pedump 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/lib/pedump.rb +7 -3
- data/lib/pedump/cli.rb +16 -1
- data/pedump.gemspec +1 -1
- metadata +10 -10
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.2.
|
|
1
|
+
0.2.1
|
data/lib/pedump.rb
CHANGED
|
@@ -511,8 +511,12 @@ class PEdump
|
|
|
511
511
|
end
|
|
512
512
|
end
|
|
513
513
|
end
|
|
514
|
-
if x.original_first_thunk
|
|
515
|
-
logger.warn "[?] import table: #{x.module_name}
|
|
514
|
+
if x.original_first_thunk && !x.first_thunk
|
|
515
|
+
logger.warn "[?] import table: empty FirstThunk of #{x.module_name}"
|
|
516
|
+
elsif !x.original_first_thunk && x.first_thunk
|
|
517
|
+
logger.warn "[?] import table: empty OriginalFirstThunk of #{x.module_name}"
|
|
518
|
+
elsif x.original_first_thunk != x.first_thunk
|
|
519
|
+
logger.warn "[?] import table: OriginalFirstThunk != FirstThunk of #{x.module_name}"
|
|
516
520
|
end
|
|
517
521
|
end
|
|
518
522
|
end
|
|
@@ -650,7 +654,7 @@ class PEdump
|
|
|
650
654
|
|
|
651
655
|
def va2file va
|
|
652
656
|
sections.each do |s|
|
|
653
|
-
if (s.VirtualAddress
|
|
657
|
+
if (s.VirtualAddress...(s.VirtualAddress+s.VirtualSize)).include?(va)
|
|
654
658
|
return va - s.VirtualAddress + s.PointerToRawData
|
|
655
659
|
end
|
|
656
660
|
end
|
data/lib/pedump/cli.rb
CHANGED
|
@@ -48,6 +48,9 @@ class PEdump::CLI
|
|
|
48
48
|
opts.on "--all", "Dump all but #{(KNOWN_ACTIONS-DEFAULT_ALL_ACTIONS).join(',')} (default)" do
|
|
49
49
|
@actions = DEFAULT_ALL_ACTIONS
|
|
50
50
|
end
|
|
51
|
+
opts.on "--va2file VA", "Convert RVA to file offset" do |va|
|
|
52
|
+
@actions << [:va2file,va]
|
|
53
|
+
end
|
|
51
54
|
end
|
|
52
55
|
|
|
53
56
|
if (@argv = optparser.parse(@argv)).empty?
|
|
@@ -55,7 +58,7 @@ class PEdump::CLI
|
|
|
55
58
|
return
|
|
56
59
|
end
|
|
57
60
|
|
|
58
|
-
if (@actions-KNOWN_ACTIONS).any?
|
|
61
|
+
if (@actions-KNOWN_ACTIONS).any?{ |x| !x.is_a?(Array) }
|
|
59
62
|
puts "[?] unknown actions: #{@actions-KNOWN_ACTIONS}"
|
|
60
63
|
@actions.delete_if{ |x| !KNOWN_ACTIONS.include?(x) }
|
|
61
64
|
end
|
|
@@ -95,6 +98,18 @@ class PEdump::CLI
|
|
|
95
98
|
end
|
|
96
99
|
|
|
97
100
|
def dump_action action, f
|
|
101
|
+
if action.is_a?(Array)
|
|
102
|
+
case action[0]
|
|
103
|
+
when :va2file
|
|
104
|
+
@pedump.sections(f)
|
|
105
|
+
va = action[1] =~ /(^0x)|(h$)/i ? action[1].to_i(16) : action[1].to_i
|
|
106
|
+
file_offset = @pedump.va2file(va)
|
|
107
|
+
printf "va2file(0x%x) = 0x%x (%d)\n", va, file_offset, file_offset
|
|
108
|
+
return
|
|
109
|
+
else raise "unknown action #{action.inspect}"
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
|
|
98
113
|
data = @pedump.send(action, f)
|
|
99
114
|
return if !data || (data.respond_to?(:empty?) && data.empty?)
|
|
100
115
|
|
data/pedump.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pedump
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2011-12-10 00:00:00.000000000Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70303206510780 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ~>
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 2.3.0
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70303206510780
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: bundler
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70303206635540 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ~>
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: 1.0.0
|
|
33
33
|
type: :development
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70303206635540
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: jeweler
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70303206642320 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ~>
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: 1.6.4
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70303206642320
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: rcov
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &70303206648540 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ! '>='
|
|
@@ -54,7 +54,7 @@ dependencies:
|
|
|
54
54
|
version: '0'
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *70303206648540
|
|
58
58
|
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
|
59
59
|
email: zed.0xff@gmail.com
|
|
60
60
|
executables:
|
|
@@ -93,7 +93,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
93
93
|
version: '0'
|
|
94
94
|
segments:
|
|
95
95
|
- 0
|
|
96
|
-
hash:
|
|
96
|
+
hash: -1918854361818125320
|
|
97
97
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
98
98
|
none: false
|
|
99
99
|
requirements:
|