pedump 0.4.8 → 0.4.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. data/README.md +14 -23
  2. data/VERSION +1 -1
  3. data/lib/pedump.rb +57 -21
  4. data/lib/pedump/cli.rb +81 -55
  5. data/lib/pedump/ne.rb +425 -0
  6. data/lib/pedump/ne/version_info.rb +167 -0
  7. data/lib/pedump/pe.rb +20 -2
  8. data/lib/pedump/resources.rb +9 -5
  9. data/lib/pedump/version.rb +1 -1
  10. data/misc/nedump.c +751 -0
  11. data/pedump.gemspec +6 -2
  12. data/spec/ne_spec.rb +125 -0
  13. data/spec/spec_helper.rb +5 -1
  14. metadata +25 -21
data/pedump.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = "pedump"
8
- s.version = "0.4.8"
8
+ s.version = "0.4.9"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Andrey \"Zed\" Zaikin"]
12
- s.date = "2012-01-12"
12
+ s.date = "2012-01-27"
13
13
  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
14
14
  s.email = "zed.0xff@gmail.com"
15
15
  s.executables = ["pedump"]
@@ -39,6 +39,8 @@ Gem::Specification.new do |s|
39
39
  "lib/pedump/loader.rb",
40
40
  "lib/pedump/loader/section.rb",
41
41
  "lib/pedump/logger.rb",
42
+ "lib/pedump/ne.rb",
43
+ "lib/pedump/ne/version_info.rb",
42
44
  "lib/pedump/packer.rb",
43
45
  "lib/pedump/pe.rb",
44
46
  "lib/pedump/resources.rb",
@@ -54,6 +56,7 @@ Gem::Specification.new do |s|
54
56
  "misc/aspack/aspack_unlzx.c",
55
57
  "misc/aspack/lzxdec.c",
56
58
  "misc/aspack/lzxdec.h",
59
+ "misc/nedump.c",
57
60
  "pedump.gemspec",
58
61
  "spec/65535sects_spec.rb",
59
62
  "spec/composite_io_spec.rb",
@@ -62,6 +65,7 @@ Gem::Specification.new do |s|
62
65
  "spec/imports_badterm_spec.rb",
63
66
  "spec/imports_vterm_spec.rb",
64
67
  "spec/manyimportsW7_spec.rb",
68
+ "spec/ne_spec.rb",
65
69
  "spec/packer_spec.rb",
66
70
  "spec/pe_spec.rb",
67
71
  "spec/pedump_spec.rb",
data/spec/ne_spec.rb ADDED
@@ -0,0 +1,125 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+ require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
3
+
4
+ 5.times do |idx|
5
+ fname = "ne#{idx}." + (idx==4 ? "dll" : "exe")
6
+
7
+ modulenames = %w"_DELIS VISTA21P ISSET_SE HORSNCF MAPI"
8
+ exports = []
9
+
10
+ # ne0.exe
11
+ exports << [
12
+ PEdump::ExportedFunction.new("WNDPROC", 1, 0x10258)
13
+ ]
14
+
15
+ # ne1.exe
16
+ exports << []
17
+
18
+ # ne2.exe
19
+ exports << [
20
+ PEdump::ExportedFunction.new("LOGODLGPROC", 1, 0x13ACA),
21
+ PEdump::ExportedFunction.new("BARWNDPROC", 2, 0x15FF0),
22
+ PEdump::ExportedFunction.new("SETUPWNDPROC",3, 0x100B2),
23
+ PEdump::ExportedFunction.new("LOGOBWNDPROC",4, 0x147B4),
24
+ ]
25
+
26
+ # ne3.exe
27
+ exports << [
28
+ PEdump::ExportedFunction.new("___EXPORTEDSTUB", 1, 0x63cf4),
29
+ PEdump::ExportedFunction.new("_AFX_VERSION", 2, 0x4272c),
30
+ ]
31
+
32
+ # ne4.dll
33
+ exports << [
34
+ PEdump::ExportedFunction.new("WEP", 1, 0x10000),
35
+ PEdump::ExportedFunction.new("BMAPIGETREADMAIL", 33, 0x7020A),
36
+ PEdump::ExportedFunction.new("BMAPIRESOLVENAME", 38, 0x7077C),
37
+ PEdump::ExportedFunction.new("BMAPIGETADDRESS", 36, 0x70692),
38
+ PEdump::ExportedFunction.new("BMAPIFINDNEXT", 34, 0x70074),
39
+ PEdump::ExportedFunction.new("BMAPIDETAILS", 37, 0x706F1),
40
+ PEdump::ExportedFunction.new("MAPIFREEBUFFER", 18, 0xb0A71),
41
+ PEdump::ExportedFunction.new("MAPIFINDNEXT", 16, 0xa0000),
42
+ PEdump::ExportedFunction.new("MAPIDELETEMAIL", 17, 0x90000),
43
+ PEdump::ExportedFunction.new("MAPIREADMAIL", 15, 0x100000),
44
+ PEdump::ExportedFunction.new("BMAPIADDRESS", 35, 0x7051D),
45
+ PEdump::ExportedFunction.new("MAPIADDRESS", 19, 0x60139),
46
+ PEdump::ExportedFunction.new("MAPILOGON", 11, 0xc0000),
47
+ PEdump::ExportedFunction.new("MAPISENDMAIL", 13, 0x130000),
48
+ PEdump::ExportedFunction.new("MAPIRESOLVENAME", 21, 0x60A3F),
49
+ PEdump::ExportedFunction.new("MAPIDETAILS", 20, 0x60752),
50
+ PEdump::ExportedFunction.new("BMAPISAVEMAIL", 31, 0x70455),
51
+ PEdump::ExportedFunction.new("MAPISAVEMAIL", 14, 0x1302BE),
52
+ PEdump::ExportedFunction.new("BMAPIREADMAIL", 32, 0x70141),
53
+ PEdump::ExportedFunction.new("MAPISENDDOCUMENTS", 10, 0x120703),
54
+ PEdump::ExportedFunction.new("MAPILOGOFF", 12, 0xc00D2),
55
+ PEdump::ExportedFunction.new("BMAPISENDMAIL", 30, 0x70000),
56
+ ]
57
+
58
+ imports = [
59
+ ['KERNEL', 0x80],
60
+ ['VBRUN300', 0x64],
61
+ ['GDI', 0x15f],
62
+ ['FINSTDLL', nil, 'FILECOPY'],
63
+ ['DEMILAYR', 0x6f]
64
+ ]
65
+
66
+ versions = %w'2.20.900.0 - 3.0.111.0 1.0.0.1 3.2.0.4057'
67
+
68
+ describe fname do
69
+ it "should have NE header" do
70
+ sample do |f|
71
+ f.ne.should_not be_nil
72
+ end
73
+ end
74
+
75
+ it "should not have PE header" do
76
+ sample do |f|
77
+ f.pe.should be_nil
78
+ end
79
+ end
80
+
81
+ it "should have NE segments" do
82
+ sample do |f|
83
+ f.ne.segments.size.should == f.ne.ne_cseg
84
+ end
85
+ end
86
+
87
+ it "should have NE resources" do
88
+ sample do |f|
89
+ f.ne.resources.should_not be_nil
90
+ ver = f.ne.resources.find{ |res| res.type == 'VERSION' }
91
+ expected = versions[idx]
92
+ if expected == '-'
93
+ ver.should be_nil
94
+ else
95
+ vi = ver.data.first
96
+ [
97
+ vi.Value.dwFileVersionMS.to_i >> 16,
98
+ vi.Value.dwFileVersionMS.to_i & 0xffff,
99
+ vi.Value.dwFileVersionLS.to_i >> 16,
100
+ vi.Value.dwFileVersionLS.to_i & 0xffff
101
+ ].join('.').should == expected
102
+ end
103
+ end
104
+ end
105
+
106
+ it "should have imports" do
107
+ sample do |f|
108
+ f.ne.imports.should_not be_nil
109
+ func = PEdump::ImportedFunction.new
110
+ func.module_name = imports[idx][0]
111
+ func.ordinal = imports[idx][1]
112
+ func.name = imports[idx][2]
113
+
114
+ f.ne.imports.should include(func)
115
+ end
116
+ end
117
+ it "should have exports" do
118
+ sample do |f|
119
+ f.ne.exports.should_not be_nil
120
+ f.ne.exports.name.should == modulenames[idx]
121
+ f.ne.exports.functions.should == exports[idx]
122
+ end
123
+ end
124
+ end
125
+ end
data/spec/spec_helper.rb CHANGED
@@ -23,7 +23,11 @@ def sample
23
23
  end
24
24
  fname = File.expand_path(File.dirname(__FILE__) + '/../samples/' + fname)
25
25
  File.open(fname,"rb") do |f|
26
- PEdump.new(fname).dump
26
+ if block_given?
27
+ yield PEdump.new(f)
28
+ else
29
+ PEdump.new(f).dump
30
+ end
27
31
  end
28
32
  end
29
33
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pedump
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.8
4
+ version: 0.4.9
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-01-12 00:00:00.000000000 Z
12
+ date: 2012-01-27 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: multipart-post
16
- requirement: &70206434654160 !ruby/object:Gem::Requirement
16
+ requirement: &70320100633400 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 1.1.4
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70206434654160
24
+ version_requirements: *70320100633400
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: progressbar
27
- requirement: &70206434650540 !ruby/object:Gem::Requirement
27
+ requirement: &70320100632360 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ~>
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 0.9.2
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70206434650540
35
+ version_requirements: *70320100632360
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: awesome_print
38
- requirement: &70206434649280 !ruby/object:Gem::Requirement
38
+ requirement: &70320100631720 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: '0'
44
44
  type: :runtime
45
45
  prerelease: false
46
- version_requirements: *70206434649280
46
+ version_requirements: *70320100631720
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: rspec
49
- requirement: &70206434647680 !ruby/object:Gem::Requirement
49
+ requirement: &70320100631020 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ~>
@@ -54,10 +54,10 @@ dependencies:
54
54
  version: 2.3.0
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *70206434647680
57
+ version_requirements: *70320100631020
58
58
  - !ruby/object:Gem::Dependency
59
59
  name: bundler
60
- requirement: &70206434646960 !ruby/object:Gem::Requirement
60
+ requirement: &70320100652760 !ruby/object:Gem::Requirement
61
61
  none: false
62
62
  requirements:
63
63
  - - ~>
@@ -65,10 +65,10 @@ dependencies:
65
65
  version: 1.0.0
66
66
  type: :development
67
67
  prerelease: false
68
- version_requirements: *70206434646960
68
+ version_requirements: *70320100652760
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: jeweler
71
- requirement: &70206434677380 !ruby/object:Gem::Requirement
71
+ requirement: &70320100651820 !ruby/object:Gem::Requirement
72
72
  none: false
73
73
  requirements:
74
74
  - - ~>
@@ -76,10 +76,10 @@ dependencies:
76
76
  version: 1.6.4
77
77
  type: :development
78
78
  prerelease: false
79
- version_requirements: *70206434677380
79
+ version_requirements: *70320100651820
80
80
  - !ruby/object:Gem::Dependency
81
81
  name: rcov
82
- requirement: &70206434676480 !ruby/object:Gem::Requirement
82
+ requirement: &70320100650340 !ruby/object:Gem::Requirement
83
83
  none: false
84
84
  requirements:
85
85
  - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
87
87
  version: '0'
88
88
  type: :development
89
89
  prerelease: false
90
- version_requirements: *70206434676480
90
+ version_requirements: *70320100650340
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: what_methods
93
- requirement: &70206434675740 !ruby/object:Gem::Requirement
93
+ requirement: &70320100649800 !ruby/object:Gem::Requirement
94
94
  none: false
95
95
  requirements:
96
96
  - - ! '>='
@@ -98,10 +98,10 @@ dependencies:
98
98
  version: '0'
99
99
  type: :development
100
100
  prerelease: false
101
- version_requirements: *70206434675740
101
+ version_requirements: *70320100649800
102
102
  - !ruby/object:Gem::Dependency
103
103
  name: looksee
104
- requirement: &70206434674700 !ruby/object:Gem::Requirement
104
+ requirement: &70320100649080 !ruby/object:Gem::Requirement
105
105
  none: false
106
106
  requirements:
107
107
  - - ! '>='
@@ -109,7 +109,7 @@ dependencies:
109
109
  version: '0'
110
110
  type: :development
111
111
  prerelease: false
112
- version_requirements: *70206434674700
112
+ version_requirements: *70320100649080
113
113
  description: dump headers, sections, extract resources of win32 PE exe,dll,etc
114
114
  email: zed.0xff@gmail.com
115
115
  executables:
@@ -140,6 +140,8 @@ files:
140
140
  - lib/pedump/loader.rb
141
141
  - lib/pedump/loader/section.rb
142
142
  - lib/pedump/logger.rb
143
+ - lib/pedump/ne.rb
144
+ - lib/pedump/ne/version_info.rb
143
145
  - lib/pedump/packer.rb
144
146
  - lib/pedump/pe.rb
145
147
  - lib/pedump/resources.rb
@@ -155,6 +157,7 @@ files:
155
157
  - misc/aspack/aspack_unlzx.c
156
158
  - misc/aspack/lzxdec.c
157
159
  - misc/aspack/lzxdec.h
160
+ - misc/nedump.c
158
161
  - pedump.gemspec
159
162
  - spec/65535sects_spec.rb
160
163
  - spec/composite_io_spec.rb
@@ -163,6 +166,7 @@ files:
163
166
  - spec/imports_badterm_spec.rb
164
167
  - spec/imports_vterm_spec.rb
165
168
  - spec/manyimportsW7_spec.rb
169
+ - spec/ne_spec.rb
166
170
  - spec/packer_spec.rb
167
171
  - spec/pe_spec.rb
168
172
  - spec/pedump_spec.rb
@@ -188,7 +192,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
188
192
  version: '0'
189
193
  segments:
190
194
  - 0
191
- hash: -1408674862654916848
195
+ hash: 296095337605222581
192
196
  required_rubygems_version: !ruby/object:Gem::Requirement
193
197
  none: false
194
198
  requirements: