This is intended to be a fast, minimalistic, IDE-friendly library for Portable Executable file parsing.

Also, it contains AnnotatedStructure and AnnotatedUnion base classes which allow to declare ctypes structures in the dataclass style.

For example, you can write:

class POINT(AnnotatedStructure):
    x: c_int
    y: c_int

instead of

class POINT(Structure):
    _fields_ = [("x", c_int),
                ("y", c_int)]

More examples of AnnotatedStructure usage see here: examples/annotated_structure.py

Derived from the dfrus project.

• As is peclasses is IDE-friendly, i.e. an IDE will show you hints about fields of structures;
• it is pythonic, i.e. names of structures and their fields comply to PEP8 rules;
• ease to add new structures.

• Comparing to pefile, peclasses is in the early stages of development and may lack some features;
• pythonic name style may confuse some library users;
• it's not tested against a variety of real life species of portable executable, and may not be suitable for e.g. malware analysis (at least without some improvements);
• type annotations with types from ctypes can be somewhat misleading: e.g. a structure field can be annotated as c_uint, ctypes will return its value as plain int, but typing tools (such as mypy) will complain that you cannot treat this value as int (because it's annotated as c_uint), so you may need to use cast function from typing.