I use this module for Python to read .NET info... It's Python2 only, but converting to Python3 is super simple. I have it done locally just haven't had time to put it into a PR:
https://github.com/crackinglandia/pype32 On Mon, Mar 12, 2018 at 10:52 AM Wesley Shields <wshie...@gmail.com> wrote: > Sure, I've been using it to unpack and handle config blocks from .NET > binaries using this technique: > > https://gist.github.com/wxsBSD/1e518cef545fee7bb991a9dc6c14a0f7 > > Substitute the dotnet module for the pe module and you will get access to > all the information exposed via the PE module (you won't get things that > require function calls like imports and exports though). > > -- WXS > > > On Mar 12, 2018, at 12:49 PM, Matan Bachar <matan...@gmail.com> wrote: > > > > Is there a way to get information about PE file using yara-python > command directly or indirectly? (section number,timestamp etc) > > > > -- > > You received this message because you are subscribed to the Google > Groups "YARA" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to yara-project+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Ryan Sommers ry...@rpsommers.com -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
