PyPeLoader (version 0.1.0)		index
pypeloader.py

This package implements a basic PE loader in python to
load executables in memory.

 
Classes
       
builtins.object
ImportFunction

 
class ImportFunction(builtins.object)
    ImportFunction(name: Union[int, str], module_name: str, module: int, address: int, import_address: int, hook: Callable = None) -> None
 
This dataclass store informations about a import function.
 
  Methods defined here:
__eq__(self, other)
Return self==value.
__init__(self, name: Union[int, str], module_name: str, module: int, address: int, import_address: int, hook: Callable = None) -> None
Initialize self.  See help(type(self)) for accurate signature.
__repr__(self)
Return repr(self).
Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)
__weakref__
list of weak references to the object (if defined)
Data and other attributes defined here:
__annotations__ = {'address': <class 'int'>, 'hook': typing.Callable, 'import_address': <class 'int'>, 'module': <class 'int'>, 'module_name': <class 'str'>, 'name': typing.Union[int, str]}
__dataclass_fields__ = {'address': Field(name='address',type=<class 'int'>,default=...appingproxy({}),kw_only=False,_field_type=_FIELD), 'hook': Field(name='hook',type=typing.Callable,default=N...appingproxy({}),kw_only=False,_field_type=_FIELD), 'import_address': Field(name='import_address',type=<class 'int'>,d...appingproxy({}),kw_only=False,_field_type=_FIELD), 'module': Field(name='module',type=<class 'int'>,default=<...appingproxy({}),kw_only=False,_field_type=_FIELD), 'module_name': Field(name='module_name',type=<class 'str'>,defa...appingproxy({}),kw_only=False,_field_type=_FIELD), 'name': Field(name='name',type=typing.Union[int, str],de...appingproxy({}),kw_only=False,_field_type=_FIELD)}
__dataclass_params__ = _DataclassParams(init=True,repr=True,eq=True,order=False,unsafe_hash=False,frozen=False)
__hash__ = None
__match_args__ = ('name', 'module_name', 'module', 'address', 'import_address', 'hook')
hook = None

 
Functions
       
load(file: _io._BufferedIOBase) -> None
This function does all steps to load and execute the PE program in memory.
load_headers(file: _io._BufferedIOBase) -> PyPeLoader.PeHeaders
This function returns all PE headers structure from file.
load_imports(pe_headers: PyPeLoader.PeHeaders, ImageBase: int) -> List[PyPeLoader.ImportFunction]
This function loads imports (DLL, libraries), finds the functions addresses
and write them in the IAT (Import Address Table).
load_in_memory(file: _io._BufferedIOBase, pe_headers: PyPeLoader.PeHeaders) -> int
This function loads the PE program in memory
using the file and all PE headers.
load_relocations(pe_headers: PyPeLoader.PeHeaders, ImageBase: int) -> None
This function overwrites the relocations with the difference between image
base in memory and image base in PE headers.
main() -> int
This is the main function to start the program from command line.

 
Data
        __all__ = ['main', 'load', 'load_headers', 'load_in_memory', 'load_imports', 'load_relocations', 'ImportFunction']
__author_email__ = 'mauricelambert434@gmail.com'
__copyright__ = '\nPyPeLoader Copyright (C) 2025 Maurice Lambert...ome to redistribute it\nunder certain conditions.\n'
__description__ = '\nThis package implements a basic PE loader in python to\nload executables in memory.\n'
__license__ = 'GPL-3.0 License'
__maintainer__ = 'Maurice Lambert'
__maintainer_email__ = 'mauricelambert434@gmail.com'
__url__ = 'https://github.com/mauricelambert/PyPeLoader'

 
Author
        Maurice Lambert