pedump 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. data/.travis.yml +4 -0
  2. data/Gemfile +10 -6
  3. data/Gemfile.lock +27 -19
  4. data/README.md +37 -25
  5. data/Rakefile +45 -6
  6. data/VERSION +1 -1
  7. data/data/fs.txt +37 -1408
  8. data/data/jc-userdb.txt +14371 -0
  9. data/data/sig.bin +0 -0
  10. data/lib/pedump.rb +355 -618
  11. data/lib/pedump/cli.rb +214 -113
  12. data/lib/pedump/comparer.rb +147 -0
  13. data/lib/pedump/composite_io.rb +56 -0
  14. data/lib/pedump/core.rb +38 -0
  15. data/lib/pedump/core_ext/try.rb +57 -0
  16. data/lib/pedump/loader.rb +393 -0
  17. data/lib/pedump/loader/minidump.rb +187 -0
  18. data/lib/pedump/loader/section.rb +57 -0
  19. data/lib/pedump/logger.rb +67 -0
  20. data/lib/pedump/ne.rb +425 -0
  21. data/lib/pedump/ne/version_info.rb +171 -0
  22. data/lib/pedump/packer.rb +50 -2
  23. data/lib/pedump/pe.rb +121 -0
  24. data/lib/pedump/resources.rb +436 -0
  25. data/lib/pedump/security.rb +58 -0
  26. data/lib/pedump/sig_parser.rb +145 -24
  27. data/lib/pedump/tls.rb +17 -0
  28. data/lib/pedump/unpacker.rb +26 -0
  29. data/lib/pedump/unpacker/aspack.rb +858 -0
  30. data/lib/pedump/unpacker/upx.rb +13 -0
  31. data/lib/pedump/version.rb +1 -1
  32. data/lib/pedump/version_info.rb +15 -10
  33. data/misc/aspack/Makefile +3 -0
  34. data/misc/aspack/aspack_unlzx.c +92 -0
  35. data/misc/aspack/lzxdec.c +479 -0
  36. data/misc/aspack/lzxdec.h +56 -0
  37. data/misc/nedump.c +751 -0
  38. data/pedump.gemspec +75 -25
  39. data/samples/bad/68.exe +0 -0
  40. data/samples/bad/data_dir_15_entries.exe +0 -0
  41. data/spec/65535sects_spec.rb +8 -0
  42. data/spec/bad_imports_spec.rb +20 -0
  43. data/spec/bad_samples_spec.rb +13 -0
  44. data/spec/composite_io_spec.rb +122 -0
  45. data/spec/data/calc.exe_sections.yml +49 -0
  46. data/spec/data/data_dir_15_entries.exe_sections.yml +95 -0
  47. data/spec/dllord_spec.rb +21 -0
  48. data/spec/foldedhdr_spec.rb +28 -0
  49. data/spec/imports_badterm_spec.rb +52 -0
  50. data/spec/imports_vterm_spec.rb +52 -0
  51. data/spec/loader/names_spec.rb +24 -0
  52. data/spec/loader/va_spec.rb +44 -0
  53. data/spec/manyimportsW7_spec.rb +22 -0
  54. data/spec/ne_spec.rb +125 -0
  55. data/spec/packer_spec.rb +17 -0
  56. data/spec/pe_spec.rb +67 -0
  57. data/spec/pedump_spec.rb +16 -4
  58. data/spec/sections_spec.rb +11 -0
  59. data/spec/sig_all_packers_spec.rb +15 -5
  60. data/spec/sig_spec.rb +6 -1
  61. data/spec/spec_helper.rb +15 -3
  62. data/spec/support/samples.rb +24 -0
  63. data/spec/unpackers/aspack_spec.rb +69 -0
  64. data/spec/unpackers/find_spec.rb +21 -0
  65. data/spec/virtsectblXP_spec.rb +12 -0
  66. data/tmp/.keep +0 -0
  67. metadata +146 -35
  68. data/README.md.tpl +0 -90
  69. data/samples/calc.7z +0 -0
  70. data/samples/zlib.dll +0 -0
data/README.md.tpl DELETED
@@ -1,90 +0,0 @@
1
- pedump
2
- ======
3
-
4
- Description
5
- -----------
6
- A pure ruby implementation of win32 PE binary files dumper, including:
7
-
8
- * MZ Header
9
- * DOS stub
10
- * ['Rich' Header](http://ntcore.com/files/richsign.htm)
11
- * PE Header
12
- * Data Directory
13
- * Sections
14
- * Resources
15
- * Strings
16
- * Imports & Exports
17
- * VS_VERSIONINFO parsing
18
- * PE Packer/Compiler detection
19
- * a convenient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
20
-
21
- Installation
22
- ------------
23
- gem install pedump
24
-
25
- Usage
26
- -----
27
-
28
- % pedump -h
29
-
30
- ### MZ Header
31
-
32
- % pedump --mz calc.exe
33
-
34
- ### DOS stub
35
-
36
- % pedump --dos-stub calc.exe
37
-
38
- ### 'Rich' Header
39
-
40
- % pedump --rich calc.exe
41
-
42
- ### PE Header
43
-
44
- % pedump --pe calc.exe
45
-
46
- ### Data Directory
47
-
48
- % pedump --data-directory calc.exe
49
-
50
- ### Sections
51
-
52
- % pedump --sections calc.exe
53
-
54
- ### Resources
55
-
56
- % pedump --resources calc.exe
57
-
58
- ### Strings
59
-
60
- % pedump --strings calc.exe.mui
61
-
62
- ### Imports
63
-
64
- % pedump --imports zlib.dll
65
-
66
- ### Exports
67
-
68
- % pedump --exports zlib.dll
69
-
70
- ### VS_VERSIONINFO parsing
71
-
72
- % pedump --version-info calc.exe
73
-
74
- ### Packer / Compiler detection
75
-
76
- % pedump --packer zlib.dll
77
-
78
- #### pedump can mimic 'file' command output:
79
-
80
- #pedump --packer-only -qqq samples/*
81
-
82
- samples/StringLoader.dll: Microsoft Visual C++ 6.0 DLL (Debug)
83
- samples/control.exe: ASPack v2.12
84
- samples/gms_v1_0_3.exe: UPX 2.90 [LZMA] (Markus Oberhumer, Laszlo Molnar & John Reiser)
85
- samples/unpackme.exe: ASProtect 1.33 - 2.1 Registered (Alexey Solodovnikov)
86
- samples/zlib.dll: Microsoft Visual C v2.0
87
-
88
- License
89
- -------
90
- Released under the MIT License. See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.
data/samples/calc.7z DELETED
Binary file
data/samples/zlib.dll DELETED
Binary file