how can I used the “pefile.py” to get file(.exe) version

Question

I want to used python to get the executed file version, and i know the pefile.py

how to used it to do this?

notes: the executed file may be not completely.

Answer 1

This is the best answer I think you can find:

import pefile
pe = pefile.PE("/path/to/something.exe")

print hex(pe.VS_VERSIONINFO.Length)
print hex(pe.VS_VERSIONINFO.Type)
print hex(pe.VS_VERSIONINFO.ValueLength)
print hex(pe.VS_FIXEDFILEINFO.Signature)
print hex(pe.VS_FIXEDFILEINFO.FileFlags)
print hex(pe.VS_FIXEDFILEINFO.FileOS)
for fileinfo in pe.FileInfo:
  if fileinfo.Key == 'StringFileInfo':
    for st in fileinfo.StringTable:
      for entry in st.entries.items():
        print '%s: %s' % (entry[0], entry[1])    
  if fileinfo.Key == 'VarFileInfo':
    for var in fileinfo.Var:
      print '%s: %s' % var.entry.items()[0]

From Ero Carrera's (the author of pefile.py) own blog

Answer 2

I'm not sure that I understand your problem correctly, but if it's something along the lines of using pefile to retrieve the version of a provided executable, then perhaps (taken from [the tutorial][1])

import pefile
pe = pefile.PE("/path/to/pefile.exe")
print pe.dump_info()

will provide you with the version information. I have no idea how sensible pefile is when parsing incomplete files, but conjecturing that the version information is somewhere in the header and that pefile uses a generator to read the file, then it should be possible to read the information if the header is parseable.