RubyGems - pedump - Versions diffs - 0.6.0 → 0.6.4 - Mend

pedump 0.6.0 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

data/lib/pedump.rb CHANGED Viewed

@@ -30,7 +30,7 @@ class PEdump
   VERSION    = Version::STRING
   MAX_ERRORS = 100
   MAX_IMAGE_IMPORT_DESCRIPTORS = 1000
-  MAX_EXPORT_NUMBER_OF_NAMES = 16384 # got 7977 in http://pedump.me/03ad7400080678c6b1984f995d36fd04
+  MAX_EXPORT_NUMBER_OF_NAMES = 16384 # got 7977 in https://pedump.me/03ad7400080678c6b1984f995d36fd04
   GOOD_FUNCTION_NAME_RE = /\A[\x21-\x7f]+\Z/
   SUPPORTED_SIGNATURES = ['MZ', 'ZM', 'VZ']
@@ -261,7 +261,7 @@ class PEdump
   # http://ntcore.com/files/richsign.htm
   class RichHdr < String
-    attr_accessor :offset, :key # xor key
+    attr_accessor :offset, :skip, :key # xor key
     class Entry < Struct.new(:version,:id,:times)
       def inspect
@@ -270,8 +270,21 @@ class PEdump
     end
     def self.from_dos_stub stub
+      #stub.hexdump
       key = stub[stub.index('Rich')+4,4]
       start_idx = stub.index(key.xor('DanS'))
+      skip = 0
+      if start_idx
+        skip = 4
+      else
+        PEdump.logger.warn "[?] cannot find rich_hdr start_idx, using heuristics"
+        start_idx = stub.index("$\x00\x00\x00\x00\x00\x00\x00")
+        unless start_idx
+          PEdump.logger.warn "[?] heuristics failed :("
+          return nil
+        end
+        start_idx += 8
+      end
       end_idx   = stub.index('Rich')+8
       if stub[end_idx..-1].tr("\x00",'') != ''
         t = stub[end_idx..-1]
@@ -279,14 +292,16 @@ class PEdump
         PEdump.logger.error "[!] non-zero dos stub after rich_hdr: #{t.inspect}"
         return nil
       end
+      #stub[start_idx, end_idx-start_idx].hexdump
       RichHdr.new(stub[start_idx, end_idx-start_idx]).tap do |x|
         x.key = key
         x.offset = stub.offset + start_idx
+        x.skip = skip
       end
     end
     def dexor
-      self[4..-9].sub(/\A(#{Regexp::escape(key)}){3}/,'').xor(key)
+      self[skip..-9].sub(/\A(#{Regexp::escape(key)}){3}/,'').xor(key)
     end
     def decode
@@ -382,6 +397,13 @@ class PEdump
   def va2file va, h={}
     return nil if va.nil?
+    va0 = va # save for log output of original addr
+    if pe?
+      # most common case, do nothing
+    elsif te?
+      va = va - te_shift()
+    end
     sections.each do |s|
       if (s.VirtualAddress...(s.VirtualAddress+s.VirtualSize)).include?(va)
         offset = va - s.VirtualAddress
@@ -413,9 +435,9 @@ class PEdump
     # TODO: not all VirtualAdresses == 0 case
     if h[:quiet]
-      logger.debug "[?] can't find file_offset of VA 0x#{va.to_i.to_s(16)} (quiet=true)"
+      logger.debug "[?] can't find file_offset of VA 0x#{va0.to_i.to_s(16)} (quiet=true)"
     else
-      logger.error "[?] can't find file_offset of VA 0x#{va.to_i.to_s(16)}"
+      logger.error "[?] can't find file_offset of VA 0x#{va0.to_i.to_s(16)}"
     end
     nil
   end
@@ -546,6 +568,8 @@ class PEdump
       pe_imports(f)
     elsif ne(f)
       ne(f).imports
+    else
+      []
     end
   end
@@ -633,7 +657,7 @@ class PEdump
                 nil
               else
                 hint = f.read(2).unpack('v').first
-                name = f.gets("\x00").chomp("\x00")
+                name = f.gets("\x00").to_s.chomp("\x00")
                 if !name.empty? && name !~ GOOD_FUNCTION_NAME_RE
                   n_bad_names += 1
                   if n_bad_names > MAX_ERRORS

data/pedump.gemspec CHANGED Viewed

@@ -1,17 +1,17 @@
-# Generated by jeweler
+# Generated by juwelier
 # DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: pedump 0.6.0 ruby lib
+# stub: pedump 0.6.4 ruby lib
 Gem::Specification.new do |s|
   s.name = "pedump".freeze
-  s.version = "0.6.0"
+  s.version = "0.6.4"
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Andrey \"Zed\" Zaikin".freeze]
-  s.date = "2020-07-27"
+  s.date = "2022-01-29"
   s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
   s.email = "zed.0xff@gmail.com".freeze
   s.executables = ["pedump".freeze]
@@ -20,8 +20,6 @@ Gem::Specification.new do |s|
     "README.md"
   ]
   s.files = [
-    ".github/FUNDING.yml",
-    ".github/dependabot.yml",
     "CODE_OF_CONDUCT.md",
     "Gemfile",
     "Gemfile.lock",
@@ -30,6 +28,7 @@ Gem::Specification.new do |s|
     "Rakefile",
     "VERSION",
     "bin/pedump",
+    "data/comp_id.txt",
     "data/fs.txt",
     "data/jc-userdb.txt",
     "data/sig.bin",
@@ -50,6 +49,7 @@ Gem::Specification.new do |s|
     "lib/pedump/packer.rb",
     "lib/pedump/pe.rb",
     "lib/pedump/resources.rb",
+    "lib/pedump/rich.rb",
     "lib/pedump/security.rb",
     "lib/pedump/sig_parser.rb",
     "lib/pedump/te.rb",
@@ -68,43 +68,33 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "http://github.com/zed-0xff/pedump".freeze
   s.licenses = ["MIT".freeze]
-  s.rubygems_version = "2.7.10".freeze
+  s.rubygems_version = "3.2.32".freeze
   s.summary = "dump win32 PE executable files with a pure ruby".freeze
   if s.respond_to? :specification_version then
     s.specification_version = 4
+  end
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
-      s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
-      s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
-      s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
-      s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
-      s.add_development_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
-      s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
-      s.add_development_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
-      s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
-    else
-      s.add_dependency(%q<rainbow>.freeze, [">= 0"])
-      s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
-      s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
-      s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
-      s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
-      s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
-      s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
-      s.add_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
-      s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
-    end
+  if s.respond_to? :add_runtime_dependency then
+    s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
+    s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+    s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+    s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+    s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
+    s.add_development_dependency(%q<rspec-its>.freeze, [">= 0"])
+    s.add_development_dependency(%q<bundler>.freeze, [">= 0"])
+    s.add_development_dependency(%q<juwelier>.freeze, [">= 0"])
   else
     s.add_dependency(%q<rainbow>.freeze, [">= 0"])
     s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
     s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
     s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
     s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
-    s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
-    s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
-    s.add_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
-    s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+    s.add_dependency(%q<rspec>.freeze, [">= 0"])
+    s.add_dependency(%q<rspec-its>.freeze, [">= 0"])
+    s.add_dependency(%q<bundler>.freeze, [">= 0"])
+    s.add_dependency(%q<juwelier>.freeze, [">= 0"])
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.4
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-27 00:00:00.000000000 Z
+date: 2022-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rainbow
@@ -84,58 +84,58 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.1.4
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.1.4
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: jeweler
+  name: juwelier
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.9
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.9
+        version: '0'
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
 email: zed.0xff@gmail.com
 executables:
@@ -145,8 +145,6 @@ extra_rdoc_files:
 - LICENSE.txt
 - README.md
 files:
-- ".github/FUNDING.yml"
-- ".github/dependabot.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
 - Gemfile.lock
@@ -155,6 +153,7 @@ files:
 - Rakefile
 - VERSION
 - bin/pedump
+- data/comp_id.txt
 - data/fs.txt
 - data/jc-userdb.txt
 - data/sig.bin
@@ -175,6 +174,7 @@ files:
 - lib/pedump/packer.rb
 - lib/pedump/pe.rb
 - lib/pedump/resources.rb
+- lib/pedump/rich.rb
 - lib/pedump/security.rb
 - lib/pedump/sig_parser.rb
 - lib/pedump/te.rb
@@ -194,7 +194,7 @@ homepage: http://github.com/zed-0xff/pedump
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -209,9 +209,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.10
-signing_key:
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: dump win32 PE executable files with a pure ruby
 test_files: []

data/.github/FUNDING.yml DELETED Viewed

	@@ -1,2 +0,0 @@
1	- #github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
2	- ko_fi: zed_0xff

data/.github/dependabot.yml DELETED Viewed

@@ -1,8 +0,0 @@
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-version: 2
-updates:
-  - package-ecosystem: bundler
-    directory: "/"
-    schedule:
-      interval: "weekly"