Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(23)

Unified Diff: plaso/parsers/pe.py

Issue 337030043: [plaso] Changes to make event data strings #1477 (Closed)
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « plaso/parsers/msiecf.py ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: plaso/parsers/pe.py
diff --git a/plaso/parsers/pe.py b/plaso/parsers/pe.py
index 3328cbba1339451ad54d1e6a24d7773beff8515b..8a9b0e90e666700134f3eaca38bfb2a38f5a6de1 100644
--- a/plaso/parsers/pe.py
+++ b/plaso/parsers/pe.py
@@ -85,8 +85,15 @@ class PEParser(interface.FileObjectParser):
if not hasattr(pefile_object, 'DIRECTORY_ENTRY_IMPORT'):
return import_timestamps
for importdata in pefile_object.DIRECTORY_ENTRY_IMPORT:
+ dll_name = getattr(importdata, 'dll', '')
+ try:
+ dll_name = dll_name.decode('ascii')
+ except UnicodeDecodeError:
+ dll_name = dll_name.decode('ascii', errors='replace')
+ if not dll_name:
+ dll_name = '<NO DLL NAME>'
+
timestamp = getattr(importdata.struct, 'TimeDateStamp', 0)
- dll_name = getattr(importdata, 'dll', '<NO DLL NAME>')
if timestamp:
import_timestamps.append([dll_name, timestamp])
return import_timestamps
@@ -132,14 +139,19 @@ class PEParser(interface.FileObjectParser):
pefile_object (pefile.PE): pefile object.
Returns:
- A list two-element lists, where the first element is the name of the DLL
- being imported, and the second is the timestamp of the entry.
+ tuple[str, int]: name of the DLL being imported and the second is
+ the timestamp of the entry.
"""
delay_import_timestamps = []
if not hasattr(pefile_object, 'DIRECTORY_ENTRY_DELAY_IMPORT'):
return delay_import_timestamps
for importdata in pefile_object.DIRECTORY_ENTRY_DELAY_IMPORT:
dll_name = importdata.dll
+ try:
+ dll_name = dll_name.decode('ascii')
+ except UnicodeDecodeError:
+ dll_name = dll_name.decode('ascii', errors='replace')
+
timestamp = getattr(importdata.struct, 'dwTimeStamp', 0)
delay_import_timestamps.append([dll_name, timestamp])
return delay_import_timestamps
« no previous file with comments | « plaso/parsers/msiecf.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b