diff --git a/malduck/dnpe.py b/malduck/dnpe.py index 82c7a04..91dc721 100644 --- a/malduck/dnpe.py +++ b/malduck/dnpe.py @@ -62,7 +62,7 @@ def dn_user_string( return None try: - us_string = self.dn_user_strings.get_us(index, encoding=encoding) + us_string = self.dn_user_strings.get(index, encoding=encoding) except UnicodeDecodeError: return None diff --git a/malduck/procmem/procmemelf.py b/malduck/procmem/procmemelf.py index ad74814..0b80a7a 100644 --- a/malduck/procmem/procmemelf.py +++ b/malduck/procmem/procmemelf.py @@ -31,7 +31,7 @@ def __init__( image: bool = False, detect_image: bool = False, ) -> None: - self._elf = None + self._elf: Optional[elftools.elf.elffile.ELFFile] = None super().__init__( buf, base=base, regions=regions, image=image, detect_image=detect_image ) @@ -107,7 +107,7 @@ def is_image_loaded_as_memdump(self): @property def imgend(self) -> int: """Address where ELF image ends""" - lastSegment = self.elf.get_segment(self.elf.num_segment() - 1) + lastSegment = self.elf.get_segment(self.elf.num_segments() - 1) return lastSegment.header["p_vaddr"] + lastSegment.header["p_memsz"] diff --git a/requirements.txt b/requirements.txt index b3b9436..686288f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,4 +6,4 @@ capstone>=4.0.1 yara-python typing-extensions>=3.7.4.2 cryptography>=3.1 -dnfile>=0.11.0 +dnfile>=0.15.0 diff --git a/tests/test_procmem.py b/tests/test_procmem.py index 699a4e0..28d407b 100644 --- a/tests/test_procmem.py +++ b/tests/test_procmem.py @@ -271,4 +271,4 @@ def test_procmemdnpe(): assert p.pe is not None assert p.pe.dn_metadata.struct.Version == b'v4.0.30319\x00\x00' assert p.pe.dn_metadata.struct.NumberOfStreams == len(p.pe.dn_metadata.streams) - + assert p.pe.dn_user_string(1).value == "Hello World!" diff --git a/tests/test_procmemelf.py b/tests/test_procmemelf.py index c64a275..e3af9db 100644 --- a/tests/test_procmemelf.py +++ b/tests/test_procmemelf.py @@ -17,6 +17,7 @@ def test_hello_static(): assert pelf.elf.elfclass == 64 assert pelf.elf.get_machine_arch() == 'x64' assert pelf.elf.little_endian + assert pelf.imgend == 7159808 def test_hello_32(): @@ -26,6 +27,7 @@ def test_hello_32(): assert pelf.elf.elfclass == 32 assert pelf.elf.get_machine_arch() == 'x86' assert pelf.elf.little_endian + assert pelf.imgend == 8192 def test_hello_32_static(): @@ -35,6 +37,7 @@ def test_hello_32_static(): assert pelf.elf.elfclass == 32 assert pelf.elf.get_machine_arch() == 'x86' assert pelf.elf.little_endian + assert pelf.imgend == 135200768 def test_hidden_32_static(): @@ -48,3 +51,4 @@ def test_hidden_32_static(): b"\x00\xcd\x80\x5a\x59\x5b\x58\x68\x73\x87\x04\x08\xc3\x28\x68\x69\x64\x64\x65\x6e\x20\x63\x6f"\ b"\x64\x65\x21\x29\x0a" assert pelf.readv(0x80ed200, len(hidden_code)) == hidden_code + assert pelf.imgend == 135200768