pedump 0.5.0 → 0.5.1

data/spec/packer_spec.rb

@@ -1,17 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
-
-%w'calc_upx.exe arm_upx.exe'.each do |fname|
-  describe fname do
-    before :all do
-      File.open(File.join("samples",fname),"rb") do |f|
-        @packer = PEdump.new(f).packer.first
-      end
-    end
-
-    it "should detect UPX" do
-      @packer.should_not be_nil
-      @packer.name.should include 'UPX'
-    end
-  end
-end

data/spec/pe_spec.rb

@@ -1,67 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
-
-describe 'PE' do
-  it "should assume TimeDateStamp is in UTC"
-
-  KLASS = PEdump::ImportedFunction
-
-  describe KLASS do
-    it "should be equal" do
-      pending "necessary?"
-      a = []
-      KLASS.new(*a).should == KLASS.new(*a)
-      a = ['a']
-      KLASS.new(*a).should == KLASS.new(*a)
-      a = ['a','b']
-      KLASS.new(*a).should == KLASS.new(*a)
-      a = ['a','b','c']
-      KLASS.new(*a).should == KLASS.new(*a)
-      a = ['a','b','c','d']
-      KLASS.new(*a).should == KLASS.new(*a)
-    end
-
-    it "should not be equal" do
-      a = ['a']
-      b = []
-      KLASS.new(*a).should_not == KLASS.new(*b)
-      a = ['a']
-      b = ['b']
-      KLASS.new(*a).should_not == KLASS.new(*b)
-      a = ['a','B']
-      b = ['a','b']
-      KLASS.new(*a).should_not == KLASS.new(*b)
-      a = ['a','b','c']
-      b = ['a','b']
-      KLASS.new(*a).should_not == KLASS.new(*b)
-      a = ['a','b','c']
-      b = ['a','b','X']
-      KLASS.new(*a).should_not == KLASS.new(*b)
-    end
-
-    it "should be equal with different VA's" do
-      pending "necessary?"
-      a = ['a','b','c',nil]
-      b = ['a','b','c','d']
-      KLASS.new(*a).should == KLASS.new(*b)
-      a = ['a','b','c',0x1000]
-      b = ['a','b','c',0x2000]
-      KLASS.new(*a).should == KLASS.new(*b)
-      a = ['a','b','c',0x1000]
-      b = ['a','b','c',0x1000]
-      KLASS.new(*a).should == KLASS.new(*b)
-    end
-
-    it "should be equal in uniq() with different VA's" do
-      a = ['a','b','c',nil]
-      b = ['a','b','c','d']
-      [KLASS.new(*a), KLASS.new(*b)].uniq.size.should == 1
-      a = ['a','b','c',0x1000]
-      b = ['a','b','c',0x2000]
-      [KLASS.new(*a), KLASS.new(*b)].uniq.size.should == 1
-      a = ['a','b','c',0x1000]
-      b = ['a','b','c',0x1000]
-      [KLASS.new(*a), KLASS.new(*b)].uniq.size.should == 1
-    end
-  end
-end

data/spec/pedump_spec.rb

@@ -1,19 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-
-describe "PEdump#dump" do
-  describe "should save packer" do
-    it "when arg is a filename" do
-      dump = PEdump.dump("samples/arm_upx.exe", :log_level => Logger::FATAL)
-      dump.packers.size.should == 1
-      dump.packers.first.name.should =~ /UPX/
-    end
-
-    it "when arg is an IO" do
-      File.open("samples/arm_upx.exe", "rb") do |f|
-        dump = PEdump.dump(f, :log_level => Logger::FATAL)
-        dump.packers.size.should == 1
-        dump.packers.first.name.should =~ /UPX/
-      end
-    end
-  end
-end

data/spec/resource_spec.rb

@@ -1,13 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
-
-describe 'PEdump' do
-  it "should get all resources" do
-    fname = File.expand_path(File.dirname(__FILE__) + '/../samples/calc.exe')
-    File.open(fname,"rb") do |f|
-      @pedump = PEdump.new(fname)
-      @resources = @pedump.resources(f)
-    end
-    @resources.size.should == 71
-  end
-end

data/spec/sections_spec.rb

@@ -1,11 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
-require 'yaml'
-
-['calc.exe', 'bad/data_dir_15_entries.exe'].each do |fname|
-  describe fname do
-    it "should match saved sections info" do
-      sample.sections.should == YAML::load_file(File.join(DATA_DIR,"#{File.basename(fname)}_sections.yml"))
-    end
-  end
-end

data/spec/sig_all_packers_spec.rb

@@ -1,24 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump/packer')
-
-describe "PEdump::Packer" do
-  describe "matchers" do
-    if ENV['SLOW']
-      PEdump::SigParser.parse(:raw => true).each do |sig|
-        data = sig.re.join
-        next if data == "This program cannot be run in DOS mo"
-        it "should find #{sig.name}" do
-          a = PEdump::Packer.of(data).map(&:name)
-          a.size.should > 0
-
-          a = sig.name.split - a.join(' ').split - ['Exe','PE']
-          a.delete_if{ |x| x[/[vV\.\/()\[\]]/] }
-          p a if a.size > 1
-          a.size.should < 2
-        end
-      end
-    else
-      pending "SLOW"
-    end
-  end
-end

data/spec/sig_spec.rb

@@ -1,68 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump/packer')
-
-describe "PEdump::Packer" do
-  it "should have enough signatures" do
-    PEdump::Packer.count.should > 1000
-  end
-
-  it "should not match" do
-    maxlen = PEdump::Packer.map(&:size).max
-    s = 'x'*maxlen
-    PEdump::Packer.of_data(s).should be_nil
-  end
-
-  it "should parse" do
-    a = PEdump::SigParser.parse
-    a.should be_instance_of(Array)
-    a.map(&:class).uniq.should == [PEdump::Packer]
-  end
-
-  it "should not react to DOS signature" do
-    data = "This program cannot be run in DOS mode"
-    PEdump::Packer.of(data).should be_nil
-  end
-
-  it "should match sigs" do
-    n = 0
-    File.open('data/signatures.txt', 'r:cp1252') do |f|
-      while row = f.gets
-        row.strip!
-        next unless row =~ /^\[(.*)=(.*)\]$/
-        s = ''
-        title,hexstring = $1,$2
-
-        # bad sigs
-        next if hexstring == '909090909090909090909090909090909090909090909090909090909090909090909090'
-        next if hexstring == 'E9::::0000000000000000'
-
-        (hexstring.size/2).times do |i|
-          c = hexstring[i*2,2]
-          if c == '::'
-            s << '.'
-          else
-            s << c.to_i(16).chr
-          end
-        end
-        packers = PEdump::Packer.of(s)
-        if packers
-          names = packers.map(&:name)
-          next if names.any? do |name|
-            a = name.upcase.tr('V','')
-            b = title.upcase.tr('V','')
-            a[b] || b[a]
-          end
-#          puts "[.] #{title}"
-#          names.each do |x|
-#            puts "\t= #{x}"
-#          end
-        else
-          puts "[?] #{title}: #{hexstring}"
-          n += 1
-        end
-      end
-    end
-    #puts "[.] diff = #{n}"
-    n.should == 0
-  end
-end

data/spec/spec_helper.rb

@@ -1,24 +0,0 @@
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-require 'rspec'
-require 'pedump'
-require 'fileutils'
-
-DATA_DIR = File.join(File.dirname(__FILE__), "data")
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
-
-def unarchive_samples fname
-  flag_fname = File.join(File.dirname(fname), ".#{File.basename(fname)}_unpacked")
-  # check if already unpacked
-  return if File.exist?(flag_fname)
-  system "7zr", "x", "-y", "-o#{SAMPLES_DIR}", fname
-  FileUtils.touch(flag_fname) if $?.success?
-end
-
-RSpec.configure do |config|
-  config.before :suite do
-    Dir[File.join(SAMPLES_DIR,"*.7z")].each do |fname|
-      unarchive_samples fname
-    end
-  end
-end

data/spec/support/samples.rb

@@ -1,24 +0,0 @@
-SAMPLES_DIR = File.expand_path(File.dirname(__FILE__) + '/../../samples/')
-
-def sample
-  @pedump ||=
-    begin
-      fname =
-        if self.example
-          # called from it(...)
-          self.example.full_description.split.first
-        else
-          # called from before(:all)
-          self.class.metadata[:example_group][:description_args].first
-        end
-      fname = File.join(SAMPLES_DIR, fname)
-      File.open(fname,"rb") do |f|
-        if block_given?
-          yield PEdump.new(f)
-        else
-          PEdump.new(f).dump
-        end
-      end
-    end
-end
-

data/spec/unpackers/aspack_spec.rb

@@ -1,69 +0,0 @@
-root = File.expand_path(File.dirname(File.dirname(File.dirname(__FILE__))))
-require "#{root}/spec/spec_helper"
-require "#{root}/lib/pedump"
-require "#{root}/lib/pedump/unpacker/aspack"
-require "#{root}/lib/pedump/comparer"
-
-describe PEdump::Unpacker::ASPack do
-  Dir["#{root}/samples/*.asp[1-9]*.{exe}"].each do |pname|
-    orig_fname = pname.sub(/\.asp[^.]+/,'')
-
-    describe File.basename(orig_fname) + " vs " + File.basename(pname) do
-      before :all do
-        @ldr = PEdump::Loader.new(File.open(orig_fname,"rb"))
-      end
-
-      it "should have no differences" do
-        File.open(pname,"rb") do |f|
-          u = PEdump::Unpacker::ASPack.new(f)
-          File.open("#{root}/tmp/unpacked.tmp","w+") do |fo|
-            u.unpack.dump(fo)
-            fo.rewind
-            ldr = PEdump::Loader.new(fo)
-
-            comparer = PEdump::Comparer.new(@ldr, ldr)
-            comparer.ignored_data_dirs = [
-              PEdump::IMAGE_DATA_DIRECTORY::LOAD_CONFIG,
-              PEdump::IMAGE_DATA_DIRECTORY::Bound_IAT,
-              PEdump::IMAGE_DATA_DIRECTORY::Delay_IAT
-            ]
-            comparer.ignored_sections = [ '.rsrc', '.aspack' ]
-            comparer.diff.should == []
-          end
-        end
-      end
-    end
-  end
-
-  Dir["#{root}/samples/*.asp[1-9]*.{ocx}"].each do |pname|
-    orig_fname = pname.sub(/\.asp[^.]+/,'')
-
-    describe File.basename(orig_fname) + " vs " + File.basename(pname) do
-      before :all do
-        @ldr = PEdump::Loader.new(File.open(orig_fname,"rb"))
-      end
-
-      it "should have no differences" do
-        File.open(pname,"rb") do |f|
-          u = PEdump::Unpacker::ASPack.new(f)
-          File.open("#{root}/tmp/unpacked.tmp","w+") do |fo|
-            u.unpack.dump(fo)
-            fo.rewind
-            ldr = PEdump::Loader.new(fo)
-
-            comparer = PEdump::Comparer.new(@ldr, ldr)
-            comparer.ignored_data_dirs = [
-              PEdump::IMAGE_DATA_DIRECTORY::LOAD_CONFIG,
-              PEdump::IMAGE_DATA_DIRECTORY::Bound_IAT,
-              PEdump::IMAGE_DATA_DIRECTORY::Delay_IAT,
-              PEdump::IMAGE_DATA_DIRECTORY::BASERELOC, # 0x15496 vs 0x15494
-              PEdump::IMAGE_DATA_DIRECTORY::IAT
-            ]
-            comparer.ignored_sections = [ '.rsrc', '.aspack', '.cas' ]
-            comparer.diff.should == []
-          end
-        end
-      end
-    end
-  end
-end

data/spec/unpackers/find_spec.rb

@@ -1,21 +0,0 @@
-root = File.expand_path(File.dirname(File.dirname(File.dirname(__FILE__))))
-require "#{root}/spec/spec_helper"
-require "#{root}/lib/pedump/unpacker"
-
-describe PEdump::Unpacker do
-  it "finds UPX" do
-    PEdump::Unpacker.find("#{root}/samples/calc_upx.exe").should == PEdump::Unpacker::UPX
-  end
-
-  it "finds ARM UPX" do
-    PEdump::Unpacker.find("#{root}/samples/arm_upx.exe").should == PEdump::Unpacker::UPX
-  end
-
-  it "finds ASPack" do
-    PEdump::Unpacker.find("#{root}/samples/calc.asp212.exe").should == PEdump::Unpacker::ASPack
-  end
-
-  it "finds nothing" do
-    PEdump::Unpacker.find("#{root}/samples/calc.exe").should be_nil
-  end
-end

data/spec/virtsectblXP_spec.rb

@@ -1,12 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
-
-describe 'corkami/virtsectblXP.exe' do
-  it "should have 2 imports" do
-    sample.imports.size.should == 2
-    sample.imports.map(&:module_name).should == %w'kernel32.dll msvcrt.dll'
-    sample.imports.map do |iid|
-      (iid.original_first_thunk + iid.first_thunk).uniq.map(&:name)
-    end.flatten.should == ["ExitProcess", "printf"]
-  end
-end