Topic created on: May 17, 2010 23:37 CDT by tr4nce .

I am trying to create a python program that hooks on to every imported function in an executable and sets up a log breakpoint on each of them.  When the breakpoint is hit it logs it so that all the API calls made by a program can be seen.  
To do this I'm using Pydbg & PEFile.  I am able to enumerate modules using iterate_modules() function call in PyDbg.  But when I look at the PEFile
The code is as follows:
[snip]
  for modlist in dbg.iterate_modules():
      pe = pefile.PE(modlist.szExePath)
      for entry in pe.DIRECTORY_ENTRY_IMPORT:
          for imp in entry.imports:
              print '\t', hex(imp.address), imp.name
[/snip]
This works well for the .exe module but when the ntdll.dll module is hit I get the error:
AttributeError: PE instance has no attribute 'DIRECTORY_ENTRY_IMPORT'
Upon debugging I do see that pe.DIRECTORY_ENTRY_IMPORT is not present.  Is there some way to have a conditional statement (using some flag in pefile) that can help me in the enumeration?