Parse .NET executable files.
- Free software: MIT license
- Parse as much as we can, even if the file is partially malformed.
- Easy to use. Developed with IDE autocompletion in mind.
pip install dnfileThen create a simple program that loads a .NET binary, parses it, and displays information about the streams and Metadata Tables.
import sys import dnfile filepath = sys.argv[1] pe = dnfile.dnPE(filepath) pe.print_info()Everything is an object, and raw structure values are stored in an object's "struct" attribute. The CLR directory entry object is accessible from the "net" attribute of a dnPE object.
import dnfile import hashlib pe = dnfile.dnPE(FILEPATH) # access the directory entry raw structure values pe.net.struct # access the metadata raw structure values pe.net.metadata.struct # access the streams for s in pe.net.metadata.streams_list: if isinstance(s, dnfile.stream.MetaDataTables): # how many Metadata tables are defined in the binary? num_of_tables = len(s.tables_list) # the last Metadata tables stream can also be accessed by a shortcut num_of_tables = len(pe.net.mdtables.tables_list) # create a set to hold the hashes of all resources res_hash = set() # access the resources for r in pe.net.resources: # if resource data is a simple byte stream if isinstance(r.data, bytes): # hash it and add the hash to the set res_hash.add(hashlib.sha256(r.data).hexdigest()) # if resource data is a ResourceSet, a dotnet-specific datatype elif isinstance(r.data, dnfile.resource.ResourceSet): # if there are no entries if not r.data.entries: # skip it continue # for each entry in the ResourceSet for entry in r.data.entries: # if it has data if entry.data: # hash it and add the hash to the set res_hash.add(hashlib.sha256(entry.data).hexdigest())- more tests
- Documentation on readthedocs
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.