pedump 0.5.2 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 36cf566a0402466825375c371ef074e1512e0f68
-  data.tar.gz: 57c35cffa2643d1e02884f5e3acbadd6bc435963
+SHA256:
+  metadata.gz: 9d4f9c13c95df2d30baf18bba07765fa26f1d4066a8abde228cba5cd29bc9df0
+  data.tar.gz: b034a68704793f502843db9ec791ca636e404b20258ae144a349e718eaf8a6b6
 SHA512:
-  metadata.gz: 6064efb885476ed1f789e8ab4d7ca9ea59202c41d61a9b5434cda1bdc906aa9972ca8b73f5808427110137c9f72d869b8a9bcacc8a6a52ef992c77b66ef45bd1
-  data.tar.gz: 1dbe9488d26068fc432e338ae1225d4eea6359334a30ed7f335a7229a7fde5fdf158f4a5eb458264bcf0006a37d62b634072afc887abf0e253f783ee7e96cb9c
+  metadata.gz: 5b3187809523a111b8cf6ed608047f19044a4e616591297991ae6f97aabd7a783113b8cbf1c1a04d7968cbff6baa5f188c2aec504540ca305117fa38e7c61273
+  data.tar.gz: b870e93e3cc90785836ed6719599f855e20c026489bec925d4859e493f4c3a65b1b7c60ca15a8040f8be652ed1884171b302009c2ed5a16d6a3887b2d00ed36c

data/.github/workflows/rubocop-analysis.yml

@@ -0,0 +1,39 @@
+name: "Rubocop"
+
+on: push
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # If running on a self-hosted runner, check it meets the requirements
+    # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+
+    # This step is not necessary if you add the gem to your Gemfile
+    - name: Install Code Scanning integration
+      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
+
+    - name: Install dependencies
+      run: bundle install
+
+    - name: Rubocop run
+      run: |
+        bash -c "
+          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+          [[ $? -ne 2 ]]
+        "
+
+    - name: Upload Sarif output
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: rubocop.sarif

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+ advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at zed.0xff@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq

data/Gemfile

@@ -1,2 +1,15 @@
 source "https://rubygems.org"
-gemspec
+#gemspec
+
+gem 'rainbow'
+gem "awesome_print"
+gem "iostruct",       ">= 0.0.4"
+gem "multipart-post", ">= 2.0.0"
+gem "zhexdump",       ">= 0.0.2"
+
+group :development do
+  gem "rspec",   "~> 3.9.0"
+  gem "rspec-its", "~> 1.3.0"
+  gem "bundler", "~> 2.2.3"
+  gem "jeweler", "~> 2.3.9"
+end

data/Gemfile.lock

@@ -1,45 +1,92 @@
-PATH
-  remote: .
-  specs:
-    pedump (0.5.1)
-      awesome_print
-      iostruct (>= 0.0.4)
-      multipart-post (~> 2.0.0)
-      progressbar
-      zhexdump (>= 0.0.2)
-
 GEM
   remote: https://rubygems.org/
   specs:
-    awesome_print (1.7.0)
-    diff-lcs (1.2.5)
+    addressable (2.4.0)
+    awesome_print (1.8.0)
+    builder (3.2.4)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.4.4)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    git (1.8.1)
+      rchardet (~> 1.8)
+    github_api (0.16.0)
+      addressable (~> 2.4.0)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.4)
+      mime-types (>= 1.16, < 3.0)
+      oauth2 (~> 1.0)
+    hashie (4.1.0)
+    highline (2.0.3)
     iostruct (0.0.4)
-    multipart-post (2.0.0)
-    progressbar (0.21.0)
-    rake (10.5.0)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.3)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
+    jeweler (2.3.9)
+      builder
+      bundler
+      git (>= 1.2.5)
+      github_api (~> 0.16.0)
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      psych
+      rake
+      rdoc
+      semver2
+    jwt (2.2.2)
+    mime-types (2.99.3)
+    mini_portile2 (2.5.0)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    psych (3.3.0)
+    racc (1.5.2)
+    rack (2.2.3)
+    rainbow (3.0.0)
+    rake (13.0.3)
+    rchardet (1.8.0)
+    rdoc (6.3.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.3)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.4)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
+      rspec-support (~> 3.9.0)
+    rspec-its (1.3.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.4)
+    semver2 (3.4.2)
+    thread_safe (0.3.6)
     zhexdump (0.0.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.11)
-  pedump!
-  rake (~> 10.0)
-  rspec (~> 3.0)
+  awesome_print
+  bundler (~> 2.2.3)
+  iostruct (>= 0.0.4)
+  jeweler (~> 2.3.9)
+  multipart-post (>= 2.0.0)
+  rainbow
+  rspec (~> 3.9.0)
+  rspec-its (~> 1.3.0)
+  zhexdump (>= 0.0.2)
 
 BUNDLED WITH
-   1.12.5
+   2.2.3

data/README.md

@@ -1,6 +1,17 @@
-pedump    [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=master)](https://travis-ci.org/zed-0xff/pedump) [![Dependency Status](https://gemnasium.com/zed-0xff/pedump.png)](https://gemnasium.com/zed-0xff/pedump)
+pedump    [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=master)](https://travis-ci.org/zed-0xff/pedump) [![ko-fi](https://www.ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/K3K81Z3W5)
 ======
 
+News
+----
+```
+2021.02.18 - updated gems; changed open-uri to URI.open; enabled SSL on https://pedump.me/
+2020.08.09 - CLI: added resource extracting with --extract ID
+2020.07.28 - 0.6.1; better RICH HDR parsing/output
+2020.07.27 - 0.6.0
+2020.07.26 - now travis autotests run on ARM and OSX too!
+2020.07.25 - added EFI TE parsing; removed 'progressbar' gem dependency
+```
+
 Description
 -----------
 A pure ruby implementation of win32 PE binary files dumper.
@@ -11,6 +22,7 @@ Supported formats:
  * win16 NE
  * win32 PE
  * win64 PE
+ * EFI TE
 
 Can dump:
 
@@ -24,7 +36,7 @@ Can dump:
  * Imports & Exports
  * VS_VERSIONINFO parsing
  * PE Packer/Compiler detection
- * a convenient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
+ * a convenient way to upload your PE's to https://pedump.me for a nice HTML tables with image previews, candies & stuff
 
 Installation
 ------------
@@ -43,13 +55,14 @@ Usage
                                          (can be used multiple times)
         -F, --force                      Try to dump by all means
                                          (can cause exceptions & heavy wounds)
-        -f, --format FORMAT              Output format: bin,c,dump,hex,inspect,table,yaml
+        -f, --format FORMAT              Output format: bin,c,dump,hex,inspect,json,table,yaml
                                          (default: table)
             --mz
             --dos-stub
             --rich
             --pe
             --ne
+            --te
             --data-directory
         -S, --sections
             --tls
@@ -66,10 +79,20 @@ Usage
                                          mimics 'file' command output
         -r, --recursive                  recurse dirs in packer detect
             --all                        Dump all but resource-directory (default)
+    
+            --extract ID                 Extract a resource/section/data_dir
+                                         ID: datadir:EXPORT     - datadir by type
+                                         ID: resource:0x98478   - resource by offset
+                                         ID: resource:ICON/#1   - resource by type & name
+                                         ID: section:.text      - section by name
+                                         ID: section:rva/0x1000 - section by RVA
+                                         ID: section:raw/0x400  - section by RAW_PTR
             --va2file VA                 Convert RVA to file offset
-        -W, --web                        Uploads files to a http://pedump.me
+    
+        -W, --web                        Uploads files to a https://pedump.me
                                          for a nice HTML tables with image previews,
                                          candies & stuff
+        -C, --console                    opens IRB console with specified file loaded
 
 ### MZ Header
 
@@ -107,10 +130,10 @@ Usage
 
     === DOS STUB ===
     
-    00000000:  0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
-    00000010:  69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
-    00000020:  74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
-    00000030:  6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
+    00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
+    00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
+    00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
+    00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
 
 ### 'Rich' Header
 
@@ -118,14 +141,14 @@ Usage
 
     === RICH Header ===
     
-        LIB_ID        VERSION        TIMES_USED   
-       149  95      21022  521e         9   9
-         1   1          0     0       367 16f
-       147  93      21022  521e        29  1d
-       132  84      21022  521e       129  81
-       131  83      21022  521e        25  19
-       148  94      21022  521e         1   1
-       145  91      21022  521e         1   1
+       ID   VER         COUNT  DESCRIPTION
+       95  521e             9  [ASM] VS2008 build 21022
+        1     0           367  [---] Unmarked objects
+       93  521e            29  [IMP] VS2008 build 21022
+       84  521e           129  [C++] VS2008 build 21022
+       83  521e            25  [ C ] VS2008 build 21022
+       94  521e             1  [RES] VS2008 build 21022
+       91  521e             1  [LNK] VS2008 build 21022
 
 ### PE Header
 
@@ -405,6 +428,78 @@ Usage
     samples/unpackme.exe:                     ASProtect 1.33 - 2.1 Registered (Alexey Solodovnikov)
     samples/zlib.dll:                         Microsoft Visual C v2.0
 
+### Extracting
+
+#### Resources
+
+by name:
+
+    # pedump calc.exe --extract resource:VERSION/#1 | hexdump -C | head
+
+    00000000  78 03 34 00 00 00 56 00  53 00 5f 00 56 00 45 00  |x.4...V.S._.V.E.|
+    00000010  52 00 53 00 49 00 4f 00  4e 00 5f 00 49 00 4e 00  |R.S.I.O.N._.I.N.|
+    00000020  46 00 4f 00 00 00 00 00  bd 04 ef fe 00 00 01 00  |F.O.............|
+    00000030  01 00 06 00 00 00 91 1a  01 00 06 00 00 00 91 1a  |................|
+    00000040  3f 00 00 00 00 00 00 00  04 00 04 00 01 00 00 00  |?...............|
+    00000050  00 00 00 00 00 00 00 00  00 00 00 00 d6 02 00 00  |................|
+    00000060  01 00 53 00 74 00 72 00  69 00 6e 00 67 00 46 00  |..S.t.r.i.n.g.F.|
+    00000070  69 00 6c 00 65 00 49 00  6e 00 66 00 6f 00 00 00  |i.l.e.I.n.f.o...|
+    00000080  b2 02 00 00 01 00 30 00  34 00 30 00 39 00 30 00  |......0.4.0.9.0.|
+    00000090  34 00 42 00 30 00 00 00  4c 00 16 00 01 00 43 00  |4.B.0...L.....C.|
+
+by offset:
+
+    # pedump calc.exe --extract resource:0x98478 | head
+
+    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+    <!-- Copyright (c) Microsoft Corporation -->
+    <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
+    <assemblyIdentity
+        name="Microsoft.Windows.Shell.calc"
+        processorArchitecture="x86"
+        version="5.1.0.0"
+        type="win32"/>
+    <description>Windows Shell</description>
+    <dependency>
+
+#### Sections
+
+by name:
+
+    # pedump calc.exe --extract section:.text | hexdump -C | head -4
+
+    00000000  0b aa cb 77 f7 c4 cc 77  a4 c4 cc 77 c4 c4 cc 77  |...w...w...w...w|
+    00000010  3e d7 ca 77 ec b4 cb 77  69 9c f0 77 dc c4 cc 77  |>..w...wi..w...w|
+    00000020  12 9c cb 77 4d af cb 77  b4 c4 cc 77 6e a8 ee 77  |...wM..w...wn..w|
+    00000030  14 fc f0 77 00 00 00 00  2c 92 04 76 09 62 04 76  |...w....,..v.b.v|
+
+by RVA:
+
+    # pedump calc.exe --extract section:rva/0x1000 | hexdump -C | head -4
+
+    00000000  0b aa cb 77 f7 c4 cc 77  a4 c4 cc 77 c4 c4 cc 77  |...w...w...w...w|
+    00000010  3e d7 ca 77 ec b4 cb 77  69 9c f0 77 dc c4 cc 77  |>..w...wi..w...w|
+    00000020  12 9c cb 77 4d af cb 77  b4 c4 cc 77 6e a8 ee 77  |...wM..w...wn..w|
+    00000030  14 fc f0 77 00 00 00 00  2c 92 04 76 09 62 04 76  |...w....,..v.b.v|
+
+by RAW_PTR (file offset):
+
+    # pedump calc.exe --extract section:raw/0x400 | hexdump -C | head -4
+
+    00000000  0b aa cb 77 f7 c4 cc 77  a4 c4 cc 77 c4 c4 cc 77  |...w...w...w...w|
+    00000010  3e d7 ca 77 ec b4 cb 77  69 9c f0 77 dc c4 cc 77  |>..w...wi..w...w|
+    00000020  12 9c cb 77 4d af cb 77  b4 c4 cc 77 6e a8 ee 77  |...wM..w...wn..w|
+    00000030  14 fc f0 77 00 00 00 00  2c 92 04 76 09 62 04 76  |...w....,..v.b.v|
+
+#### Data Directory
+
+    # pedump calc.exe --extract datadir:IMPORT | hexdump -C | head -4
+
+    00000000  90 9f 04 00 ff ff ff ff  ff ff ff ff dc a2 04 00  |................|
+    00000010  48 12 00 00 f4 a0 04 00  ff ff ff ff ff ff ff ff  |H...............|
+    00000020  10 a5 04 00 ac 13 00 00  48 9d 04 00 ff ff ff ff  |........H.......|
+    00000030  ff ff ff ff f6 a5 04 00  00 10 00 00 5c 9f 04 00  |............\...|
+
 License
 -------
 Released under the MIT License.  See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.