40 lines
1.1 KiB
Python
40 lines
1.1 KiB
Python
import lief
|
|
|
|
import pefile
|
|
|
|
def is_cfg(pe_path):
|
|
# 打开PE文件并解析
|
|
pe = pefile.PE(pe_path)
|
|
|
|
# 检查是否有代码段
|
|
if not hasattr(pe, "sections"):
|
|
return False
|
|
|
|
# 检查代码段是否可执行
|
|
for section in pe.sections:
|
|
if section.Characteristics & 0x20000000 == 0:
|
|
return False
|
|
|
|
# 检查是否有入口点
|
|
if not hasattr(pe, "OEP"):
|
|
return False
|
|
|
|
# 检查是否有代码块
|
|
if not hasattr(pe, "DIRECTORY_ENTRY_CODE"):
|
|
return False
|
|
|
|
# 检查是否有导入表
|
|
if not hasattr(pe, "DIRECTORY_ENTRY_IMPORT"):
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
if __name__ == "__main__":
|
|
# 判断指定可执行文件是否可表征成CFG
|
|
file_path = r"C:\Users\Administrator\Desktop\大规模复杂软件无效样本清洗\demo1\Sample\00a5b52a3a9a5d95a8700ffa985846750f2bbfa698a055b4def660c5e4594486"
|
|
if is_cfg(file_path):
|
|
print(f"The binary file {file_path} can be represented as CFG.")
|
|
else:
|
|
print(f"The binary file {file_path} cannot be represented as CFG.")
|