New: Exe Extractor

BenediktHeinrichs · Nov 21, 2023 · 45a8e9d · 45a8e9d
1 parent 563cb29
commit 45a8e9d
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 2 deletions.
diff --git a/MetadataExtractor/Extractors/Data/ExeExtract.py b/MetadataExtractor/Extractors/Data/ExeExtract.py
@@ -0,0 +1,55 @@
+from .IDataExtract import IDataExtract
+import pefile
+from MetadataExtractor.Util import metadataCreation, metadataFormatter
+import logging
+
+log = logging.getLogger(__name__)
+
+class ExeExtract(IDataExtract):
+    def registerMimeTypes(self):
+        self.mimeTypes["concrete"] = "application/x-msdownload"
+
+    def extract(self, fileInfo):
+        log.info('Extracting metadata from exe file: ' + fileInfo["file"])
+        pe = pefile.PE(fileInfo["file"])
+
+        # Initialize metadata list
+        values = []
+
+        # Add DOS Header metadata
+        values.append({"predicate": "exe:e_magic", "object": hex(pe.DOS_HEADER.e_magic)})
+        values.append({"predicate": "exe:e_cblp", "object": pe.DOS_HEADER.e_cblp})
+
+        # Add File Header metadata
+        values.append({"predicate": "exe:machine", "object": hex(pe.FILE_HEADER.Machine)})
+        values.append({"predicate": "exe:numberOfSections", "object": pe.FILE_HEADER.NumberOfSections})
+
+        # Add Optional Header metadata
+        values.append({"predicate": "exe:addressOfEntryPoint", "object": hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint)})
+        values.append({"predicate": "exe:imageBase", "object": hex(pe.OPTIONAL_HEADER.ImageBase)})
+
+        # Add Sections metadata
+        for section in pe.sections:
+            section_values = [
+                {"predicate": "exe:sectionName", "object": section.Name.decode().strip()},
+                {"predicate": "exe:virtualSize", "object": section.Misc_VirtualSize},
+                {"predicate": "exe:virtualAddress", "object": section.VirtualAddress}
+            ]
+            values.extend(section_values)
+
+        # Additional metadata can be added here
+
+        # Create graph options
+        graphOptions = {
+            "additionalPrefixes": ["@prefix exe: <{}ontologies/exe#>".format(
+                metadataFormatter.getBaseUrl(self._IExtract__config)
+            )],
+            "identifier": fileInfo["identifier"],
+            "ontology": "exe",
+            "values": values
+        }
+
+        # Add metadata to graph
+        metadata = metadataCreation.addEntryToFileGraph(fileInfo, self._IExtract__config, graphOptions)
+
+        return "", metadata
diff --git a/MetadataExtractor/__init__.py b/MetadataExtractor/__init__.py
@@ -1,6 +1,8 @@
 import logging
 from logging import NullHandler
 
+from ._version import __version__
+
 # This is a namespace package, don't put any functional code in here besides the
 # declare_namespace call, or it will disappear on install. See:
 # https://setuptools.readthedocs.io/en/latest/setuptools.html#namespace-packages

diff --git a/MetadataExtractor/_version.py b/MetadataExtractor/_version.py
@@ -1 +1 @@
-__version__ = "0.4.2"
+__version__ = "0.4.3"
diff --git a/defaultConfigs.py b/defaultConfigs.py
@@ -70,7 +70,11 @@ def getDefaultConfig():
                 # "SummaryExtract",
             ],
             "Triples": [],
-            "Data": ["FcsExtract", "Hdf5Extract"],
+            "Data": [
+                "ExeExtract",
+                "FcsExtract",
+                "Hdf5Extract"
+            ],
             "Image": [
                 "DescriptiveImageExtract",
                 "ObjectExtract",

diff --git a/requirements.txt b/requirements.txt
@@ -52,3 +52,4 @@ pandas==1.5.1
 flowkit==1.0.0
 openai-whisper
 soundfile
+pefile==2023.2.7