Data

Tools

Indexes

Applications

Experiments

Open Source Science

pefile

pefile is a Python module to read and work with PE (Portable Executable) files

https://github.com/erocarrera/pefile

Science Score: 54.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
    2 of 83 committers (2.4%) from academic institutions
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (13.5%) to scientific vocabulary

Keywords from Contributors

closember
Last synced: 6 months ago · JSON representation ·

Repository

pefile is a Python module to read and work with PE (Portable Executable) files

Basic Info
  • Host: GitHub
  • Owner: erocarrera
  • License: mit
  • Language: Python
  • Default Branch: master
  • Homepage:
  • Size: 1.18 GB
Statistics
  • Stars: 1,952
  • Watchers: 80
  • Forks: 525
  • Open Issues: 125
  • Releases: 16
Created almost 11 years ago · Last pushed over 1 year ago
Metadata Files
Readme License Citation

README.md

pefile

PyPI version pefile test Coverage OpenSSF Scorecard Contributors Code style: black Downloads Downloads

pefile is a multi-platform Python module to parse and work with Portable Executable (PE) files. Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data.

The structures defined in the Windows header files will be accessible as attributes in the PE instance. The naming of fields/attributes will try to adhere to the naming scheme in those headers. Only shortcuts added for convenience will depart from that convention.

pefile requires some basic understanding of the layout of a PE file — with it, it's possible to explore nearly every single feature of the PE file format.

Installation

To install pefile through pip:

pip3 install pefile

Features

Some of the tasks that pefile makes possible are:

Please, refer to Usage Examples for some code snippets that demonstrate how to use pefile.

Here are a few examples of what a dump produced with pefile looks like for different types of files:

To work with authenticated binaries, including Authenticode signatures, please check the project verify-sigs.

pefile runs in several pipelines scanning hundreds of thousands of new PE files every day, and, while not perfect, it has grown to be pretty robust over time. That being said, small glitches are found now and then. If you bump into a PE that does not appear to be processed correctly, do report it, please! It will help make pefile a tiny bit more powerful.

Dependencies

pefile is self-contained. The module has no dependencies; it is endianness independent; and it works on OS X, Windows, and Linux.

Recent changes

Prompted by the move to GitHub, the need to support Python 3 in addition to resolving a slew of pending issues (some having to do with the old versioning scheme), pefile has changed its version number scheme and from now on it will be using the release date as its version.

Projects and products using pefile

Additional resources

PDFs of posters depicting the PE file format:

The following links provide detailed information about the PE format and its structures.

Owner

  • Name: Ero Carrera
  • Login: erocarrera
  • Kind: user
  • Location: Barcelona

Reverse engineering and threat-intelligence by way of F-Secure, zynamics, Google.

Citation (CITATION.cff) 

abstract: "pefile is a Python module to read and work with PE (Portable Executable) files"
authors:
  - family-names: Carrera Ventura
    given-names: Ero
    orcid: "https://orcid.org/0000-0002-9549-9291"
cff-version: 1.2.0
date-released: "2024-08-26"
license: MIT
message: "If you use this software, please cite it using these metadata."
repository-code: "https://github.com/erocarrera/pefile"
title: "pefile"
version: "2024.8.26"

GitHub Events

Total
  • Issues event: 5
  • Watch event: 93
  • Issue comment event: 13
  • Pull request review event: 3
  • Pull request review comment event: 3
  • Pull request event: 25
  • Fork event: 18
Last Year
  • Issues event: 5
  • Watch event: 93
  • Issue comment event: 13
  • Pull request review event: 3
  • Pull request review comment event: 3
  • Pull request event: 25
  • Fork event: 18

Committers

Last synced: 10 months ago

All Time
  • Total Commits: 528
  • Total Committers: 83
  • Avg Commits per committer: 6.361
  • Development Distribution Score (DDS): 0.483
Past Year
  • Commits: 27
  • Committers: 2
  • Avg Commits per committer: 13.5
  • Development Distribution Score (DDS): 0.37
Top Committers
Name Email Commits
Ero Carrera e****a@g****m 273
ero.carrera@gmail.com e****a@g****m@8****1 73
j-t-1 1****1 21
Sebastian Willenborg c****l@w****e 18
ero.carrera e****a@8****1 11
Lukas Bernhard l****d@q****o 7
Sébastien Larinier s****r@s****r 6
pspcreateprocess p****s@m****u 6
Joachim Metz j****z@g****m 5
angelkillah n****c@g****m 4
Drew Bonasera D****f 4
Raphaël Vinot r****l@v****o 4
zjgcjy z****y@g****m 4
Andrew Dutcher a****r@g****m 3
Stephen Rauch s****b@g****m 3
Zoë Peterson h****o@z****m 3
anatoly techtonik t****k@g****m 3
Brett Meyer c****r@g****m 3
matt price m****1@g****m 3
nyx0 n****0 3
Martin Zibricky m****k 2
Mark Jansen m****n@r****g 2
Hilko Bengen b****n@h****e 2
Caleb Madrigal c****l@g****m 2
@Antelox a****e@g****m 2
mat m****t@m****t 2
Nirbheek Chauhan n****k@c****m 2
Linhai s****3@g****m 2
dieresys d****s 1
daladim d****m 1
and 53 more...
Committer Domains (Top 20 + Academic)
stepsecurity.io: 1 pmeerw.net: 1 wcfan.de: 1 sec.in.tum.de: 1 vt.edu: 1 mindmaze.com: 1 acm.org: 1 fedoraproject.org: 1 iress.com: 1 google.com: 1 randomhack.org: 1 lokalhost.pl: 1 fluehmann.one: 1 hannover.ccc.de: 1 none.com: 1 cantab.net: 1 email.com: 1 mandiant.com: 1 andcycle.idv.tw: 1 avast.com: 1

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 79
  • Total pull requests: 165
  • Average time to close issues: 3 months
  • Average time to close pull requests: 7 months
  • Total issue authors: 65
  • Total pull request authors: 60
  • Average comments per issue: 1.35
  • Average comments per pull request: 0.62
  • Merged pull requests: 77
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 7
  • Pull requests: 62
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 6
  • Pull request authors: 9
  • Average comments per issue: 0.0
  • Average comments per pull request: 0.1
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • pd-fkie (6)
  • j-t-1 (3)
  • randomascii (2)
  • im-overlord04 (2)
  • hacktorious (2)
  • vj68 (2)
  • plusvic (2)
  • Javagedes (2)
  • adang1345 (2)
  • huettenhain (1)
  • KatherineLiu-holdon (1)
  • pombredanne (1)
  • richardweiss80 (1)
  • platomav (1)
  • TheMythologist (1)
Pull Request Authors
  • j-t-1 (90)
  • learn-more (3)
  • hillu (2)
  • itaiavni (2)
  • ForensicITGuy (2)
  • daniel-mekuria (2)
  • wangmot (2)
  • wesinator (2)
  • dinateper (2)
  • aursulis (2)
  • asivery (2)
  • step-security-bot (2)
  • Derekt2 (2)
  • N0fix (2)
  • qux-bbb (2)
Top Labels
Issue Labels
bug (2) enhancement (2) Priority-Medium (1) Type-Defect (1) auto-migrated (1) help wanted (1) question (1)
Pull Request Labels
bug (2) enhancement (2)

Packages

  • Total packages: 15
  • Total downloads:
    • pypi 2,533,087 last-month
  • Total docker downloads: 713,854,675
  • Total dependent packages: 121
    (may contain duplicates)
  • Total dependent repositories: 7,070
    (may contain duplicates)
  • Total versions: 50
  • Total maintainers: 2
pypi.org: pefile

Python PE parsing module

  • Versions: 15
  • Dependent Packages: 117
  • Dependent Repositories: 7,054
  • Downloads: 2,533,087 Last month
  • Docker Downloads: 713,854,675
Rankings
Dependent repos count: 0.1%
Dependent packages count: 0.2%
Downloads: 0.3%
Docker downloads count: 0.4%
Average: 0.8%
Stargazers count: 1.7%
Forks count: 2.3%
Maintainers (1)
ero
Last synced: 6 months ago
alpine-v3.18: py3-pefile-pyc

Precompiled Python bytecode for py3-pefile

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 2.3%
Forks count: 3.2%
Stargazers count: 6.1%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.18: py3-pefile

Python PE parsing module

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 2.3%
Forks count: 3.2%
Stargazers count: 6.1%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-edge: py3-pefile

Python PE parsing module

  • Versions: 7
  • Dependent Packages: 1
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Forks count: 4.4%
Average: 4.5%
Dependent packages count: 6.0%
Stargazers count: 7.6%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-edge: py3-pefile-pyc

Precompiled Python bytecode for py3-pefile

  • Versions: 5
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Forks count: 4.5%
Average: 6.4%
Stargazers count: 7.8%
Dependent packages count: 13.4%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
conda-forge.org: pefile
  • Versions: 10
  • Dependent Packages: 2
  • Dependent Repositories: 8
Rankings
Forks count: 7.4%
Stargazers count: 10.1%
Dependent repos count: 12.2%
Average: 12.3%
Dependent packages count: 19.6%
Last synced: 7 months ago
anaconda.org: pefile

pefile is a Python module to read and work with PE (Portable Executable) files. The structures defined in the Windows header files will be accessible as attributes in the PE instance. The naming of fields/attributes will try to adhere to the naming scheme in those headers. Only shortcuts added for convenience will depart from that convention.

  • Versions: 3
  • Dependent Packages: 1
  • Dependent Repositories: 8
Rankings
Forks count: 15.1%
Stargazers count: 19.4%
Average: 26.2%
Dependent packages count: 30.6%
Dependent repos count: 39.4%
Last synced: 7 months ago
alpine-v3.22: py3-pefile

Python PE parsing module

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.22: py3-pefile-pyc

Precompiled Python bytecode for py3-pefile

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.20: py3-pefile-pyc

Precompiled Python bytecode for py3-pefile

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.19: py3-pefile

Python PE parsing module

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.21: py3-pefile-pyc

Precompiled Python bytecode for py3-pefile

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.21: py3-pefile

Python PE parsing module

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.20: py3-pefile

Python PE parsing module

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago
alpine-v3.19: py3-pefile-pyc

Precompiled Python bytecode for py3-pefile

  • Versions: 1
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent repos count: 0.0%
Dependent packages count: 0.0%
Average: 100%
Maintainers (1)
fcolista@alpinelinux.org
Last synced: 7 months ago

Dependencies

setup.py pypi
  • future *
.github/workflows/tests.yaml actions
  • actions/checkout v3 composite
  • actions/checkout master composite
  • actions/download-artifact v3 composite
  • actions/setup-python v4 composite
  • actions/upload-artifact v3 composite
  • schneegans/dynamic-badges-action v1.6.0 composite
.github/workflows/codeql.yml actions
  • actions/checkout f43a0e5ff2bd294095638e18286ca9a3d1956744 composite
  • github/codeql-action/analyze e949a1676c32f4c215780f7429eb9f00ff18b225 composite
  • github/codeql-action/autobuild e949a1676c32f4c215780f7429eb9f00ff18b225 composite
  • github/codeql-action/init e949a1676c32f4c215780f7429eb9f00ff18b225 composite
  • step-security/harden-runner 63c24ba6bd7ba022e95695ff85de572c04a18142 composite
.github/workflows/dependency-review.yml actions
  • actions/checkout f43a0e5ff2bd294095638e18286ca9a3d1956744 composite
  • actions/dependency-review-action 0efb1d1d84fc9633afcdaad14c485cbbc90ef46c composite
  • step-security/harden-runner 63c24ba6bd7ba022e95695ff85de572c04a18142 composite
.github/workflows/scorecards.yml actions
  • actions/checkout f43a0e5ff2bd294095638e18286ca9a3d1956744 composite
  • actions/upload-artifact a8a3f3ad30e3422c9c7b888a15615d19a852ae32 composite
  • github/codeql-action/upload-sarif e949a1676c32f4c215780f7429eb9f00ff18b225 composite
  • ossf/scorecard-action 99c53751e09b9529366343771cc321ec74e9bd3d composite
  • step-security/harden-runner 63c24ba6bd7ba022e95695ff85de572c04a18142 composite