Last active
July 11, 2020 12:03
-
-
Save mkorman90/28839ad3c99d5b5bcd86fffe328d7bab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import pefile | |
filename = '/home/martin/some_binary.dll' | |
base = os.path.basename(filename) | |
pe = pefile.PE(filename) | |
#Remove is_dll flag | |
pe.FILE_HEADER.Characteristics = pe.FILE_HEADER.Characteristics - 0x2000 | |
# Check if Executable has exports | |
if hasattr(pe, "DIRECTORY_ENTRY_EXPORT"): | |
for exported_symbol in pe.DIRECTORY_ENTRY_EXPORT.symbols: | |
name = 'unknown' if not exported_symbol.name else exported_symbol.name.decode('utf-8') | |
address = exported_symbol.address | |
ordinal = exported_symbol.ordinal | |
# Set the entry point as the Export function start address | |
pe.OPTIONAL_HEADER.AddressOfEntryPoint = address | |
# Dump to disk | |
with open('{}_{}_{}_ord_{}.exe_'.format(base,name,hex(address),ordinal),'wb') as f: | |
f.write(pe.write()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment