-
-
Save cr0Kz/60bfe4efb3a34b2f15bca6563e85136b to your computer and use it in GitHub Desktop.
Strip your personal compile info from Exe Files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import pefile, struct, sys | |
if len(sys.argv) != 2: | |
print(f"Strip your personal compile info from Exe Files by aaaddress1@chroot.org") | |
print(f"Usage: {sys.argv[0]} [path/to/exe]") | |
sys.exit(-1) | |
# Rewrite from pefile: https://github.com/erocarrera/pefile/blob/593d094e35198dad92aaf040bef17eb800c8a373/pefile.py#L3402 | |
def mask_myRichHdr(in_pefile): | |
DANS = 0x536E6144 # 'DanS' as dword | |
RICH = 0x68636952 # 'Rich' as dword | |
rich_index = in_pefile.__data__.find( b"Rich", 0x80, in_pefile.OPTIONAL_HEADER.get_file_offset() ) | |
try: | |
# The end of the structure is 8 bytes after the start of the Rich | |
# string. | |
rich_data = in_pefile.__data__[0x80 : rich_index + 8] | |
# Make the data have length a multiple of 4, otherwise the | |
# subsequent parsing will fail. It's not impossible that we retrieve | |
# truncated data that is not a multiple. | |
rich_data = rich_data[: 4 * (len(rich_data) // 4)] | |
data = list( | |
struct.unpack("<{0}I".format(len(rich_data) // 4), rich_data) | |
) | |
if RICH in data: | |
print(f"[+] Detect RichHdr Payload: {str(rich_data)[:20]}...") | |
in_pefile.set_bytes_at_offset(0x80, b'\x00' * (rich_index + 8 - 0x80)) | |
print(f"[v] Success Strip RichHdr from Exe") | |
except: | |
print("[v] Input Exe don't have RichHdr... Nice!") | |
def mask_debugInfo(in_pefile: pefile.PE): | |
if debugDir := in_pefile.OPTIONAL_HEADER.DATA_DIRECTORY[6]: | |
offset = in_pefile.get_offset_from_rva(debugDir.VirtualAddress) | |
in_pefile.__data__[offset : offset+debugDir.Size] = b'\x00' * debugDir.Size | |
print(f"[v] Success Strip DebugInfo from Exe") | |
else: | |
print("[v] No DebugInfo in the Exe file") | |
binary = pefile.PE(sys.argv[1]) | |
mask_myRichHdr(binary) | |
mask_debugInfo(binary) | |
outPath = sys.argv[1].replace("/", "\\").split("\\")[-1].split(".")[0] + "_new.exe" | |
open(outPath, 'wb').write(binary.__data__) | |
print(f"[v] done! check out {outPath}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment