CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-pefile

Python PE parsing module for analyzing Portable Executable (PE) files with comprehensive header, section, and directory entry support

Pending
Overview
Eval results
Files

debug.mddocs/

Debug Information

Access to debug directories and related debugging information embedded in PE files. Debug information helps with debugging, profiling, and reverse engineering of PE files.

Capabilities

Debug Directory Parsing

Parse debug directory entries that contain debugging information.

def parse_debug_directory(self, rva, size):
    """
    Parse debug directory at specified RVA.
    
    Args:
        rva (int): RVA of debug directory
        size (int): Size of debug directory
        
    Populates:
        self.DIRECTORY_ENTRY_DEBUG: List of DebugData objects
    """

Usage Examples

Debug Directory Analysis

import pefile

with pefile.PE('executable.exe') as pe:
    # Check for debug information
    if hasattr(pe, 'DIRECTORY_ENTRY_DEBUG'):
        print("Debug Information:")
        print("-" * 40)
        
        for debug_entry in pe.DIRECTORY_ENTRY_DEBUG:
            debug_type = debug_entry.struct.Type
            
            # Map debug type to name
            debug_type_names = {
                0: "IMAGE_DEBUG_TYPE_UNKNOWN",
                1: "IMAGE_DEBUG_TYPE_COFF", 
                2: "IMAGE_DEBUG_TYPE_CODEVIEW",
                3: "IMAGE_DEBUG_TYPE_FPO",
                4: "IMAGE_DEBUG_TYPE_MISC",
                5: "IMAGE_DEBUG_TYPE_EXCEPTION",
                6: "IMAGE_DEBUG_TYPE_FIXUP",
                7: "IMAGE_DEBUG_TYPE_OMAP_TO_SRC",
                8: "IMAGE_DEBUG_TYPE_OMAP_FROM_SRC",
                9: "IMAGE_DEBUG_TYPE_BORLAND",
                10: "IMAGE_DEBUG_TYPE_RESERVED10",
                11: "IMAGE_DEBUG_TYPE_CLSID",
                12: "IMAGE_DEBUG_TYPE_VC_FEATURE",
                13: "IMAGE_DEBUG_TYPE_POGO",
                14: "IMAGE_DEBUG_TYPE_ILTCG",
                15: "IMAGE_DEBUG_TYPE_MPX",
                16: "IMAGE_DEBUG_TYPE_REPRO"
            }
            
            type_name = debug_type_names.get(debug_type, f"Unknown({debug_type})")
            
            print(f"Debug Type: {type_name}")
            print(f"Size: {debug_entry.struct.SizeOfData}")
            print(f"RVA: 0x{debug_entry.struct.AddressOfRawData:08x}")
            print(f"File Offset: 0x{debug_entry.struct.PointerToRawData:08x}")
            print(f"Timestamp: {debug_entry.struct.TimeDateStamp}")
            print(f"Major Version: {debug_entry.struct.MajorVersion}")
            print(f"Minor Version: {debug_entry.struct.MinorVersion}")
            
            # Extract debug data if present
            if debug_entry.struct.SizeOfData > 0:
                if debug_entry.struct.AddressOfRawData != 0:
                    debug_data = pe.get_data(debug_entry.struct.AddressOfRawData, 
                                           debug_entry.struct.SizeOfData)
                elif debug_entry.struct.PointerToRawData != 0:
                    debug_data = pe.get_data(pe.get_rva_from_offset(debug_entry.struct.PointerToRawData),
                                           debug_entry.struct.SizeOfData)
                else:
                    debug_data = None
                
                if debug_data:
                    print(f"Debug Data: {debug_data[:50].hex()}{'...' if len(debug_data) > 50 else ''}")
            
            print()
    else:
        print("No debug information found")

Install with Tessl CLI

npx tessl i tessl/pypi-pefile

docs

data-access.md

debug.md

hashing.md

import-export.md

index.md

memory.md

ordinal-lookups.md

packer-detection.md

pe-parsing.md

resources.md

sections.md

tile.json