pan-unit42 / dotnetfile Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Rather than a path string, the DotNetPE
class should allow pathlib path objects in addition to the path string.
PR coming right up.
This first screenshot is parsing a dotnet resource from a malicious file using YARA to find the offset and size and then dump that location.
The last cell shows the start of the ICO icon and then the PNG image data.
And here is a screenshot of dotnetfile
parsing the same file.
There appears to still be some dotnet-looking header data between the start of the "data" and the ICO icon.
Is this header structure able to be parsed? The sample in question in both screenshots is:
40cd96e25835eeba956645398ed73a0f0e14563375530fa5f2db3bcf44dd88d7
Here's code for 'dotnetfile.py' to return the assembly name along with the version. Use as is or modify as need but please just add something like this. Thanks.
# Table 35
@metatable
class AssemblyRef:
....
def get_assemblyref_names_with_versions(self, deduplicate: bool = False) -> Dict:
"""
Get a list of referenced assembly names and their versions
"""
result = {}
for table_row in self.dotnetpe.metadata_tables_lookup['AssemblyRef'].table_rows:
string_address = table_row.string_stream_references['Name']
if string_address:
assembly_name = self.dotnetpe.get_string(string_address)
if deduplicate:
if assembly_name in result:
continue
vs = Struct.AssemblyInfo(table_row.MajorVersion.value, table_row.MinorVersion.value, table_row.BuildNumber.value, table_row.RevisionNumber.value)
result[assembly_name] = f'{vs.MajorVersion}.{vs.MinorVersion}.{vs.BuildNumber}.{vs.RevisionNumber}'
return result
Hi,
I noticed the installation method here involves directly invoking setup.py
which is a pretty antiquated way of managing Python libraries for users.
Is there any intent to upload this to PyPI for an easier pip install
? (You should at least claim the name to prevent any supply chain attacks from someone who thinks python3 -m pip install dotnetfile
is valid).
Pip supports Git URLs so a user can python3 -m pip install git+https://github.com/pan-unit42/dotnetfile
. If the library isn't going to be distributed through PyPI, then this is an easier method to allow users to update and might save some users confusion when it comes to managing their dependencies across multiple Python versions.
The example for get_user_stream_strings() (https://pan-unit42.github.io/dotnetfile/api_documentation/general/#get-us-stream-strings) seems to have a typo in the example in line 8 "get_us_stream_strings()" ("us" instead of "user"):
us_stream_strings = dotnet_file.get_us_stream_strings()
Leading to the error:
AttributeError: 'DotNetPE' object has no attribute 'get_us_stream_strings'
It's correct slightly above at the definition.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.