pedump 0.4.16 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +2 -0
- data/Gemfile.lock +5 -1
- data/VERSION +1 -1
- data/lib/pedump.rb +21 -18
- data/lib/pedump/cli.rb +40 -46
- data/lib/pedump/core.rb +0 -47
- data/lib/pedump/core_ext/try.rb +57 -0
- data/lib/pedump/loader.rb +284 -22
- data/lib/pedump/loader/minidump.rb +187 -0
- data/lib/pedump/loader/section.rb +9 -3
- data/lib/pedump/ne.rb +8 -8
- data/lib/pedump/ne/version_info.rb +7 -7
- data/lib/pedump/pe.rb +2 -0
- data/lib/pedump/resources.rb +8 -8
- data/lib/pedump/security.rb +1 -1
- data/lib/pedump/tls.rb +2 -2
- data/lib/pedump/unpacker/aspack.rb +7 -2
- data/lib/pedump/version.rb +2 -2
- data/lib/pedump/version_info.rb +7 -7
- data/pedump.gemspec +12 -2
- data/spec/loader/names_spec.rb +24 -0
- data/spec/loader/va_spec.rb +44 -0
- metadata +67 -31
data/lib/pedump/version.rb
CHANGED
data/lib/pedump/version_info.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
class PEdump
|
|
2
|
-
class VS_VERSIONINFO <
|
|
2
|
+
class VS_VERSIONINFO < IOStruct.new( 'v3a32v',
|
|
3
3
|
:wLength,
|
|
4
4
|
:wValueLength,
|
|
5
5
|
:wType,
|
|
@@ -40,7 +40,7 @@ class PEdump
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
class VS_FIXEDFILEINFO <
|
|
43
|
+
class VS_FIXEDFILEINFO < IOStruct.new( 'V13',
|
|
44
44
|
:dwSignature,
|
|
45
45
|
:dwStrucVersion,
|
|
46
46
|
:dwFileVersionMS,
|
|
@@ -64,7 +64,7 @@ class PEdump
|
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
class StringFileInfo <
|
|
67
|
+
class StringFileInfo < IOStruct.new( 'v3a30',
|
|
68
68
|
:wLength,
|
|
69
69
|
:wValueLength, # always 0
|
|
70
70
|
:wType, # 1 => text data, 0 => binary data
|
|
@@ -85,7 +85,7 @@ class PEdump
|
|
|
85
85
|
end
|
|
86
86
|
end
|
|
87
87
|
|
|
88
|
-
class StringTable <
|
|
88
|
+
class StringTable < IOStruct.new( 'v3a16v',
|
|
89
89
|
:wLength, # The length, in bytes, of this StringTable structure,
|
|
90
90
|
# including all structures indicated by the Children member.
|
|
91
91
|
:wValueLength, # always 0
|
|
@@ -107,7 +107,7 @@ class PEdump
|
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
|
|
110
|
-
class VersionString <
|
|
110
|
+
class VersionString < IOStruct.new( 'v3',
|
|
111
111
|
:wLength, # The length, in bytes, of this String structure.
|
|
112
112
|
:wValueLength, # The size, in words, of the Value member
|
|
113
113
|
:wType, # 1 => text data, 0 => binary data
|
|
@@ -135,7 +135,7 @@ class PEdump
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
-
class VarFileInfo <
|
|
138
|
+
class VarFileInfo < IOStruct.new( 'v3a24v',
|
|
139
139
|
:wLength,
|
|
140
140
|
:wValueLength, # always 0
|
|
141
141
|
:wType, # 1 => text data, 0 => binary data
|
|
@@ -152,7 +152,7 @@ class PEdump
|
|
|
152
152
|
end
|
|
153
153
|
end
|
|
154
154
|
|
|
155
|
-
class Var <
|
|
155
|
+
class Var < IOStruct.new( 'v3a24',
|
|
156
156
|
:wLength,
|
|
157
157
|
:wValueLength, # The length, in bytes, of the Value member
|
|
158
158
|
:wType, # 1 => text data, 0 => binary data
|
data/pedump.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = "pedump"
|
|
8
|
-
s.version = "0.
|
|
8
|
+
s.version = "0.5.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Andrey \"Zed\" Zaikin"]
|
|
12
|
-
s.date = "2013-
|
|
12
|
+
s.date = "2013-04-20"
|
|
13
13
|
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
|
|
14
14
|
s.email = "zed.0xff@gmail.com"
|
|
15
15
|
s.executables = ["pedump"]
|
|
@@ -38,7 +38,9 @@ Gem::Specification.new do |s|
|
|
|
38
38
|
"lib/pedump/comparer.rb",
|
|
39
39
|
"lib/pedump/composite_io.rb",
|
|
40
40
|
"lib/pedump/core.rb",
|
|
41
|
+
"lib/pedump/core_ext/try.rb",
|
|
41
42
|
"lib/pedump/loader.rb",
|
|
43
|
+
"lib/pedump/loader/minidump.rb",
|
|
42
44
|
"lib/pedump/loader/section.rb",
|
|
43
45
|
"lib/pedump/logger.rb",
|
|
44
46
|
"lib/pedump/ne.rb",
|
|
@@ -72,6 +74,8 @@ Gem::Specification.new do |s|
|
|
|
72
74
|
"spec/foldedhdr_spec.rb",
|
|
73
75
|
"spec/imports_badterm_spec.rb",
|
|
74
76
|
"spec/imports_vterm_spec.rb",
|
|
77
|
+
"spec/loader/names_spec.rb",
|
|
78
|
+
"spec/loader/va_spec.rb",
|
|
75
79
|
"spec/manyimportsW7_spec.rb",
|
|
76
80
|
"spec/ne_spec.rb",
|
|
77
81
|
"spec/packer_spec.rb",
|
|
@@ -101,6 +105,8 @@ Gem::Specification.new do |s|
|
|
|
101
105
|
s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
|
102
106
|
s.add_runtime_dependency(%q<progressbar>, [">= 0"])
|
|
103
107
|
s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
|
|
108
|
+
s.add_runtime_dependency(%q<iostruct>, [">= 0.0.4"])
|
|
109
|
+
s.add_runtime_dependency(%q<zhexdump>, [">= 0.0.2"])
|
|
104
110
|
s.add_development_dependency(%q<rspec>, [">= 0"])
|
|
105
111
|
s.add_development_dependency(%q<bundler>, [">= 0"])
|
|
106
112
|
s.add_development_dependency(%q<jeweler>, [">= 0"])
|
|
@@ -109,6 +115,8 @@ Gem::Specification.new do |s|
|
|
|
109
115
|
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
|
110
116
|
s.add_dependency(%q<progressbar>, [">= 0"])
|
|
111
117
|
s.add_dependency(%q<awesome_print>, [">= 0"])
|
|
118
|
+
s.add_dependency(%q<iostruct>, [">= 0.0.4"])
|
|
119
|
+
s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
|
|
112
120
|
s.add_dependency(%q<rspec>, [">= 0"])
|
|
113
121
|
s.add_dependency(%q<bundler>, [">= 0"])
|
|
114
122
|
s.add_dependency(%q<jeweler>, [">= 0"])
|
|
@@ -118,6 +126,8 @@ Gem::Specification.new do |s|
|
|
|
118
126
|
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
|
119
127
|
s.add_dependency(%q<progressbar>, [">= 0"])
|
|
120
128
|
s.add_dependency(%q<awesome_print>, [">= 0"])
|
|
129
|
+
s.add_dependency(%q<iostruct>, [">= 0.0.4"])
|
|
130
|
+
s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
|
|
121
131
|
s.add_dependency(%q<rspec>, [">= 0"])
|
|
122
132
|
s.add_dependency(%q<bundler>, [">= 0"])
|
|
123
133
|
s.add_dependency(%q<jeweler>, [">= 0"])
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'pedump/loader'
|
|
3
|
+
|
|
4
|
+
describe PEdump::Loader do
|
|
5
|
+
it "should read names from imports" do
|
|
6
|
+
io = open("samples/calc.exe","rb")
|
|
7
|
+
@ldr = PEdump::Loader.new io
|
|
8
|
+
|
|
9
|
+
@ldr.names.should_not be_nil
|
|
10
|
+
@ldr.names.should_not be_empty
|
|
11
|
+
@ldr.names.size.should >= 343
|
|
12
|
+
@ldr.names[0x10010d0].should == 'GetStartupInfoA'
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it "should read names from exports" do
|
|
16
|
+
io = open("samples/zlib.dll","rb")
|
|
17
|
+
@ldr = PEdump::Loader.new io
|
|
18
|
+
|
|
19
|
+
@ldr.names.should_not be_nil
|
|
20
|
+
@ldr.names.should_not be_empty
|
|
21
|
+
@ldr.names.size.should >= 69
|
|
22
|
+
@ldr.names[0x1000e340].should == 'zlib_version'
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'pedump/loader'
|
|
3
|
+
|
|
4
|
+
describe PEdump::Loader do
|
|
5
|
+
describe "#valid_va?" do
|
|
6
|
+
describe "samples/calc.exe" do
|
|
7
|
+
before do
|
|
8
|
+
io = open("samples/calc.exe","rb")
|
|
9
|
+
@ldr = PEdump::Loader.new io
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
%w'1001000 1010000 104b999 104c000 1051000 109c000 10a01f5'.each do |x|
|
|
13
|
+
it "returns true for 0x#{x}" do
|
|
14
|
+
@ldr.valid_va?(x.to_i(16)).should be_true
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
%w'0 1 1000 1000fff 104b99a 104bfff 1050fff 109bfff 10a01f6'.each do |x|
|
|
19
|
+
it "returns false for 0x#{x}" do
|
|
20
|
+
@ldr.valid_va?(x.to_i(16)).should be_false
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
describe "samples/upx.exe" do
|
|
26
|
+
before do
|
|
27
|
+
io = open("samples/upx.exe","rb")
|
|
28
|
+
@ldr = PEdump::Loader.new io
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
%w'401000 541000 589000 589fff'.each do |x|
|
|
32
|
+
it "returns true for 0x#{x}" do
|
|
33
|
+
@ldr.valid_va?(x.to_i(16)).should be_true
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
%w'0 1 1000 400000 58a000'.each do |x|
|
|
38
|
+
it "returns false for 0x#{x}" do
|
|
39
|
+
@ldr.valid_va?(x.to_i(16)).should be_false
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
metadata
CHANGED
|
@@ -1,128 +1,160 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pedump
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.5.0
|
|
4
5
|
prerelease:
|
|
5
|
-
version: 0.4.16
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Andrey "Zed" Zaikin
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
12
|
+
date: 2013-04-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
|
-
prerelease: false
|
|
16
|
-
type: :runtime
|
|
17
15
|
name: multipart-post
|
|
18
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
19
18
|
requirements:
|
|
20
19
|
- - ~>
|
|
21
20
|
- !ruby/object:Gem::Version
|
|
22
21
|
version: 1.1.4
|
|
23
|
-
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
25
26
|
requirements:
|
|
26
27
|
- - ~>
|
|
27
28
|
- !ruby/object:Gem::Version
|
|
28
29
|
version: 1.1.4
|
|
29
|
-
none: false
|
|
30
30
|
- !ruby/object:Gem::Dependency
|
|
31
|
-
prerelease: false
|
|
32
|
-
type: :runtime
|
|
33
31
|
name: progressbar
|
|
34
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
35
34
|
requirements:
|
|
36
35
|
- - ! '>='
|
|
37
36
|
- !ruby/object:Gem::Version
|
|
38
37
|
version: '0'
|
|
39
|
-
|
|
38
|
+
type: :runtime
|
|
39
|
+
prerelease: false
|
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
41
42
|
requirements:
|
|
42
43
|
- - ! '>='
|
|
43
44
|
- !ruby/object:Gem::Version
|
|
44
45
|
version: '0'
|
|
45
|
-
none: false
|
|
46
46
|
- !ruby/object:Gem::Dependency
|
|
47
|
-
prerelease: false
|
|
48
|
-
type: :runtime
|
|
49
47
|
name: awesome_print
|
|
50
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
51
50
|
requirements:
|
|
52
51
|
- - ! '>='
|
|
53
52
|
- !ruby/object:Gem::Version
|
|
54
53
|
version: '0'
|
|
55
|
-
|
|
54
|
+
type: :runtime
|
|
55
|
+
prerelease: false
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
57
58
|
requirements:
|
|
58
59
|
- - ! '>='
|
|
59
60
|
- !ruby/object:Gem::Version
|
|
60
61
|
version: '0'
|
|
62
|
+
- !ruby/object:Gem::Dependency
|
|
63
|
+
name: iostruct
|
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
none: false
|
|
66
|
+
requirements:
|
|
67
|
+
- - ! '>='
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: 0.0.4
|
|
70
|
+
type: :runtime
|
|
71
|
+
prerelease: false
|
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
61
73
|
none: false
|
|
74
|
+
requirements:
|
|
75
|
+
- - ! '>='
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
version: 0.0.4
|
|
62
78
|
- !ruby/object:Gem::Dependency
|
|
79
|
+
name: zhexdump
|
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
|
81
|
+
none: false
|
|
82
|
+
requirements:
|
|
83
|
+
- - ! '>='
|
|
84
|
+
- !ruby/object:Gem::Version
|
|
85
|
+
version: 0.0.2
|
|
86
|
+
type: :runtime
|
|
63
87
|
prerelease: false
|
|
64
|
-
|
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
+
none: false
|
|
90
|
+
requirements:
|
|
91
|
+
- - ! '>='
|
|
92
|
+
- !ruby/object:Gem::Version
|
|
93
|
+
version: 0.0.2
|
|
94
|
+
- !ruby/object:Gem::Dependency
|
|
65
95
|
name: rspec
|
|
66
96
|
requirement: !ruby/object:Gem::Requirement
|
|
97
|
+
none: false
|
|
67
98
|
requirements:
|
|
68
99
|
- - ! '>='
|
|
69
100
|
- !ruby/object:Gem::Version
|
|
70
101
|
version: '0'
|
|
71
|
-
|
|
102
|
+
type: :development
|
|
103
|
+
prerelease: false
|
|
72
104
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
+
none: false
|
|
73
106
|
requirements:
|
|
74
107
|
- - ! '>='
|
|
75
108
|
- !ruby/object:Gem::Version
|
|
76
109
|
version: '0'
|
|
77
|
-
none: false
|
|
78
110
|
- !ruby/object:Gem::Dependency
|
|
79
|
-
prerelease: false
|
|
80
|
-
type: :development
|
|
81
111
|
name: bundler
|
|
82
112
|
requirement: !ruby/object:Gem::Requirement
|
|
113
|
+
none: false
|
|
83
114
|
requirements:
|
|
84
115
|
- - ! '>='
|
|
85
116
|
- !ruby/object:Gem::Version
|
|
86
117
|
version: '0'
|
|
87
|
-
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
88
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
none: false
|
|
89
122
|
requirements:
|
|
90
123
|
- - ! '>='
|
|
91
124
|
- !ruby/object:Gem::Version
|
|
92
125
|
version: '0'
|
|
93
|
-
none: false
|
|
94
126
|
- !ruby/object:Gem::Dependency
|
|
95
|
-
prerelease: false
|
|
96
|
-
type: :development
|
|
97
127
|
name: jeweler
|
|
98
128
|
requirement: !ruby/object:Gem::Requirement
|
|
129
|
+
none: false
|
|
99
130
|
requirements:
|
|
100
131
|
- - ! '>='
|
|
101
132
|
- !ruby/object:Gem::Version
|
|
102
133
|
version: '0'
|
|
103
|
-
|
|
134
|
+
type: :development
|
|
135
|
+
prerelease: false
|
|
104
136
|
version_requirements: !ruby/object:Gem::Requirement
|
|
137
|
+
none: false
|
|
105
138
|
requirements:
|
|
106
139
|
- - ! '>='
|
|
107
140
|
- !ruby/object:Gem::Version
|
|
108
141
|
version: '0'
|
|
109
|
-
none: false
|
|
110
142
|
- !ruby/object:Gem::Dependency
|
|
111
|
-
prerelease: false
|
|
112
|
-
type: :development
|
|
113
143
|
name: what_methods
|
|
114
144
|
requirement: !ruby/object:Gem::Requirement
|
|
145
|
+
none: false
|
|
115
146
|
requirements:
|
|
116
147
|
- - ! '>='
|
|
117
148
|
- !ruby/object:Gem::Version
|
|
118
149
|
version: '0'
|
|
119
|
-
|
|
150
|
+
type: :development
|
|
151
|
+
prerelease: false
|
|
120
152
|
version_requirements: !ruby/object:Gem::Requirement
|
|
153
|
+
none: false
|
|
121
154
|
requirements:
|
|
122
155
|
- - ! '>='
|
|
123
156
|
- !ruby/object:Gem::Version
|
|
124
157
|
version: '0'
|
|
125
|
-
none: false
|
|
126
158
|
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
|
127
159
|
email: zed.0xff@gmail.com
|
|
128
160
|
executables:
|
|
@@ -152,7 +184,9 @@ files:
|
|
|
152
184
|
- lib/pedump/comparer.rb
|
|
153
185
|
- lib/pedump/composite_io.rb
|
|
154
186
|
- lib/pedump/core.rb
|
|
187
|
+
- lib/pedump/core_ext/try.rb
|
|
155
188
|
- lib/pedump/loader.rb
|
|
189
|
+
- lib/pedump/loader/minidump.rb
|
|
156
190
|
- lib/pedump/loader/section.rb
|
|
157
191
|
- lib/pedump/logger.rb
|
|
158
192
|
- lib/pedump/ne.rb
|
|
@@ -186,6 +220,8 @@ files:
|
|
|
186
220
|
- spec/foldedhdr_spec.rb
|
|
187
221
|
- spec/imports_badterm_spec.rb
|
|
188
222
|
- spec/imports_vterm_spec.rb
|
|
223
|
+
- spec/loader/names_spec.rb
|
|
224
|
+
- spec/loader/va_spec.rb
|
|
189
225
|
- spec/manyimportsW7_spec.rb
|
|
190
226
|
- spec/ne_spec.rb
|
|
191
227
|
- spec/packer_spec.rb
|
|
@@ -209,20 +245,20 @@ rdoc_options: []
|
|
|
209
245
|
require_paths:
|
|
210
246
|
- lib
|
|
211
247
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
248
|
+
none: false
|
|
212
249
|
requirements:
|
|
213
250
|
- - ! '>='
|
|
214
251
|
- !ruby/object:Gem::Version
|
|
215
252
|
version: '0'
|
|
216
253
|
segments:
|
|
217
254
|
- 0
|
|
218
|
-
hash: -
|
|
219
|
-
none: false
|
|
255
|
+
hash: -1369606751108388991
|
|
220
256
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
257
|
+
none: false
|
|
221
258
|
requirements:
|
|
222
259
|
- - ! '>='
|
|
223
260
|
- !ruby/object:Gem::Version
|
|
224
261
|
version: '0'
|
|
225
|
-
none: false
|
|
226
262
|
requirements: []
|
|
227
263
|
rubyforge_project:
|
|
228
264
|
rubygems_version: 1.8.24
|