pedump 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.document +5 -0
- data/.rspec +1 -0
- data/Gemfile +15 -0
- data/Gemfile.lock +32 -0
- data/LICENSE.txt +20 -0
- data/README.md +56 -0
- data/README.md.tpl +35 -0
- data/Rakefile +152 -0
- data/VERSION +1 -0
- data/bin/pedump +7 -0
- data/data/sig.bin +0 -0
- data/data/sig.txt +14083 -0
- data/lib/pedump.rb +1044 -0
- data/lib/pedump/cli.rb +593 -0
- data/lib/pedump/packer.rb +124 -0
- data/lib/pedump/version.rb +10 -0
- data/pedump.gemspec +76 -0
- data/samples/calc.7z +0 -0
- data/spec/pedump_spec.rb +7 -0
- data/spec/spec_helper.rb +12 -0
- metadata +138 -0
@@ -0,0 +1,124 @@
|
|
1
|
+
class PEdump
|
2
|
+
class Packer < Struct.new(:name, :re, :ep_only, :size)
|
3
|
+
|
4
|
+
DATA_ROOT = File.dirname(File.dirname(File.dirname(__FILE__)))
|
5
|
+
BIN_SIGS_FILE = File.join(DATA_ROOT, "data", "sig.bin")
|
6
|
+
TEXT_SIGS_FILE = File.join(DATA_ROOT, "data", "sig.txt")
|
7
|
+
|
8
|
+
Match = Struct.new :offset, :packer
|
9
|
+
|
10
|
+
class << self
|
11
|
+
|
12
|
+
def all
|
13
|
+
@@all ||=
|
14
|
+
begin
|
15
|
+
r = unmarshal
|
16
|
+
unless r
|
17
|
+
if PEdump.respond_to?(:logger) && PEdump.logger
|
18
|
+
PEdump.logger.warn "[?] #{self}: unmarshal failed, using slow text parsing instead"
|
19
|
+
else
|
20
|
+
STDERR.puts "[?] #{self}: unmarshal failed, using slow text parsing instead"
|
21
|
+
end
|
22
|
+
r = parse
|
23
|
+
end
|
24
|
+
r
|
25
|
+
end
|
26
|
+
end
|
27
|
+
alias :load :all
|
28
|
+
|
29
|
+
def max_size
|
30
|
+
@@max_size ||= all.map(&:size).max
|
31
|
+
end
|
32
|
+
|
33
|
+
def of data, ep_offset = nil
|
34
|
+
if data.respond_to?(:read) && data.respond_to?(:seek) && ep_offset
|
35
|
+
of_file data, ep_offset
|
36
|
+
else
|
37
|
+
of_data data
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# try to determine packer of FILE f, ep_offset - offset to entrypoint from start of file
|
42
|
+
def of_file f, ep_offset
|
43
|
+
f.seek(ep_offset)
|
44
|
+
of_data f.read(max_size)
|
45
|
+
end
|
46
|
+
|
47
|
+
def of_data data
|
48
|
+
r = []
|
49
|
+
each do |packer|
|
50
|
+
if (idx=data.index(packer.re)) == 0
|
51
|
+
r << Match.new(idx, packer)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
r.any? ? r.sort_by{ |x| -x.packer.size } : nil
|
55
|
+
end
|
56
|
+
|
57
|
+
def method_missing *args, &block
|
58
|
+
all.respond_to?(args.first) ? all.send(*args,&block) : super
|
59
|
+
end
|
60
|
+
|
61
|
+
def unmarshal
|
62
|
+
File.open(BIN_SIGS_FILE,"rb") do |f|
|
63
|
+
Marshal.load(f)
|
64
|
+
end
|
65
|
+
rescue
|
66
|
+
nil
|
67
|
+
end
|
68
|
+
|
69
|
+
# parse text signatures
|
70
|
+
def parse fname = TEXT_SIGS_FILE
|
71
|
+
sigs = {}; sig = nil
|
72
|
+
|
73
|
+
File.open(fname,'r:utf-8') do |f|
|
74
|
+
while line = f.gets
|
75
|
+
line.strip!
|
76
|
+
|
77
|
+
# XXX
|
78
|
+
# "B\xE9rczi G\xE1bor".force_encoding('binary').to_yaml:
|
79
|
+
# RuntimeError: expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS
|
80
|
+
|
81
|
+
case line
|
82
|
+
when /^;/,/^$/
|
83
|
+
next
|
84
|
+
when /^\[(.+)\]$/
|
85
|
+
sig = Packer.new($1.sub(/^\*\s+/,'').sub(/\s+\(h\)$/,''))
|
86
|
+
when /^signature = (.+)$/
|
87
|
+
sig.re = $1
|
88
|
+
if sigs[sig.re]
|
89
|
+
next if sigs[sig.re].name == sig.name
|
90
|
+
printf "[?] dup %-40s, %s\n", sigs[sig.re].name.inspect, sig.name.inspect
|
91
|
+
end
|
92
|
+
sigs[sig.re] = sig
|
93
|
+
when /^ep_only = (.+)$/
|
94
|
+
sig.ep_only = ($1.strip.downcase == 'true')
|
95
|
+
else raise line
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
sigs = sigs.values
|
101
|
+
sigs.each do |sig|
|
102
|
+
sig.re = Regexp.new(
|
103
|
+
sig.re.split(' ').tap do |a|
|
104
|
+
sig.size = a.size
|
105
|
+
end.map do |x|
|
106
|
+
case x
|
107
|
+
when '??'
|
108
|
+
'.'
|
109
|
+
when /[a-f0-9]{2}/i
|
110
|
+
Regexp::escape x.to_i(16).chr
|
111
|
+
else raise x
|
112
|
+
end
|
113
|
+
end.join
|
114
|
+
)
|
115
|
+
if sig.name[/-+>/]
|
116
|
+
a = sig.name.split(/-+>/,2).map(&:strip)
|
117
|
+
sig.name = "#{a[0]} (#{a[1]})"
|
118
|
+
end
|
119
|
+
end
|
120
|
+
sigs
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
data/pedump.gemspec
ADDED
@@ -0,0 +1,76 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = "pedump"
|
8
|
+
s.version = "0.3.3"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Andrey \"Zed\" Zaikin"]
|
12
|
+
s.date = "2011-12-13"
|
13
|
+
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
|
14
|
+
s.email = "zed.0xff@gmail.com"
|
15
|
+
s.executables = ["pedump"]
|
16
|
+
s.extra_rdoc_files = [
|
17
|
+
"LICENSE.txt",
|
18
|
+
"README.md",
|
19
|
+
"README.md.tpl"
|
20
|
+
]
|
21
|
+
s.files = [
|
22
|
+
".document",
|
23
|
+
".rspec",
|
24
|
+
"Gemfile",
|
25
|
+
"Gemfile.lock",
|
26
|
+
"LICENSE.txt",
|
27
|
+
"README.md",
|
28
|
+
"README.md.tpl",
|
29
|
+
"Rakefile",
|
30
|
+
"VERSION",
|
31
|
+
"bin/pedump",
|
32
|
+
"data/sig.bin",
|
33
|
+
"data/sig.txt",
|
34
|
+
"lib/pedump.rb",
|
35
|
+
"lib/pedump/cli.rb",
|
36
|
+
"lib/pedump/packer.rb",
|
37
|
+
"lib/pedump/version.rb",
|
38
|
+
"pedump.gemspec",
|
39
|
+
"samples/calc.7z",
|
40
|
+
"spec/pedump_spec.rb",
|
41
|
+
"spec/spec_helper.rb"
|
42
|
+
]
|
43
|
+
s.homepage = "http://github.com/zed-0xff/pedump"
|
44
|
+
s.licenses = ["MIT"]
|
45
|
+
s.require_paths = ["lib"]
|
46
|
+
s.rubygems_version = "1.8.10"
|
47
|
+
s.summary = "dump win32 PE executable files with a pure ruby"
|
48
|
+
|
49
|
+
if s.respond_to? :specification_version then
|
50
|
+
s.specification_version = 3
|
51
|
+
|
52
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
53
|
+
s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
54
|
+
s.add_runtime_dependency(%q<progressbar>, ["~> 0.9.2"])
|
55
|
+
s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
|
56
|
+
s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
|
57
|
+
s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
|
58
|
+
s.add_development_dependency(%q<rcov>, [">= 0"])
|
59
|
+
else
|
60
|
+
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
61
|
+
s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
|
62
|
+
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
63
|
+
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
64
|
+
s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
|
65
|
+
s.add_dependency(%q<rcov>, [">= 0"])
|
66
|
+
end
|
67
|
+
else
|
68
|
+
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
69
|
+
s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
|
70
|
+
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
71
|
+
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
72
|
+
s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
|
73
|
+
s.add_dependency(%q<rcov>, [">= 0"])
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
data/samples/calc.7z
ADDED
Binary file
|
data/spec/pedump_spec.rb
ADDED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
require 'rspec'
|
4
|
+
require 'pedump'
|
5
|
+
|
6
|
+
# Requires supporting files with custom matchers and macros, etc,
|
7
|
+
# in ./support/ and its subdirectories.
|
8
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
9
|
+
|
10
|
+
RSpec.configure do |config|
|
11
|
+
|
12
|
+
end
|
metadata
ADDED
@@ -0,0 +1,138 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: pedump
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.3.3
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Andrey "Zed" Zaikin
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2011-12-13 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: multipart-post
|
16
|
+
requirement: &70135365235740 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 1.1.4
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70135365235740
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: progressbar
|
27
|
+
requirement: &70135365807020 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ~>
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 0.9.2
|
33
|
+
type: :runtime
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70135365807020
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: rspec
|
38
|
+
requirement: &70135365806000 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ~>
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 2.3.0
|
44
|
+
type: :development
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70135365806000
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: bundler
|
49
|
+
requirement: &70135365804780 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 1.0.0
|
55
|
+
type: :development
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70135365804780
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: jeweler
|
60
|
+
requirement: &70135365803680 !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ~>
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: 1.6.4
|
66
|
+
type: :development
|
67
|
+
prerelease: false
|
68
|
+
version_requirements: *70135365803680
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rcov
|
71
|
+
requirement: &70135365802300 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ! '>='
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: *70135365802300
|
80
|
+
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
81
|
+
email: zed.0xff@gmail.com
|
82
|
+
executables:
|
83
|
+
- pedump
|
84
|
+
extensions: []
|
85
|
+
extra_rdoc_files:
|
86
|
+
- LICENSE.txt
|
87
|
+
- README.md
|
88
|
+
- README.md.tpl
|
89
|
+
files:
|
90
|
+
- .document
|
91
|
+
- .rspec
|
92
|
+
- Gemfile
|
93
|
+
- Gemfile.lock
|
94
|
+
- LICENSE.txt
|
95
|
+
- README.md
|
96
|
+
- README.md.tpl
|
97
|
+
- Rakefile
|
98
|
+
- VERSION
|
99
|
+
- bin/pedump
|
100
|
+
- data/sig.bin
|
101
|
+
- data/sig.txt
|
102
|
+
- lib/pedump.rb
|
103
|
+
- lib/pedump/cli.rb
|
104
|
+
- lib/pedump/packer.rb
|
105
|
+
- lib/pedump/version.rb
|
106
|
+
- pedump.gemspec
|
107
|
+
- samples/calc.7z
|
108
|
+
- spec/pedump_spec.rb
|
109
|
+
- spec/spec_helper.rb
|
110
|
+
homepage: http://github.com/zed-0xff/pedump
|
111
|
+
licenses:
|
112
|
+
- MIT
|
113
|
+
post_install_message:
|
114
|
+
rdoc_options: []
|
115
|
+
require_paths:
|
116
|
+
- lib
|
117
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
118
|
+
none: false
|
119
|
+
requirements:
|
120
|
+
- - ! '>='
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '0'
|
123
|
+
segments:
|
124
|
+
- 0
|
125
|
+
hash: -3106600206779889876
|
126
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
127
|
+
none: false
|
128
|
+
requirements:
|
129
|
+
- - ! '>='
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
requirements: []
|
133
|
+
rubyforge_project:
|
134
|
+
rubygems_version: 1.8.10
|
135
|
+
signing_key:
|
136
|
+
specification_version: 3
|
137
|
+
summary: dump win32 PE executable files with a pure ruby
|
138
|
+
test_files: []
|