pedump 0.5.0 → 0.6.0

data/lib/pedump/te.rb

@@ -0,0 +1,51 @@
+class PEdump
+  # https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-specifications-general-technology.html
+  # http://wiki.phoenix.com/wiki/index.php/EFI_TE_IMAGE_HEADER
+  # https://formats.kaitai.io/uefi_te/index.html
+  # http://ho.ax/tag/efi/
+  
+  class EFI_TE_IMAGE_HEADER < IOStruct.new 'vvCCvVVQ',
+    :Signature,
+    :Machine,
+    :NumberOfSections,
+    :Subsystem,
+    :StrippedSize,
+    :AddressOfEntryPoint,
+    :BaseOfCode,
+    :ImageBase,
+    :DataDirectory # readed manually: EFI_IMAGE_DATA_DIRECTORY DataDirectory[2]
+
+    attr_accessor :sections
+
+    def self.read io, args = {}
+      super(io).tap do |te|
+        te.DataDirectory = 2.times.map do
+          EFI_IMAGE_DATA_DIRECTORY.read(io)
+        end
+        te.sections = PE.read_sections(io, te.NumberOfSections, args)
+      end
+    end
+  end
+  TE = EFI_TE_IMAGE_HEADER
+
+  EFI_IMAGE_DATA_DIRECTORY = IOStruct.new( "VV", :va, :size )
+  EFI_IMAGE_DATA_DIRECTORY::TYPES = %w'BASERELOC DEBUG'
+  EFI_IMAGE_DATA_DIRECTORY::TYPES.each_with_index do |type,idx|
+    EFI_IMAGE_DATA_DIRECTORY.const_set(type,idx)
+  end
+
+  def te f=@io
+    return @te if defined?(@te)
+    @te ||=
+      begin
+        te_offset = 0
+        f.seek te_offset
+        if f.read(2) == 'VZ'
+          f.seek te_offset
+          EFI_TE_IMAGE_HEADER.read f, :force => @force
+        else
+          nil
+        end
+      end
+  end
+end

data/lib/pedump/unpacker/aspack.rb

@@ -607,7 +607,7 @@ class PEdump::Unpacker::ASPack
     if m = @data.match(RELOCS_RE)
       a = m[1..-1].map{|x| x.unpack('V').first }
     else
-      logger.error "[!] cannot find imports"
+      logger.error "[!] cannot find relocs"
       raise
       return
     end

data/lib/pedump/version.rb

@@ -1,10 +1,7 @@
 class PEdump
   module Version
-    MAJOR = 0
-    MINOR = 5
-    PATCH = 0
+    STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
+    MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
     BUILD = nil
-
-    STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
   end
 end

data/misc/aspack/aspack_unlzx.c

@@ -30,6 +30,7 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
     LZX_CONTEXT LZX;
     BYTE* unpacked_data = NULL;
     size_t decoded_size;
+    int r;
 
     bzero(&LZX, sizeof(LZX));
 
@@ -38,8 +39,9 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
         return(ERR_NO_MEM);
     }
 
-    decoded_size = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
-    if ( decoded_size < 0 || decoded_size < unpacked_size ) {
+    r = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
+    decoded_size = (size_t)r;
+    if ( r < 0 || decoded_size < unpacked_size ) {
         free(unpacked_data);
         fprintf(stderr,"ERR_UNPACK\n");
         return(ERR_UNPACK);
@@ -58,7 +60,7 @@ int main(int argc, char*argv[]){
     if(argc != 3){
         fprintf(stderr, "ASPack unLZX\n");
         fprintf(stderr, "usage: %s <packed_size> <unpacked_size>\n", argv[0]);
-        fprintf(stderr, "(data is read from stdin and written to stdout)\n", argv[0]);
+        fprintf(stderr, "(data is read from stdin and written to stdout)\n");
         return 1;
     }
 

data/pedump.gemspec

@@ -2,25 +2,27 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+# stub: pedump 0.6.0 ruby lib
 
 Gem::Specification.new do |s|
-  s.name = "pedump"
-  s.version = "0.5.0"
+  s.name = "pedump".freeze
+  s.version = "0.6.0"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Andrey \"Zed\" Zaikin"]
-  s.date = "2013-04-20"
-  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
-  s.email = "zed.0xff@gmail.com"
-  s.executables = ["pedump"]
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
+  s.date = "2020-07-27"
+  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
+  s.email = "zed.0xff@gmail.com".freeze
+  s.executables = ["pedump".freeze]
   s.extra_rdoc_files = [
     "LICENSE.txt",
     "README.md"
   ]
   s.files = [
-    ".document",
-    ".rspec",
-    ".travis.yml",
+    ".github/FUNDING.yml",
+    ".github/dependabot.yml",
+    "CODE_OF_CONDUCT.md",
     "Gemfile",
     "Gemfile.lock",
     "LICENSE.txt",
@@ -50,6 +52,7 @@ Gem::Specification.new do |s|
     "lib/pedump/resources.rb",
     "lib/pedump/security.rb",
     "lib/pedump/sig_parser.rb",
+    "lib/pedump/te.rb",
     "lib/pedump/tls.rb",
     "lib/pedump/unpacker.rb",
     "lib/pedump/unpacker/aspack.rb",
@@ -61,77 +64,47 @@ Gem::Specification.new do |s|
     "misc/aspack/lzxdec.c",
     "misc/aspack/lzxdec.h",
     "misc/nedump.c",
-    "pedump.gemspec",
-    "samples/bad/68.exe",
-    "samples/bad/data_dir_15_entries.exe",
-    "spec/65535sects_spec.rb",
-    "spec/bad_imports_spec.rb",
-    "spec/bad_samples_spec.rb",
-    "spec/composite_io_spec.rb",
-    "spec/data/calc.exe_sections.yml",
-    "spec/data/data_dir_15_entries.exe_sections.yml",
-    "spec/dllord_spec.rb",
-    "spec/foldedhdr_spec.rb",
-    "spec/imports_badterm_spec.rb",
-    "spec/imports_vterm_spec.rb",
-    "spec/loader/names_spec.rb",
-    "spec/loader/va_spec.rb",
-    "spec/manyimportsW7_spec.rb",
-    "spec/ne_spec.rb",
-    "spec/packer_spec.rb",
-    "spec/pe_spec.rb",
-    "spec/pedump_spec.rb",
-    "spec/resource_spec.rb",
-    "spec/sections_spec.rb",
-    "spec/sig_all_packers_spec.rb",
-    "spec/sig_spec.rb",
-    "spec/spec_helper.rb",
-    "spec/support/samples.rb",
-    "spec/unpackers/aspack_spec.rb",
-    "spec/unpackers/find_spec.rb",
-    "spec/virtsectblXP_spec.rb",
-    "tmp/.keep"
+    "pedump.gemspec"
   ]
-  s.homepage = "http://github.com/zed-0xff/pedump"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
-  s.summary = "dump win32 PE executable files with a pure ruby"
+  s.homepage = "http://github.com/zed-0xff/pedump".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.7.10".freeze
+  s.summary = "dump win32 PE executable files with a pure ruby".freeze
 
   if s.respond_to? :specification_version then
-    s.specification_version = 3
+    s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_runtime_dependency(%q<progressbar>, [">= 0"])
-      s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
-      s.add_runtime_dependency(%q<iostruct>, [">= 0.0.4"])
-      s.add_runtime_dependency(%q<zhexdump>, [">= 0.0.2"])
-      s.add_development_dependency(%q<rspec>, [">= 0"])
-      s.add_development_dependency(%q<bundler>, [">= 0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<what_methods>, [">= 0"])
+      s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+      s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+      s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+      s.add_development_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+      s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+      s.add_development_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
+      s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
     else
-      s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_dependency(%q<progressbar>, [">= 0"])
-      s.add_dependency(%q<awesome_print>, [">= 0"])
-      s.add_dependency(%q<iostruct>, [">= 0.0.4"])
-      s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
-      s.add_dependency(%q<rspec>, [">= 0"])
-      s.add_dependency(%q<bundler>, [">= 0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<what_methods>, [">= 0"])
+      s.add_dependency(%q<rainbow>.freeze, [">= 0"])
+      s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
+      s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+      s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+      s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+      s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+      s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+      s.add_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
+      s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
     end
   else
-    s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-    s.add_dependency(%q<progressbar>, [">= 0"])
-    s.add_dependency(%q<awesome_print>, [">= 0"])
-    s.add_dependency(%q<iostruct>, [">= 0.0.4"])
-    s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
-    s.add_dependency(%q<rspec>, [">= 0"])
-    s.add_dependency(%q<bundler>, [">= 0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<what_methods>, [">= 0"])
+    s.add_dependency(%q<rainbow>.freeze, [">= 0"])
+    s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
+    s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+    s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+    s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+    s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+    s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+    s.add_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
+    s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
   end
 end
 

metadata

@@ -1,160 +1,141 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.5.0
-  prerelease: 
+  version: 0.6.0
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-20 00:00:00.000000000 Z
+date: 2020-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: multipart-post
+  name: rainbow
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.4
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.4
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: progressbar
+  name: awesome_print
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: awesome_print
+  name: iostruct
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.4
 - !ruby/object:Gem::Dependency
-  name: iostruct
+  name: multipart-post
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.0.4
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.0.4
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: zhexdump
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.2
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.9.0
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rspec-its
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.4
 - !ruby/object:Gem::Dependency
-  name: what_methods
+  name: jeweler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.3.9
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.3.9
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
 email: zed.0xff@gmail.com
 executables:
@@ -164,9 +145,9 @@ extra_rdoc_files:
 - LICENSE.txt
 - README.md
 files:
-- .document
-- .rspec
-- .travis.yml
+- ".github/FUNDING.yml"
+- ".github/dependabot.yml"
+- CODE_OF_CONDUCT.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -196,6 +177,7 @@ files:
 - lib/pedump/resources.rb
 - lib/pedump/security.rb
 - lib/pedump/sig_parser.rb
+- lib/pedump/te.rb
 - lib/pedump/tls.rb
 - lib/pedump/unpacker.rb
 - lib/pedump/unpacker/aspack.rb
@@ -208,61 +190,28 @@ files:
 - misc/aspack/lzxdec.h
 - misc/nedump.c
 - pedump.gemspec
-- samples/bad/68.exe
-- samples/bad/data_dir_15_entries.exe
-- spec/65535sects_spec.rb
-- spec/bad_imports_spec.rb
-- spec/bad_samples_spec.rb
-- spec/composite_io_spec.rb
-- spec/data/calc.exe_sections.yml
-- spec/data/data_dir_15_entries.exe_sections.yml
-- spec/dllord_spec.rb
-- spec/foldedhdr_spec.rb
-- spec/imports_badterm_spec.rb
-- spec/imports_vterm_spec.rb
-- spec/loader/names_spec.rb
-- spec/loader/va_spec.rb
-- spec/manyimportsW7_spec.rb
-- spec/ne_spec.rb
-- spec/packer_spec.rb
-- spec/pe_spec.rb
-- spec/pedump_spec.rb
-- spec/resource_spec.rb
-- spec/sections_spec.rb
-- spec/sig_all_packers_spec.rb
-- spec/sig_spec.rb
-- spec/spec_helper.rb
-- spec/support/samples.rb
-- spec/unpackers/aspack_spec.rb
-- spec/unpackers/find_spec.rb
-- spec/virtsectblXP_spec.rb
-- tmp/.keep
 homepage: http://github.com/zed-0xff/pedump
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -1369606751108388991
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.7.10
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: dump win32 PE executable files with a pure ruby
 test_files: []