src/peid/__init__.py index b26e917..6ba1d54 100644 --- a/src/peid/__init__.py +++ b/src/peid/__init__.py @@ -61,6 +61,8 @@ def identify_packer(*paths, db=None, ep_only=True, sec_start_only=False, match_a :return: return the matching packers """ db, results = SignaturesTree(db, logger=logger), [] + if logger: + logger.debug(f"ep_only={ep_only}, sec_start_only={sec_start_only}, match_all={match_all}") for path in paths: results.append((path, db.match(path, ep_only, sec_start_only, match_all))) return results diff --git a/src/peid/__main__.py b/src/peid/__main__.py index b6556c9..cce8c9f 100644 --- a/src/peid/__main__.py +++ b/src/peid/__main__.py @@ -20,9 +20,8 @@ def _parser(name, description, examples): def _setup(parser): args = parser.parse_args() if hasattr(args, "verbose"): - logging.basicConfig() + logging.basicConfig(level=[logging.INFO, logging.DEBUG][args.verbose]) args.logger = logging.getLogger("peid") - args.logger.setLevel([logging.INFO, logging.DEBUG][args.verbose]) return args @@ -55,12 +54,12 @@ def main(): opt.add_argument("-m", "--match-once", action="store_true", help="match only one signature") grp.add_argument("-s", "--section-start-only", dest="sec_start_only", action="store_true", help="consider only signatures from section starts (default: False)") - opt.add_argument("-v", "--version", action="store_true", help="include the version in the result") + opt.add_argument("--version", action="store_true", help="include the version in the result") extra = parser.add_argument_group("extra arguments") extra.add_argument("-b", "--benchmark", action="store_true", help="enable benchmarking, output in seconds (default: False)") extra.add_argument("-h", "--help", action="help", help="show this help message and exit") - extra.add_argument("--verbose", action="store_true", help="display debug information (default: False)") + extra.add_argument("-v", "--verbose", action="store_true", help="display debug information (default: False)") args = _setup(parser) # execute the tool if args.benchmark: diff --git a/src/peid/pe.py b/src/peid/pe.py index e1c52a3..0f519e0 100644 --- a/src/peid/pe.py +++ b/src/peid/pe.py @@ -1,4 +1,5 @@ # -*- coding: UTF-8 -*- +import builtins from functools import lru_cache, wraps from os.path import getsize @@ -6,6 +7,11 @@ __all__ = ["PE"] +class MalformedPE(ValueError): + __module__ = "builtins" +builtins.MalformedPE = MalformedPE + + class PE: def __init__(self, path, logger=None): self.path, self.size, self.logger = path, getsize(path), logger @@ -61,9 +67,17 @@ def entrypoint_offset(self): # EP is at byte 40 of the PE header (when image file) self.__fd.seek(self.pe_offset + 40) ep = int.from_bytes(self.__fd.read(4), "little") + if self.logger: + self.logger.debug(f"Entry point: 0x{ep:08x}") for vsize, vaddr, rsize, raddr in self.itersections(): - if vaddr <= ep < vaddr + rsize: - return raddr + ep - vaddr + if vaddr <= ep < vaddr + vsize: + o = raddr + ep - vaddr + if self.logger: + self.logger.debug(f"Entry point offset: {o}") + return o + self.__fd.seek(0) + c = self.__fd.read() + raise MalformedPE(f"Entry point (0x{ep:08x}) offset is outside sections (file size: 0x{len(c):08x})") @property def sections_offsets(self):