learn-more/dump_imports.py

## dump_imports.py
import sys
import pefile
import glob
import os


def main(base_dir):
    print('Printing the first occurence of an import from', base_dir)
    known_imports = []
    for filename in glob.iglob(os.path.join(base_dir, '**', '*.exe'), recursive=True):
        pe = pefile.PE(filename, fast_load=True)
        pe.parse_data_directories(directories= [pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
        for import_entry in pe.DIRECTORY_ENTRY_IMPORT:
            module = import_entry.dll.decode('ascii').lower()
            if not module in known_imports:
                print(os.path.basename(filename), '->', module)
                known_imports.append(module)

if __name__ == '__main__':
    for arg in sys.argv[1:]:
        main(arg)
	import sys
	import pefile
	import glob
	import os


	def main(base_dir):
	print('Printing the first occurence of an import from', base_dir)
	known_imports = []
	for filename in glob.iglob(os.path.join(base_dir, '*', '.exe'), recursive=True):
	pe = pefile.PE(filename, fast_load=True)
	pe.parse_data_directories(directories= [pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_IMPORT']])
	for import_entry in pe.DIRECTORY_ENTRY_IMPORT:
	module = import_entry.dll.decode('ascii').lower()
	if not module in known_imports:
	print(os.path.basename(filename), '->', module)
	known_imports.append(module)

	if __name__ == '__main__':
	for arg in sys.argv[1:]:
	main(arg)