pedump 0.5.2 → 0.6.2

data/lib/pedump/te.rb

@@ -0,0 +1,62 @@
+class PEdump
+  # https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-specifications-general-technology.html
+  # http://wiki.phoenix.com/wiki/index.php/EFI_TE_IMAGE_HEADER
+  # https://formats.kaitai.io/uefi_te/index.html
+  # http://ho.ax/tag/efi/
+  # https://github.com/gdbinit/TELoader
+  
+  EFI_IMAGE_DATA_DIRECTORY = IOStruct.new( "VV", :va, :size )
+  EFI_IMAGE_DATA_DIRECTORY::TYPES = %w'BASERELOC DEBUG'
+  EFI_IMAGE_DATA_DIRECTORY::TYPES.each_with_index do |type,idx|
+    EFI_IMAGE_DATA_DIRECTORY.const_set(type,idx)
+  end
+
+  class EFI_TE_IMAGE_HEADER < IOStruct.new 'vvCCvVVQ',
+    :Signature,
+    :Machine,
+    :NumberOfSections,
+    :Subsystem,
+    :StrippedSize,
+    :AddressOfEntryPoint,
+    :BaseOfCode,
+    :ImageBase,
+    :DataDirectory # readed manually: EFI_IMAGE_DATA_DIRECTORY DataDirectory[2]
+
+    REAL_SIZE = SIZE + EFI_IMAGE_DATA_DIRECTORY::SIZE * 2
+
+    attr_accessor :sections
+
+    def self.read io, args = {}
+      super(io).tap do |te|
+        te.DataDirectory = 2.times.map do
+          EFI_IMAGE_DATA_DIRECTORY.read(io)
+        end
+        te.sections = PE.read_sections(io, te.NumberOfSections, args)
+      end
+    end
+  end
+  TE = EFI_TE_IMAGE_HEADER
+
+  def te_shift
+    if @te
+      @te.StrippedSize - EFI_TE_IMAGE_HEADER::REAL_SIZE
+    else
+      0
+    end
+  end
+
+  def te f=@io
+    return @te if defined?(@te)
+    @te ||=
+      begin
+        te_offset = 0
+        f.seek te_offset
+        if f.read(2) == 'VZ'
+          f.seek te_offset
+          EFI_TE_IMAGE_HEADER.read f, :force => @force
+        else
+          nil
+        end
+      end
+  end
+end

data/lib/pedump/unpacker/aspack.rb

@@ -607,7 +607,7 @@ class PEdump::Unpacker::ASPack
     if m = @data.match(RELOCS_RE)
       a = m[1..-1].map{|x| x.unpack('V').first }
     else
-      logger.error "[!] cannot find imports"
+      logger.error "[!] cannot find relocs"
       raise
       return
     end

data/lib/pedump/version.rb

@@ -1,10 +1,7 @@
 class PEdump
   module Version
-    MAJOR = 0
-    MINOR = 5
-    PATCH = 2
+    STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
+    MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
     BUILD = nil
-
-    STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
   end
 end

data/misc/aspack/aspack_unlzx.c

@@ -30,6 +30,7 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
     LZX_CONTEXT LZX;
     BYTE* unpacked_data = NULL;
     size_t decoded_size;
+    int r;
 
     bzero(&LZX, sizeof(LZX));
 
@@ -38,8 +39,9 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
         return(ERR_NO_MEM);
     }
 
-    decoded_size = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
-    if ( decoded_size < 0 || decoded_size < unpacked_size ) {
+    r = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
+    decoded_size = (size_t)r;
+    if ( r < 0 || decoded_size < unpacked_size ) {
         free(unpacked_data);
         fprintf(stderr,"ERR_UNPACK\n");
         return(ERR_UNPACK);
@@ -58,7 +60,7 @@ int main(int argc, char*argv[]){
     if(argc != 3){
         fprintf(stderr, "ASPack unLZX\n");
         fprintf(stderr, "usage: %s <packed_size> <unpacked_size>\n", argv[0]);
-        fprintf(stderr, "(data is read from stdin and written to stdout)\n", argv[0]);
+        fprintf(stderr, "(data is read from stdin and written to stdout)\n");
         return 1;
     }
 

data/pedump.gemspec

@@ -1,33 +1,101 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'pedump/version'
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: pedump 0.6.2 ruby lib
 
-Gem::Specification.new do |spec|
-  spec.name          = "pedump"
-  spec.version       = PEdump::Version::STRING
-  spec.authors       = ["Andrey \"Zed\" Zaikin"]
-  spec.email         = ["zed.0xff@gmail.com"]
+Gem::Specification.new do |s|
+  s.name = "pedump".freeze
+  s.version = "0.6.2"
 
-  spec.summary       = "dump win32 PE executable files with a pure ruby"
-  spec.description   = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
-  spec.homepage      = "http://github.com/zed-0xff/pedump"
-  spec.license       = "MIT"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
+  s.date = "2021-02-18"
+  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
+  s.email = "zed.0xff@gmail.com".freeze
+  s.executables = ["pedump".freeze]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".github/workflows/rubocop-analysis.yml",
+    "CODE_OF_CONDUCT.md",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "bin/pedump",
+    "data/comp_id.txt",
+    "data/fs.txt",
+    "data/jc-userdb.txt",
+    "data/sig.bin",
+    "data/signatures.txt",
+    "data/userdb.txt",
+    "lib/pedump.rb",
+    "lib/pedump/cli.rb",
+    "lib/pedump/comparer.rb",
+    "lib/pedump/composite_io.rb",
+    "lib/pedump/core.rb",
+    "lib/pedump/core_ext/try.rb",
+    "lib/pedump/loader.rb",
+    "lib/pedump/loader/minidump.rb",
+    "lib/pedump/loader/section.rb",
+    "lib/pedump/logger.rb",
+    "lib/pedump/ne.rb",
+    "lib/pedump/ne/version_info.rb",
+    "lib/pedump/packer.rb",
+    "lib/pedump/pe.rb",
+    "lib/pedump/resources.rb",
+    "lib/pedump/rich.rb",
+    "lib/pedump/security.rb",
+    "lib/pedump/sig_parser.rb",
+    "lib/pedump/te.rb",
+    "lib/pedump/tls.rb",
+    "lib/pedump/unpacker.rb",
+    "lib/pedump/unpacker/aspack.rb",
+    "lib/pedump/unpacker/upx.rb",
+    "lib/pedump/version.rb",
+    "lib/pedump/version_info.rb",
+    "misc/aspack/Makefile",
+    "misc/aspack/aspack_unlzx.c",
+    "misc/aspack/lzxdec.c",
+    "misc/aspack/lzxdec.h",
+    "misc/nedump.c",
+    "pedump.gemspec"
+  ]
+  s.homepage = "http://github.com/zed-0xff/pedump".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "3.2.3".freeze
+  s.summary = "dump win32 PE executable files with a pure ruby".freeze
 
-  spec.files         = `git ls-files -z`.split("\x0").
-    reject { |f| f.match(%r{^(test|spec|features|samples|tmp|\.)/}) || f.start_with?('.') || f == "README.md.tpl" }
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+  end
 
-  spec.bindir        = "bin"
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "awesome_print"
-  spec.add_dependency "iostruct",       ">= 0.0.4"
-  spec.add_dependency "multipart-post", "~> 2.0.0"
-  spec.add_dependency "progressbar"
-  spec.add_dependency "zhexdump",       ">= 0.0.2"
-
-  spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake",    "~> 10.0"
-  spec.add_development_dependency "rspec",   "~> 3.0"
+  if s.respond_to? :add_runtime_dependency then
+    s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+    s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+    s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+    s.add_development_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+    s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+    s.add_development_dependency(%q<bundler>.freeze, ["~> 2.2.3"])
+    s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+  else
+    s.add_dependency(%q<rainbow>.freeze, [">= 0"])
+    s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
+    s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+    s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+    s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+    s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+    s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+    s.add_dependency(%q<bundler>.freeze, ["~> 2.2.3"])
+    s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+  end
 end
+

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.6.2
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-09-09 00:00:00.000000000 Z
+date: 2021-02-18 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: awesome_print
   requirement: !ruby/object:Gem::Requirement
@@ -42,94 +56,97 @@ dependencies:
   name: multipart-post
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
 - !ruby/object:Gem::Dependency
-  name: progressbar
+  name: zhexdump
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.2
 - !ruby/object:Gem::Dependency
-  name: zhexdump
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.2
-  type: :runtime
+        version: 3.9.0
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.2
+        version: 3.9.0
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 2.2.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: jeweler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.3.9
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.3.9
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
-email:
-- zed.0xff@gmail.com
+email: zed.0xff@gmail.com
 executables:
 - pedump
 extensions: []
-extra_rdoc_files: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
 files:
+- ".github/workflows/rubocop-analysis.yml"
+- CODE_OF_CONDUCT.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -137,6 +154,7 @@ files:
 - Rakefile
 - VERSION
 - bin/pedump
+- data/comp_id.txt
 - data/fs.txt
 - data/jc-userdb.txt
 - data/sig.bin
@@ -157,8 +175,10 @@ files:
 - lib/pedump/packer.rb
 - lib/pedump/pe.rb
 - lib/pedump/resources.rb
+- lib/pedump/rich.rb
 - lib/pedump/security.rb
 - lib/pedump/sig_parser.rb
+- lib/pedump/te.rb
 - lib/pedump/tls.rb
 - lib/pedump/unpacker.rb
 - lib/pedump/unpacker/aspack.rb
@@ -175,7 +195,7 @@ homepage: http://github.com/zed-0xff/pedump
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -190,9 +210,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: dump win32 PE executable files with a pure ruby
 test_files: []