PECLASSES

This is intended to be a fast, minimalistic, IDE-friendly library for Portable Executable file parsing.

Also, it contains AnnotatedStructure and AnnotatedUnion base classes which allow to declare ctypes structures in the dataclass style.

For example, you can write:

class POINT(AnnotatedStructure):
    x: c_int
    y: c_int

instead of

class POINT(Structure):
    _fields_ = [("x", c_int),
                ("y", c_int)]

More examples of AnnotatedStructure usage see here: examples/annotated_structure.py

Derived from the dfrus project.

Features

As is peclasses is IDE-friendly, i.e. an IDE will show you hints about fields of structures;
it is pythonic, i.e. names of structures and their fields comply to PEP8 rules;
ease to add new structures.

Comparing to pefile, peclasses is in the early stages of development and may lack some features;
pythonic name style may confuse some library users;
it's not tested against a variety of real life species of portable executable, and may not be suitable for e.g. malware analysis (at least without some improvements);
type annotations with types from ctypes can be somewhat misleading: e.g. a structure field can be annotated as c_uint, ctypes will return its value as plain int, but typing tools (such as mypy) will complain that you cannot treat this value as int (because it's annotated as c_uint), so you may need to use cast function from typing.

Name		Name	Last commit message	Last commit date
Latest commit History 135 Commits
.github		.github
examples		examples
peclasses		peclasses
tests		tests
.coveragerc		.coveragerc
.flake8		.flake8
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
poetry.lock		poetry.lock
poetry.toml		poetry.toml
pyproject.toml		pyproject.toml