The best way to find vulnerabilities or do malware analysis is Reverse Engineering the executable file of an application. Here we do analyze a window executable file using python. Every executable file has a header data that describes structural details of that executable. These executable files contain a Portable Executable file (PE). The one we run on windows is called windows PE file, which contains EXE , DLL(Dynamic Link Library), SYS ( Device Driver ) extensions.
You can google to know more about the PE file and its structure. Let's analyze a windows exe file using python. For this we use pefile library, pip it if you don't have pefile installed.
Inspecting headers
Now let's inspect a test executable file using pefileLet's use pretty print to make output easily readable.
- import pefile
- p = pefile.PE('test.exe')
- dir(p)
We can also print inner contents associated with the head tags. Let's see PE_TYPE tag which lists the data types that are present.
pprint.pprint(dir(p.PE_TYPE))
Use hex() method to return the hex value.
Sometimes an executable is protected using pe packers for static engineering, you can use signature databases to find the packer that is used in packing the executable file.
Also Read Penta pentest automation tool
Saturday, August 17, 2019
databases
penetration testing
python
This comment has been removed by a blog administrator.
ReplyDelete