pedump 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.github/FUNDING.yml +2 -0
- data/.github/dependabot.yml +8 -0
- data/CODE_OF_CONDUCT.md +76 -0
- data/Gemfile +11 -16
- data/Gemfile.lock +73 -27
- data/README.md +15 -6
- data/Rakefile +5 -44
- data/VERSION +1 -1
- data/lib/pedump.rb +101 -29
- data/lib/pedump/cli.rb +29 -18
- data/lib/pedump/loader.rb +1 -1
- data/lib/pedump/loader/minidump.rb +195 -31
- data/lib/pedump/ne.rb +1 -1
- data/lib/pedump/pe.rb +63 -54
- data/lib/pedump/te.rb +51 -0
- data/lib/pedump/unpacker/aspack.rb +1 -1
- data/lib/pedump/version.rb +2 -5
- data/misc/aspack/aspack_unlzx.c +5 -3
- data/pedump.gemspec +47 -74
- metadata +50 -101
- data/.document +0 -5
- data/.rspec +0 -1
- data/.travis.yml +0 -4
- data/samples/bad/68.exe +0 -0
- data/samples/bad/data_dir_15_entries.exe +0 -0
- data/spec/65535sects_spec.rb +0 -8
- data/spec/bad_imports_spec.rb +0 -20
- data/spec/bad_samples_spec.rb +0 -13
- data/spec/composite_io_spec.rb +0 -122
- data/spec/data/calc.exe_sections.yml +0 -49
- data/spec/data/data_dir_15_entries.exe_sections.yml +0 -95
- data/spec/dllord_spec.rb +0 -21
- data/spec/foldedhdr_spec.rb +0 -28
- data/spec/imports_badterm_spec.rb +0 -52
- data/spec/imports_vterm_spec.rb +0 -52
- data/spec/loader/names_spec.rb +0 -24
- data/spec/loader/va_spec.rb +0 -44
- data/spec/manyimportsW7_spec.rb +0 -22
- data/spec/ne_spec.rb +0 -125
- data/spec/packer_spec.rb +0 -17
- data/spec/pe_spec.rb +0 -67
- data/spec/pedump_spec.rb +0 -19
- data/spec/resource_spec.rb +0 -13
- data/spec/sections_spec.rb +0 -11
- data/spec/sig_all_packers_spec.rb +0 -24
- data/spec/sig_spec.rb +0 -68
- data/spec/spec_helper.rb +0 -24
- data/spec/support/samples.rb +0 -24
- data/spec/unpackers/aspack_spec.rb +0 -69
- data/spec/unpackers/find_spec.rb +0 -21
- data/spec/virtsectblXP_spec.rb +0 -12
- data/tmp/.keep +0 -0
data/spec/spec_helper.rb
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
|
2
|
-
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
|
3
|
-
require 'rspec'
|
|
4
|
-
require 'pedump'
|
|
5
|
-
require 'fileutils'
|
|
6
|
-
|
|
7
|
-
DATA_DIR = File.join(File.dirname(__FILE__), "data")
|
|
8
|
-
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
|
9
|
-
|
|
10
|
-
def unarchive_samples fname
|
|
11
|
-
flag_fname = File.join(File.dirname(fname), ".#{File.basename(fname)}_unpacked")
|
|
12
|
-
# check if already unpacked
|
|
13
|
-
return if File.exist?(flag_fname)
|
|
14
|
-
system "7zr", "x", "-y", "-o#{SAMPLES_DIR}", fname
|
|
15
|
-
FileUtils.touch(flag_fname) if $?.success?
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
RSpec.configure do |config|
|
|
19
|
-
config.before :suite do
|
|
20
|
-
Dir[File.join(SAMPLES_DIR,"*.7z")].each do |fname|
|
|
21
|
-
unarchive_samples fname
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|
data/spec/support/samples.rb
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
SAMPLES_DIR = File.expand_path(File.dirname(__FILE__) + '/../../samples/')
|
|
2
|
-
|
|
3
|
-
def sample
|
|
4
|
-
@pedump ||=
|
|
5
|
-
begin
|
|
6
|
-
fname =
|
|
7
|
-
if self.example
|
|
8
|
-
# called from it(...)
|
|
9
|
-
self.example.full_description.split.first
|
|
10
|
-
else
|
|
11
|
-
# called from before(:all)
|
|
12
|
-
self.class.metadata[:example_group][:description_args].first
|
|
13
|
-
end
|
|
14
|
-
fname = File.join(SAMPLES_DIR, fname)
|
|
15
|
-
File.open(fname,"rb") do |f|
|
|
16
|
-
if block_given?
|
|
17
|
-
yield PEdump.new(f)
|
|
18
|
-
else
|
|
19
|
-
PEdump.new(f).dump
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
|
|
@@ -1,69 +0,0 @@
|
|
|
1
|
-
root = File.expand_path(File.dirname(File.dirname(File.dirname(__FILE__))))
|
|
2
|
-
require "#{root}/spec/spec_helper"
|
|
3
|
-
require "#{root}/lib/pedump"
|
|
4
|
-
require "#{root}/lib/pedump/unpacker/aspack"
|
|
5
|
-
require "#{root}/lib/pedump/comparer"
|
|
6
|
-
|
|
7
|
-
describe PEdump::Unpacker::ASPack do
|
|
8
|
-
Dir["#{root}/samples/*.asp[1-9]*.{exe}"].each do |pname|
|
|
9
|
-
orig_fname = pname.sub(/\.asp[^.]+/,'')
|
|
10
|
-
|
|
11
|
-
describe File.basename(orig_fname) + " vs " + File.basename(pname) do
|
|
12
|
-
before :all do
|
|
13
|
-
@ldr = PEdump::Loader.new(File.open(orig_fname,"rb"))
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
it "should have no differences" do
|
|
17
|
-
File.open(pname,"rb") do |f|
|
|
18
|
-
u = PEdump::Unpacker::ASPack.new(f)
|
|
19
|
-
File.open("#{root}/tmp/unpacked.tmp","w+") do |fo|
|
|
20
|
-
u.unpack.dump(fo)
|
|
21
|
-
fo.rewind
|
|
22
|
-
ldr = PEdump::Loader.new(fo)
|
|
23
|
-
|
|
24
|
-
comparer = PEdump::Comparer.new(@ldr, ldr)
|
|
25
|
-
comparer.ignored_data_dirs = [
|
|
26
|
-
PEdump::IMAGE_DATA_DIRECTORY::LOAD_CONFIG,
|
|
27
|
-
PEdump::IMAGE_DATA_DIRECTORY::Bound_IAT,
|
|
28
|
-
PEdump::IMAGE_DATA_DIRECTORY::Delay_IAT
|
|
29
|
-
]
|
|
30
|
-
comparer.ignored_sections = [ '.rsrc', '.aspack' ]
|
|
31
|
-
comparer.diff.should == []
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
Dir["#{root}/samples/*.asp[1-9]*.{ocx}"].each do |pname|
|
|
39
|
-
orig_fname = pname.sub(/\.asp[^.]+/,'')
|
|
40
|
-
|
|
41
|
-
describe File.basename(orig_fname) + " vs " + File.basename(pname) do
|
|
42
|
-
before :all do
|
|
43
|
-
@ldr = PEdump::Loader.new(File.open(orig_fname,"rb"))
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
it "should have no differences" do
|
|
47
|
-
File.open(pname,"rb") do |f|
|
|
48
|
-
u = PEdump::Unpacker::ASPack.new(f)
|
|
49
|
-
File.open("#{root}/tmp/unpacked.tmp","w+") do |fo|
|
|
50
|
-
u.unpack.dump(fo)
|
|
51
|
-
fo.rewind
|
|
52
|
-
ldr = PEdump::Loader.new(fo)
|
|
53
|
-
|
|
54
|
-
comparer = PEdump::Comparer.new(@ldr, ldr)
|
|
55
|
-
comparer.ignored_data_dirs = [
|
|
56
|
-
PEdump::IMAGE_DATA_DIRECTORY::LOAD_CONFIG,
|
|
57
|
-
PEdump::IMAGE_DATA_DIRECTORY::Bound_IAT,
|
|
58
|
-
PEdump::IMAGE_DATA_DIRECTORY::Delay_IAT,
|
|
59
|
-
PEdump::IMAGE_DATA_DIRECTORY::BASERELOC, # 0x15496 vs 0x15494
|
|
60
|
-
PEdump::IMAGE_DATA_DIRECTORY::IAT
|
|
61
|
-
]
|
|
62
|
-
comparer.ignored_sections = [ '.rsrc', '.aspack', '.cas' ]
|
|
63
|
-
comparer.diff.should == []
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
end
|
|
69
|
-
end
|
data/spec/unpackers/find_spec.rb
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
root = File.expand_path(File.dirname(File.dirname(File.dirname(__FILE__))))
|
|
2
|
-
require "#{root}/spec/spec_helper"
|
|
3
|
-
require "#{root}/lib/pedump/unpacker"
|
|
4
|
-
|
|
5
|
-
describe PEdump::Unpacker do
|
|
6
|
-
it "finds UPX" do
|
|
7
|
-
PEdump::Unpacker.find("#{root}/samples/calc_upx.exe").should == PEdump::Unpacker::UPX
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
it "finds ARM UPX" do
|
|
11
|
-
PEdump::Unpacker.find("#{root}/samples/arm_upx.exe").should == PEdump::Unpacker::UPX
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
it "finds ASPack" do
|
|
15
|
-
PEdump::Unpacker.find("#{root}/samples/calc.asp212.exe").should == PEdump::Unpacker::ASPack
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "finds nothing" do
|
|
19
|
-
PEdump::Unpacker.find("#{root}/samples/calc.exe").should be_nil
|
|
20
|
-
end
|
|
21
|
-
end
|
data/spec/virtsectblXP_spec.rb
DELETED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
|
2
|
-
require File.expand_path(File.dirname(__FILE__) + '/../lib/pedump')
|
|
3
|
-
|
|
4
|
-
describe 'corkami/virtsectblXP.exe' do
|
|
5
|
-
it "should have 2 imports" do
|
|
6
|
-
sample.imports.size.should == 2
|
|
7
|
-
sample.imports.map(&:module_name).should == %w'kernel32.dll msvcrt.dll'
|
|
8
|
-
sample.imports.map do |iid|
|
|
9
|
-
(iid.original_first_thunk + iid.first_thunk).uniq.map(&:name)
|
|
10
|
-
end.flatten.should == ["ExitProcess", "printf"]
|
|
11
|
-
end
|
|
12
|
-
end
|
data/tmp/.keep
DELETED
|
File without changes
|