rewrite to python 3 (not perfectly but it works)

thatskriptkid · thatskriptkid · commit f71b288c7e7a · 2021-05-19T15:37:40.000+06:00
diff --git a/getnetguids.py b/getnetguids.py
@@ -6,7 +6,7 @@
 import csv
 import hashlib
 
-guid_regex = re.compile("[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}")
+guid_regex = re.compile(b"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}")
 
 
 def format_guid_from_hex(hex_string):
@@ -19,7 +19,7 @@ def format_guid_from_hex(hex_string):
 def read_blob(blob):
     if len(blob) == 0:
         return ""
-    first_byte = ord(blob[0])
+    first_byte = blob[0]
     if first_byte & 0x80 == 0:
         # easy one
         raw_string = blob[1:][:first_byte]
@@ -43,7 +43,7 @@ def get_assembly_guids(assembly_path):
             txt_start = None
             txt_end = None
             for section in pe.sections:
-                if section.Name.startswith(".text\x00"):
+                if section.Name.startswith(b".text\x00"):
                     txt_start = section.PointerToRawData
                     txt_end = txt_start + section.SizeOfRawData
         except pefile.PEFormatError:
@@ -71,18 +71,18 @@ def get_assembly_guids(assembly_path):
         else:
             offsets_to_test = [mdo - txt_start]
 
-        offsets_to_test.extend([l.start() for l in re.finditer("\x42\x53\x4a\x42", text_section)][::-1])
+        offsets_to_test.extend([l.start() for l in re.finditer(b"\x42\x53\x4a\x42", text_section)][::-1])
 
         del file_data
 
         for i_offset in offsets_to_test:
             i = text_section[i_offset:]
             try:
-                if "\x42\x53\x4a\x42" not in i:
+                if b"\x42\x53\x4a\x42" not in i:
                     continue
-                if not i.startswith("\x42\x53\x4a\x42"):
+                if not i.startswith(b"\x42\x53\x4a\x42"):
                     continue
-                meta_data_offset = i.find("\x42\x53\x4a\x42")
+                meta_data_offset = i.find(b"\x42\x53\x4a\x42")
                 clr_version_length = struct.unpack("<I", i[meta_data_offset + 12:meta_data_offset + 16])[0]
                 try:
                     stream_count = struct.unpack("<H", i[meta_data_offset + clr_version_length +
@@ -91,26 +91,26 @@ def get_assembly_guids(assembly_path):
                     continue
                 current_offset = meta_data_offset + clr_version_length + 20
                 heaps = {}
-                for c in xrange(stream_count):
+                for c in range(stream_count):
                     offset = struct.unpack("<I", i[current_offset:current_offset + 4])[0]
                     size = struct.unpack("<I", i[current_offset + 4:current_offset + 8])[0]
                     current_offset += 8
-                    name = ""
-                    while "\x00" not in name:
+                    name = b""
+                    while b"\x00" not in name:
                         name += i[current_offset:current_offset + 4]
                         current_offset += 4
-                    name = name.strip("\x00")
+                    name = name.strip(b"\x00")
                     # print "{0} at {1}, {2} bytes".format(name, offset, size)
                     heaps[name] = i[meta_data_offset + offset:meta_data_offset + offset + size]
                     # if len(heaps[name]) != size:
                     #    raise
 
                 try:
-                    extracted_mvid = format_guid_from_hex(heaps["#GUID"][:16].encode("hex"))
-                except KeyError:
+                    extracted_mvid = format_guid_from_hex(heaps[b"#GUID"][:16])
+                except:
                     return {}
 
-                tilde = heaps["#~"]
+                tilde = heaps[b"#~"]
 
                 if tilde is not None:
                     # print "Reserved: {0}".format([tilde[0:4]])
@@ -133,7 +133,7 @@ def get_assembly_guids(assembly_path):
 
                     row_counts = [0] * 64
                     t_offset = 24
-                    for index in xrange(len(tables_present)):
+                    for index in range(len(tables_present)):
                         if index < len(tables_present) and tables_present[index]:
                             row_counts[index] = struct.unpack("<I", tilde[t_offset:t_offset + 4])[0]
                             t_offset += 4
@@ -189,10 +189,10 @@ def get_assembly_guids(assembly_path):
                         # Don't care about the rest
                     ]
 
-                    for index in xrange(0x0c):
+                    for index in range(0x0c):
                         t_offset += row_type_widths[index] * row_counts[index]
 
-                    for index in xrange(row_counts[0x0c]):
+                    for index in range(row_counts[0x0c]):
                         # In the most strict interpretation, a typelib id is expressed as a
                         # GuidAttribute on the current assembly.
                         # To check that it's actually a GuidAttribute we'd have to support parsing
@@ -230,7 +230,7 @@ def get_assembly_guids(assembly_path):
                                 blob_index = struct.unpack("<I", tilde[row_offset:row_offset + 4])[0]
                                 row_offset += 4
 
-                            data_value = read_blob(heaps["#Blob"][blob_index:])
+                            data_value = read_blob(heaps[b"#Blob"][blob_index:])
                             if guid_regex.match(data_value):
                                 return {"mvid": extracted_mvid.lower(), "typelib_id": data_value.lower(), "compiled": compiled}
                         t_offset += row_type_widths[0x0c]
@@ -253,8 +253,7 @@ def get_assembly_guids(assembly_path):
 
     parser = ArgumentParser(
         prog=__file__,
-        description="Extracts Typelib IDs and MVIDs from .NET assemblies.",
-        version="%(prog)s v" + version + " by Brian Wallace (@botnet_hunter)",
+        description="Extracts Typelib IDs and MVIDs from .NET assemblies.\n%(prog)s v" + version + " by Brian Wallace (@botnet_hunter)",
         epilog="%(prog)s v" + version + " by Brian Wallace (@botnet_hunter)"
     )
     parser.add_argument('path', metavar='path', type=str, nargs='*', default=[],
@@ -267,9 +266,8 @@ def get_assembly_guids(assembly_path):
     args = parser.parse_args()
 
     if args.path is None or len(args.path) == 0:
-        if not args.stdin:
-            parser.print_help()
-            exit()
+        parser.print_help()
+        exit()
 
     from os.path import isfile, isdir, join, abspath
     from glob import iglob
@@ -295,7 +293,7 @@ def get_compiletime(pe):
         writer=csv.writer(theCSV)
         writer.writerow(('TYPELIB', 'MVID', 'HASH', 'COMPILED', 'PATH'))
     else:
-        print "{0}\t\t\t\t\t{1}\t\t\t\t\t{2}\t\t\t\t\t{3}\t\t{4}".format('TYPELIB', 'MVID', 'HASH', 'COMPILED', 'PATH')
+        print("{0}\t\t\t\t\t{1}\t\t\t\t\t{2}\t\t\t\t\t{3}\t\t{4}".format('TYPELIB', 'MVID', 'HASH', 'COMPILED', 'PATH'))
     
     for file_path, result in scan_paths(args.path, args.recursive):
         if result is None:
@@ -320,7 +318,7 @@ def get_compiletime(pe):
         if args.csv:
             writer.writerow((typelib_id, mvid, s, compiled, file_path))
         else:
-            print "{0}\t{1}\t{2}\t{3}\t{4}".format(typelib_id, mvid, s, compiled, file_path)
+            print("{0}\t{1}\t{2}\t{3}\t{4}".format(typelib_id, mvid, s, compiled, file_path))
             
     if args.csv:        
         theCSV.close()
