From 7a801b8aa57bf8bf713da459b7aa95fd83e3f7b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaros=C5=82aw=20Jedynak?= Date: Wed, 11 Oct 2023 14:12:54 +0000 Subject: [PATCH] Make it possible to specify a base when rebuilding the PE (#107) --- malduck/main.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/malduck/main.py b/malduck/main.py index 61e4b8d..c60b2da 100644 --- a/malduck/main.py +++ b/malduck/main.py @@ -38,15 +38,22 @@ def main(log_level, verbose): @main.command("fixpe") @click.argument("mempath", type=click.Path(exists=True)) @click.argument("outpath", type=click.Path(), required=False) +@click.option( + "--base", + "-b", + default=None, + help="Set imagebase of the result", +) @click.option( "--force/--no-force", "-f", default=False, help="Try to fix dump even if it's correctly parsed as PE", ) -def fixpe(mempath, outpath, force): +def fixpe(mempath, outpath, force, base): """Fix dumped PE file into the correct form""" - with ProcessMemoryPE.from_file(mempath) as p: + base = 0 if base is None else int(base, 0) + with ProcessMemoryPE.from_file(mempath, base=base) as p: if not force and p.is_image_loaded_as_memdump(): click.echo( "Input file looks like correct PE file. Use -f if you want to fix it anyway."