Kristal-g/mutate_signed_pe.py

## mutate_signed_pe.py
import sys
import secrets

# pefile==2019.4.18
import pefile

if len(sys.argv) < 3:
    print("Usage: mutate_signed_pe.py <pe_path> <mod_factor>")
    exit(0)


# File to modify
fname = sys.argv[1]

# Should be aligned
bytes_to_add = secrets.token_bytes(8 * int(sys.argv[2]))

pe = pefile.PE(fname)
sig_offset = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].VirtualAddress
sig_len = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].Size

new_sig_size = sig_len + len(bytes_to_add)

# Change Security Directory size
pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].Size = new_sig_size

# Change Sig size
pe.set_dword_at_offset(sig_offset, new_sig_size)

# Add the data
pe.__data__ += bytes_to_add

# generate checksum
# save checksum and file
pe.OPTIONAL_HEADER.CheckSum = pe.generate_checksum()

pe.write(fname)
pe.close()
	import sys
	import secrets

	# pefile==2019.4.18
	import pefile

	if len(sys.argv) < 3:
	print("Usage: mutate_signed_pe.py <pe_path> <mod_factor>")
	exit(0)


	# File to modify
	fname = sys.argv[1]

	# Should be aligned
	bytes_to_add = secrets.token_bytes(8 * int(sys.argv[2]))

	pe = pefile.PE(fname)
	sig_offset = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].VirtualAddress
	sig_len = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].Size

	new_sig_size = sig_len + len(bytes_to_add)

	# Change Security Directory size
	pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_SECURITY"]].Size = new_sig_size

	# Change Sig size
	pe.set_dword_at_offset(sig_offset, new_sig_size)

	# Add the data
	pe.__data__ += bytes_to_add

	# generate checksum
	# save checksum and file
	pe.OPTIONAL_HEADER.CheckSum = pe.generate_checksum()

	pe.write(fname)
	pe.close()