I use this module for Python to read .NET info... It's Python2 only, but
converting to Python3 is super simple. I have it done locally just haven't
had time to put it into a PR:
https://github.com/crackinglandia/pype32
On Mon, Mar 12, 2018 at 10:52 AM Wesley Shields wrote:
> Sure, I've been using it to unpack and handle config blocks from .NET
> binaries using this technique:
>
> https://gist.github.com/wxsBSD/1e518cef545fee7bb991a9dc6c14a0f7
>
> Substitute the dotnet module for the pe module and you will get access to
> all the information exposed via the PE module (you won't get things that
> require function calls like imports and exports though).
>
> -- WXS
>
> > On Mar 12, 2018, at 12:49 PM, Matan Bachar wrote:
> >
> > Is there a way to get information about PE file using yara-python
> command directly or indirectly? (section number,timestamp etc)
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "YARA" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to yara-project+unsubscr...@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "YARA" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to yara-project+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Ryan Sommers
ry...@rpsommers.com
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to yara-project+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
