Created
November 7, 2023 18:28
-
-
Save 0xEva/9158bb1ff87a284f7b52a1af8a7c3a0c to your computer and use it in GitHub Desktop.
Update PE Timestamp with OPTIONAL_HEADER.Checksum correction
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pefile | |
| import argparse | |
| from datetime import datetime | |
| import sys | |
| def UpdateTimestamp(filename, timestamp): | |
| pe = pefile.PE(filename) | |
| pe.FILE_HEADER.TimeDateStamp = timestamp | |
| pe.OPTIONAL_HEADER.CheckSum = pe.generate_checksum() | |
| pe.close() | |
| pe.write(filename) | |
| def ValidateTimstamp(timestamp): | |
| return datetime.fromtimestamp(timestamp) <= datetime.now() | |
| def main(): | |
| parser = argparse.ArgumentParser() | |
| parser.add_argument('-f', '--file', required=True, type=str, help='Name of the PE File') | |
| parser.add_argument('-t', '--timestamp', required=True, type=int, help='UNIX Timestamp') | |
| parser.add_argument('-F', '--force', action='store_true', help='Allows timestamp to be in the future') | |
| args = parser.parse_args() | |
| if not args.force and not ValidateTimstamp(args.timestamp): | |
| print("Timestamp is in the past!") | |
| sys.exit(1) | |
| UpdateTimestamp(args.file, args.timestamp) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment