mkorman90/create_exe_for_each_dll_ordinal.py

## create_exe_for_each_dll_ordinal.py
import os
import pefile

filename = '/home/martin/some_binary.dll'
base = os.path.basename(filename)
pe = pefile.PE(filename)

#Remove is_dll flag
pe.FILE_HEADER.Characteristics = pe.FILE_HEADER.Characteristics - 0x2000

# Check if Executable has exports
if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"):
    for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols:
        name = 'unknown' if not exported_symbol.name else exported_symbol.name.decode('utf-8')
        address = exported_symbol.address
        ordinal = exported_symbol.ordinal

        # Set the entry point as the Export function start address
        pe.OPTIONAL_HEADER.AddressOfEntryPoint = address

        # Dump to disk
        with open('{}_{}_{}_ord_{}.exe_'.format(base,name,hex(address),ordinal),'wb') as f:
            f.write(pe.write())
	import os
	import pefile

	filename = '/home/martin/some_binary.dll'
	base = os.path.basename(filename)
	pe = pefile.PE(filename)

	#Remove is_dll flag
	pe.FILE_HEADER.Characteristics = pe.FILE_HEADER.Characteristics - 0x2000

	# Check if Executable has exports
	if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"):
	for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols:
	name = 'unknown' if not exported_symbol.name else exported_symbol.name.decode('utf-8')
	address = exported_symbol.address
	ordinal = exported_symbol.ordinal

	# Set the entry point as the Export function start address
	pe.OPTIONAL_HEADER.AddressOfEntryPoint = address

	# Dump to disk
	with open('{}_{}_{}_ord_{}.exe_'.format(base,name,hex(address),ordinal),'wb') as f:
	f.write(pe.write())