gil dabah (arkon), the creator of the fastest stream disassembler around, which also happens to be open source, distorm, released dislib, a python pe parser. i’ve discussed it before briefly while covering distorm.

dislib (a python pe parser):

dislib is a an easy to use python module to parse pe executables. it will give you all necessary information such as:

* sections with their accompanying information
* imported functions and their addresses (iat)
* exported functions by name, ordinal and address
* supports imagebase relocation
* relocated entries by offsets and their original dword values.
* lets you apply the relocations
* uses exceptions and oo interface (thanks to shenberg!)

enjoy,

gadi evron,
ge@beyondsecurity.com.