From cd59e48ccb823c249769d9c3502e92155c2edadd Mon Sep 17 00:00:00 2001 From: j-t-1 <120829237+j-t-1@users.noreply.github.com> Date: Tue, 2 Jul 2024 08:43:20 +0100 Subject: [PATCH 1/3] Replace list comprehension with set comprehension Amends function is_driver to take intersection between two sets, rather than a set and a list. --- pefile.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pefile.py b/pefile.py index cd8cc6e..5923818 100644 --- a/pefile.py +++ b/pefile.py @@ -7780,7 +7780,7 @@ def is_driver(self): # Checking that the ImageBase field of the OptionalHeader is above or # equal to 0x80000000 (that is, whether it lies in the upper 2GB of # the address space, normally belonging to the kernel) is not a - # reliable enough indicator. For instance, PEs that play the invalid + # reliable enough indicator. For instance, PEs that play the invalid # ImageBase trick to get relocated could be incorrectly assumed to be # drivers. @@ -7805,18 +7805,17 @@ def is_driver(self): # self.DIRECTORY_ENTRY_IMPORT will now exist, although it may be empty. # If it imports from "ntoskrnl.exe" or other kernel components it should # be a driver - # system_DLLs = { b"ntoskrnl.exe", b"hal.dll", b"ndis.sys", b"bootvid.dll", b"kdcom.dll" } if system_DLLs.intersection( - [imp.dll.lower() for imp in self.DIRECTORY_ENTRY_IMPORT] + {imp.dll.lower() for imp in self.DIRECTORY_ENTRY_IMPORT} ): return True driver_like_section_names = {b"page", b"paged"} if driver_like_section_names.intersection( - [section.Name.lower().rstrip(b"\x00") for section in self.sections] + {section.Name.lower().rstrip(b"\x00") for section in self.sections} ) and ( self.OPTIONAL_HEADER.Subsystem in ( From 0b81748aa00f65e33295210aff9cda09893f615f Mon Sep 17 00:00:00 2001 From: j-t-1 <120829237+j-t-1@users.noreply.github.com> Date: Tue, 2 Jul 2024 09:24:09 +0100 Subject: [PATCH 2/3] Use chaining comparison operators Increases readability. --- pefile.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pefile.py b/pefile.py index cd8cc6e..d892a7d 100644 --- a/pefile.py +++ b/pefile.py @@ -7837,9 +7837,7 @@ def get_overlay_data_start_offset(self): def update_if_sum_is_larger_and_within_file( offset_and_size, file_size=len(self.__data__) ): - if sum(offset_and_size) <= file_size and sum(offset_and_size) > sum( - largest_offset_and_size - ): + if sum(largest_offset_and_size) < sum(offset_and_size) <= file_size: return offset_and_size return largest_offset_and_size From 5e0f08b9a636dedcd295fa7fc576632400961ae4 Mon Sep 17 00:00:00 2001 From: j-t-1 <120829237+j-t-1@users.noreply.github.com> Date: Thu, 4 Jul 2024 08:01:41 +0100 Subject: [PATCH 3/3] Remove distutils use setuptools is a better documented and well maintained enhancement based on distutils. While it provides very similar functionality, it is much better able to support users on earlier Python releases, and can respond to bug reports more quickly. A number of platform-specific enhancements already exist in setuptools that have not been added to distutils, and there is been a long-standing recommendation in the distutils documentation to prefer setuptools. https://peps.python.org/pep-0632 --- setup.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/setup.py b/setup.py index 927381d..16083df 100755 --- a/setup.py +++ b/setup.py @@ -4,14 +4,10 @@ import os import re import sys - -try: - from setuptools import Command, setup -except ImportError as excp: - from distutils.core import setup, Command - from unittest import TestLoader, TextTestRunner +from setuptools import Command, setup + os.environ["COPY_EXTENDED_ATTRIBUTES_DISABLE"] = "true" os.environ["COPYFILE_DISABLE"] = "true"