5 anni dopo, ho modificato il codice fornito da @Ayrx usando l'operatore &
per verificare gli indicatori come suggerito da @avakar. Ora funziona correttamente:
import argparse
import os
import pefile
class DllCharacteristics():
def __init__(self):
self.IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = False
self.IMAGE_DLLCHARACTERISTICS_GUARD_CF = False
self.IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = False
self.IMAGE_DLLCHARACTERISTICS_APPCONTAINER = False
self.IMAGE_DLLCHARACTERISTICS_NO_BIND = False
self.IMAGE_DLLCHARACTERISTICS_NO_SEH = False
self.IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = False
self.IMAGE_DLLCHARACTERISTICS_NX_COMPAT = False
self.IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = False
self.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = False
self.IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = False
def has_flag(value, flag):
return value & flag == flag
def get_dll_characteristics(path):
dc = DllCharacteristics()
pe = pefile.PE(path, fast_load=True)
dll_characteristics = pe.OPTIONAL_HEADER.DllCharacteristics
if dll_characteristics > 0:
dc.IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = has_flag(dll_characteristics, 0x8000)
dc.IMAGE_DLLCHARACTERISTICS_GUARD_CF = has_flag(dll_characteristics, 0x4000)
dc.IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = has_flag(dll_characteristics, 0x2000)
dc.IMAGE_DLLCHARACTERISTICS_APPCONTAINER = has_flag(dll_characteristics, 0x1000)
dc.IMAGE_DLLCHARACTERISTICS_NO_BIND = has_flag(dll_characteristics, 0x0800)
dc.IMAGE_DLLCHARACTERISTICS_NO_SEH = has_flag(dll_characteristics, 0x0400)
dc.IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = has_flag(dll_characteristics, 0x0200)
dc.IMAGE_DLLCHARACTERISTICS_NX_COMPAT = has_flag(dll_characteristics, 0x0100)
dc.IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = has_flag(dll_characteristics, 0x0080)
dc.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = has_flag(dll_characteristics, 0x0040)
dc.IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = has_flag(dll_characteristics, 0x0020)
return dc
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('dir', help='Directory to scan')
args = parser.parse_args()
dep_enabled = []
dep_disabled = []
aslr_enabled = []
aslr_disabled = []
for root, dirs, files in os.walk(args.dir):
for f in files:
flags = get_dll_characteristics(os.path.join(root, f))
if flags.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE:
aslr_enabled.append(f)
else:
aslr_disabled.append(f)
if flags.IMAGE_DLLCHARACTERISTICS_NX_COMPAT:
dep_enabled.append(f)
else:
dep_disabled.append(f)
print "ASLR Enabled: "
print "=============="
for i in aslr_enabled:
print i
print ""
print "ASLR Disabled: "
print "==============="
for i in aslr_disabled:
print i
print ""
print "DEP Enabled: "
print "============="
for i in dep_enabled:
print i
print ""
print "DEP Disabled: "
print "=============="
for i in dep_disabled:
print i
print ""