pedump 0.4.16 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +2 -0
- data/Gemfile.lock +5 -1
- data/VERSION +1 -1
- data/lib/pedump.rb +21 -18
- data/lib/pedump/cli.rb +40 -46
- data/lib/pedump/core.rb +0 -47
- data/lib/pedump/core_ext/try.rb +57 -0
- data/lib/pedump/loader.rb +284 -22
- data/lib/pedump/loader/minidump.rb +187 -0
- data/lib/pedump/loader/section.rb +9 -3
- data/lib/pedump/ne.rb +8 -8
- data/lib/pedump/ne/version_info.rb +7 -7
- data/lib/pedump/pe.rb +2 -0
- data/lib/pedump/resources.rb +8 -8
- data/lib/pedump/security.rb +1 -1
- data/lib/pedump/tls.rb +2 -2
- data/lib/pedump/unpacker/aspack.rb +7 -2
- data/lib/pedump/version.rb +2 -2
- data/lib/pedump/version_info.rb +7 -7
- data/pedump.gemspec +12 -2
- data/spec/loader/names_spec.rb +24 -0
- data/spec/loader/va_spec.rb +44 -0
- metadata +67 -31
data/lib/pedump/version.rb
CHANGED
data/lib/pedump/version_info.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
class PEdump
|
|
2
|
-
class VS_VERSIONINFO <
|
|
2
|
+
class VS_VERSIONINFO < IOStruct.new( 'v3a32v',
|
|
3
3
|
:wLength,
|
|
4
4
|
:wValueLength,
|
|
5
5
|
:wType,
|
|
@@ -40,7 +40,7 @@ class PEdump
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
class VS_FIXEDFILEINFO <
|
|
43
|
+
class VS_FIXEDFILEINFO < IOStruct.new( 'V13',
|
|
44
44
|
:dwSignature,
|
|
45
45
|
:dwStrucVersion,
|
|
46
46
|
:dwFileVersionMS,
|
|
@@ -64,7 +64,7 @@ class PEdump
|
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
67
|
-
class StringFileInfo <
|
|
67
|
+
class StringFileInfo < IOStruct.new( 'v3a30',
|
|
68
68
|
:wLength,
|
|
69
69
|
:wValueLength, # always 0
|
|
70
70
|
:wType, # 1 => text data, 0 => binary data
|
|
@@ -85,7 +85,7 @@ class PEdump
|
|
|
85
85
|
end
|
|
86
86
|
end
|
|
87
87
|
|
|
88
|
-
class StringTable <
|
|
88
|
+
class StringTable < IOStruct.new( 'v3a16v',
|
|
89
89
|
:wLength, # The length, in bytes, of this StringTable structure,
|
|
90
90
|
# including all structures indicated by the Children member.
|
|
91
91
|
:wValueLength, # always 0
|
|
@@ -107,7 +107,7 @@ class PEdump
|
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
|
|
110
|
-
class VersionString <
|
|
110
|
+
class VersionString < IOStruct.new( 'v3',
|
|
111
111
|
:wLength, # The length, in bytes, of this String structure.
|
|
112
112
|
:wValueLength, # The size, in words, of the Value member
|
|
113
113
|
:wType, # 1 => text data, 0 => binary data
|
|
@@ -135,7 +135,7 @@ class PEdump
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
-
class VarFileInfo <
|
|
138
|
+
class VarFileInfo < IOStruct.new( 'v3a24v',
|
|
139
139
|
:wLength,
|
|
140
140
|
:wValueLength, # always 0
|
|
141
141
|
:wType, # 1 => text data, 0 => binary data
|
|
@@ -152,7 +152,7 @@ class PEdump
|
|
|
152
152
|
end
|
|
153
153
|
end
|
|
154
154
|
|
|
155
|
-
class Var <
|
|
155
|
+
class Var < IOStruct.new( 'v3a24',
|
|
156
156
|
:wLength,
|
|
157
157
|
:wValueLength, # The length, in bytes, of the Value member
|
|
158
158
|
:wType, # 1 => text data, 0 => binary data
|
data/pedump.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = "pedump"
|
|
8
|
-
s.version = "0.
|
|
8
|
+
s.version = "0.5.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Andrey \"Zed\" Zaikin"]
|
|
12
|
-
s.date = "2013-
|
|
12
|
+
s.date = "2013-04-20"
|
|
13
13
|
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
|
|
14
14
|
s.email = "zed.0xff@gmail.com"
|
|
15
15
|
s.executables = ["pedump"]
|
|
@@ -38,7 +38,9 @@ Gem::Specification.new do |s|
|
|
|
38
38
|
"lib/pedump/comparer.rb",
|
|
39
39
|
"lib/pedump/composite_io.rb",
|
|
40
40
|
"lib/pedump/core.rb",
|
|
41
|
+
"lib/pedump/core_ext/try.rb",
|
|
41
42
|
"lib/pedump/loader.rb",
|
|
43
|
+
"lib/pedump/loader/minidump.rb",
|
|
42
44
|
"lib/pedump/loader/section.rb",
|
|
43
45
|
"lib/pedump/logger.rb",
|
|
44
46
|
"lib/pedump/ne.rb",
|
|
@@ -72,6 +74,8 @@ Gem::Specification.new do |s|
|
|
|
72
74
|
"spec/foldedhdr_spec.rb",
|
|
73
75
|
"spec/imports_badterm_spec.rb",
|
|
74
76
|
"spec/imports_vterm_spec.rb",
|
|
77
|
+
"spec/loader/names_spec.rb",
|
|
78
|
+
"spec/loader/va_spec.rb",
|
|
75
79
|
"spec/manyimportsW7_spec.rb",
|
|
76
80
|
"spec/ne_spec.rb",
|
|
77
81
|
"spec/packer_spec.rb",
|
|
@@ -101,6 +105,8 @@ Gem::Specification.new do |s|
|
|
|
101
105
|
s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
|
102
106
|
s.add_runtime_dependency(%q<progressbar>, [">= 0"])
|
|
103
107
|
s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
|
|
108
|
+
s.add_runtime_dependency(%q<iostruct>, [">= 0.0.4"])
|
|
109
|
+
s.add_runtime_dependency(%q<zhexdump>, [">= 0.0.2"])
|
|
104
110
|
s.add_development_dependency(%q<rspec>, [">= 0"])
|
|
105
111
|
s.add_development_dependency(%q<bundler>, [">= 0"])
|
|
106
112
|
s.add_development_dependency(%q<jeweler>, [">= 0"])
|
|
@@ -109,6 +115,8 @@ Gem::Specification.new do |s|
|
|
|
109
115
|
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
|
110
116
|
s.add_dependency(%q<progressbar>, [">= 0"])
|
|
111
117
|
s.add_dependency(%q<awesome_print>, [">= 0"])
|
|
118
|
+
s.add_dependency(%q<iostruct>, [">= 0.0.4"])
|
|
119
|
+
s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
|
|
112
120
|
s.add_dependency(%q<rspec>, [">= 0"])
|
|
113
121
|
s.add_dependency(%q<bundler>, [">= 0"])
|
|
114
122
|
s.add_dependency(%q<jeweler>, [">= 0"])
|
|
@@ -118,6 +126,8 @@ Gem::Specification.new do |s|
|
|
|
118
126
|
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
|
119
127
|
s.add_dependency(%q<progressbar>, [">= 0"])
|
|
120
128
|
s.add_dependency(%q<awesome_print>, [">= 0"])
|
|
129
|
+
s.add_dependency(%q<iostruct>, [">= 0.0.4"])
|
|
130
|
+
s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
|
|
121
131
|
s.add_dependency(%q<rspec>, [">= 0"])
|
|
122
132
|
s.add_dependency(%q<bundler>, [">= 0"])
|
|
123
133
|
s.add_dependency(%q<jeweler>, [">= 0"])
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'pedump/loader'
|
|
3
|
+
|
|
4
|
+
describe PEdump::Loader do
|
|
5
|
+
it "should read names from imports" do
|
|
6
|
+
io = open("samples/calc.exe","rb")
|
|
7
|
+
@ldr = PEdump::Loader.new io
|
|
8
|
+
|
|
9
|
+
@ldr.names.should_not be_nil
|
|
10
|
+
@ldr.names.should_not be_empty
|
|
11
|
+
@ldr.names.size.should >= 343
|
|
12
|
+
@ldr.names[0x10010d0].should == 'GetStartupInfoA'
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it "should read names from exports" do
|
|
16
|
+
io = open("samples/zlib.dll","rb")
|
|
17
|
+
@ldr = PEdump::Loader.new io
|
|
18
|
+
|
|
19
|
+
@ldr.names.should_not be_nil
|
|
20
|
+
@ldr.names.should_not be_empty
|
|
21
|
+
@ldr.names.size.should >= 69
|
|
22
|
+
@ldr.names[0x1000e340].should == 'zlib_version'
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'pedump/loader'
|
|
3
|
+
|
|
4
|
+
describe PEdump::Loader do
|
|
5
|
+
describe "#valid_va?" do
|
|
6
|
+
describe "samples/calc.exe" do
|
|
7
|
+
before do
|
|
8
|
+
io = open("samples/calc.exe","rb")
|
|
9
|
+
@ldr = PEdump::Loader.new io
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
%w'1001000 1010000 104b999 104c000 1051000 109c000 10a01f5'.each do |x|
|
|
13
|
+
it "returns true for 0x#{x}" do
|
|
14
|
+
@ldr.valid_va?(x.to_i(16)).should be_true
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
%w'0 1 1000 1000fff 104b99a 104bfff 1050fff 109bfff 10a01f6'.each do |x|
|
|
19
|
+
it "returns false for 0x#{x}" do
|
|
20
|
+
@ldr.valid_va?(x.to_i(16)).should be_false
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
describe "samples/upx.exe" do
|
|
26
|
+
before do
|
|
27
|
+
io = open("samples/upx.exe","rb")
|
|
28
|
+
@ldr = PEdump::Loader.new io
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
%w'401000 541000 589000 589fff'.each do |x|
|
|
32
|
+
it "returns true for 0x#{x}" do
|
|
33
|
+
@ldr.valid_va?(x.to_i(16)).should be_true
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
%w'0 1 1000 400000 58a000'.each do |x|
|
|
38
|
+
it "returns false for 0x#{x}" do
|
|
39
|
+
@ldr.valid_va?(x.to_i(16)).should be_false
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
metadata
CHANGED
|
@@ -1,128 +1,160 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pedump
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.5.0
|
|
4
5
|
prerelease:
|
|
5
|
-
version: 0.4.16
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- Andrey "Zed" Zaikin
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-
|
|
12
|
+
date: 2013-04-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
|
-
prerelease: false
|
|
16
|
-
type: :runtime
|
|
17
15
|
name: multipart-post
|
|
18
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
19
18
|
requirements:
|
|
20
19
|
- - ~>
|
|
21
20
|
- !ruby/object:Gem::Version
|
|
22
21
|
version: 1.1.4
|
|
23
|
-
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
25
26
|
requirements:
|
|
26
27
|
- - ~>
|
|
27
28
|
- !ruby/object:Gem::Version
|
|
28
29
|
version: 1.1.4
|
|
29
|
-
none: false
|
|
30
30
|
- !ruby/object:Gem::Dependency
|
|
31
|
-
prerelease: false
|
|
32
|
-
type: :runtime
|
|
33
31
|
name: progressbar
|
|
34
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
35
34
|
requirements:
|
|
36
35
|
- - ! '>='
|
|
37
36
|
- !ruby/object:Gem::Version
|
|
38
37
|
version: '0'
|
|
39
|
-
|
|
38
|
+
type: :runtime
|
|
39
|
+
prerelease: false
|
|
40
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
41
42
|
requirements:
|
|
42
43
|
- - ! '>='
|
|
43
44
|
- !ruby/object:Gem::Version
|
|
44
45
|
version: '0'
|
|
45
|
-
none: false
|
|
46
46
|
- !ruby/object:Gem::Dependency
|
|
47
|
-
prerelease: false
|
|
48
|
-
type: :runtime
|
|
49
47
|
name: awesome_print
|
|
50
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
51
50
|
requirements:
|
|
52
51
|
- - ! '>='
|
|
53
52
|
- !ruby/object:Gem::Version
|
|
54
53
|
version: '0'
|
|
55
|
-
|
|
54
|
+
type: :runtime
|
|
55
|
+
prerelease: false
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
57
58
|
requirements:
|
|
58
59
|
- - ! '>='
|
|
59
60
|
- !ruby/object:Gem::Version
|
|
60
61
|
version: '0'
|
|
62
|
+
- !ruby/object:Gem::Dependency
|
|
63
|
+
name: iostruct
|
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
none: false
|
|
66
|
+
requirements:
|
|
67
|
+
- - ! '>='
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: 0.0.4
|
|
70
|
+
type: :runtime
|
|
71
|
+
prerelease: false
|
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
61
73
|
none: false
|
|
74
|
+
requirements:
|
|
75
|
+
- - ! '>='
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
version: 0.0.4
|
|
62
78
|
- !ruby/object:Gem::Dependency
|
|
79
|
+
name: zhexdump
|
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
|
81
|
+
none: false
|
|
82
|
+
requirements:
|
|
83
|
+
- - ! '>='
|
|
84
|
+
- !ruby/object:Gem::Version
|
|
85
|
+
version: 0.0.2
|
|
86
|
+
type: :runtime
|
|
63
87
|
prerelease: false
|
|
64
|
-
|
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
+
none: false
|
|
90
|
+
requirements:
|
|
91
|
+
- - ! '>='
|
|
92
|
+
- !ruby/object:Gem::Version
|
|
93
|
+
version: 0.0.2
|
|
94
|
+
- !ruby/object:Gem::Dependency
|
|
65
95
|
name: rspec
|
|
66
96
|
requirement: !ruby/object:Gem::Requirement
|
|
97
|
+
none: false
|
|
67
98
|
requirements:
|
|
68
99
|
- - ! '>='
|
|
69
100
|
- !ruby/object:Gem::Version
|
|
70
101
|
version: '0'
|
|
71
|
-
|
|
102
|
+
type: :development
|
|
103
|
+
prerelease: false
|
|
72
104
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
|
+
none: false
|
|
73
106
|
requirements:
|
|
74
107
|
- - ! '>='
|
|
75
108
|
- !ruby/object:Gem::Version
|
|
76
109
|
version: '0'
|
|
77
|
-
none: false
|
|
78
110
|
- !ruby/object:Gem::Dependency
|
|
79
|
-
prerelease: false
|
|
80
|
-
type: :development
|
|
81
111
|
name: bundler
|
|
82
112
|
requirement: !ruby/object:Gem::Requirement
|
|
113
|
+
none: false
|
|
83
114
|
requirements:
|
|
84
115
|
- - ! '>='
|
|
85
116
|
- !ruby/object:Gem::Version
|
|
86
117
|
version: '0'
|
|
87
|
-
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
88
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
none: false
|
|
89
122
|
requirements:
|
|
90
123
|
- - ! '>='
|
|
91
124
|
- !ruby/object:Gem::Version
|
|
92
125
|
version: '0'
|
|
93
|
-
none: false
|
|
94
126
|
- !ruby/object:Gem::Dependency
|
|
95
|
-
prerelease: false
|
|
96
|
-
type: :development
|
|
97
127
|
name: jeweler
|
|
98
128
|
requirement: !ruby/object:Gem::Requirement
|
|
129
|
+
none: false
|
|
99
130
|
requirements:
|
|
100
131
|
- - ! '>='
|
|
101
132
|
- !ruby/object:Gem::Version
|
|
102
133
|
version: '0'
|
|
103
|
-
|
|
134
|
+
type: :development
|
|
135
|
+
prerelease: false
|
|
104
136
|
version_requirements: !ruby/object:Gem::Requirement
|
|
137
|
+
none: false
|
|
105
138
|
requirements:
|
|
106
139
|
- - ! '>='
|
|
107
140
|
- !ruby/object:Gem::Version
|
|
108
141
|
version: '0'
|
|
109
|
-
none: false
|
|
110
142
|
- !ruby/object:Gem::Dependency
|
|
111
|
-
prerelease: false
|
|
112
|
-
type: :development
|
|
113
143
|
name: what_methods
|
|
114
144
|
requirement: !ruby/object:Gem::Requirement
|
|
145
|
+
none: false
|
|
115
146
|
requirements:
|
|
116
147
|
- - ! '>='
|
|
117
148
|
- !ruby/object:Gem::Version
|
|
118
149
|
version: '0'
|
|
119
|
-
|
|
150
|
+
type: :development
|
|
151
|
+
prerelease: false
|
|
120
152
|
version_requirements: !ruby/object:Gem::Requirement
|
|
153
|
+
none: false
|
|
121
154
|
requirements:
|
|
122
155
|
- - ! '>='
|
|
123
156
|
- !ruby/object:Gem::Version
|
|
124
157
|
version: '0'
|
|
125
|
-
none: false
|
|
126
158
|
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
|
127
159
|
email: zed.0xff@gmail.com
|
|
128
160
|
executables:
|
|
@@ -152,7 +184,9 @@ files:
|
|
|
152
184
|
- lib/pedump/comparer.rb
|
|
153
185
|
- lib/pedump/composite_io.rb
|
|
154
186
|
- lib/pedump/core.rb
|
|
187
|
+
- lib/pedump/core_ext/try.rb
|
|
155
188
|
- lib/pedump/loader.rb
|
|
189
|
+
- lib/pedump/loader/minidump.rb
|
|
156
190
|
- lib/pedump/loader/section.rb
|
|
157
191
|
- lib/pedump/logger.rb
|
|
158
192
|
- lib/pedump/ne.rb
|
|
@@ -186,6 +220,8 @@ files:
|
|
|
186
220
|
- spec/foldedhdr_spec.rb
|
|
187
221
|
- spec/imports_badterm_spec.rb
|
|
188
222
|
- spec/imports_vterm_spec.rb
|
|
223
|
+
- spec/loader/names_spec.rb
|
|
224
|
+
- spec/loader/va_spec.rb
|
|
189
225
|
- spec/manyimportsW7_spec.rb
|
|
190
226
|
- spec/ne_spec.rb
|
|
191
227
|
- spec/packer_spec.rb
|
|
@@ -209,20 +245,20 @@ rdoc_options: []
|
|
|
209
245
|
require_paths:
|
|
210
246
|
- lib
|
|
211
247
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
248
|
+
none: false
|
|
212
249
|
requirements:
|
|
213
250
|
- - ! '>='
|
|
214
251
|
- !ruby/object:Gem::Version
|
|
215
252
|
version: '0'
|
|
216
253
|
segments:
|
|
217
254
|
- 0
|
|
218
|
-
hash: -
|
|
219
|
-
none: false
|
|
255
|
+
hash: -1369606751108388991
|
|
220
256
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
257
|
+
none: false
|
|
221
258
|
requirements:
|
|
222
259
|
- - ! '>='
|
|
223
260
|
- !ruby/object:Gem::Version
|
|
224
261
|
version: '0'
|
|
225
|
-
none: false
|
|
226
262
|
requirements: []
|
|
227
263
|
rubyforge_project:
|
|
228
264
|
rubygems_version: 1.8.24
|