pedump 0.4.5 → 0.4.6

data/misc/aspack/lzxdec.h

@@ -0,0 +1,56 @@
+#ifndef _LZXDEC_H_
+#define _LZXDEC_H_  "ASPack's lzx-alike raw stream decoder"
+
+//#include <windows.h>
+
+/* ------------------------------------------------------------------------- */
+
+/* bit reader context */
+typedef struct _LZX_BITRDR {
+  BYTE*  SrcData;                      /* input raw data */
+  UINT   SrcSize;                      /* raw data size  */
+  UINT   CurOffs;                      /* current offset */
+  DWORD  BitBuff;                      /* bits buffer    */
+  UINT   BitFree;                      /* bits counter   */
+} LZX_BITRDR, *PLZX_BITRDR;
+
+/* sliding window dictionary */
+typedef struct _LZX_SWD {
+  BYTE*  Window;                       /* window memory  */
+  UINT   WndLen;                       /* size of window */
+  UINT   CurOfs;                       /* current offset */
+} LZX_SWD, *PLZX_SWD;
+
+/* huffman decoder context */
+typedef struct _LZX_HUFF {
+  LZX_BITRDR* BitRdr;                  /* bit stream reader       */
+  UINT  SymLim[16];                    /* max symbol for x bits   */
+  UINT  SymIdx[16];                    /* symbol index for x bits */
+  UINT  SymNum;                        /* total number of symbols */
+  UINT* Symbol;                        /* symbols array for x len */
+  BYTE* Length;                        /* symbols length array    */
+} LZX_HUFF, *PLZX_HUFF;
+
+/* general decoder context */
+typedef struct _LZX_CONTEXT {
+  LZX_BITRDR  BitRdr;                  /* source reader / bit-buffer */
+  UINT        LstOfs[3];               /* saved last phrases offsets */
+  BYTE*       LstMem;                  /* free huffman heap mem ptr  */
+  LZX_SWD     Window;                  /* sliding window dictionary  */
+  LZX_HUFF    HufBase;                 /* general huffman decoder    */
+  LZX_HUFF    HufLens;                 /* lengths huffman decoder    */
+  LZX_HUFF    HufOffs;                 /* offsets huffman decoder    */
+  LZX_HUFF    HufSpec;                 /* special huffman decoder    */
+  BOOL        HasOffs;                 /* offsets decoder used flag  */
+  BYTE        HufTbl[6144];            /* huffman tables heap memory */
+} LZX_CONTEXT, *PLZX_CONTEXT;
+
+/* ------------------------------------------------------------------------- */
+
+/* general aspack stream decoder               */
+/* return decoded size or -1 in case of errors */
+INT DecodeLZX(LZX_CONTEXT* Ctx, BYTE* Src, BYTE* Dst, UINT PSize, UINT USize);
+
+/* ------------------------------------------------------------------------- */
+
+#endif /* _LZXDEC_H_ */

data/pedump.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "pedump"
-  s.version = "0.4.5"
+  s.version = "0.4.6"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andrey \"Zed\" Zaikin"]
-  s.date = "2011-12-20"
+  s.date = "2012-01-02"
   s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
   s.email = "zed.0xff@gmail.com"
   s.executables = ["pedump"]
@@ -33,15 +33,26 @@ Gem::Specification.new do |s|
     "data/userdb.txt",
     "lib/pedump.rb",
     "lib/pedump/cli.rb",
+    "lib/pedump/comparer.rb",
     "lib/pedump/composite_io.rb",
     "lib/pedump/core.rb",
+    "lib/pedump/loader.rb",
+    "lib/pedump/loader/section.rb",
+    "lib/pedump/logger.rb",
     "lib/pedump/packer.rb",
     "lib/pedump/pe.rb",
     "lib/pedump/resources.rb",
     "lib/pedump/sig_parser.rb",
     "lib/pedump/tls.rb",
+    "lib/pedump/unpacker.rb",
+    "lib/pedump/unpacker/aspack.rb",
+    "lib/pedump/unpacker/upx.rb",
     "lib/pedump/version.rb",
     "lib/pedump/version_info.rb",
+    "misc/aspack/Makefile",
+    "misc/aspack/aspack_unlzx.c",
+    "misc/aspack/lzxdec.c",
+    "misc/aspack/lzxdec.h",
     "pedump.gemspec",
     "spec/65535sects_spec.rb",
     "spec/composite_io_spec.rb",
@@ -56,6 +67,8 @@ Gem::Specification.new do |s|
     "spec/sig_all_packers_spec.rb",
     "spec/sig_spec.rb",
     "spec/spec_helper.rb",
+    "spec/unpackers/aspack_spec.rb",
+    "spec/unpackers/find_spec.rb",
     "spec/virtsectblXP_spec.rb"
   ]
   s.homepage = "http://github.com/zed-0xff/pedump"
@@ -70,28 +83,34 @@ Gem::Specification.new do |s|
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
       s.add_runtime_dependency(%q<progressbar>, ["~> 0.9.2"])
+      s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
       s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
       s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
       s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
       s.add_development_dependency(%q<rcov>, [">= 0"])
-      s.add_development_dependency(%q<awesome_print>, [">= 0"])
+      s.add_development_dependency(%q<what_methods>, [">= 0"])
+      s.add_development_dependency(%q<looksee>, [">= 0"])
     else
       s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
       s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
+      s.add_dependency(%q<awesome_print>, [">= 0"])
       s.add_dependency(%q<rspec>, ["~> 2.3.0"])
       s.add_dependency(%q<bundler>, ["~> 1.0.0"])
       s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
       s.add_dependency(%q<rcov>, [">= 0"])
-      s.add_dependency(%q<awesome_print>, [">= 0"])
+      s.add_dependency(%q<what_methods>, [">= 0"])
+      s.add_dependency(%q<looksee>, [">= 0"])
     end
   else
     s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
     s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
+    s.add_dependency(%q<awesome_print>, [">= 0"])
     s.add_dependency(%q<rspec>, ["~> 2.3.0"])
     s.add_dependency(%q<bundler>, ["~> 1.0.0"])
     s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
     s.add_dependency(%q<rcov>, [">= 0"])
-    s.add_dependency(%q<awesome_print>, [">= 0"])
+    s.add_dependency(%q<what_methods>, [">= 0"])
+    s.add_dependency(%q<looksee>, [">= 0"])
   end
 end
 

data/spec/pe_spec.rb

@@ -3,4 +3,65 @@ require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
 
 describe 'PE' do
   it "should assume TimeDateStamp is in UTC"
+
+  KLASS = PEdump::ImportedFunction
+
+  describe KLASS do
+    it "should be equal" do
+      pending "necessary?"
+      a = []
+      KLASS.new(*a).should == KLASS.new(*a)
+      a = ['a']
+      KLASS.new(*a).should == KLASS.new(*a)
+      a = ['a','b']
+      KLASS.new(*a).should == KLASS.new(*a)
+      a = ['a','b','c']
+      KLASS.new(*a).should == KLASS.new(*a)
+      a = ['a','b','c','d']
+      KLASS.new(*a).should == KLASS.new(*a)
+    end
+
+    it "should not be equal" do
+      a = ['a']
+      b = []
+      KLASS.new(*a).should_not == KLASS.new(*b)
+      a = ['a']
+      b = ['b']
+      KLASS.new(*a).should_not == KLASS.new(*b)
+      a = ['a','B']
+      b = ['a','b']
+      KLASS.new(*a).should_not == KLASS.new(*b)
+      a = ['a','b','c']
+      b = ['a','b']
+      KLASS.new(*a).should_not == KLASS.new(*b)
+      a = ['a','b','c']
+      b = ['a','b','X']
+      KLASS.new(*a).should_not == KLASS.new(*b)
+    end
+
+    it "should be equal with different VA's" do
+      pending "necessary?"
+      a = ['a','b','c',nil]
+      b = ['a','b','c','d']
+      KLASS.new(*a).should == KLASS.new(*b)
+      a = ['a','b','c',0x1000]
+      b = ['a','b','c',0x2000]
+      KLASS.new(*a).should == KLASS.new(*b)
+      a = ['a','b','c',0x1000]
+      b = ['a','b','c',0x1000]
+      KLASS.new(*a).should == KLASS.new(*b)
+    end
+
+    it "should be equal in uniq() with different VA's" do
+      a = ['a','b','c',nil]
+      b = ['a','b','c','d']
+      [KLASS.new(*a), KLASS.new(*b)].uniq.size.should == 1
+      a = ['a','b','c',0x1000]
+      b = ['a','b','c',0x2000]
+      [KLASS.new(*a), KLASS.new(*b)].uniq.size.should == 1
+      a = ['a','b','c',0x1000]
+      b = ['a','b','c',0x1000]
+      [KLASS.new(*a), KLASS.new(*b)].uniq.size.should == 1
+    end
+  end
 end

data/spec/unpackers/aspack_spec.rb

@@ -0,0 +1,69 @@
+root = File.expand_path(File.dirname(File.dirname(File.dirname(__FILE__))))
+require "#{root}/spec/spec_helper"
+require "#{root}/lib/pedump"
+require "#{root}/lib/pedump/unpacker/aspack"
+require "#{root}/lib/pedump/comparer"
+
+describe PEdump::Unpacker::ASPack do
+  Dir["#{root}/samples/*.asp[1-9]*.{exe}"].each do |pname|
+    orig_fname = pname.sub(/\.asp[^.]+/,'')
+
+    describe File.basename(orig_fname) + " vs " + File.basename(pname) do
+      before :all do
+        @ldr = PEdump::Loader.new(File.open(orig_fname,"rb"))
+      end
+
+      it "should have no differences" do
+        File.open(pname,"rb") do |f|
+          u = PEdump::Unpacker::ASPack.new(f)
+          File.open("#{root}/tmp/unpacked.tmp","w+") do |fo|
+            u.unpack.dump(fo)
+            fo.rewind
+            ldr = PEdump::Loader.new(fo)
+
+            comparer = PEdump::Comparer.new(@ldr, ldr)
+            comparer.ignored_data_dirs = [
+              PEdump::IMAGE_DATA_DIRECTORY::LOAD_CONFIG,
+              PEdump::IMAGE_DATA_DIRECTORY::Bound_IAT,
+              PEdump::IMAGE_DATA_DIRECTORY::Delay_IAT
+            ]
+            comparer.ignored_sections = [ '.rsrc', '.aspack' ]
+            comparer.diff.should == []
+          end
+        end
+      end
+    end
+  end
+
+  Dir["#{root}/samples/*.asp[1-9]*.{ocx}"].each do |pname|
+    orig_fname = pname.sub(/\.asp[^.]+/,'')
+
+    describe File.basename(orig_fname) + " vs " + File.basename(pname) do
+      before :all do
+        @ldr = PEdump::Loader.new(File.open(orig_fname,"rb"))
+      end
+
+      it "should have no differences" do
+        File.open(pname,"rb") do |f|
+          u = PEdump::Unpacker::ASPack.new(f)
+          File.open("#{root}/tmp/unpacked.tmp","w+") do |fo|
+            u.unpack.dump(fo)
+            fo.rewind
+            ldr = PEdump::Loader.new(fo)
+
+            comparer = PEdump::Comparer.new(@ldr, ldr)
+            comparer.ignored_data_dirs = [
+              PEdump::IMAGE_DATA_DIRECTORY::LOAD_CONFIG,
+              PEdump::IMAGE_DATA_DIRECTORY::Bound_IAT,
+              PEdump::IMAGE_DATA_DIRECTORY::Delay_IAT,
+              PEdump::IMAGE_DATA_DIRECTORY::BASERELOC, # 0x15496 vs 0x15494
+              PEdump::IMAGE_DATA_DIRECTORY::IAT
+            ]
+            comparer.ignored_sections = [ '.rsrc', '.aspack', '.cas' ]
+            comparer.diff.should == []
+          end
+        end
+      end
+    end
+  end
+end

data/spec/unpackers/find_spec.rb

@@ -0,0 +1,17 @@
+root = File.expand_path(File.dirname(File.dirname(File.dirname(__FILE__))))
+require "#{root}/spec/spec_helper"
+require "#{root}/lib/pedump/unpacker"
+
+describe PEdump::Unpacker do
+  it "finds UPX" do
+    PEdump::Unpacker.find("#{root}/samples/calc_upx.exe").should == PEdump::Unpacker::UPX
+  end
+
+  it "finds ASPack" do
+    PEdump::Unpacker.find("#{root}/samples/calc.asp212.exe").should == PEdump::Unpacker::ASPack
+  end
+
+  it "finds nothing" do
+    PEdump::Unpacker.find("#{root}/samples/calc.exe").should be_nil
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.4.5
+  version: 0.4.6
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-12-20 00:00:00.000000000 Z
+date: 2012-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multipart-post
-  requirement: &70360993390840 !ruby/object:Gem::Requirement
+  requirement: &70220274686500 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 1.1.4
   type: :runtime
   prerelease: false
-  version_requirements: *70360993390840
+  version_requirements: *70220274686500
 - !ruby/object:Gem::Dependency
   name: progressbar
-  requirement: &70360993390100 !ruby/object:Gem::Requirement
+  requirement: &70220274684420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,21 @@ dependencies:
         version: 0.9.2
   type: :runtime
   prerelease: false
-  version_requirements: *70360993390100
+  version_requirements: *70220274684420
+- !ruby/object:Gem::Dependency
+  name: awesome_print
+  requirement: &70220274683420 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70220274683420
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70360993389180 !ruby/object:Gem::Requirement
+  requirement: &70220274682560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,10 +54,10 @@ dependencies:
         version: 2.3.0
   type: :development
   prerelease: false
-  version_requirements: *70360993389180
+  version_requirements: *70220274682560
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70360993415340 !ruby/object:Gem::Requirement
+  requirement: &70220274681480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +65,10 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *70360993415340
+  version_requirements: *70220274681480
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &70360993414640 !ruby/object:Gem::Requirement
+  requirement: &70220274680660 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -65,10 +76,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *70360993414640
+  version_requirements: *70220274680660
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &70360993414140 !ruby/object:Gem::Requirement
+  requirement: &70220274695800 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +87,21 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70360993414140
+  version_requirements: *70220274695800
 - !ruby/object:Gem::Dependency
-  name: awesome_print
-  requirement: &70360993413580 !ruby/object:Gem::Requirement
+  name: what_methods
+  requirement: &70220274692960 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70220274692960
+- !ruby/object:Gem::Dependency
+  name: looksee
+  requirement: &70220274691880 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,7 +109,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70360993413580
+  version_requirements: *70220274691880
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
 email: zed.0xff@gmail.com
 executables:
@@ -112,15 +134,26 @@ files:
 - data/userdb.txt
 - lib/pedump.rb
 - lib/pedump/cli.rb
+- lib/pedump/comparer.rb
 - lib/pedump/composite_io.rb
 - lib/pedump/core.rb
+- lib/pedump/loader.rb
+- lib/pedump/loader/section.rb
+- lib/pedump/logger.rb
 - lib/pedump/packer.rb
 - lib/pedump/pe.rb
 - lib/pedump/resources.rb
 - lib/pedump/sig_parser.rb
 - lib/pedump/tls.rb
+- lib/pedump/unpacker.rb
+- lib/pedump/unpacker/aspack.rb
+- lib/pedump/unpacker/upx.rb
 - lib/pedump/version.rb
 - lib/pedump/version_info.rb
+- misc/aspack/Makefile
+- misc/aspack/aspack_unlzx.c
+- misc/aspack/lzxdec.c
+- misc/aspack/lzxdec.h
 - pedump.gemspec
 - spec/65535sects_spec.rb
 - spec/composite_io_spec.rb
@@ -135,6 +168,8 @@ files:
 - spec/sig_all_packers_spec.rb
 - spec/sig_spec.rb
 - spec/spec_helper.rb
+- spec/unpackers/aspack_spec.rb
+- spec/unpackers/find_spec.rb
 - spec/virtsectblXP_spec.rb
 homepage: http://github.com/zed-0xff/pedump
 licenses:
@@ -151,7 +186,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 412789632490826090
+      hash: 1478998611787411165
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: