pedump 0.5.2 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/workflows/rubocop-analysis.yml +39 -0
- data/CODE_OF_CONDUCT.md +76 -0
- data/Gemfile +14 -1
- data/Gemfile.lock +78 -31
- data/README.md +111 -16
- data/Rakefile +71 -6
- data/VERSION +1 -1
- data/data/comp_id.txt +776 -0
- data/lib/pedump.rb +120 -29
- data/lib/pedump/cli.rb +150 -37
- data/lib/pedump/loader.rb +28 -6
- data/lib/pedump/loader/minidump.rb +130 -15
- data/lib/pedump/loader/section.rb +5 -3
- data/lib/pedump/ne.rb +1 -1
- data/lib/pedump/pe.rb +63 -54
- data/lib/pedump/rich.rb +562 -0
- data/lib/pedump/te.rb +62 -0
- data/lib/pedump/unpacker/aspack.rb +1 -1
- data/lib/pedump/version.rb +2 -5
- data/misc/aspack/aspack_unlzx.c +5 -3
- data/pedump.gemspec +96 -28
- metadata +49 -30
data/lib/pedump/te.rb
ADDED
@@ -0,0 +1,62 @@
|
|
1
|
+
class PEdump
|
2
|
+
# https://www.intel.com/content/www/us/en/architecture-and-technology/unified-extensible-firmware-interface/efi-specifications-general-technology.html
|
3
|
+
# http://wiki.phoenix.com/wiki/index.php/EFI_TE_IMAGE_HEADER
|
4
|
+
# https://formats.kaitai.io/uefi_te/index.html
|
5
|
+
# http://ho.ax/tag/efi/
|
6
|
+
# https://github.com/gdbinit/TELoader
|
7
|
+
|
8
|
+
EFI_IMAGE_DATA_DIRECTORY = IOStruct.new( "VV", :va, :size )
|
9
|
+
EFI_IMAGE_DATA_DIRECTORY::TYPES = %w'BASERELOC DEBUG'
|
10
|
+
EFI_IMAGE_DATA_DIRECTORY::TYPES.each_with_index do |type,idx|
|
11
|
+
EFI_IMAGE_DATA_DIRECTORY.const_set(type,idx)
|
12
|
+
end
|
13
|
+
|
14
|
+
class EFI_TE_IMAGE_HEADER < IOStruct.new 'vvCCvVVQ',
|
15
|
+
:Signature,
|
16
|
+
:Machine,
|
17
|
+
:NumberOfSections,
|
18
|
+
:Subsystem,
|
19
|
+
:StrippedSize,
|
20
|
+
:AddressOfEntryPoint,
|
21
|
+
:BaseOfCode,
|
22
|
+
:ImageBase,
|
23
|
+
:DataDirectory # readed manually: EFI_IMAGE_DATA_DIRECTORY DataDirectory[2]
|
24
|
+
|
25
|
+
REAL_SIZE = SIZE + EFI_IMAGE_DATA_DIRECTORY::SIZE * 2
|
26
|
+
|
27
|
+
attr_accessor :sections
|
28
|
+
|
29
|
+
def self.read io, args = {}
|
30
|
+
super(io).tap do |te|
|
31
|
+
te.DataDirectory = 2.times.map do
|
32
|
+
EFI_IMAGE_DATA_DIRECTORY.read(io)
|
33
|
+
end
|
34
|
+
te.sections = PE.read_sections(io, te.NumberOfSections, args)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
TE = EFI_TE_IMAGE_HEADER
|
39
|
+
|
40
|
+
def te_shift
|
41
|
+
if @te
|
42
|
+
@te.StrippedSize - EFI_TE_IMAGE_HEADER::REAL_SIZE
|
43
|
+
else
|
44
|
+
0
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def te f=@io
|
49
|
+
return @te if defined?(@te)
|
50
|
+
@te ||=
|
51
|
+
begin
|
52
|
+
te_offset = 0
|
53
|
+
f.seek te_offset
|
54
|
+
if f.read(2) == 'VZ'
|
55
|
+
f.seek te_offset
|
56
|
+
EFI_TE_IMAGE_HEADER.read f, :force => @force
|
57
|
+
else
|
58
|
+
nil
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
data/lib/pedump/version.rb
CHANGED
@@ -1,10 +1,7 @@
|
|
1
1
|
class PEdump
|
2
2
|
module Version
|
3
|
-
|
4
|
-
MINOR =
|
5
|
-
PATCH = 2
|
3
|
+
STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
|
4
|
+
MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
|
6
5
|
BUILD = nil
|
7
|
-
|
8
|
-
STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
|
9
6
|
end
|
10
7
|
end
|
data/misc/aspack/aspack_unlzx.c
CHANGED
@@ -30,6 +30,7 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
|
|
30
30
|
LZX_CONTEXT LZX;
|
31
31
|
BYTE* unpacked_data = NULL;
|
32
32
|
size_t decoded_size;
|
33
|
+
int r;
|
33
34
|
|
34
35
|
bzero(&LZX, sizeof(LZX));
|
35
36
|
|
@@ -38,8 +39,9 @@ int unpack(BYTE*packed_data, size_t packed_size, size_t unpacked_size){
|
|
38
39
|
return(ERR_NO_MEM);
|
39
40
|
}
|
40
41
|
|
41
|
-
|
42
|
-
|
42
|
+
r = DecodeLZX(&LZX, packed_data, unpacked_data, packed_size, unpacked_size);
|
43
|
+
decoded_size = (size_t)r;
|
44
|
+
if ( r < 0 || decoded_size < unpacked_size ) {
|
43
45
|
free(unpacked_data);
|
44
46
|
fprintf(stderr,"ERR_UNPACK\n");
|
45
47
|
return(ERR_UNPACK);
|
@@ -58,7 +60,7 @@ int main(int argc, char*argv[]){
|
|
58
60
|
if(argc != 3){
|
59
61
|
fprintf(stderr, "ASPack unLZX\n");
|
60
62
|
fprintf(stderr, "usage: %s <packed_size> <unpacked_size>\n", argv[0]);
|
61
|
-
fprintf(stderr, "(data is read from stdin and written to stdout)\n"
|
63
|
+
fprintf(stderr, "(data is read from stdin and written to stdout)\n");
|
62
64
|
return 1;
|
63
65
|
}
|
64
66
|
|
data/pedump.gemspec
CHANGED
@@ -1,33 +1,101 @@
|
|
1
|
-
#
|
2
|
-
|
3
|
-
|
4
|
-
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
# stub: pedump 0.6.2 ruby lib
|
5
6
|
|
6
|
-
Gem::Specification.new do |
|
7
|
-
|
8
|
-
|
9
|
-
spec.authors = ["Andrey \"Zed\" Zaikin"]
|
10
|
-
spec.email = ["zed.0xff@gmail.com"]
|
7
|
+
Gem::Specification.new do |s|
|
8
|
+
s.name = "pedump".freeze
|
9
|
+
s.version = "0.6.2"
|
11
10
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
12
|
+
s.require_paths = ["lib".freeze]
|
13
|
+
s.authors = ["Andrey \"Zed\" Zaikin".freeze]
|
14
|
+
s.date = "2021-02-18"
|
15
|
+
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
|
16
|
+
s.email = "zed.0xff@gmail.com".freeze
|
17
|
+
s.executables = ["pedump".freeze]
|
18
|
+
s.extra_rdoc_files = [
|
19
|
+
"LICENSE.txt",
|
20
|
+
"README.md"
|
21
|
+
]
|
22
|
+
s.files = [
|
23
|
+
".github/workflows/rubocop-analysis.yml",
|
24
|
+
"CODE_OF_CONDUCT.md",
|
25
|
+
"Gemfile",
|
26
|
+
"Gemfile.lock",
|
27
|
+
"LICENSE.txt",
|
28
|
+
"README.md",
|
29
|
+
"Rakefile",
|
30
|
+
"VERSION",
|
31
|
+
"bin/pedump",
|
32
|
+
"data/comp_id.txt",
|
33
|
+
"data/fs.txt",
|
34
|
+
"data/jc-userdb.txt",
|
35
|
+
"data/sig.bin",
|
36
|
+
"data/signatures.txt",
|
37
|
+
"data/userdb.txt",
|
38
|
+
"lib/pedump.rb",
|
39
|
+
"lib/pedump/cli.rb",
|
40
|
+
"lib/pedump/comparer.rb",
|
41
|
+
"lib/pedump/composite_io.rb",
|
42
|
+
"lib/pedump/core.rb",
|
43
|
+
"lib/pedump/core_ext/try.rb",
|
44
|
+
"lib/pedump/loader.rb",
|
45
|
+
"lib/pedump/loader/minidump.rb",
|
46
|
+
"lib/pedump/loader/section.rb",
|
47
|
+
"lib/pedump/logger.rb",
|
48
|
+
"lib/pedump/ne.rb",
|
49
|
+
"lib/pedump/ne/version_info.rb",
|
50
|
+
"lib/pedump/packer.rb",
|
51
|
+
"lib/pedump/pe.rb",
|
52
|
+
"lib/pedump/resources.rb",
|
53
|
+
"lib/pedump/rich.rb",
|
54
|
+
"lib/pedump/security.rb",
|
55
|
+
"lib/pedump/sig_parser.rb",
|
56
|
+
"lib/pedump/te.rb",
|
57
|
+
"lib/pedump/tls.rb",
|
58
|
+
"lib/pedump/unpacker.rb",
|
59
|
+
"lib/pedump/unpacker/aspack.rb",
|
60
|
+
"lib/pedump/unpacker/upx.rb",
|
61
|
+
"lib/pedump/version.rb",
|
62
|
+
"lib/pedump/version_info.rb",
|
63
|
+
"misc/aspack/Makefile",
|
64
|
+
"misc/aspack/aspack_unlzx.c",
|
65
|
+
"misc/aspack/lzxdec.c",
|
66
|
+
"misc/aspack/lzxdec.h",
|
67
|
+
"misc/nedump.c",
|
68
|
+
"pedump.gemspec"
|
69
|
+
]
|
70
|
+
s.homepage = "http://github.com/zed-0xff/pedump".freeze
|
71
|
+
s.licenses = ["MIT".freeze]
|
72
|
+
s.rubygems_version = "3.2.3".freeze
|
73
|
+
s.summary = "dump win32 PE executable files with a pure ruby".freeze
|
16
74
|
|
17
|
-
|
18
|
-
|
75
|
+
if s.respond_to? :specification_version then
|
76
|
+
s.specification_version = 4
|
77
|
+
end
|
19
78
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
79
|
+
if s.respond_to? :add_runtime_dependency then
|
80
|
+
s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
|
81
|
+
s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
|
82
|
+
s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
|
83
|
+
s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
|
84
|
+
s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
|
85
|
+
s.add_development_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
|
86
|
+
s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
|
87
|
+
s.add_development_dependency(%q<bundler>.freeze, ["~> 2.2.3"])
|
88
|
+
s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
|
89
|
+
else
|
90
|
+
s.add_dependency(%q<rainbow>.freeze, [">= 0"])
|
91
|
+
s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
|
92
|
+
s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
|
93
|
+
s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
|
94
|
+
s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
|
95
|
+
s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
|
96
|
+
s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
|
97
|
+
s.add_dependency(%q<bundler>.freeze, ["~> 2.2.3"])
|
98
|
+
s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
|
99
|
+
end
|
33
100
|
end
|
101
|
+
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pedump
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrey "Zed" Zaikin
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rainbow
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: awesome_print
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -42,94 +56,97 @@ dependencies:
|
|
42
56
|
name: multipart-post
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
|
-
- - "
|
59
|
+
- - ">="
|
46
60
|
- !ruby/object:Gem::Version
|
47
61
|
version: 2.0.0
|
48
62
|
type: :runtime
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
|
-
- - "
|
66
|
+
- - ">="
|
53
67
|
- !ruby/object:Gem::Version
|
54
68
|
version: 2.0.0
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
70
|
+
name: zhexdump
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
58
72
|
requirements:
|
59
73
|
- - ">="
|
60
74
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
75
|
+
version: 0.0.2
|
62
76
|
type: :runtime
|
63
77
|
prerelease: false
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
65
79
|
requirements:
|
66
80
|
- - ">="
|
67
81
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
82
|
+
version: 0.0.2
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
|
-
name:
|
84
|
+
name: rspec
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
72
86
|
requirements:
|
73
|
-
- - "
|
87
|
+
- - "~>"
|
74
88
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
76
|
-
type: :
|
89
|
+
version: 3.9.0
|
90
|
+
type: :development
|
77
91
|
prerelease: false
|
78
92
|
version_requirements: !ruby/object:Gem::Requirement
|
79
93
|
requirements:
|
80
|
-
- - "
|
94
|
+
- - "~>"
|
81
95
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
96
|
+
version: 3.9.0
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
98
|
+
name: rspec-its
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
86
100
|
requirements:
|
87
101
|
- - "~>"
|
88
102
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
103
|
+
version: 1.3.0
|
90
104
|
type: :development
|
91
105
|
prerelease: false
|
92
106
|
version_requirements: !ruby/object:Gem::Requirement
|
93
107
|
requirements:
|
94
108
|
- - "~>"
|
95
109
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
110
|
+
version: 1.3.0
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
112
|
+
name: bundler
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
100
114
|
requirements:
|
101
115
|
- - "~>"
|
102
116
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
117
|
+
version: 2.2.3
|
104
118
|
type: :development
|
105
119
|
prerelease: false
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
107
121
|
requirements:
|
108
122
|
- - "~>"
|
109
123
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
124
|
+
version: 2.2.3
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
126
|
+
name: jeweler
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
114
128
|
requirements:
|
115
129
|
- - "~>"
|
116
130
|
- !ruby/object:Gem::Version
|
117
|
-
version:
|
131
|
+
version: 2.3.9
|
118
132
|
type: :development
|
119
133
|
prerelease: false
|
120
134
|
version_requirements: !ruby/object:Gem::Requirement
|
121
135
|
requirements:
|
122
136
|
- - "~>"
|
123
137
|
- !ruby/object:Gem::Version
|
124
|
-
version:
|
138
|
+
version: 2.3.9
|
125
139
|
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
126
|
-
email:
|
127
|
-
- zed.0xff@gmail.com
|
140
|
+
email: zed.0xff@gmail.com
|
128
141
|
executables:
|
129
142
|
- pedump
|
130
143
|
extensions: []
|
131
|
-
extra_rdoc_files:
|
144
|
+
extra_rdoc_files:
|
145
|
+
- LICENSE.txt
|
146
|
+
- README.md
|
132
147
|
files:
|
148
|
+
- ".github/workflows/rubocop-analysis.yml"
|
149
|
+
- CODE_OF_CONDUCT.md
|
133
150
|
- Gemfile
|
134
151
|
- Gemfile.lock
|
135
152
|
- LICENSE.txt
|
@@ -137,6 +154,7 @@ files:
|
|
137
154
|
- Rakefile
|
138
155
|
- VERSION
|
139
156
|
- bin/pedump
|
157
|
+
- data/comp_id.txt
|
140
158
|
- data/fs.txt
|
141
159
|
- data/jc-userdb.txt
|
142
160
|
- data/sig.bin
|
@@ -157,8 +175,10 @@ files:
|
|
157
175
|
- lib/pedump/packer.rb
|
158
176
|
- lib/pedump/pe.rb
|
159
177
|
- lib/pedump/resources.rb
|
178
|
+
- lib/pedump/rich.rb
|
160
179
|
- lib/pedump/security.rb
|
161
180
|
- lib/pedump/sig_parser.rb
|
181
|
+
- lib/pedump/te.rb
|
162
182
|
- lib/pedump/tls.rb
|
163
183
|
- lib/pedump/unpacker.rb
|
164
184
|
- lib/pedump/unpacker/aspack.rb
|
@@ -175,7 +195,7 @@ homepage: http://github.com/zed-0xff/pedump
|
|
175
195
|
licenses:
|
176
196
|
- MIT
|
177
197
|
metadata: {}
|
178
|
-
post_install_message:
|
198
|
+
post_install_message:
|
179
199
|
rdoc_options: []
|
180
200
|
require_paths:
|
181
201
|
- lib
|
@@ -190,9 +210,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
190
210
|
- !ruby/object:Gem::Version
|
191
211
|
version: '0'
|
192
212
|
requirements: []
|
193
|
-
|
194
|
-
|
195
|
-
signing_key:
|
213
|
+
rubygems_version: 3.2.3
|
214
|
+
signing_key:
|
196
215
|
specification_version: 4
|
197
216
|
summary: dump win32 PE executable files with a pure ruby
|
198
217
|
test_files: []
|