PyPeLoader (version 1.0.0)
index
pypeloader.py

This package implements a basic PE loader in python to
load executables in memory.

 
Classes
       
builtins.object
ImportFunction

 
class ImportFunction(builtins.object)
    ImportFunction(name: Union[int, str], module_name: str, module: int, address: int, import_address: int, module_container: str, hook: Callable = None, count_call: int = 0) -> None
 
This dataclass store informations about a import function.
 
  Methods defined here:
__eq__(self, other)
Return self==value.
__init__(self, name: Union[int, str], module_name: str, module: int, address: int, import_address: int, module_container: str, hook: Callable = None, count_call: int = 0) -> None
Initialize self.  See help(type(self)) for accurate signature.
__repr__(self)
Return repr(self).

Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)
__weakref__
list of weak references to the object (if defined)

Data and other attributes defined here:
__annotations__ = {'address': <class 'int'>, 'count_call': <class 'int'>, 'hook': typing.Callable, 'import_address': <class 'int'>, 'module': <class 'int'>, 'module_container': <class 'str'>, 'module_name': <class 'str'>, 'name': typing.Union[int, str]}
__dataclass_fields__ = {'address': Field(name='address',type=<class 'int'>,default=...appingproxy({}),kw_only=False,_field_type=_FIELD), 'count_call': Field(name='count_call',type=<class 'int'>,defau...appingproxy({}),kw_only=False,_field_type=_FIELD), 'hook': Field(name='hook',type=typing.Callable,default=N...appingproxy({}),kw_only=False,_field_type=_FIELD), 'import_address': Field(name='import_address',type=<class 'int'>,d...appingproxy({}),kw_only=False,_field_type=_FIELD), 'module': Field(name='module',type=<class 'int'>,default=<...appingproxy({}),kw_only=False,_field_type=_FIELD), 'module_container': Field(name='module_container',type=<class 'str'>...appingproxy({}),kw_only=False,_field_type=_FIELD), 'module_name': Field(name='module_name',type=<class 'str'>,defa...appingproxy({}),kw_only=False,_field_type=_FIELD), 'name': Field(name='name',type=typing.Union[int, str],de...appingproxy({}),kw_only=False,_field_type=_FIELD)}
__dataclass_params__ = _DataclassParams(init=True,repr=True,eq=True,order=False,unsafe_hash=False,frozen=False)
__hash__ = None
__match_args__ = ('name', 'module_name', 'module', 'address', 'import_address', 'module_container', 'hook', 'count_call')
count_call = 0
hook = None

 
Functions
       
get_imports(pe_headers: PyPeLoader.PeHeaders, ImageBase: int, module_container: str) -> List[PyPeLoader.ImportFunction]
This function returns imports for a in memory module,
this function loads modules (DLL) when is not loaded to get
the module address and functions addresses required
in the ImportFunction.
get_peb() -> PyPeLoader.PEB
This function gets PEB from NtQueryInformationProcess.
load(file: _io._BufferedIOBase) -> None
This function does all steps to load and execute the PE program in memory.
load_headers(file: _io._BufferedIOBase) -> PyPeLoader.PeHeaders
This function returns all PE headers structure from file.
load_imports(functions: List[PyPeLoader.ImportFunction]) -> None
This function loads imports (DLL, libraries), finds the functions addresses
and write them in the IAT (Import Address Table).
load_in_memory(file: _io._BufferedIOBase, pe_headers: PyPeLoader.PeHeaders) -> int
This function loads the PE program in memory
using the file and all PE headers.
load_relocations(pe_headers: PyPeLoader.PeHeaders, ImageBase: int) -> None
This function overwrites the relocations with the difference between image
base in memory and image base in PE headers.
main() -> int
This is the main function to start the program from command line.
modify_executable_path_name(peb: PyPeLoader.PEB, module_name: str, fullpath: str) -> None
This function modify the executable module path and name.
modify_process_informations(peb: PyPeLoader.PEB, executable_path: str, command_line: str) -> None
This function modify the unicode strings
for command line and executable full path.
set_command_lines(command_line: str) -> None
This function modify ANSI and Unicode command lines in Win32 API.

 
Data
        __all__ = ['main', 'load', 'load_headers', 'load_in_memory', 'load_imports', 'get_imports', 'load_relocations', 'ImportFunction', 'get_peb', 'modify_process_informations', 'modify_executable_path_name', 'set_command_lines']
__author_email__ = 'mauricelambert434@gmail.com'
__copyright__ = '\nPyPeLoader Copyright (C) 2025 Maurice Lambert...ome to redistribute it\nunder certain conditions.\n'
__description__ = '\nThis package implements a basic PE loader in python to\nload executables in memory.\n'
__license__ = 'GPL-3.0 License'
__maintainer__ = 'Maurice Lambert'
__maintainer_email__ = 'mauricelambert434@gmail.com'
__url__ = 'https://github.com/mauricelambert/PyPeLoader'

 
Author
        Maurice Lambert