Fixes for issue #322, #321, and #318

* Fixed is_driver(), I was comparing bytes to decoded strings. * Add test for is_driver() check * Fixed some types in warning messages * Made Python >=3.6 a requirement
erocarrera · May 24, 2021 · de77a93 · de77a93
1 parent 9dea8ee
commit de77a93
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/pefile.py b/pefile.py
@@ -3967,7 +3967,7 @@ def parse_delay_import_directory(self, rva, size):
 
             if error_count > 5:
                 self.__warnings.append(
-                    'Too may errors parsing the Delay import directory. '
+                    'Too many errors parsing the Delay import directory. '
                     'Invalid import data at RVA: 0x{0:x}'.format(rva) )
                 break
 
@@ -4084,7 +4084,7 @@ def parse_import_directory(self, rva, size, dllnames_only=False):
 
                 if error_count > 5:
                     self.__warnings.append(
-                        'Too may errors parsing the import directory. '
+                        'Too many errors parsing the import directory. '
                         'Invalid import data at RVA: 0x{0:x}'.format(rva) )
                     break
 
@@ -5743,11 +5743,11 @@ def is_driver(self):
         system_DLLs = set((b'ntoskrnl.exe', b'hal.dll', b'ndis.sys',
                            b'bootvid.dll', b'kdcom.dll'))
         if system_DLLs.intersection(
-                [imp.dll.decode('utf-8', 'ignore').lower() for imp in self.DIRECTORY_ENTRY_IMPORT]):
+                [imp.dll.lower() for imp in self.DIRECTORY_ENTRY_IMPORT]):
             return True
 
         driver_like_section_names = set(
-            ('page', 'paged'))
+            (b'page', b'paged'))
         if driver_like_section_names.intersection(
                 [section.Name.lower().rstrip(b'\x00') for section in self.sections]) and (
             self.OPTIONAL_HEADER.Subsystem in (

diff --git a/setup.py b/setup.py
@@ -86,6 +86,7 @@ def run(self):
     long_description = "\n".join(_read_doc().split('\n')),
     cmdclass={"test": TestCommand},
     py_modules = ['pefile', 'peutils'],
+    python_requires=">=3.6.0",
     packages = ['ordlookup'],
     install_requires=[
           'future',

diff --git a/tests/pefile_test.py b/tests/pefile_test.py
@@ -477,6 +477,12 @@ def test_driver_check(self):
         # Ensure the rebased image is the same as the pre-generated one.
         self.assertEqual(pe_fast.is_driver(), pe_full.is_driver())
 
+        control_file_pe = os.path.join(
+            REGRESSION_TESTS_DIR, 'issue_322_plaso_test_driver.sys')
+
+        pe = pefile.PE(control_file_pe, fast_load=False)
+        self.assertEqual(pe.is_driver(), True)
+
 
     def test_rebased_image(self):
         """Test correctness of rebased images"""