pedump 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.document +5 -0
- data/.rspec +1 -0
- data/Gemfile +16 -0
- data/Gemfile.lock +34 -0
- data/LICENSE.txt +20 -0
- data/README.md +398 -0
- data/README.md.tpl +90 -0
- data/Rakefile +179 -0
- data/VERSION +1 -0
- data/bin/pedump +7 -0
- data/data/fs.txt +1595 -0
- data/data/sig.bin +0 -0
- data/data/signatures.txt +678 -0
- data/data/userdb.txt +14083 -0
- data/lib/pedump.rb +1105 -0
- data/lib/pedump/cli.rb +703 -0
- data/lib/pedump/packer.rb +125 -0
- data/lib/pedump/sig_parser.rb +386 -0
- data/lib/pedump/version.rb +10 -0
- data/lib/pedump/version_info.rb +166 -0
- data/pedump.gemspec +87 -0
- data/samples/calc.7z +0 -0
- data/samples/zlib.dll +0 -0
- data/spec/pedump_spec.rb +7 -0
- data/spec/resource_spec.rb +13 -0
- data/spec/sig_all_packers_spec.rb +14 -0
- data/spec/sig_spec.rb +63 -0
- data/spec/spec_helper.rb +12 -0
- metadata +157 -0
@@ -0,0 +1,166 @@
|
|
1
|
+
class PEdump
|
2
|
+
class VS_VERSIONINFO < PEdump.create_struct( 'v3a32v',
|
3
|
+
:wLength,
|
4
|
+
:wValueLength,
|
5
|
+
:wType,
|
6
|
+
:szKey, # The Unicode string L"VS_VERSION_INFO".
|
7
|
+
:Padding1,
|
8
|
+
# manual:
|
9
|
+
:Value, # VS_FIXEDFILEINFO
|
10
|
+
:Padding2,
|
11
|
+
:Children
|
12
|
+
)
|
13
|
+
def self.read f, size = SIZE
|
14
|
+
super.tap do |vi|
|
15
|
+
vi.szKey.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
16
|
+
vi.Padding1 = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
17
|
+
vi.Value = VS_FIXEDFILEINFO.read(f,vi.wValueLength)
|
18
|
+
# As many zero words as necessary to align the Children member on a 32-bit boundary.
|
19
|
+
# These bytes are not included in wValueLength. This member is optional.
|
20
|
+
vi.Padding2 = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
21
|
+
vi.Children = [] # An array of zero or one StringFileInfo structures,
|
22
|
+
# and zero or one VarFileInfo structures
|
23
|
+
|
24
|
+
2.times do
|
25
|
+
pos = f.tell
|
26
|
+
f.seek(pos+6) # seek 6 bytes forward
|
27
|
+
t = f.read(6)
|
28
|
+
f.seek(pos) # return back
|
29
|
+
case t
|
30
|
+
when "V\x00a\x00r\x00"
|
31
|
+
vi.Children << VarFileInfo.read(f)
|
32
|
+
when "S\x00t\x00r\x00"
|
33
|
+
vi.Children << StringFileInfo.read(f)
|
34
|
+
else
|
35
|
+
PEdump.logger.warn "[?] invalid VS_VERSIONINFO child type #{t.inspect}"
|
36
|
+
break
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
class VS_FIXEDFILEINFO < PEdump.create_struct( 'V13',
|
44
|
+
:dwSignature,
|
45
|
+
:dwStrucVersion,
|
46
|
+
:dwFileVersionMS,
|
47
|
+
:dwFileVersionLS,
|
48
|
+
:dwProductVersionMS,
|
49
|
+
:dwProductVersionLS,
|
50
|
+
:dwFileFlagsMask,
|
51
|
+
:dwFileFlags,
|
52
|
+
:dwFileOS,
|
53
|
+
:dwFileType,
|
54
|
+
:dwFileSubtype,
|
55
|
+
:dwFileDateMS,
|
56
|
+
:dwFileDateLS,
|
57
|
+
# manual:
|
58
|
+
:valid
|
59
|
+
)
|
60
|
+
def self.read f, size = SIZE
|
61
|
+
super.tap do |ffi|
|
62
|
+
ffi.valid = (ffi.dwSignature == 0xFEEF04BD)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
class StringFileInfo < PEdump.create_struct( 'v3a30',
|
68
|
+
:wLength,
|
69
|
+
:wValueLength, # always 0
|
70
|
+
:wType, # 1 => text data, 0 => binary data
|
71
|
+
:szKey, # The Unicode string L"StringFileInfo"
|
72
|
+
:Padding, # As many zero words as necessary to align the Children member on a 32-bit boundary
|
73
|
+
:Children # An array of one or more StringTable structures
|
74
|
+
)
|
75
|
+
def self.read f, size = SIZE
|
76
|
+
pos0 = f.tell
|
77
|
+
super.tap do |x|
|
78
|
+
x.szKey.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
79
|
+
x.Padding = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
80
|
+
x.Children = []
|
81
|
+
while !f.eof? && f.tell < pos0+x.wLength
|
82
|
+
x.Children << StringTable.read(f)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
class StringTable < PEdump.create_struct( 'v3a16v',
|
89
|
+
:wLength, # The length, in bytes, of this StringTable structure,
|
90
|
+
# including all structures indicated by the Children member.
|
91
|
+
:wValueLength, # always 0
|
92
|
+
:wType, # 1 => text data, 0 => binary data
|
93
|
+
:szKey, # An 8-digit hexadecimal number stored as a Unicode string
|
94
|
+
:Padding, # As many zero words as necessary to align the Children member on a 32-bit boundary
|
95
|
+
:Children # An array of one or more String structures.
|
96
|
+
)
|
97
|
+
def self.read f, size = SIZE
|
98
|
+
pos0 = f.tell
|
99
|
+
super.tap do |x|
|
100
|
+
x.szKey.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
101
|
+
x.Padding = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
102
|
+
x.Children = []
|
103
|
+
while !f.eof? && f.tell < pos0+x.wLength
|
104
|
+
x.Children << VersionString.read(f)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
class VersionString < PEdump.create_struct( 'v3',
|
111
|
+
:wLength, # The length, in bytes, of this String structure.
|
112
|
+
:wValueLength, # The size, in words, of the Value member
|
113
|
+
:wType, # 1 => text data, 0 => binary data
|
114
|
+
:szKey, # An arbitrary Unicode string
|
115
|
+
:Padding, # As many zero words as necessary to align the Value member on a 32-bit boundary
|
116
|
+
:Value # A zero-terminated string. See the szKey member description for more information
|
117
|
+
)
|
118
|
+
def self.read f, size = SIZE
|
119
|
+
super.tap do |x|
|
120
|
+
x.szKey = ''
|
121
|
+
x.szKey << f.read(2) until x.szKey[-2..-1] == "\x00\x00" || f.eof?
|
122
|
+
x.Padding = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
123
|
+
x.Value = f.read(x.wValueLength*2)
|
124
|
+
if f.tell%4 > 0
|
125
|
+
f.read(4-f.tell%4) # undoc padding?
|
126
|
+
end
|
127
|
+
x.szKey.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
128
|
+
x.Value.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
class VarFileInfo < PEdump.create_struct( 'v3a24v',
|
134
|
+
:wLength,
|
135
|
+
:wValueLength, # always 0
|
136
|
+
:wType, # 1 => text data, 0 => binary data
|
137
|
+
:szKey, # The Unicode string L"VarFileInfo"
|
138
|
+
:Padding, # As many zero words as necessary to align the Children member on a 32-bit boundary
|
139
|
+
:Children # Typically contains a list of languages that the application or DLL supports
|
140
|
+
)
|
141
|
+
def self.read f, size = SIZE
|
142
|
+
super.tap do |x|
|
143
|
+
x.szKey.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
144
|
+
x.Padding = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
145
|
+
x.Children = Var.read(f)
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
class Var < PEdump.create_struct( 'v3a24',
|
151
|
+
:wLength,
|
152
|
+
:wValueLength, # The length, in bytes, of the Value member
|
153
|
+
:wType, # 1 => text data, 0 => binary data
|
154
|
+
:szKey, # The Unicode string L"Translation"
|
155
|
+
:Padding, # As many zero words as necessary to align the Children member on a 32-bit boundary
|
156
|
+
:Value # An array of one or more values that are language and code page identifier pairs
|
157
|
+
)
|
158
|
+
def self.read f, size = SIZE
|
159
|
+
super.tap do |x|
|
160
|
+
x.szKey.force_encoding('UTF-16LE').encode!('UTF-8').sub!(/\u0000$/,'') rescue nil
|
161
|
+
x.Padding = f.tell%4 > 0 ? f.read(4 - f.tell%4) : nil
|
162
|
+
x.Value = f.read(x.wValueLength).unpack('v*')
|
163
|
+
end
|
164
|
+
end
|
165
|
+
end
|
166
|
+
end
|
data/pedump.gemspec
ADDED
@@ -0,0 +1,87 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = "pedump"
|
8
|
+
s.version = "0.4.0"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Andrey \"Zed\" Zaikin"]
|
12
|
+
s.date = "2011-12-17"
|
13
|
+
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
|
14
|
+
s.email = "zed.0xff@gmail.com"
|
15
|
+
s.executables = ["pedump"]
|
16
|
+
s.extra_rdoc_files = [
|
17
|
+
"LICENSE.txt",
|
18
|
+
"README.md",
|
19
|
+
"README.md.tpl"
|
20
|
+
]
|
21
|
+
s.files = [
|
22
|
+
".document",
|
23
|
+
".rspec",
|
24
|
+
"Gemfile",
|
25
|
+
"Gemfile.lock",
|
26
|
+
"LICENSE.txt",
|
27
|
+
"README.md",
|
28
|
+
"README.md.tpl",
|
29
|
+
"Rakefile",
|
30
|
+
"VERSION",
|
31
|
+
"bin/pedump",
|
32
|
+
"data/fs.txt",
|
33
|
+
"data/sig.bin",
|
34
|
+
"data/signatures.txt",
|
35
|
+
"data/userdb.txt",
|
36
|
+
"lib/pedump.rb",
|
37
|
+
"lib/pedump/cli.rb",
|
38
|
+
"lib/pedump/packer.rb",
|
39
|
+
"lib/pedump/sig_parser.rb",
|
40
|
+
"lib/pedump/version.rb",
|
41
|
+
"lib/pedump/version_info.rb",
|
42
|
+
"pedump.gemspec",
|
43
|
+
"samples/calc.7z",
|
44
|
+
"samples/zlib.dll",
|
45
|
+
"spec/pedump_spec.rb",
|
46
|
+
"spec/resource_spec.rb",
|
47
|
+
"spec/sig_all_packers_spec.rb",
|
48
|
+
"spec/sig_spec.rb",
|
49
|
+
"spec/spec_helper.rb"
|
50
|
+
]
|
51
|
+
s.homepage = "http://github.com/zed-0xff/pedump"
|
52
|
+
s.licenses = ["MIT"]
|
53
|
+
s.require_paths = ["lib"]
|
54
|
+
s.rubygems_version = "1.8.10"
|
55
|
+
s.summary = "dump win32 PE executable files with a pure ruby"
|
56
|
+
|
57
|
+
if s.respond_to? :specification_version then
|
58
|
+
s.specification_version = 3
|
59
|
+
|
60
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
61
|
+
s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
62
|
+
s.add_runtime_dependency(%q<progressbar>, ["~> 0.9.2"])
|
63
|
+
s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
|
64
|
+
s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
|
65
|
+
s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
|
66
|
+
s.add_development_dependency(%q<rcov>, [">= 0"])
|
67
|
+
s.add_development_dependency(%q<awesome_print>, [">= 0"])
|
68
|
+
else
|
69
|
+
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
70
|
+
s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
|
71
|
+
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
72
|
+
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
73
|
+
s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
|
74
|
+
s.add_dependency(%q<rcov>, [">= 0"])
|
75
|
+
s.add_dependency(%q<awesome_print>, [">= 0"])
|
76
|
+
end
|
77
|
+
else
|
78
|
+
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
79
|
+
s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
|
80
|
+
s.add_dependency(%q<rspec>, ["~> 2.3.0"])
|
81
|
+
s.add_dependency(%q<bundler>, ["~> 1.0.0"])
|
82
|
+
s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
|
83
|
+
s.add_dependency(%q<rcov>, [">= 0"])
|
84
|
+
s.add_dependency(%q<awesome_print>, [">= 0"])
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
data/samples/calc.7z
ADDED
Binary file
|
data/samples/zlib.dll
ADDED
Binary file
|
data/spec/pedump_spec.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
|
3
|
+
|
4
|
+
describe 'PEdump' do
|
5
|
+
it "should get all resources" do
|
6
|
+
fname = File.expand_path(File.dirname(__FILE__) + '/../samples/calc.exe')
|
7
|
+
File.open(fname,"rb") do |f|
|
8
|
+
@pedump = PEdump.new(fname)
|
9
|
+
@resources = @pedump.resources(f)
|
10
|
+
end
|
11
|
+
@resources.size.should == 71
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump/packer')
|
3
|
+
|
4
|
+
describe "PEdump::Packer" do
|
5
|
+
describe "matchers" do
|
6
|
+
PEdump::SigParser.parse(:raw => true).each do |sig|
|
7
|
+
data = sig.re.join
|
8
|
+
next if data == "This program cannot be run in DOS mo"
|
9
|
+
it "should find #{sig.name}" do
|
10
|
+
PEdump::Packer.of(data).map(&:name).should include(sig.name)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
data/spec/sig_spec.rb
ADDED
@@ -0,0 +1,63 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump/packer')
|
3
|
+
|
4
|
+
describe "PEdump::Packer" do
|
5
|
+
it "should have enough signatures" do
|
6
|
+
PEdump::Packer.count.should > 1000
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should not match" do
|
10
|
+
maxlen = PEdump::Packer.map(&:size).max
|
11
|
+
s = 'x'*maxlen
|
12
|
+
PEdump::Packer.of_data(s).should be_nil
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should parse" do
|
16
|
+
a = PEdump::SigParser.parse
|
17
|
+
a.should be_instance_of(Array)
|
18
|
+
a.map(&:class).uniq.should == [PEdump::Packer]
|
19
|
+
end
|
20
|
+
|
21
|
+
it "should not react to DOS signature" do
|
22
|
+
data = "This program cannot be run in DOS mode"
|
23
|
+
PEdump::Packer.of(data).should be_nil
|
24
|
+
end
|
25
|
+
|
26
|
+
it "should match sigs" do
|
27
|
+
n = 0
|
28
|
+
File.open('data/signatures.txt', 'r:cp1252') do |f|
|
29
|
+
while row = f.gets
|
30
|
+
row.strip!
|
31
|
+
next unless row =~ /^\[(.*)=(.*)\]$/
|
32
|
+
s = ''
|
33
|
+
title,hexstring = $1,$2
|
34
|
+
(hexstring.size/2).times do |i|
|
35
|
+
c = hexstring[i*2,2]
|
36
|
+
if c == '::'
|
37
|
+
s << '.'
|
38
|
+
else
|
39
|
+
s << c.to_i(16).chr
|
40
|
+
end
|
41
|
+
end
|
42
|
+
packers = PEdump::Packer.of(s)
|
43
|
+
if packers
|
44
|
+
names = packers.map(&:name)
|
45
|
+
next if names.any? do |name|
|
46
|
+
a = name.upcase.tr('V','')
|
47
|
+
b = title.upcase.tr('V','')
|
48
|
+
a[b] || b[a]
|
49
|
+
end
|
50
|
+
# puts "[.] #{title}"
|
51
|
+
# names.each do |x|
|
52
|
+
# puts "\t= #{x}"
|
53
|
+
# end
|
54
|
+
else
|
55
|
+
puts "[?] #{title}"
|
56
|
+
n += 1
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
#puts "[.] diff = #{n}"
|
61
|
+
n.should == 0
|
62
|
+
end
|
63
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
require 'rspec'
|
4
|
+
require 'pedump'
|
5
|
+
|
6
|
+
# Requires supporting files with custom matchers and macros, etc,
|
7
|
+
# in ./support/ and its subdirectories.
|
8
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
9
|
+
|
10
|
+
RSpec.configure do |config|
|
11
|
+
|
12
|
+
end
|
metadata
ADDED
@@ -0,0 +1,157 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: pedump
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.4.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Andrey "Zed" Zaikin
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2011-12-17 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: multipart-post
|
16
|
+
requirement: &70304131999160 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 1.1.4
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70304131999160
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: progressbar
|
27
|
+
requirement: &70304131998620 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ~>
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 0.9.2
|
33
|
+
type: :runtime
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70304131998620
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: rspec
|
38
|
+
requirement: &70304131998140 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ~>
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 2.3.0
|
44
|
+
type: :development
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70304131998140
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: bundler
|
49
|
+
requirement: &70304131997660 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 1.0.0
|
55
|
+
type: :development
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70304131997660
|
58
|
+
- !ruby/object:Gem::Dependency
|
59
|
+
name: jeweler
|
60
|
+
requirement: &70304131997180 !ruby/object:Gem::Requirement
|
61
|
+
none: false
|
62
|
+
requirements:
|
63
|
+
- - ~>
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: 1.6.4
|
66
|
+
type: :development
|
67
|
+
prerelease: false
|
68
|
+
version_requirements: *70304131997180
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rcov
|
71
|
+
requirement: &70304131996680 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ! '>='
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: *70304131996680
|
80
|
+
- !ruby/object:Gem::Dependency
|
81
|
+
name: awesome_print
|
82
|
+
requirement: &70304131996200 !ruby/object:Gem::Requirement
|
83
|
+
none: false
|
84
|
+
requirements:
|
85
|
+
- - ! '>='
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '0'
|
88
|
+
type: :development
|
89
|
+
prerelease: false
|
90
|
+
version_requirements: *70304131996200
|
91
|
+
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
92
|
+
email: zed.0xff@gmail.com
|
93
|
+
executables:
|
94
|
+
- pedump
|
95
|
+
extensions: []
|
96
|
+
extra_rdoc_files:
|
97
|
+
- LICENSE.txt
|
98
|
+
- README.md
|
99
|
+
- README.md.tpl
|
100
|
+
files:
|
101
|
+
- .document
|
102
|
+
- .rspec
|
103
|
+
- Gemfile
|
104
|
+
- Gemfile.lock
|
105
|
+
- LICENSE.txt
|
106
|
+
- README.md
|
107
|
+
- README.md.tpl
|
108
|
+
- Rakefile
|
109
|
+
- VERSION
|
110
|
+
- bin/pedump
|
111
|
+
- data/fs.txt
|
112
|
+
- data/sig.bin
|
113
|
+
- data/signatures.txt
|
114
|
+
- data/userdb.txt
|
115
|
+
- lib/pedump.rb
|
116
|
+
- lib/pedump/cli.rb
|
117
|
+
- lib/pedump/packer.rb
|
118
|
+
- lib/pedump/sig_parser.rb
|
119
|
+
- lib/pedump/version.rb
|
120
|
+
- lib/pedump/version_info.rb
|
121
|
+
- pedump.gemspec
|
122
|
+
- samples/calc.7z
|
123
|
+
- samples/zlib.dll
|
124
|
+
- spec/pedump_spec.rb
|
125
|
+
- spec/resource_spec.rb
|
126
|
+
- spec/sig_all_packers_spec.rb
|
127
|
+
- spec/sig_spec.rb
|
128
|
+
- spec/spec_helper.rb
|
129
|
+
homepage: http://github.com/zed-0xff/pedump
|
130
|
+
licenses:
|
131
|
+
- MIT
|
132
|
+
post_install_message:
|
133
|
+
rdoc_options: []
|
134
|
+
require_paths:
|
135
|
+
- lib
|
136
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
137
|
+
none: false
|
138
|
+
requirements:
|
139
|
+
- - ! '>='
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '0'
|
142
|
+
segments:
|
143
|
+
- 0
|
144
|
+
hash: 2685694954412936403
|
145
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
146
|
+
none: false
|
147
|
+
requirements:
|
148
|
+
- - ! '>='
|
149
|
+
- !ruby/object:Gem::Version
|
150
|
+
version: '0'
|
151
|
+
requirements: []
|
152
|
+
rubyforge_project:
|
153
|
+
rubygems_version: 1.8.10
|
154
|
+
signing_key:
|
155
|
+
specification_version: 3
|
156
|
+
summary: dump win32 PE executable files with a pure ruby
|
157
|
+
test_files: []
|