中的时间戳
2019年12月23日
0 Comments
Python读取PE文件(exe/dll)中的时间戳,
代码原文地址:
直接上代码吧,引用过来以防链接失效:
1 #! /usr/bin/env python2.7
2 #
3 # Author: Pat Litke (C) 2014
4 #
5 # This code is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License as
7 # published by the Free Software Foundation, either version 3 of the
8 # License, or (at your option) any later version.
9 #
10 # This code is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU Affero General Public License
16 # along with Baku. If not, see <http://www.gnu.org/licenses/>.
17 #
18 # Description:
19 # Quick and dirty module to read a binary file, look at the DOS header for the PE offset
20 # Seek to the PE offset, read the third DWORD in, unpack it, and return either EPOCH or GMTIMEs
21 #
22 # Returns 1 if the file doesn't havea a DOS header
23 # Returns 2 if file couldn't be read
24 # Returns the data in epoch or formatted otherwise
25
26 from struct import unpack
27 from binascii import hexlify
28 from time import gmtime, strftime
29
30 def getEpoch(filePath, epoch = True):
31
32 # Open the file in Binary mode
33 try:
34 handle = open(filePath, 'rb')
35 if hexlify(handle.read(2)) != hexlify(u'MZ'):
36 handle.close()
37 return 1
38 except:
39 return 2
40
41 # Get PE offset (@60, DWORD) from DOS header
42 # It's little-endian so we have to flip it
43 # We also need the HEX representation which is an INT value
44 handle.seek(60, 0)
45 offset = handle.read(4)
46 offset = hexlify(offset[::-1])
47 offset = int(offset, 16)
48
49 # Seek to PE header and read second DWORD
50 handle.seek(offset+8, 0)
51 dword = handle.read(4)
52 handle.close()
53 t = unpack(">L", dword[::-1])[0]
54
55 if epoch:
56 return t
57 else:
58 return strftime('%Y-%m-%d %H:%M:%S', gmtime(float(t)))
59
60
61
62 def getUTC(filePath):
63 return getEpoch(filepath, False)
64
65 def getBoth(filePath):
66 return [getEpoch(filepath), getEpoch(filepath, False)]
如果想修改这个时间戳,按照上述规则,pack后写入即可,另外其中53行那句有些麻烦,其实这么写就可以了:t
= unpack(“<L”, dword)[0] ,即按照小端直接解码即可。
代码原文地址:
…
标签:澳门游戏平台大全