pedump 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,124 @@
1
+ class PEdump
2
+ class Packer < Struct.new(:name, :re, :ep_only, :size)
3
+
4
+ DATA_ROOT = File.dirname(File.dirname(File.dirname(__FILE__)))
5
+ BIN_SIGS_FILE = File.join(DATA_ROOT, "data", "sig.bin")
6
+ TEXT_SIGS_FILE = File.join(DATA_ROOT, "data", "sig.txt")
7
+
8
+ Match = Struct.new :offset, :packer
9
+
10
+ class << self
11
+
12
+ def all
13
+ @@all ||=
14
+ begin
15
+ r = unmarshal
16
+ unless r
17
+ if PEdump.respond_to?(:logger) && PEdump.logger
18
+ PEdump.logger.warn "[?] #{self}: unmarshal failed, using slow text parsing instead"
19
+ else
20
+ STDERR.puts "[?] #{self}: unmarshal failed, using slow text parsing instead"
21
+ end
22
+ r = parse
23
+ end
24
+ r
25
+ end
26
+ end
27
+ alias :load :all
28
+
29
+ def max_size
30
+ @@max_size ||= all.map(&:size).max
31
+ end
32
+
33
+ def of data, ep_offset = nil
34
+ if data.respond_to?(:read) && data.respond_to?(:seek) && ep_offset
35
+ of_file data, ep_offset
36
+ else
37
+ of_data data
38
+ end
39
+ end
40
+
41
+ # try to determine packer of FILE f, ep_offset - offset to entrypoint from start of file
42
+ def of_file f, ep_offset
43
+ f.seek(ep_offset)
44
+ of_data f.read(max_size)
45
+ end
46
+
47
+ def of_data data
48
+ r = []
49
+ each do |packer|
50
+ if (idx=data.index(packer.re)) == 0
51
+ r << Match.new(idx, packer)
52
+ end
53
+ end
54
+ r.any? ? r.sort_by{ |x| -x.packer.size } : nil
55
+ end
56
+
57
+ def method_missing *args, &block
58
+ all.respond_to?(args.first) ? all.send(*args,&block) : super
59
+ end
60
+
61
+ def unmarshal
62
+ File.open(BIN_SIGS_FILE,"rb") do |f|
63
+ Marshal.load(f)
64
+ end
65
+ rescue
66
+ nil
67
+ end
68
+
69
+ # parse text signatures
70
+ def parse fname = TEXT_SIGS_FILE
71
+ sigs = {}; sig = nil
72
+
73
+ File.open(fname,'r:utf-8') do |f|
74
+ while line = f.gets
75
+ line.strip!
76
+
77
+ # XXX
78
+ # "B\xE9rczi G\xE1bor".force_encoding('binary').to_yaml:
79
+ # RuntimeError: expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS
80
+
81
+ case line
82
+ when /^;/,/^$/
83
+ next
84
+ when /^\[(.+)\]$/
85
+ sig = Packer.new($1.sub(/^\*\s+/,'').sub(/\s+\(h\)$/,''))
86
+ when /^signature = (.+)$/
87
+ sig.re = $1
88
+ if sigs[sig.re]
89
+ next if sigs[sig.re].name == sig.name
90
+ printf "[?] dup %-40s, %s\n", sigs[sig.re].name.inspect, sig.name.inspect
91
+ end
92
+ sigs[sig.re] = sig
93
+ when /^ep_only = (.+)$/
94
+ sig.ep_only = ($1.strip.downcase == 'true')
95
+ else raise line
96
+ end
97
+ end
98
+ end
99
+
100
+ sigs = sigs.values
101
+ sigs.each do |sig|
102
+ sig.re = Regexp.new(
103
+ sig.re.split(' ').tap do |a|
104
+ sig.size = a.size
105
+ end.map do |x|
106
+ case x
107
+ when '??'
108
+ '.'
109
+ when /[a-f0-9]{2}/i
110
+ Regexp::escape x.to_i(16).chr
111
+ else raise x
112
+ end
113
+ end.join
114
+ )
115
+ if sig.name[/-+>/]
116
+ a = sig.name.split(/-+>/,2).map(&:strip)
117
+ sig.name = "#{a[0]} (#{a[1]})"
118
+ end
119
+ end
120
+ sigs
121
+ end
122
+ end
123
+ end
124
+ end
@@ -0,0 +1,10 @@
1
+ class PEdump
2
+ module Version
3
+ MAJOR = 0
4
+ MINOR = 3
5
+ PATCH = 3
6
+ BUILD = nil
7
+
8
+ STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
9
+ end
10
+ end
@@ -0,0 +1,76 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = "pedump"
8
+ s.version = "0.3.3"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Andrey \"Zed\" Zaikin"]
12
+ s.date = "2011-12-13"
13
+ s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
14
+ s.email = "zed.0xff@gmail.com"
15
+ s.executables = ["pedump"]
16
+ s.extra_rdoc_files = [
17
+ "LICENSE.txt",
18
+ "README.md",
19
+ "README.md.tpl"
20
+ ]
21
+ s.files = [
22
+ ".document",
23
+ ".rspec",
24
+ "Gemfile",
25
+ "Gemfile.lock",
26
+ "LICENSE.txt",
27
+ "README.md",
28
+ "README.md.tpl",
29
+ "Rakefile",
30
+ "VERSION",
31
+ "bin/pedump",
32
+ "data/sig.bin",
33
+ "data/sig.txt",
34
+ "lib/pedump.rb",
35
+ "lib/pedump/cli.rb",
36
+ "lib/pedump/packer.rb",
37
+ "lib/pedump/version.rb",
38
+ "pedump.gemspec",
39
+ "samples/calc.7z",
40
+ "spec/pedump_spec.rb",
41
+ "spec/spec_helper.rb"
42
+ ]
43
+ s.homepage = "http://github.com/zed-0xff/pedump"
44
+ s.licenses = ["MIT"]
45
+ s.require_paths = ["lib"]
46
+ s.rubygems_version = "1.8.10"
47
+ s.summary = "dump win32 PE executable files with a pure ruby"
48
+
49
+ if s.respond_to? :specification_version then
50
+ s.specification_version = 3
51
+
52
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
53
+ s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
54
+ s.add_runtime_dependency(%q<progressbar>, ["~> 0.9.2"])
55
+ s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
56
+ s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
57
+ s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
58
+ s.add_development_dependency(%q<rcov>, [">= 0"])
59
+ else
60
+ s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
61
+ s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
62
+ s.add_dependency(%q<rspec>, ["~> 2.3.0"])
63
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
64
+ s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
65
+ s.add_dependency(%q<rcov>, [">= 0"])
66
+ end
67
+ else
68
+ s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
69
+ s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
70
+ s.add_dependency(%q<rspec>, ["~> 2.3.0"])
71
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
72
+ s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
73
+ s.add_dependency(%q<rcov>, [">= 0"])
74
+ end
75
+ end
76
+
Binary file
@@ -0,0 +1,7 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe "Pedump" do
4
+ it "fails" do
5
+ fail "hey buddy, you should probably rename this file and start specing for real"
6
+ end
7
+ end
@@ -0,0 +1,12 @@
1
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
2
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
3
+ require 'rspec'
4
+ require 'pedump'
5
+
6
+ # Requires supporting files with custom matchers and macros, etc,
7
+ # in ./support/ and its subdirectories.
8
+ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
9
+
10
+ RSpec.configure do |config|
11
+
12
+ end
metadata ADDED
@@ -0,0 +1,138 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: pedump
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.3.3
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Andrey "Zed" Zaikin
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2011-12-13 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: multipart-post
16
+ requirement: &70135365235740 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: 1.1.4
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: *70135365235740
25
+ - !ruby/object:Gem::Dependency
26
+ name: progressbar
27
+ requirement: &70135365807020 !ruby/object:Gem::Requirement
28
+ none: false
29
+ requirements:
30
+ - - ~>
31
+ - !ruby/object:Gem::Version
32
+ version: 0.9.2
33
+ type: :runtime
34
+ prerelease: false
35
+ version_requirements: *70135365807020
36
+ - !ruby/object:Gem::Dependency
37
+ name: rspec
38
+ requirement: &70135365806000 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ~>
42
+ - !ruby/object:Gem::Version
43
+ version: 2.3.0
44
+ type: :development
45
+ prerelease: false
46
+ version_requirements: *70135365806000
47
+ - !ruby/object:Gem::Dependency
48
+ name: bundler
49
+ requirement: &70135365804780 !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ~>
53
+ - !ruby/object:Gem::Version
54
+ version: 1.0.0
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: *70135365804780
58
+ - !ruby/object:Gem::Dependency
59
+ name: jeweler
60
+ requirement: &70135365803680 !ruby/object:Gem::Requirement
61
+ none: false
62
+ requirements:
63
+ - - ~>
64
+ - !ruby/object:Gem::Version
65
+ version: 1.6.4
66
+ type: :development
67
+ prerelease: false
68
+ version_requirements: *70135365803680
69
+ - !ruby/object:Gem::Dependency
70
+ name: rcov
71
+ requirement: &70135365802300 !ruby/object:Gem::Requirement
72
+ none: false
73
+ requirements:
74
+ - - ! '>='
75
+ - !ruby/object:Gem::Version
76
+ version: '0'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: *70135365802300
80
+ description: dump headers, sections, extract resources of win32 PE exe,dll,etc
81
+ email: zed.0xff@gmail.com
82
+ executables:
83
+ - pedump
84
+ extensions: []
85
+ extra_rdoc_files:
86
+ - LICENSE.txt
87
+ - README.md
88
+ - README.md.tpl
89
+ files:
90
+ - .document
91
+ - .rspec
92
+ - Gemfile
93
+ - Gemfile.lock
94
+ - LICENSE.txt
95
+ - README.md
96
+ - README.md.tpl
97
+ - Rakefile
98
+ - VERSION
99
+ - bin/pedump
100
+ - data/sig.bin
101
+ - data/sig.txt
102
+ - lib/pedump.rb
103
+ - lib/pedump/cli.rb
104
+ - lib/pedump/packer.rb
105
+ - lib/pedump/version.rb
106
+ - pedump.gemspec
107
+ - samples/calc.7z
108
+ - spec/pedump_spec.rb
109
+ - spec/spec_helper.rb
110
+ homepage: http://github.com/zed-0xff/pedump
111
+ licenses:
112
+ - MIT
113
+ post_install_message:
114
+ rdoc_options: []
115
+ require_paths:
116
+ - lib
117
+ required_ruby_version: !ruby/object:Gem::Requirement
118
+ none: false
119
+ requirements:
120
+ - - ! '>='
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
123
+ segments:
124
+ - 0
125
+ hash: -3106600206779889876
126
+ required_rubygems_version: !ruby/object:Gem::Requirement
127
+ none: false
128
+ requirements:
129
+ - - ! '>='
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ requirements: []
133
+ rubyforge_project:
134
+ rubygems_version: 1.8.10
135
+ signing_key:
136
+ specification_version: 3
137
+ summary: dump win32 PE executable files with a pure ruby
138
+ test_files: []