Skip to content
/ Python-EXE-Analysis-Tool Public

Analyze Windows EXE files, extract key details, disassemble code, and integrate with Ollama API for advanced analysis.

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Fadouse/Python-EXE-Analysis-Tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
iat+more.py
iat+more.py
 
 
iat.py
iat.py
 
 

Repository files navigation

EXE Analysis Tool

This tool is designed to analyze Windows executable (EXE) files, extract important information such as the entry point, image base, and imported functions, and request a high-level analysis via the local Ollama API. It also disassembles executable functions and can handle multiple files simultaneously using multithreading.

Features

  • PE Header Analysis: Extracts key details such as the entry point and image base.
  • Import Address Table (IAT) Parsing: Lists imported DLLs and their respective functions.
  • Function Disassembly: Disassembles the code starting from the entry point or any requested function address.
  • Ollama API Integration: Sends the disassembled code for analysis using a locally hosted AI model.
  • Incremental Analysis: Requests additional assembly disassembly when needed, based on the AI's feedback.
  • Multithreading: Processes multiple EXE files in parallel for efficiency.
  • Customizable Analysis Prompts: Users can provide custom prompts during the analysis process.

Requirements

This project requires Python 3.x and the following libraries:

  • pefile
  • requests
  • capstone
  • argparse
  • concurrent.futures
  • logging

You can install the required libraries via pip:

pip install pefile requests capstone

Usage

To analyze one or more EXE files, run the following command:

python analyze_exe.py <path_to_exe_file1> <path_to_exe_file2> ...

If no files are provided, the program will prompt you to enter or drag and drop a file path.

Example

python analyze_exe.py C:\path\to\file.exe

Custom Prompts

During the analysis, the AI might request additional assembly disassembly. The tool will allow you to review the analysis and decide whether to proceed. If you choose to continue, you can provide custom prompts for further analysis.

Ollama API

The tool uses the Ollama API for generating analysis. Make sure you have Ollama running locally at http://localhost:11434.

If the tool cannot connect or encounters errors with the API, it will retry up to three times with a delay of 5 seconds between attempts.

Logging

All major events, including errors and retries, are logged. You can view the log messages to troubleshoot or follow the analysis process.

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

Analyze Windows EXE files, extract key details, disassemble code, and integrate with Ollama API for advanced analysis.

Topics

code-analysis reverse python-tool ollama-api exe-analysis

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages