Added tool peid-db for inspecting signatures

packing-box · Jan 21, 2024 · f0fc572 · f0fc572
1 parent 1ccc528
commit f0fc572
Show file tree

Hide file tree

Showing 9 changed files with 93 additions and 66 deletions.
diff --git a/README.md b/README.md
@@ -32,10 +32,16 @@ $ peid program.exe
 $ peid program.exe --db custom_sigs_db.txt
 ```
 
-The second tool allows to create and integrate new signatures.
+The second tool allows to inspect signatures.
 
 ```sh
-$ peidsig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmith
+$ peid-db --db path/to/userdb.txt --filter UPX
+```
+
+The third tool allows to create and integrate new signatures.
+
+```sh
+$ peid-sig *.exe --db path/to/userdb.txt --packer UPX --version v3.97 --author jsmith
 ```
 
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -50,4 +50,5 @@ repository = "https://github.com/packing-box/peid"
 
 [project.scripts]
 peid = "peid.__main__:main"
+peid-db = "peid.__main__:peiddb"
 peid-sig = "peid.__main__:peidsig"
diff --git a/src/peid/VERSION.txt b/src/peid/VERSION.txt
@@ -1 +1 @@
-2.0.1
+2.1.0
diff --git a/src/peid/__init__.py b/src/peid/__init__.py
@@ -60,7 +60,7 @@ def identify_packer(*paths, db=None, ep_only=True, sec_start_only=False, match_a
     :param ep_only: consider only entry point signatures
     :return:        return the matching packers
     """
-    db, results = SignaturesTree(db), []
+    db, results = SignaturesTree(db, logger=logger), []
     for path in paths:
         results.append((path, db.match(path, ep_only, sec_start_only, match_all)))
     return results

diff --git a/src/peid/__main__.py b/src/peid/__main__.py
@@ -7,6 +7,23 @@
 
 from .__info__ import __author__, __copyright__, __email__, __license__, __source__, __version__
 from .__init__ import *
+from .db import DB
+
+
+def _parser(name, description, examples):
+    descr = f"{name} {__version__}\n\nAuthor   : {__author__} ({__email__})\nCopyright: {__copyright__}\nLicense  :" \
+            f" {__license__}\nSource   : {__source__}\n\n{description}.\n\n"
+    examples = "usage examples:\n- " + "\n- ".join(examples)
+    return ArgumentParser(description=descr, epilog=examples, formatter_class=RawTextHelpFormatter, add_help=False)
+
+
+def _setup(parser):
+    args = parser.parse_args()
+    if hasattr(args, "verbose"):
+        logging.basicConfig()
+        args.logger = logging.getLogger("peid")
+        args.logger.setLevel([logging.INFO, logging.DEBUG][args.verbose])
+    return args
 
 
 def valid_file(path):
@@ -24,16 +41,9 @@ def valid_percentage(percentage):
 
 def main():
     """ Tool's main function """
-    descr = "PEiD {}\n\nAuthor   : {} ({})\nCopyright: {}\nLicense  : {}\nSource   : {}\n" \
-            "\nThis tool is an implementation in Python of the Packed Executable iDentifier (PEiD) in the scope of " \
-            "packing detection for Windows PE files based on signatures.\n\n"
-    descr = descr.format(__version__, __author__, __email__, __copyright__, __license__, __source__)
-    examples = "usage examples:\n- " + "\n- ".join([
-        "peid program.exe",
-        "peid program.exe -b",
-        "peid program.exe --db custom_sigs_db.txt",
-    ])
-    parser = ArgumentParser(description=descr, epilog=examples, formatter_class=RawTextHelpFormatter, add_help=False)
+    parser = _parser("PEiD", "This tool is an implementation in Python of the Packed Executable iDentifier (PEiD) in "
+                     "the scope of packing detection for Windows PE files based on signatures",
+                     ["peid program.exe", "peid program.exe -b", "peid program.exe --db custom_sigs_db.txt"])
     parser.add_argument("path", type=valid_file, nargs="+", help="path to portable executable")
     opt = parser.add_argument_group("optional arguments")
     opt.add_argument("-a", "--author", action="store_true", help="include author in the result")
@@ -51,17 +61,14 @@ def main():
                        help="enable benchmarking, output in seconds (default: False)")
     extra.add_argument("-h", "--help", action="help", help="show this help message and exit")
     extra.add_argument("--verbose", action="store_true", help="display debug information (default: False)")
-    args = parser.parse_args()
-    logging.basicConfig()
-    args.logger = logging.getLogger("peid")
-    args.logger.setLevel([logging.INFO, logging.DEBUG][args.verbose])
-    code = 0
+    args = _setup(parser)
     # execute the tool
     if args.benchmark:
         t1 = perf_counter()
     results = identify_packer(*args.path, db=args.db, ep_only=args.ep_only, sec_start_only=args.sec_start_only,
                               match_all=not args.match_once, logger=args.logger)
     for pe, r in results:
+        r = r or []
         if not args.author:
             r = list(map(lambda x: re.sub(r"\s*\-(\-?\>|\s*by)\s*(.*)$", "", x), r))
         if not args.version:
@@ -84,17 +91,30 @@ def main():
     return 0
 
 
+def peiddb():
+    """ Additional tool for inspecting a database of signatures """
+    parser = _parser("PEiD-DB", "This tool aims to inspect the database of signatures of the Packed Executable "
+                     "iDentifier (PEiD)", ["peid-db --filter UPX", "peid-db --db custom-userdb.txt --filter '(?i)upx'"])
+    opt = parser.add_argument_group("optional arguments")
+    opt.add_argument("-d", "--db", default=DB, type=valid_file,
+                     help="path to the custom database of signatures (default: None ; use the embedded DB)")
+    opt.add_argument("-f", "--filter", help="pattern for filtering signatures (default: None ; display all)")
+    extra = parser.add_argument_group("extra arguments")
+    extra.add_argument("-h", "--help", action="help", help="show this help message and exit")
+    args = _setup(parser)
+    db = SignaturesDB(args.db)
+    c = 0
+    for sig in db.filter(args.filter):
+        print(sig, end="")
+        c += 1
+    print(f"{c} signatures filtered")
+
+
 def peidsig():
     """ Additional tool for creating signatures """
-    descr = "PEiD-Sig 1.0\n\nAuthor   : {} ({})\nCopyright: {}\nLicense  : {}\nSource   : {}\n" \
-            "\nThis tool aims to create signatures for the Packed Executable iDentifier (PEiD).\n\n"
-    descr = descr.format(__author__, __email__, __copyright__, __license__, __source__)
-    examples = "usage examples:\n- " + "\n- ".join([
-        "peid-sig *.exe",
-        "peid-sig *.exe --db path/to/userdb.txt --packer PE-Packer",
-        "peid-sig prg1.exe prg2.exe prg3.exe --packer PE-Packer --version v1.0 --author dhondta",
-    ])
-    parser = ArgumentParser(description=descr, epilog=examples, formatter_class=RawTextHelpFormatter, add_help=False)
+    parser = _parser("PEiD-Sig", "This tool aims to create signatures for the Packed Executable iDentifier (PEiD)",
+                     ["peid-sig *.exe", "peid-sig *.exe --db path/to/userdb.txt --packer PE-Packer",
+                      "peid-sig prg1.exe prg2.exe prg3.exe --packer PE-Packer --version v1.0 --author dhondta"])
     parser.add_argument("path", type=valid_file, nargs="+", help="path to packed portable executables")
     sig = parser.add_argument_group("signature arguments")
     sig.add_argument("-m", "--min-length", type=int, default=16, help="minimum length of bytes to be considered for the"
@@ -113,10 +133,7 @@ def peidsig():
     extra = parser.add_argument_group("extra arguments")
     extra.add_argument("-h", "--help", action="help", help="show this help message and exit")
     extra.add_argument("--verbose", action="store_true", help="display debug information (default: False)")
-    args = parser.parse_args()
-    logging.basicConfig()
-    args.logger = logging.getLogger("peid")
-    args.logger.setLevel([logging.INFO, logging.DEBUG][args.verbose])
+    args = _setup(parser)
     try:
         s = find_ep_only_signature(*args.path, minlength=args.min_length, maxlength=args.max_length,
                                    common_bytes_threshold=args.bytes_threshold, logger=args.logger)

diff --git a/src/peid/db/.userdb_txt.json b/src/peid/db/.userdb_txt.json
diff --git a/src/peid/db/__init__.py b/src/peid/db/__init__.py
@@ -1,6 +1,6 @@
 # -*- coding: UTF-8 -*-
 import re
-from os.path import abspath, basename, dirname, exists, join
+from os.path import abspath, basename, dirname, exists, expanduser, join
 
 from ..pe import PE
 
@@ -16,9 +16,9 @@
 
 class SignaturesTree:
     """ Lightweight class for loading signatures search tree and matching signatures. """
-    def __init__(self, path=None, encoding="latin-1", cache=True, keep_trailing_wildcards=False):
-        self.encoding, self.keep_trailing_wildcards = encoding, keep_trailing_wildcards
-        self.path = path = abspath(path or DB)
+    def __init__(self, path=None, encoding="latin-1", cache=True, keep_trailing_wildcards=False, logger=None):
+        self.encoding, self.keep_trailing_wildcards, self.logger = encoding, keep_trailing_wildcards, logger
+        self.path = path = abspath(expanduser(path or DB))
         self.json = join(dirname(path), f".{basename(path).replace('.','_')}{['','_tw'][keep_trailing_wildcards]}.json")
         if exists(self.json):
             from msgspec.json import decode
@@ -77,7 +77,7 @@ def _match(subtree, byteseq):
                     subtree = subtree[byte]
                 else:
                     break
-        with PE(pe) as f:
+        with PE(pe, logger=self.logger) as f:
             if ep_only:
                 for byteseq in f.read(n_bytes, f.entrypoint_offset):
                     _match(self.__tree['ep_only'], byteseq)
@@ -128,7 +128,7 @@ def __signature(self, name, signature, ep_only, sec_start_only):
         """ Output a signature as a string. """
         cond = f"ep_only = true\n" if ep_only else \
                f"section_start_only = true\n" if sec_start_only else ""
-        sig = f"[{name}\nsignature = {signature}\n{cond}\n"
+        return f"[{name}]\nsignature = {signature}\n{cond}\n"
 
     def compare(self, db, encoding=None):
         """ Compare this database with the given one.
@@ -137,8 +137,6 @@ def compare(self, db, encoding=None):
         :param encoding: encoding for dumping the database
         :return:         generator producing signatures not present in this database but well in the compared one
         """
-        if not self.full_init:
-            raise NotImplementedError("Signatures database not fully loaded ; re-initialize with full_init=True")
         for sig, fields in self.__get(db, encoding).signatures.items():
             if sig not in self.signatures:
                 yield fields[0]
@@ -149,8 +147,6 @@ def dump(self, filename=None, encoding=None):
         :param filename: path to database dump
         :param encoding: encoding for dumping the database
         """
-        if not self.full_init:
-            raise NotImplementedError("Signatures database not fully loaded ; re-initialize with full_init=True")
         with open(filename or self.path, 'wt', encoding=encoding or self.encoding) as f:
             for l in self.comments:
                 f.write("; %s\n" % l)
@@ -160,6 +156,14 @@ def dump(self, filename=None, encoding=None):
                 f.write("[%s]\nsignature = %s\nep_only = %s\n%s\n" % (packer, signature, str(ep_only).lower(),
                         ["", "section_start_only = %s\n" % str(sec_start_only).lower()][sec_start_only]))
 
+    def filter(self, pattern, text=True):
+        """ Filter signatures based on a given name pattern. """
+        regex = re.compile(pattern or r".*")
+        for name, signature, trailing_wildcards, ep_only, sec_start_only in self.signatures.values():
+            if regex.search(name):
+                r = (name, f"{' '.join(signature)} {trailing_wildcards}", ep_only, sec_start_only)
+                yield self.__signature(*r) if text else r
+
     def merge(self, *dbs):
         """ Merge multiple signatures databases.
         

diff --git a/src/peid/db/userdb.txt b/src/peid/db/userdb.txt
@@ -5,17 +5,17 @@
 ;  - ExeinfoPe
 ;  - PEV
 ; This DB also contains a few signatures based on this dataset: https://github.com/packing-box/dataset-packed-pe
-; 5592 signatures in list
+; 5591 signatures in list
 
 [ A win32 exe packer - http://github.com/Eronana/packer ]
 signature = 60 68 00 ?? ?? 00 E8 07 FC FF FF 89 45 FC 61 FF 65 FC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ep_only = true
 
-[Alienyze -> morfal]
+[Alienyze -> dhondta]
 signature = 55 8B EC 81 EC 60 01 00 00 53 56 64 A1 30 00 00 00 89 85 70 FF FF FF 8B 8D 70 FF FF FF 8B 51 0C 89 55 AC 8B 45 AC 8B 48 0C 8B 51 28 89 55 CC C7 45 B0 00 00 00 00 C7 45 94 00 00 00 00 8B 45 B0 8B 4D CC 0F B7 14 41 85 D2 74 23 8B 45 B0 8B 4D CC 0F B7 14 41 83 FA 5C 75 09 8B 45 B0 83 C0 01 89 45 94 8B 4D B0 83 C1 01 89 4D B0 EB CF 8B 55 AC 8B 42 14 8B 08 89 4D AC 8B 55 AC 8B 02 89 85
 ep_only = true
 
-[Eronana-Packer -> morfal]
+[Eronana-Packer -> dhondta]
 signature = 60 68 00 ?? ?? ?? E8 17 FC FF FF 89 45 FC 61 FF 65 FC
 ep_only = true
 
@@ -2039,7 +2039,7 @@ ep_only = false
 signature = 80 ?? ?? ?? 83 ?? ?? ?? ?? 90 90 90
 ep_only = true
 
-[ASPack -> morfal]
+[ASPack -> dhondta]
 signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB 00 ?? ?? ?? 83 BD 88 04 00 00 00 89 9D 88 04 00 00 0F 85 CB 03 00 00 8D 85 94 04 00 00 50 FF 95 A9 0F 00 00 89 85 8C 04 00 00 8B F0 8D 7D 51 57 56 FF 95 A5 0F 00 00 AB B0 00 AE 75 FD 38 07 75 EE 8D 45 7A FF E0 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 56 69 72 74 75 61 6C 46 72 65 65 00 56 69 72 74
 ep_only = true
 
@@ -5055,7 +5055,7 @@ ep_only = true
 signature = 46 4F 58 53 51 5A
 ep_only = true
 
-[FSG -> morfal]
+[FSG -> dhondta]
 signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41
 ep_only = true
 
@@ -6587,7 +6587,7 @@ ep_only = true
 signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 1A 4A 61 72 1B
 ep_only = false
 
-[JDPack -> morfal]
+[JDPack -> dhondta]
 signature = 60 E8 00 00 00 00 5D 8B D5 81 ED C6 2B 40 00 2B 95 61 34 40 00 81 EA 06 00 00 00 89 95 65 34 40 00 83 BD 69 34 40 00 00 0F 85 BC 03 00 00 C7 85 69 34 40 00 01 00 00 00 B9 88 07 00 00 8D B5 18 2C 40 00 8A 85 60 34 40 00 8A 1E 32 C3 88 06 88 9D 60 34 40 00 46 E2 EB
 ep_only = true
 
@@ -7079,7 +7079,7 @@ ep_only = true
 signature = 1E 0E 1F BA ?? ?? 81 ?? ?? ?? B4 09 CD 21 1F B4 4C CD 21
 ep_only = true
 
-[MEW -> morfal]
+[MEW -> dhondta]
 signature = E9 ?? ?? ?? ?? 0C ?? ?? ?? 00 00 00 00 00 00 00 00 ?? ?? ?? ?? 0C
 ep_only = true
 
@@ -8799,10 +8799,6 @@ ep_only = true
 signature = 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? 00 00 00 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 66 ?? ?? ?? 59
 ep_only = true
 
-[Morphine v1.2 (DLL)]
-signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? 00
-ep_only = true
-
 [Morphine v1.2 (DLL)]
 signature = 00 00 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 5B ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
 ep_only = true
@@ -15639,7 +15635,7 @@ ep_only = true
 signature = 50 52 E8 ?? ?? ?? ?? 55 53 51 52 48 01 FE 56 48 89 FE 48 89 D7 31 DB 31 C9 48 83 CD FF E8 ?? ?? ?? ?? 01 DB 74 ?? F3 C3 8B 1E 48 83 EE FC 11 DB 8A
 ep_only = true
 
-[UPX v3.95 -> morfal]
+[UPX v3.95 -> dhondta]
 signature = 53 56 57 55 48 8D 35 ?? ?? ?? FF 48 8D BE ?? ?? ?? FF 57 31 DB 31 C9 48 83 CD FF E8 50 00 00 00 01 DB 74 02 F3 C3 8B 1E 48 83 EE FC 11 DB 8A 16 F3 C3
 ep_only = true
 
@@ -15799,10 +15795,6 @@ ep_only = false
 signature = 83 EC 04 89 ?? 24 59 ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
 ep_only = false
 
-[UPolyX v0.5]
-signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
-ep_only = true
-
 [UPolyX v0.5]
 signature = ?? 59 ?? ?? 00 00 00
 ep_only = true
@@ -21299,7 +21291,7 @@ ep_only = true
 signature = ?? ?? 83 EC ?? D9 34 24 8B 44 24 ?? ?? ?? ?? BF ?? ?? ?? ?? 8A 17 ?? ?? 8B C8 81 E1 ?? ?? ?? ?? EB ?? ?? ?? 30 10 FE CA 48 49
 ep_only = true
 
-[eXPressor -> morfal]
+[eXPressor -> dhondta]
 signature = 55 8B EC 81 EC 84 02 00 00 53 56 57 83 A5 A8 FD FF FF 00 F3 EB 0C 65 58 50 72 2D 76 2E 31 2E 36 2E 00 A1 00 ?? ?? ?? 05 00 ?? ?? ?? A3 04 ?? ?? ?? A1 04 ?? ?? ?? 83 78 70 00 75 14 6A 10 68 F0 ?? ?? ?? 68 78 ?? ?? ?? 6A 00 FF 15 50 ?? ?? ?? E8 F0 FE FF FF A3 08 ?? ?? ?? 68 04 01 00 00 8D 85 D8 FD FF FF 50 FF 35 14 ?? ?? ?? FF 15 48 ?? ?? ?? 8D 84 05 D7 FD FF FF 89 85 AC FD FF FF 8B
 ep_only = true
 
@@ -22207,6 +22199,10 @@ ep_only = true
 signature = 53 56 57 55 48 8D 35 ?? ?? ?? FF 48 8D BE ?? ?? ?? FF 57 B8 ?? ?? ?? 00 50 48 89 E1 48 89 FA 48 89 F7 BE ?? ?? ?? 00 55 48 89 E5 44 8B 09 49 89 D0 48
 ep_only = true
 
+[yoda's Crypter -> dhondta]
+signature = 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00 81 E9 C6 28 40 00 8B D5 81 C2 C6 28 40 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = true
+
 [y0da's Cryptor 1.2 -> y0da]
 signature = 60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 AC
 ep_only = true

diff --git a/src/peid/pe.py b/src/peid/pe.py
@@ -1,14 +1,14 @@
 # -*- coding: UTF-8 -*-
-from functools import wraps
+from functools import lru_cache, wraps
 from os.path import getsize
 
 
 __all__ = ["PE"]
 
 
 class PE:
-    def __init__(self, path, debug=False):
-        self.path, self.size, self.__debug = path, getsize(path), debug
+    def __init__(self, path, logger=None):
+        self.path, self.size, self.logger = path, getsize(path), logger
         self.__fd = f = open(path, "rb")
         # check MZ signature
         if f.read(2) != b"MZ":
@@ -51,7 +51,10 @@ def read(self, n=64, *offsets):
             offsets = range(0, self.size-n)
         for o in offsets:
             self.__fd.seek(o)
-            yield self.__fd.read(min(n, self.size-o))
+            r = self.__fd.read(min(n, self.size-o))
+            if self.logger:
+                self.logger.debug(" ".join(f"{b:02X}" for b in r))
+            yield r
 
     @property
     def entrypoint_offset(self):
@@ -71,9 +74,9 @@ def sections_offsets(self):
         # 40 bytes per section header entry
         offsets = []
         for i in range(self.number_of_sections):
-            if self.__debug:
+            if self.logger:
                 f.seek(start + i * 40)
-                print(f.read(8).rstrip(b"\0").decode("utf-8"))
+                self.logger.debug(f.read(8).rstrip(b"\0").decode("utf-8"))
             f.seek(start + i * 40 + 20)
             offsets.append(int.from_bytes(f.read(4), "little"))
         return offsets