From 19101ee13c8146e81543c96b070c0335f98988c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antanas=20Ur=C5=A1ulis?= Date: Mon, 6 Feb 2023 18:44:04 +0000 Subject: [PATCH] Add parsing for IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS --- pefile.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/pefile.py b/pefile.py index 4e5a48a..cbc57d3 100644 --- a/pefile.py +++ b/pefile.py @@ -359,6 +359,14 @@ def two_way_dict(pairs): DLL_CHARACTERISTICS = two_way_dict(dll_characteristics) + +ex_dll_characteristics = [ + ("IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT", 0x0001), +] + +EX_DLL_CHARACTERISTICS = two_way_dict(ex_dll_characteristics) + + FILE_ALIGNMENT_HARDCODED_VALUE = 0x200 @@ -4444,6 +4452,30 @@ def parse_debug_directory(self, rva, size): ___IMAGE_DEBUG_MISC_format__, dbg_type_data, dbg_type_offset ) + elif dbg.Type == 20: + # IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS + dbg_type_offset = dbg.PointerToRawData + dbg_type_size = dbg.SizeOfData + dbg_type_data = self.__data__[ + dbg_type_offset : dbg_type_offset + dbg_type_size + ] + # Note: the names for these formats and structure members are made up. + # They are not documented properly. + ___IMAGE_DEBUG_EX_DLLCHARACTERISTICS_format__ = [ + "IMAGE_DEBUG_EX_DLLCHARACTERISTICS", + [ + "I,ExDllCharacteristics", + ], + ] + dbg_type = self.__unpack_data__( + ___IMAGE_DEBUG_EX_DLLCHARACTERISTICS_format__, dbg_type_data, dbg_type_offset + ) + + ex_dll_characteristics_flags = retrieve_flags( + EX_DLL_CHARACTERISTICS, "IMAGE_DLLCHARACTERISTICS_EX_" + ) + set_flags(dbg_type, dbg_type.ExDllCharacteristics, ex_dll_characteristics_flags) + debug.append(DebugData(struct=dbg, entry=dbg_type)) return debug