Gists for blog post about Portable Executables and Structured Exception Handling: https://hexagr.blogspot.com/2023/08/portable-executable-format-and.html

pdata_dump.py

import pefile
import struct

def main():
    pe = pefile.PE("C:\\Windows\\notepad.exe", fast_load=True)
    for section in pe.sections:
        if section.Name.decode().rstrip('\x00') == '.pdata':
            print(".pdata address: {} size: {}".format(hex(section.PointerToRawData), hex(section.SizeOfRawData)))
            print_pdata_info(section)

def print_pdata_info(section):
    with open("C:\\Windows\\notepad.exe", "rb") as file:
        file.seek(section.PointerToRawData)
        for i in range(0, section.SizeOfRawData, 12):
            baddr, eaddr, uaddr = struct.unpack('<3L', file.read(12))
            if not baddr:
                break
            print("Begin address: {} End address: {} Unwind info: {}".format(hex(baddr), hex(eaddr), hex(uaddr)))

if __name__ == "__main__":
              main()

virtual_addressing.py

import pefile

def print_section_info(pe):
    for section in pe.sections:
        section_name = section.Name.decode().rstrip('\x00')
        print(f"Section Name: {section_name}")
        print(f"Raw Address: 0x{section.PointerToRawData:08X}")
        print(f"Raw Size: 0x{section.SizeOfRawData:08X}")
        print(f"Virtual Address: 0x{section.VirtualAddress:08X}")
        print(f"Virtual Size: 0x{section.Misc_VirtualSize:08X}")
        print("")

if __name__ == "__main__":
    pe = pefile.PE("C:\\Windows\\notepad.exe")
    print_section_info(pe)