From 3e665cd11a639050c06048cd592b70d1fcead689 Mon Sep 17 00:00:00 2001
From: Seliaste <aena.aria@posteo.net>
Date: Tue, 31 Mar 2026 10:55:08 +0200
Subject: [PATCH] fixed some formatting stuff

---
 iat.py | 48 ++++++++++--------------------------------------
 1 file changed, 10 insertions(+), 38 deletions(-)

diff --git a/iat.py b/iat.py
index a7ae358..ae668d0 100644
--- a/iat.py
+++ b/iat.py
@@ -13,9 +13,7 @@ iat_json_path = "rsc/upx-hostname.exe.bin_iat_wave1.json"
 # iat_json_path = "rsc/000155f2e0360f6ff6cd.exe_iat_wave2.json"
 
 
-def hex_address_to_memory_representation(
-    hex_addr: str, is_32b: bool, is_little_endian: bool
-) -> list[int]:
+def hex_address_to_memory_representation(hex_addr: str, is_32b: bool, is_little_endian: bool) -> list[int]:
     adress_size = 4 if is_32b else 8
     mem_value = [0x00] * adress_size
     hex_addr = hex_addr[::-1][:-2]  # reversing order and stripping zero
@@ -51,9 +49,7 @@ def patch_direct_adress_call(pe: lief.PE.Binary, rva: int, instruction_offset: i
         pe.abstract.header.is_32,
         pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE,
     )
-    pe.patch_address(
-        instruction_offset, [0xFF, 0x15] + new_value, lief.Binary.VA_TYPES.RVA
-    )
+    pe.patch_address(instruction_offset, [0xFF, 0x15] + new_value, lief.Binary.VA_TYPES.RVA)
 
 
 def patch_direct_adress_jump(pe: lief.PE.Binary, rva: int, instruction_offset: int):
@@ -63,9 +59,7 @@ def patch_direct_adress_jump(pe: lief.PE.Binary, rva: int, instruction_offset: i
         pe.abstract.header.is_32,
         pe.abstract.header.endianness == lief.Header.ENDIANNESS.LITTLE,
     )
-    pe.patch_address(
-        instruction_offset, [0xFF, 0x25] + new_value, lief.Binary.VA_TYPES.RVA
-    )
+    pe.patch_address(instruction_offset, [0xFF, 0x25] + new_value, lief.Binary.VA_TYPES.RVA)
 
 
 def patch_instr_to_new_IAT_entry(pe: lief.PE.Binary, call: dict[str, str], rva: int):
@@ -97,10 +91,7 @@ def patch_addr_found_in_mem(pe: lief.PE.Binary, rva: int, old_addr: str):
         for i in range(len(section.content)):
             found = True
             for j in range(len(old_addr_mem_repr)):
-                if (
-                    i + j >= len(section.content)
-                    or section.content[i + j] != old_addr_mem_repr[j]
-                ):
+                if i + j >= len(section.content) or section.content[i + j] != old_addr_mem_repr[j]:
                     found = False
                     break
             if found:
@@ -111,21 +102,11 @@ def patch_addr_found_in_mem(pe: lief.PE.Binary, rva: int, old_addr: str):
                     is_32,
                     little_endian,
                 )
-                # print(
-                #     f"ref= {
-                #         hex(
-                #             section.virtual_address + i + pe.imagebase,
-                #         )
-                #     }"
-                # )
                 for section in pe.sections:
                     for k in range(len(section.content)):
                         foundxref = True
-                        for l in range(len(old_addr_ref)):
-                            if (
-                                k + l < len(section.content)
-                                and section.content[k + l] != old_addr_ref[l]
-                            ):
+                        for L in range(len(old_addr_ref)):
+                            if k + L < len(section.content) and section.content[k + L] != old_addr_ref[L]:
                                 foundxref = False
                                 break
                         if foundxref:
@@ -135,19 +116,13 @@ def patch_addr_found_in_mem(pe: lief.PE.Binary, rva: int, old_addr: str):
         pe.patch_address(addr, new_addr, lief.Binary.VA_TYPES.RVA)
 
 
-def patch_to_new_IAT(
-    pe: lief.PE.Binary, imp: lief.PE.Import, entry: lief.PE.ImportEntry, rva: int
-):
+def patch_to_new_IAT(pe: lief.PE.Binary, imp: lief.PE.Import, entry: lief.PE.ImportEntry, rva: int):
     # print(f"{imp.name}!{entry.name}: 0x{rva:010x}")
-    for call in filter(
-        lambda x: x["name"] == f"{imp.name.upper()}!{entry.name}", calls
-    ):
+    for call in filter(lambda x: x["name"] == f"{imp.name.upper()}!{entry.name}", calls):
         patch_instr_to_new_IAT_entry(pe, call, rva)
     # patch additional non-call related info
     print(entry.name)
-    for func in filter(
-        lambda x: x["name"] == entry.name and x["dll"] == imp.name, procaddr_list
-    ):
+    for func in filter(lambda x: x["name"] == entry.name and x["dll"] == imp.name, procaddr_list):
         # print(func["name"])
         patch_addr_found_in_mem(pe, rva, func["addr"])
 
@@ -158,10 +133,7 @@ def get_list_of_procaddr_functions(prevwave_info):
         # first only including imported dlls
         res_new = {}
         for export in api_info:
-            if (
-                export["dllname"] in dll_calls_list
-                and export["exportname"] == call["function"]
-            ):
+            if export["dllname"] in dll_calls_list and export["exportname"] == call["function"]:
                 res_new = {
                     "name": export["exportname"],
                     "dll": export["dllname"],