Created
April 29, 2020 09:41
-
-
Save nikkej/2f20ea0f7eaeb38451955f62e93cdbc8 to your computer and use it in GitHub Desktop.
MSVC prodid extractor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Extracts prodid enumeration from a given binary file | |
| # Example usage: | |
| # extract-prodids.py -f msobj140-msvcrt.lib | |
| # | |
| import re, argparse, struct | |
| # Note: care must be taken of a format of RE string as following works only | |
| # with msobj140-msvcrt.lib for certain | |
| re_prodid = rb'prodid[_0-9a-zA-Z]{2,}' | |
| def extract_prodids( data ): | |
| start_of_enumeration = True | |
| for m in re.finditer( re_prodid, data ): | |
| #print( '%02d-%02d: %s' % ( m.start(), m.end(), m.group( 0 ) ) ) | |
| if m.start() > 2: | |
| id = struct.unpack_from( 'H', data, m.start() - 2 ) | |
| if id[0] == 0 and start_of_enumeration == True: | |
| print( 'PRODID_MAP = {' ) | |
| print( ' %d: "%s",' % ( id[0], m.group( 0 )[6:].decode( 'utf-8' ) ) ) | |
| start_of_enumeration = False | |
| elif start_of_enumeration == False: | |
| print( ' %d: "%s",' % ( id[0], m.group( 0 )[6:].decode( 'utf-8' ) ) ) | |
| print( '}' ) | |
| def main(): | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument( '-f', type=str, help='Input file', required=True ) | |
| args = parser.parse_args() | |
| f1 = open( args.f, 'rb' ) | |
| data = f1.read() | |
| extract_prodids( data ) | |
| f1.close() | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment