Skip to content

Instantly share code, notes, and snippets.

@herrcore
Forked from OALabs/dll_exports.py
Created April 19, 2021 06:03
Show Gist options
  • Save herrcore/d13c046908947cd4c43c2ceb106fff47 to your computer and use it in GitHub Desktop.
Save herrcore/d13c046908947cd4c43c2ceb106fff47 to your computer and use it in GitHub Desktop.
Build dictionary of DLL exports (Windows API Names)
import os
import pefile
import json
INTERESTING_DLLS = [
'kernel32.dll', 'comctl32.dll', 'advapi32.dll', 'comdlg32.dll',
'gdi32.dll', 'msvcrt.dll', 'netapi32.dll', 'ntdll.dll',
'ntoskrnl.exe', 'oleaut32.dll', 'psapi.dll', 'shell32.dll',
'shlwapi.dll', 'srsvc.dll', 'urlmon.dll', 'user32.dll',
'winhttp.dll', 'wininet.dll', 'ws2_32.dll', 'wship6.dll',
'advpack.dll',
]
exports_list = []
for filename in os.listdir("C:\\Windows\\System32"):
if filename.lower() in INTERESTING_DLLS:
pe = pefile.PE("C:\\Windows\\System32\\" + filename)
for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols:
try:
exports_list.append(exp.name.decode('utf-8'))
except:
continue
exports_json = {'exports':exports_list}
open('exports.json','wb').write(json.dumps(exports_json))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment