import pefile def importKnownPackers(filePath): knownPackers =[] try: with open(filePath) as packerPath: for line in packerPath: knownPackers.append(line.strip()) except: print("Error reading given file.") return None return knownPackers def detectPackers(pe, knownPackers): sections=[] for section in pe.sections: sections.append(section.Name.decode('utf-8').strip('\x00')) matches=[] for section in sections: for item_section in knownPackers: if section == item_section or item_section==item_section.swapcase(): matches.append(section) return matches def detect_pack_res(targetMalware= "./pack/UPX.exe"): knownPackerFile = "knownPackerSections.txt" targetMalware = pefile.PE(targetMalware) knownPackers = importKnownPackers(knownPackerFile) detectedPackers = detectPackers(targetMalware, knownPackers) if detectedPackers: # print("有加壳") return True else: # print("无加壳") return False if __name__ == '__main__': # targetMalware = "./pack/UPX.exe" # knownPackerFile = "knownPackerSections.txt" # # targetMalware = pefile.PE(targetMalware) # knownPackers = importKnownPackers(knownPackerFile) # print(knownPackers) # detectedPackers = detectPackers(targetMalware, knownPackers) # for item in detectedPackers: # print(item) detect_pack_res(targetMalware= "./pack/UPX.exe")