pedump 0.5.2 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/lib/pedump/te.rb ADDED
@@ -0,0 +1,62 @@
1
+ class PEdump
2
+ # https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-specifications-general-technology.html
3
+ # http://wiki.phoenix.com/wiki/index.php/EFI_TE_IMAGE_HEADER
4
+ # https://formats.kaitai.io/uefi_te/index.html
5
+ # http://ho.ax/tag/efi/
6
+ # https://github.com/gdbinit/TELoader
7
+
8
+ EFI_IMAGE_DATA_DIRECTORY = IOStruct.new( "VV", :va, :size )
9
+ EFI_IMAGE_DATA_DIRECTORY::TYPES = %w'BASERELOC DEBUG'
10
+ EFI_IMAGE_DATA_DIRECTORY::TYPES.each_with_index do |type,idx|
11
+ EFI_IMAGE_DATA_DIRECTORY.const_set(type,idx)
12
+ end
13
+
14
+ class EFI_TE_IMAGE_HEADER < IOStruct.new 'vvCCvVVQ',
15
+ :Signature,
16
+ :Machine,
17
+ :NumberOfSections,
18
+ :Subsystem,
19
+ :StrippedSize,
20
+ :AddressOfEntryPoint,
21
+ :BaseOfCode,
22
+ :ImageBase,
23
+ :DataDirectory # readed manually: EFI_IMAGE_DATA_DIRECTORY DataDirectory[2]
24
+
25
+ REAL_SIZE = SIZE + EFI_IMAGE_DATA_DIRECTORY::SIZE * 2
26
+
27
+ attr_accessor :sections
28
+
29
+ def self.read io, args = {}
30
+ super(io).tap do |te|
31
+ te.DataDirectory = 2.times.map do
32
+ EFI_IMAGE_DATA_DIRECTORY.read(io)
33
+ end
34
+ te.sections = PE.read_sections(io, te.NumberOfSections, args)
35
+ end
36
+ end
37
+ end
38
+ TE = EFI_TE_IMAGE_HEADER
39
+
40
+ def te_shift
41
+ if @te
42
+ @te.StrippedSize - EFI_TE_IMAGE_HEADER::REAL_SIZE
43
+ else
44
+ 0
45
+ end
46
+ end
47
+
48
+ def te f=@io
49
+ return @te if defined?(@te)
50
+ @te ||=
51
+ begin
52
+ te_offset = 0
53
+ f.seek te_offset
54
+ if f.read(2) == 'VZ'
55
+ f.seek te_offset
56
+ EFI_TE_IMAGE_HEADER.read f, :force => @force
57
+ else
58
+ nil
59
+ end
60
+ end
61
+ end
62
+ end
@@ -607,7 +607,7 @@ class PEdump::Unpacker::ASPack
607
607
  if m = @data.match(RELOCS_RE)
608
608
  a = m[1..-1].map{|x| x.unpack('V').first }
609
609
  else
610
- logger.error "[!] cannot find imports"
610
+ logger.error "[!] cannot find relocs"
611
611
  raise
612
612
  return
613
613
  end
@@ -1,10 +1,7 @@
1
1
  class PEdump
2
2
  module Version
3
- MAJOR = 0
4
- MINOR = 5
5
- PATCH = 2
3
+ STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
4
+ MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
6
5
  BUILD = nil
7
-
8
- STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
9
6
  end
10
7
  end
@@ -30,6 +30,7 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
30
30
  LZX_CONTEXT LZX;
31
31
  BYTE* unpacked_data = NULL;
32
32
  size_t decoded_size;
33
+ int r;
33
34
 
34
35
  bzero(&LZX, sizeof(LZX));
35
36
 
@@ -38,8 +39,9 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
38
39
  return(ERR_NO_MEM);
39
40
  }
40
41
 
41
- decoded_size = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
42
- if ( decoded_size < 0 || decoded_size < unpacked_size ) {
42
+ r = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
43
+ decoded_size = (size_t)r;
44
+ if ( r < 0 || decoded_size < unpacked_size ) {
43
45
  free(unpacked_data);
44
46
  fprintf(stderr,"ERR_UNPACK\n");
45
47
  return(ERR_UNPACK);
@@ -58,7 +60,7 @@ int main(int argc, char*argv[]){
58
60
  if(argc != 3){
59
61
  fprintf(stderr, "ASPack unLZX\n");
60
62
  fprintf(stderr, "usage: %s <packed_size> <unpacked_size>\n", argv[0]);
61
- fprintf(stderr, "(data is read from stdin and written to stdout)\n", argv[0]);
63
+ fprintf(stderr, "(data is read from stdin and written to stdout)\n");
62
64
  return 1;
63
65
  }
64
66
 
data/pedump.gemspec CHANGED
@@ -1,33 +1,101 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'pedump/version'
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+ # stub: pedump 0.6.2 ruby lib
5
6
 
6
- Gem::Specification.new do |spec|
7
- spec.name = "pedump"
8
- spec.version = PEdump::Version::STRING
9
- spec.authors = ["Andrey \"Zed\" Zaikin"]
10
- spec.email = ["zed.0xff@gmail.com"]
7
+ Gem::Specification.new do |s|
8
+ s.name = "pedump".freeze
9
+ s.version = "0.6.2"
11
10
 
12
- spec.summary = "dump win32 PE executable files with a pure ruby"
13
- spec.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
14
- spec.homepage = "http://github.com/zed-0xff/pedump"
15
- spec.license = "MIT"
11
+ s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
+ s.require_paths = ["lib".freeze]
13
+ s.authors = ["Andrey \"Zed\" Zaikin".freeze]
14
+ s.date = "2021-02-18"
15
+ s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
16
+ s.email = "zed.0xff@gmail.com".freeze
17
+ s.executables = ["pedump".freeze]
18
+ s.extra_rdoc_files = [
19
+ "LICENSE.txt",
20
+ "README.md"
21
+ ]
22
+ s.files = [
23
+ ".github/workflows/rubocop-analysis.yml",
24
+ "CODE_OF_CONDUCT.md",
25
+ "Gemfile",
26
+ "Gemfile.lock",
27
+ "LICENSE.txt",
28
+ "README.md",
29
+ "Rakefile",
30
+ "VERSION",
31
+ "bin/pedump",
32
+ "data/comp_id.txt",
33
+ "data/fs.txt",
34
+ "data/jc-userdb.txt",
35
+ "data/sig.bin",
36
+ "data/signatures.txt",
37
+ "data/userdb.txt",
38
+ "lib/pedump.rb",
39
+ "lib/pedump/cli.rb",
40
+ "lib/pedump/comparer.rb",
41
+ "lib/pedump/composite_io.rb",
42
+ "lib/pedump/core.rb",
43
+ "lib/pedump/core_ext/try.rb",
44
+ "lib/pedump/loader.rb",
45
+ "lib/pedump/loader/minidump.rb",
46
+ "lib/pedump/loader/section.rb",
47
+ "lib/pedump/logger.rb",
48
+ "lib/pedump/ne.rb",
49
+ "lib/pedump/ne/version_info.rb",
50
+ "lib/pedump/packer.rb",
51
+ "lib/pedump/pe.rb",
52
+ "lib/pedump/resources.rb",
53
+ "lib/pedump/rich.rb",
54
+ "lib/pedump/security.rb",
55
+ "lib/pedump/sig_parser.rb",
56
+ "lib/pedump/te.rb",
57
+ "lib/pedump/tls.rb",
58
+ "lib/pedump/unpacker.rb",
59
+ "lib/pedump/unpacker/aspack.rb",
60
+ "lib/pedump/unpacker/upx.rb",
61
+ "lib/pedump/version.rb",
62
+ "lib/pedump/version_info.rb",
63
+ "misc/aspack/Makefile",
64
+ "misc/aspack/aspack_unlzx.c",
65
+ "misc/aspack/lzxdec.c",
66
+ "misc/aspack/lzxdec.h",
67
+ "misc/nedump.c",
68
+ "pedump.gemspec"
69
+ ]
70
+ s.homepage = "http://github.com/zed-0xff/pedump".freeze
71
+ s.licenses = ["MIT".freeze]
72
+ s.rubygems_version = "3.2.3".freeze
73
+ s.summary = "dump win32 PE executable files with a pure ruby".freeze
16
74
 
17
- spec.files = `git ls-files -z`.split("\x0").
18
- reject { |f| f.match(%r{^(test|spec|features|samples|tmp|\.)/}) || f.start_with?('.') || f == "README.md.tpl" }
75
+ if s.respond_to? :specification_version then
76
+ s.specification_version = 4
77
+ end
19
78
 
20
- spec.bindir = "bin"
21
- spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
22
- spec.require_paths = ["lib"]
23
-
24
- spec.add_dependency "awesome_print"
25
- spec.add_dependency "iostruct", ">= 0.0.4"
26
- spec.add_dependency "multipart-post", "~> 2.0.0"
27
- spec.add_dependency "progressbar"
28
- spec.add_dependency "zhexdump", ">= 0.0.2"
29
-
30
- spec.add_development_dependency "bundler", "~> 1.11"
31
- spec.add_development_dependency "rake", "~> 10.0"
32
- spec.add_development_dependency "rspec", "~> 3.0"
79
+ if s.respond_to? :add_runtime_dependency then
80
+ s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
81
+ s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
82
+ s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
83
+ s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
84
+ s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
85
+ s.add_development_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
86
+ s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
87
+ s.add_development_dependency(%q<bundler>.freeze, ["~> 2.2.3"])
88
+ s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
89
+ else
90
+ s.add_dependency(%q<rainbow>.freeze, [">= 0"])
91
+ s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
92
+ s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
93
+ s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
94
+ s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
95
+ s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
96
+ s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
97
+ s.add_dependency(%q<bundler>.freeze, ["~> 2.2.3"])
98
+ s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
99
+ end
33
100
  end
101
+
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pedump
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.2
4
+ version: 0.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrey "Zed" Zaikin
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-09 00:00:00.000000000 Z
11
+ date: 2021-02-18 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rainbow
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: awesome_print
15
29
  requirement: !ruby/object:Gem::Requirement
@@ -42,94 +56,97 @@ dependencies:
42
56
  name: multipart-post
43
57
  requirement: !ruby/object:Gem::Requirement
44
58
  requirements:
45
- - - "~>"
59
+ - - ">="
46
60
  - !ruby/object:Gem::Version
47
61
  version: 2.0.0
48
62
  type: :runtime
49
63
  prerelease: false
50
64
  version_requirements: !ruby/object:Gem::Requirement
51
65
  requirements:
52
- - - "~>"
66
+ - - ">="
53
67
  - !ruby/object:Gem::Version
54
68
  version: 2.0.0
55
69
  - !ruby/object:Gem::Dependency
56
- name: progressbar
70
+ name: zhexdump
57
71
  requirement: !ruby/object:Gem::Requirement
58
72
  requirements:
59
73
  - - ">="
60
74
  - !ruby/object:Gem::Version
61
- version: '0'
75
+ version: 0.0.2
62
76
  type: :runtime
63
77
  prerelease: false
64
78
  version_requirements: !ruby/object:Gem::Requirement
65
79
  requirements:
66
80
  - - ">="
67
81
  - !ruby/object:Gem::Version
68
- version: '0'
82
+ version: 0.0.2
69
83
  - !ruby/object:Gem::Dependency
70
- name: zhexdump
84
+ name: rspec
71
85
  requirement: !ruby/object:Gem::Requirement
72
86
  requirements:
73
- - - ">="
87
+ - - "~>"
74
88
  - !ruby/object:Gem::Version
75
- version: 0.0.2
76
- type: :runtime
89
+ version: 3.9.0
90
+ type: :development
77
91
  prerelease: false
78
92
  version_requirements: !ruby/object:Gem::Requirement
79
93
  requirements:
80
- - - ">="
94
+ - - "~>"
81
95
  - !ruby/object:Gem::Version
82
- version: 0.0.2
96
+ version: 3.9.0
83
97
  - !ruby/object:Gem::Dependency
84
- name: bundler
98
+ name: rspec-its
85
99
  requirement: !ruby/object:Gem::Requirement
86
100
  requirements:
87
101
  - - "~>"
88
102
  - !ruby/object:Gem::Version
89
- version: '1.11'
103
+ version: 1.3.0
90
104
  type: :development
91
105
  prerelease: false
92
106
  version_requirements: !ruby/object:Gem::Requirement
93
107
  requirements:
94
108
  - - "~>"
95
109
  - !ruby/object:Gem::Version
96
- version: '1.11'
110
+ version: 1.3.0
97
111
  - !ruby/object:Gem::Dependency
98
- name: rake
112
+ name: bundler
99
113
  requirement: !ruby/object:Gem::Requirement
100
114
  requirements:
101
115
  - - "~>"
102
116
  - !ruby/object:Gem::Version
103
- version: '10.0'
117
+ version: 2.2.3
104
118
  type: :development
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
107
121
  requirements:
108
122
  - - "~>"
109
123
  - !ruby/object:Gem::Version
110
- version: '10.0'
124
+ version: 2.2.3
111
125
  - !ruby/object:Gem::Dependency
112
- name: rspec
126
+ name: jeweler
113
127
  requirement: !ruby/object:Gem::Requirement
114
128
  requirements:
115
129
  - - "~>"
116
130
  - !ruby/object:Gem::Version
117
- version: '3.0'
131
+ version: 2.3.9
118
132
  type: :development
119
133
  prerelease: false
120
134
  version_requirements: !ruby/object:Gem::Requirement
121
135
  requirements:
122
136
  - - "~>"
123
137
  - !ruby/object:Gem::Version
124
- version: '3.0'
138
+ version: 2.3.9
125
139
  description: dump headers, sections, extract resources of win32 PE exe,dll,etc
126
- email:
127
- - zed.0xff@gmail.com
140
+ email: zed.0xff@gmail.com
128
141
  executables:
129
142
  - pedump
130
143
  extensions: []
131
- extra_rdoc_files: []
144
+ extra_rdoc_files:
145
+ - LICENSE.txt
146
+ - README.md
132
147
  files:
148
+ - ".github/workflows/rubocop-analysis.yml"
149
+ - CODE_OF_CONDUCT.md
133
150
  - Gemfile
134
151
  - Gemfile.lock
135
152
  - LICENSE.txt
@@ -137,6 +154,7 @@ files:
137
154
  - Rakefile
138
155
  - VERSION
139
156
  - bin/pedump
157
+ - data/comp_id.txt
140
158
  - data/fs.txt
141
159
  - data/jc-userdb.txt
142
160
  - data/sig.bin
@@ -157,8 +175,10 @@ files:
157
175
  - lib/pedump/packer.rb
158
176
  - lib/pedump/pe.rb
159
177
  - lib/pedump/resources.rb
178
+ - lib/pedump/rich.rb
160
179
  - lib/pedump/security.rb
161
180
  - lib/pedump/sig_parser.rb
181
+ - lib/pedump/te.rb
162
182
  - lib/pedump/tls.rb
163
183
  - lib/pedump/unpacker.rb
164
184
  - lib/pedump/unpacker/aspack.rb
@@ -175,7 +195,7 @@ homepage: http://github.com/zed-0xff/pedump
175
195
  licenses:
176
196
  - MIT
177
197
  metadata: {}
178
- post_install_message:
198
+ post_install_message:
179
199
  rdoc_options: []
180
200
  require_paths:
181
201
  - lib
@@ -190,9 +210,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
190
210
  - !ruby/object:Gem::Version
191
211
  version: '0'
192
212
  requirements: []
193
- rubyforge_project:
194
- rubygems_version: 2.5.1
195
- signing_key:
213
+ rubygems_version: 3.2.3
214
+ signing_key:
196
215
  specification_version: 4
197
216
  summary: dump win32 PE executable files with a pure ruby
198
217
  test_files: []