35 lines
1.3 KiB
Python
35 lines
1.3 KiB
Python
import json
|
|
import lief
|
|
|
|
|
|
class DetectPack(object):
|
|
def __init__(self, file_path):
|
|
self.file_path = file_path
|
|
if lief.is_pe(self.file_path):
|
|
self.file_type = "PE"
|
|
self.binary = lief.PE.parse(file_path)
|
|
elif lief.is_elf(self.file_path):
|
|
self.file_type = "ELF"
|
|
self.binary = lief.ELF.parse(file_path)
|
|
else:
|
|
self.file_type = "Other"
|
|
|
|
def check_sections(self):
|
|
if self.file_type == "Other":
|
|
return False, "操作失败: 只有PE或ELF文件可加壳"
|
|
try:
|
|
file = open("packer_sections.json", 'r')
|
|
file_json = json.loads(file.read())
|
|
file.close()
|
|
except:
|
|
return False, "操作失败: 读取壳section名文件失败"
|
|
try:
|
|
for item in self.binary.sections:
|
|
if item.name in file_json:
|
|
return False, "操作失败: 检测到名为 " + item.name + " 的Section, 该文件已被加壳, 无法重复加壳操作"
|
|
return True, "操作成功: 该文件可以尝试加壳"
|
|
except:
|
|
return False, "操作失败: 获取样本section失败"
|
|
|
|
if __name__ == "__main__":
|
|
de=DetectPack(file_path=r"C:\Users\Administrator\Desktop\大规模复杂软件无效样本清洗\demo1\T\0a0a34") |