I'm ok with cumbersome ;) Thanks Wesley, much appreciated and I hope this
gets exposed in the future, it's a nice pivot point for finding related
samples when malware hunting.
Cheers,
Schrodinger.
On Friday, June 28, 2019 at 3:52:34 PM UTC+1, Wesley Shields wrote:
>
> OK, that
ss of
the ASCII string that contains the name of the DLL. This address is
relative to the image base." I'd like to use Yara to find samples with the
same Export name, not the name of an exported function.
Cheers,
Schrodinger.
On Thursday, June 27, 2019 at 12:40:03 AM UTC+1, Wesle
eers.
On Wednesday, June 26, 2019 at 2:00:47 AM UTC+1, Wesley Shields wrote:
>
> For now you can do: pe.exports("pilot.dll").
>
> -- WXS
>
> > On Jun 25, 2019, at 6:21 PM, Schrodinger > wrote:
> >
> > Hi everyone,
> >
Hi everyone,
I was wondering if there is a way to perform matching on the name in the
DIRECTORY_ENTRY_EXPORT in a Portable Executable. Example from the Python
pefile module:
In [32]: pe.DIRECTORY_ENTRY_EXPORT.name
Out[32]: 'pilot.dll'
Cheers,
Schrodinger.
--
You received th