RubyGems - pedump - Versions diffs - 0.4.8 → 0.4.9 - Mend

pedump 0.4.8 → 0.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

data/README.md +14 -23
data/VERSION +1 -1
data/lib/pedump.rb +57 -21
data/lib/pedump/cli.rb +81 -55
data/lib/pedump/ne.rb +425 -0
data/lib/pedump/ne/version_info.rb +167 -0
data/lib/pedump/pe.rb +20 -2
data/lib/pedump/resources.rb +9 -5
data/lib/pedump/version.rb +1 -1
data/misc/nedump.c +751 -0
data/pedump.gemspec +6 -2
data/spec/ne_spec.rb +125 -0
data/spec/spec_helper.rb +5 -1
metadata +25 -21

data/pedump.gemspec CHANGED Viewed

@@ -5,11 +5,11 @@
 Gem::Specification.new do |s|
   s.name = "pedump"
-  s.version = "0.4.8"
+  s.version = "0.4.9"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Andrey \"Zed\" Zaikin"]
-  s.date = "2012-01-12"
+  s.date = "2012-01-27"
   s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
   s.email = "zed.0xff@gmail.com"
   s.executables = ["pedump"]
@@ -39,6 +39,8 @@ Gem::Specification.new do |s|
     "lib/pedump/loader.rb",
     "lib/pedump/loader/section.rb",
     "lib/pedump/logger.rb",
+    "lib/pedump/ne.rb",
+    "lib/pedump/ne/version_info.rb",
     "lib/pedump/packer.rb",
     "lib/pedump/pe.rb",
     "lib/pedump/resources.rb",
@@ -54,6 +56,7 @@ Gem::Specification.new do |s|
     "misc/aspack/aspack_unlzx.c",
     "misc/aspack/lzxdec.c",
     "misc/aspack/lzxdec.h",
+    "misc/nedump.c",
     "pedump.gemspec",
     "spec/65535sects_spec.rb",
     "spec/composite_io_spec.rb",
@@ -62,6 +65,7 @@ Gem::Specification.new do |s|
     "spec/imports_badterm_spec.rb",
     "spec/imports_vterm_spec.rb",
     "spec/manyimportsW7_spec.rb",
+    "spec/ne_spec.rb",
     "spec/packer_spec.rb",
     "spec/pe_spec.rb",
     "spec/pedump_spec.rb",

data/spec/ne_spec.rb ADDED Viewed

@@ -0,0 +1,125 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
+5.times do |idx|
+  fname = "ne#{idx}." + (idx==4 ? "dll" : "exe")
+  modulenames = %w"_DELIS VISTA21P ISSET_SE HORSNCF MAPI"
+  exports = []
+  # ne0.exe
+  exports << [
+    PEdump::ExportedFunction.new("WNDPROC", 1, 0x10258)
+  ]
+  # ne1.exe
+  exports << []
+  # ne2.exe
+  exports << [
+    PEdump::ExportedFunction.new("LOGODLGPROC", 1, 0x13ACA),
+    PEdump::ExportedFunction.new("BARWNDPROC",  2, 0x15FF0),
+    PEdump::ExportedFunction.new("SETUPWNDPROC",3, 0x100B2),
+    PEdump::ExportedFunction.new("LOGOBWNDPROC",4, 0x147B4),
+  ]
+  # ne3.exe
+  exports << [
+    PEdump::ExportedFunction.new("___EXPORTEDSTUB", 1, 0x63cf4),
+    PEdump::ExportedFunction.new("_AFX_VERSION",    2, 0x4272c),
+  ]
+  # ne4.dll
+  exports << [
+    PEdump::ExportedFunction.new("WEP", 1, 0x10000),
+    PEdump::ExportedFunction.new("BMAPIGETREADMAIL",  33, 0x7020A),
+    PEdump::ExportedFunction.new("BMAPIRESOLVENAME",  38, 0x7077C),
+    PEdump::ExportedFunction.new("BMAPIGETADDRESS",   36, 0x70692),
+    PEdump::ExportedFunction.new("BMAPIFINDNEXT",     34, 0x70074),
+    PEdump::ExportedFunction.new("BMAPIDETAILS",      37, 0x706F1),
+    PEdump::ExportedFunction.new("MAPIFREEBUFFER",    18, 0xb0A71),
+    PEdump::ExportedFunction.new("MAPIFINDNEXT",      16, 0xa0000),
+    PEdump::ExportedFunction.new("MAPIDELETEMAIL",    17, 0x90000),
+    PEdump::ExportedFunction.new("MAPIREADMAIL",      15, 0x100000),
+    PEdump::ExportedFunction.new("BMAPIADDRESS",      35, 0x7051D),
+    PEdump::ExportedFunction.new("MAPIADDRESS",       19, 0x60139),
+    PEdump::ExportedFunction.new("MAPILOGON",         11, 0xc0000),
+    PEdump::ExportedFunction.new("MAPISENDMAIL",      13, 0x130000),
+    PEdump::ExportedFunction.new("MAPIRESOLVENAME",   21, 0x60A3F),
+    PEdump::ExportedFunction.new("MAPIDETAILS",       20, 0x60752),
+    PEdump::ExportedFunction.new("BMAPISAVEMAIL",     31, 0x70455),
+    PEdump::ExportedFunction.new("MAPISAVEMAIL",      14, 0x1302BE),
+    PEdump::ExportedFunction.new("BMAPIREADMAIL",     32, 0x70141),
+    PEdump::ExportedFunction.new("MAPISENDDOCUMENTS", 10, 0x120703),
+    PEdump::ExportedFunction.new("MAPILOGOFF",        12, 0xc00D2),
+    PEdump::ExportedFunction.new("BMAPISENDMAIL",     30, 0x70000),
+  ]
+  imports = [
+    ['KERNEL',   0x80],
+    ['VBRUN300', 0x64],
+    ['GDI',      0x15f],
+    ['FINSTDLL', nil,  'FILECOPY'],
+    ['DEMILAYR', 0x6f]
+  ]
+  versions = %w'2.20.900.0 - 3.0.111.0 1.0.0.1 3.2.0.4057'
+  describe fname do
+    it "should have NE header" do
+      sample do |f|
+        f.ne.should_not be_nil
+      end
+    end
+    it "should not have PE header" do
+      sample do |f|
+        f.pe.should be_nil
+      end
+    end
+    it "should have NE segments" do
+      sample do |f|
+        f.ne.segments.size.should == f.ne.ne_cseg
+      end
+    end
+    it "should have NE resources" do
+      sample do |f|
+        f.ne.resources.should_not be_nil
+        ver = f.ne.resources.find{ |res| res.type == 'VERSION' }
+        expected = versions[idx]
+        if expected == '-'
+          ver.should be_nil
+        else
+          vi = ver.data.first
+          [
+            vi.Value.dwFileVersionMS.to_i >> 16,
+            vi.Value.dwFileVersionMS.to_i &  0xffff,
+            vi.Value.dwFileVersionLS.to_i >> 16,
+            vi.Value.dwFileVersionLS.to_i &  0xffff
+          ].join('.').should == expected
+        end
+      end
+    end
+    it "should have imports" do
+      sample do |f|
+        f.ne.imports.should_not be_nil
+        func = PEdump::ImportedFunction.new
+        func.module_name = imports[idx][0]
+        func.ordinal     = imports[idx][1]
+        func.name        = imports[idx][2]
+        f.ne.imports.should include(func)
+      end
+    end
+    it "should have exports" do
+      sample do |f|
+        f.ne.exports.should_not be_nil
+        f.ne.exports.name.should == modulenames[idx]
+        f.ne.exports.functions.should == exports[idx]
+      end
+    end
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -23,7 +23,11 @@ def sample
         end
       fname = File.expand_path(File.dirname(__FILE__) + '/../samples/' + fname)
       File.open(fname,"rb") do |f|
-        PEdump.new(fname).dump
+        if block_given?
+          yield PEdump.new(f)
+        else
+          PEdump.new(f).dump
+        end
       end
     end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.4.8
+  version: 0.4.9
   prerelease:
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-01-12 00:00:00.000000000 Z
+date: 2012-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multipart-post
-  requirement: &70206434654160 !ruby/object:Gem::Requirement
+  requirement: &70320100633400 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 1.1.4
   type: :runtime
   prerelease: false
-  version_requirements: *70206434654160
+  version_requirements: *70320100633400
 - !ruby/object:Gem::Dependency
   name: progressbar
-  requirement: &70206434650540 !ruby/object:Gem::Requirement
+  requirement: &70320100632360 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: 0.9.2
   type: :runtime
   prerelease: false
-  version_requirements: *70206434650540
+  version_requirements: *70320100632360
 - !ruby/object:Gem::Dependency
   name: awesome_print
-  requirement: &70206434649280 !ruby/object:Gem::Requirement
+  requirement: &70320100631720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70206434649280
+  version_requirements: *70320100631720
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70206434647680 !ruby/object:Gem::Requirement
+  requirement: &70320100631020 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +54,10 @@ dependencies:
         version: 2.3.0
   type: :development
   prerelease: false
-  version_requirements: *70206434647680
+  version_requirements: *70320100631020
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70206434646960 !ruby/object:Gem::Requirement
+  requirement: &70320100652760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -65,10 +65,10 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *70206434646960
+  version_requirements: *70320100652760
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &70206434677380 !ruby/object:Gem::Requirement
+  requirement: &70320100651820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -76,10 +76,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *70206434677380
+  version_requirements: *70320100651820
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &70206434676480 !ruby/object:Gem::Requirement
+  requirement: &70320100650340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70206434676480
+  version_requirements: *70320100650340
 - !ruby/object:Gem::Dependency
   name: what_methods
-  requirement: &70206434675740 !ruby/object:Gem::Requirement
+  requirement: &70320100649800 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -98,10 +98,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70206434675740
+  version_requirements: *70320100649800
 - !ruby/object:Gem::Dependency
   name: looksee
-  requirement: &70206434674700 !ruby/object:Gem::Requirement
+  requirement: &70320100649080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,7 +109,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70206434674700
+  version_requirements: *70320100649080
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
 email: zed.0xff@gmail.com
 executables:
@@ -140,6 +140,8 @@ files:
 - lib/pedump/loader.rb
 - lib/pedump/loader/section.rb
 - lib/pedump/logger.rb
+- lib/pedump/ne.rb
+- lib/pedump/ne/version_info.rb
 - lib/pedump/packer.rb
 - lib/pedump/pe.rb
 - lib/pedump/resources.rb
@@ -155,6 +157,7 @@ files:
 - misc/aspack/aspack_unlzx.c
 - misc/aspack/lzxdec.c
 - misc/aspack/lzxdec.h
+- misc/nedump.c
 - pedump.gemspec
 - spec/65535sects_spec.rb
 - spec/composite_io_spec.rb
@@ -163,6 +166,7 @@ files:
 - spec/imports_badterm_spec.rb
 - spec/imports_vterm_spec.rb
 - spec/manyimportsW7_spec.rb
+- spec/ne_spec.rb
 - spec/packer_spec.rb
 - spec/pe_spec.rb
 - spec/pedump_spec.rb
@@ -188,7 +192,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1408674862654916848
+      hash: 296095337605222581
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: