pedump 0.3.2 → 0.3.3

Sign up to get free protection for your applications and to get access to all the features.
data/README.md ADDED
@@ -0,0 +1,56 @@
1
+ pedump
2
+ ======
3
+
4
+ Description
5
+ -----------
6
+ A pure ruby implementation of win32 PE binary files dumper, including:
7
+
8
+ * MZ Header
9
+ * DOS stub
10
+ * ['Rich' Header](http://ntcore.com/files/richsign.htm)
11
+ * PE Header
12
+ * Data Directory
13
+ * Sections
14
+ * Resources
15
+ * Strings
16
+ * Imports & Exports
17
+ * PE Packer/Compiler detection
18
+ * a conventient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
19
+
20
+ Installation
21
+ ------------
22
+ gem install pedump
23
+
24
+ Usage and documentation
25
+ -----------------------
26
+
27
+ Usage: pedump [options]
28
+ -V, --version Print version information and exit
29
+ -v, --[no-]verbose Run verbosely
30
+ -F, --force Try to dump by all means
31
+ (can cause exceptions & heavy wounds)
32
+ -f, --format FORMAT Output format: bin,c,dump,hex,inspect,table
33
+ (default: table)
34
+ --mz
35
+ --dos-stub
36
+ --rich
37
+ --pe
38
+ --data-directory
39
+ --sections
40
+ --strings
41
+ --resources
42
+ --resource-directory
43
+ --imports
44
+ --exports
45
+ --packer
46
+ -P, --packer-only packer/compiler detect only,
47
+ mimics 'file' command output
48
+ --all Dump all but resource-directory (default)
49
+ --va2file VA Convert RVA to file offset
50
+ -W, --web Uploads files to a http://pedump.me
51
+ for a nice HTML tables with image previews,
52
+ candies & stuff
53
+
54
+ License
55
+ -------
56
+ Released under the MIT License. See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.
data/README.md.tpl ADDED
@@ -0,0 +1,35 @@
1
+ pedump
2
+ ======
3
+
4
+ Description
5
+ -----------
6
+ A pure ruby implementation of win32 PE binary files dumper, including:
7
+
8
+ * MZ Header
9
+ * DOS stub
10
+ * ['Rich' Header](http://ntcore.com/files/richsign.htm)
11
+ * PE Header
12
+ * Data Directory
13
+ * Sections
14
+ * Resources
15
+ * Strings
16
+ * Imports & Exports
17
+ * PE Packer/Compiler detection
18
+ * a conventient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
19
+
20
+ Installation
21
+ ------------
22
+ gem install pedump
23
+
24
+ Usage
25
+ -----
26
+
27
+ % pedump -h
28
+
29
+ ### MZ Header
30
+
31
+ % pedump --mz
32
+
33
+ License
34
+ -------
35
+ Released under the MIT License. See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.
data/Rakefile CHANGED
@@ -23,6 +23,8 @@ Jeweler::Tasks.new do |gem|
23
23
  gem.authors = ["Andrey \"Zed\" Zaikin"]
24
24
  gem.executables = %w'pedump'
25
25
  gem.files.include "lib/**/*.rb"
26
+ gem.files.include "data/sig.bin"
27
+ gem.files.include "data/sig.txt"
26
28
  # dependencies defined in Gemfile
27
29
  end
28
30
  Jeweler::RubygemsDotOrgTasks.new
@@ -50,6 +52,28 @@ task :default => :spec
50
52
  # rdoc.rdoc_files.include('lib/**/*.rb')
51
53
  #end
52
54
 
55
+ class Jeweler::Commands::Version::Base
56
+ alias :commit_version_old :commit_version
57
+ def commit_version
58
+ code = <<-EOF
59
+ class PEdump
60
+ module Version
61
+ MAJOR = #{version_helper.major}
62
+ MINOR = #{version_helper.minor}
63
+ PATCH = #{version_helper.patch}
64
+ BUILD = nil
65
+
66
+ STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
67
+ end
68
+ end
69
+ EOF
70
+ vfile = working_subdir.join("lib/pedump/version.rb")
71
+ File.open(vfile,"w"){ |f| f << code }
72
+ self.repo.add vfile if self.repo
73
+ commit_version_old
74
+ end
75
+ end
76
+
53
77
  namespace :test do
54
78
  desc "test on all files in given path"
55
79
  task :all_files do
@@ -75,3 +99,54 @@ namespace :test do
75
99
  end
76
100
  end
77
101
  end
102
+
103
+ namespace :sig do
104
+ desc "update packers db from http://research.pandasecurity.com/blogs/images/userdb.txt"
105
+ task :update do
106
+ require './lib/pedump/packer'
107
+ fname = PEdump::Packer::TEXT_SIGS_FILE
108
+ url = "http://research.pandasecurity.com/blogs/images/userdb.txt"
109
+
110
+ require 'digest/md5'
111
+ require 'open-uri'
112
+ existing_md5 = Digest::MD5.file(fname).hexdigest
113
+ puts "[.] fetching remote data..."
114
+ remote_data = open(url).read.force_encoding('cp1252').encode('utf-8')
115
+ puts "[.] got #{remote_data.size} bytes"
116
+ raise "too small remote data (#{remote_data.size})" if remote_data.size < 100_000
117
+ remote_md5 = Digest::MD5.hexdigest(remote_data)
118
+ if remote_md5 == existing_md5
119
+ puts "[.] same as local"
120
+ else
121
+ existing_size = File.size(fname)
122
+ File.open(fname,"wb"){ |f| f << remote_data }
123
+ puts "[*] updated: #{existing_size} -> #{remote_data.size}"
124
+ end
125
+ end
126
+
127
+ desc "convert txt2bin"
128
+ task :convert do
129
+ require './lib/pedump/packer'
130
+ t0 = Time.now
131
+ sigs = PEdump::Packer.parse
132
+ printf "[.] parsed %d definitions in %6.3fs\n", sigs.size, Time.now-t0
133
+ File.open(PEdump::Packer::BIN_SIGS_FILE,"wb"){ |f| Marshal.dump(sigs,f) }
134
+ end
135
+ end
136
+
137
+ desc "build readme"
138
+ task :readme do
139
+ require 'erb'
140
+ tpl = File.read('README.md.tpl').gsub(/^%\s+(.+)/) do |x|
141
+ x.sub! /^%/,''
142
+ "<%= run(\"#{x}\") %>"
143
+ end
144
+ def run cmd
145
+ cmd.strip!
146
+ cmd.sub! /^pedump/,"./bin/pedump"
147
+ `#{cmd}`.sub(/\A\n+/m,'').sub(/\s+\Z/,'').split("\n").map{|x| " #{x}"}.join("\n") + "\n"
148
+ end
149
+ File.open 'README.md','w' do |f|
150
+ f << ERB.new(tpl,nil,'%>').result
151
+ end
152
+ end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.2
1
+ 0.3.3
data/data/sig.bin ADDED
Binary file