{"id":25442066,"url":"https://github.com/fadouse/python-exe-analysis-tool","last_synced_at":"2026-02-03T06:05:04.385Z","repository":{"id":259387750,"uuid":"877739763","full_name":"Fadouse/Python-EXE-Analysis-Tool","owner":"Fadouse","description":"Analyze Windows EXE files, extract key details, disassemble code, and integrate with Ollama API for advanced analysis.","archived":false,"fork":false,"pushed_at":"2024-10-24T06:55:14.000Z","size":14,"stargazers_count":2,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-03T06:04:57.448Z","etag":null,"topics":["code-analysis","exe-analysis","ollama-api","python-tool","reverse"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Fadouse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-24T06:53:24.000Z","updated_at":"2024-12-10T19:34:33.000Z","dependencies_parsed_at":"2024-10-25T02:28:46.907Z","dependency_job_id":"97aeb177-dcd8-4f8e-88c6-262d03b57563","html_url":"https://github.com/Fadouse/Python-EXE-Analysis-Tool","commit_stats":null,"previous_names":["fadouse/python-exe-analysis-tool"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Fadouse/Python-EXE-Analysis-Tool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fadouse%2FPython-EXE-Analysis-Tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fadouse%2FPython-EXE-Analysis-Tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fadouse%2FPython-EXE-Analysis-Tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fadouse%2FPython-EXE-Analysis-Tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Fadouse","download_url":"https://codeload.github.com/Fadouse/Python-EXE-Analysis-Tool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fadouse%2FPython-EXE-Analysis-Tool/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29035378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T02:28:16.591Z","status":"ssl_error","status_checked_at":"2026-02-03T02:27:48.904Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-analysis","exe-analysis","ollama-api","python-tool","reverse"],"created_at":"2025-02-17T13:16:42.514Z","updated_at":"2026-02-03T06:05:04.370Z","avatar_url":"https://github.com/Fadouse.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# EXE Analysis Tool\n\nThis tool is designed to analyze Windows executable (EXE) files, extract important information such as the entry point, image base, and imported functions, and request a high-level analysis via the local Ollama API. It also disassembles executable functions and can handle multiple files simultaneously using multithreading.\n\n## Features\n\n- **PE Header Analysis:** Extracts key details such as the entry point and image base.\n- **Import Address Table (IAT) Parsing:** Lists imported DLLs and their respective functions.\n- **Function Disassembly:** Disassembles the code starting from the entry point or any requested function address.\n- **Ollama API Integration:** Sends the disassembled code for analysis using a locally hosted AI model.\n- **Incremental Analysis:** Requests additional assembly disassembly when needed, based on the AI's feedback.\n- **Multithreading:** Processes multiple EXE files in parallel for efficiency.\n- **Customizable Analysis Prompts:** Users can provide custom prompts during the analysis process.\n\n## Requirements\n\nThis project requires Python 3.x and the following libraries:\n\n- `pefile`\n- `requests`\n- `capstone`\n- `argparse`\n- `concurrent.futures`\n- `logging`\n\nYou can install the required libraries via pip:\n\n```bash\npip install pefile requests capstone\n```\n\n## Usage\n\nTo analyze one or more EXE files, run the following command:\n\n```bash\npython analyze_exe.py \u003cpath_to_exe_file1\u003e \u003cpath_to_exe_file2\u003e ...\n```\n\nIf no files are provided, the program will prompt you to enter or drag and drop a file path.\n\n### Example\n\n```bash\npython analyze_exe.py C:\\path\\to\\file.exe\n```\n\n## Custom Prompts\n\nDuring the analysis, the AI might request additional assembly disassembly. The tool will allow you to review the analysis and decide whether to proceed. If you choose to continue, you can provide custom prompts for further analysis.\n\n## Ollama API\n\nThe tool uses the Ollama API for generating analysis. Make sure you have Ollama running locally at `http://localhost:11434`.\n\nIf the tool cannot connect or encounters errors with the API, it will retry up to three times with a delay of 5 seconds between attempts.\n\n## Logging\n\nAll major events, including errors and retries, are logged. You can view the log messages to troubleshoot or follow the analysis process.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffadouse%2Fpython-exe-analysis-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffadouse%2Fpython-exe-analysis-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffadouse%2Fpython-exe-analysis-tool/lists"}