pedump 0.3.2 → 0.3.3

data/README.md

@@ -0,0 +1,56 @@
+pedump
+======
+
+Description
+-----------
+A pure ruby implementation of win32 PE binary files dumper, including:
+
+ * MZ Header
+ * DOS stub
+ * ['Rich' Header](http://ntcore.com/files/richsign.htm)
+ * PE Header
+ * Data Directory
+ * Sections
+ * Resources
+ * Strings
+ * Imports & Exports
+ * PE Packer/Compiler detection
+ * a conventient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
+
+Installation
+------------
+    gem install pedump
+
+Usage and documentation
+-----------------------
+
+    Usage: pedump [options]
+        -V, --version                    Print version information and exit
+        -v, --[no-]verbose               Run verbosely
+        -F, --force                      Try to dump by all means
+                                         (can cause exceptions & heavy wounds)
+        -f, --format FORMAT              Output format: bin,c,dump,hex,inspect,table
+                                         (default: table)
+            --mz
+            --dos-stub
+            --rich
+            --pe
+            --data-directory
+            --sections
+            --strings
+            --resources
+            --resource-directory
+            --imports
+            --exports
+            --packer
+        -P, --packer-only                packer/compiler detect only,
+                                         mimics 'file' command output
+            --all                        Dump all but resource-directory (default)
+            --va2file VA                 Convert RVA to file offset
+        -W, --web                        Uploads files to a http://pedump.me
+                                         for a nice HTML tables with image previews,
+                                         candies & stuff
+
+License
+-------
+Released under the MIT License.  See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.

data/README.md.tpl

@@ -0,0 +1,35 @@
+pedump
+======
+
+Description
+-----------
+A pure ruby implementation of win32 PE binary files dumper, including:
+
+ * MZ Header
+ * DOS stub
+ * ['Rich' Header](http://ntcore.com/files/richsign.htm)
+ * PE Header
+ * Data Directory
+ * Sections
+ * Resources
+ * Strings
+ * Imports & Exports
+ * PE Packer/Compiler detection
+ * a conventient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
+
+Installation
+------------
+    gem install pedump
+
+Usage
+-----
+
+% pedump -h
+
+### MZ Header
+
+% pedump --mz 
+
+License
+-------
+Released under the MIT License.  See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.

data/Rakefile

@@ -23,6 +23,8 @@ Jeweler::Tasks.new do |gem|
   gem.authors = ["Andrey \"Zed\" Zaikin"]
   gem.executables = %w'pedump'
   gem.files.include "lib/**/*.rb"
+  gem.files.include "data/sig.bin"
+  gem.files.include "data/sig.txt"
   # dependencies defined in Gemfile
 end
 Jeweler::RubygemsDotOrgTasks.new
@@ -50,6 +52,28 @@ task :default => :spec
 #  rdoc.rdoc_files.include('lib/**/*.rb')
 #end
 
+class Jeweler::Commands::Version::Base
+  alias :commit_version_old :commit_version
+  def commit_version
+    code = <<-EOF
+class PEdump
+  module Version
+    MAJOR = #{version_helper.major}
+    MINOR = #{version_helper.minor}
+    PATCH = #{version_helper.patch}
+    BUILD = nil
+
+    STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
+  end
+end
+    EOF
+    vfile = working_subdir.join("lib/pedump/version.rb")
+    File.open(vfile,"w"){ |f| f << code }
+    self.repo.add vfile if self.repo
+    commit_version_old
+  end
+end
+
 namespace :test do
   desc "test on all files in given path"
   task :all_files do
@@ -75,3 +99,54 @@ namespace :test do
     end
   end
 end
+
+namespace :sig do
+  desc "update packers db from http://research.pandasecurity.com/blogs/images/userdb.txt"
+  task :update do
+    require './lib/pedump/packer'
+    fname = PEdump::Packer::TEXT_SIGS_FILE
+    url   = "http://research.pandasecurity.com/blogs/images/userdb.txt"
+
+    require 'digest/md5'
+    require 'open-uri'
+    existing_md5 = Digest::MD5.file(fname).hexdigest
+    puts "[.] fetching remote data..."
+    remote_data  = open(url).read.force_encoding('cp1252').encode('utf-8')
+    puts "[.] got #{remote_data.size} bytes"
+    raise "too small remote data (#{remote_data.size})" if remote_data.size < 100_000
+    remote_md5   = Digest::MD5.hexdigest(remote_data)
+    if remote_md5 == existing_md5
+      puts "[.] same as local"
+    else
+      existing_size = File.size(fname)
+      File.open(fname,"wb"){ |f| f << remote_data }
+      puts "[*] updated: #{existing_size} -> #{remote_data.size}"
+    end
+  end
+
+  desc "convert txt2bin"
+  task :convert do
+    require './lib/pedump/packer'
+    t0 = Time.now
+    sigs = PEdump::Packer.parse
+    printf "[.] parsed %d definitions in %6.3fs\n", sigs.size, Time.now-t0
+    File.open(PEdump::Packer::BIN_SIGS_FILE,"wb"){ |f| Marshal.dump(sigs,f) }
+  end
+end
+
+desc "build readme"
+task :readme do
+  require 'erb'
+  tpl = File.read('README.md.tpl').gsub(/^%\s+(.+)/) do |x|
+    x.sub! /^%/,''
+    "<%= run(\"#{x}\") %>"
+  end
+  def run cmd
+    cmd.strip!
+    cmd.sub! /^pedump/,"./bin/pedump"
+    `#{cmd}`.sub(/\A\n+/m,'').sub(/\s+\Z/,'').split("\n").map{|x| "    #{x}"}.join("\n") + "\n"
+  end
+  File.open 'README.md','w' do |f|
+    f << ERB.new(tpl,nil,'%>').result
+  end
+end

data/VERSION

@@ -1 +1 @@
-0.3.2
+0.3.3