Added AMI PFAT RSA 3K signed blocks support

Added AMI PFAT nested detection at each file Added Award BIOS payload naming at each file Switched Panasonic BIOS LZNT1 external library Improved Panasonic LZNT1 detection and length Improved Dell PFS code structure and fixed bugs Improved code exception handling (raise, catch) Improved code definitions (PEP8, docs, types) Fixed some arguments missing from help screens
2025-05-13 06:34:42 -04:00 · 2024-04-24 01:22:53 +03:00 · 2024-04-24 01:22:53 +03:00 · d85a7f82dc
commit d85a7f82dc
parent 03ae0cf070
37 changed files with 2897 additions and 2174 deletions
--- a/common/pe_ops.py
+++ b/common/pe_ops.py
@ -1,8 +1,8 @@
-#!/usr/bin/env python3
-#coding=utf-8
+#!/usr/bin/env python3 -B
+# coding=utf-8

 """
-Copyright (C) 2022 Plato Mavropoulos
+Copyright (C) 2022-2024 Plato Mavropoulos
 """

 import pefile
@ -10,40 +10,57 @@ import pefile
 from common.system import printer
 from common.text_ops import file_to_bytes

-# Check if input is a PE file
-def is_pe_file(in_file):
-    return bool(get_pe_file(in_file))

-# Get pefile object from PE file
-def get_pe_file(in_file, fast=True):
+def is_pe_file(in_file: str | bytes) -> bool:
+    """ Check if input is a PE file """
+
+    return bool(get_pe_file(in_file, silent=True))
+
+
+def get_pe_file(in_file: str | bytes, padding: int = 0, fast: bool = True, silent: bool = False) -> pefile.PE | None:
+    """ Get pefile object from PE file """
+
    in_buffer = file_to_bytes(in_file)
-    
+
+    pe_file = None
+
    try:
        # Analyze detected MZ > PE image buffer
        pe_file = pefile.PE(data=in_buffer, fast_load=fast)
-    except Exception:
-        pe_file = None
-    
+    except Exception as error:  # pylint: disable=broad-except
+        if not silent:
+            _filename = in_file if type(in_file).__name__ == 'string' else 'buffer'
+
+            printer(f'Error: Could not get pefile object from {_filename}: {error}!', padding)
+
    return pe_file

-# Get PE info from pefile object
-def get_pe_info(pe_file):
+
+def get_pe_info(pe_file: pefile.PE, padding: int = 0, silent: bool = False) -> dict:
+    """ Get PE info from pefile object """
+
+    pe_info = {}
+
    try:
        # When fast_load is used, IMAGE_DIRECTORY_ENTRY_RESOURCE must be parsed prior to FileInfo > StringTable
        pe_file.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']])
-        
+
        # Retrieve MZ > PE > FileInfo > StringTable information
        pe_info = pe_file.FileInfo[0][0].StringTable[0].entries
-    except Exception:
-        pe_info = {}
-    
+    except Exception as error:  # pylint: disable=broad-except
+        if not silent:
+            printer(f'Error: Could not get PE info from pefile object: {error}!', padding)
+
    return pe_info

-# Print PE info from pefile StringTable
-def show_pe_info(pe_info, padding=0):
-    if type(pe_info).__name__ == 'dict':
-        for title,value in pe_info.items():
-            info_title = title.decode('utf-8','ignore').strip()
-            info_value = value.decode('utf-8','ignore').strip()
+
+def show_pe_info(pe_info: dict, padding: int = 0) -> None:
+    """ Print PE info from pefile StringTable """
+
+    if isinstance(pe_info, dict):
+        for title, value in pe_info.items():
+            info_title = title.decode('utf-8', 'ignore').strip()
+            info_value = value.decode('utf-8', 'ignore').strip()
+
            if info_title and info_value:
                printer(f'{info_title}: {info_value}', padding, new_line=False)