pedump 0.6.6 → 0.6.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +34 -32
  3. data/README.md +8 -0
  4. data/VERSION +1 -1
  5. data/data/ordlookup/oleaut32.dll.yml +796 -0
  6. data/data/ordlookup/pefile2json.py +17 -0
  7. data/data/ordlookup/ws2_32.dll.yml +234 -0
  8. data/data/ordlookup/wsock32.dll.yml +234 -0
  9. data/lib/pedump/cli.rb +92 -9
  10. data/lib/pedump/ordlookup.rb +19 -0
  11. data/lib/pedump/pe.rb +4 -2
  12. data/lib/pedump.rb +28 -0
  13. data/pedump.gemspec +19 -28
  14. metadata +8 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a29cf374abd4b35bce80ba41d7e9be527931e3605217a3b1896005092c9c638d
4
- data.tar.gz: 323f9367be9ebcda64f92ad60816909636b9e78f7afbbba3f4285ea144b088c7
3
+ metadata.gz: 71cf1d5280d69bb55528610be1281415edb247ab051dc30e8f473deb3478b2e2
4
+ data.tar.gz: f35b57ee5d35f2ebffbef16904ed0393f29b5eea1b235e43f13fced736826401
5
5
  SHA512:
6
- metadata.gz: 3ca387ff060430589432109b1555c8ce4f8249a2964369c18191381a7efa51638d93af5685a38ba1f00224bd44da013e3fd2f6a255b40d9745ea654b5d11c782
7
- data.tar.gz: cae940b00dd6d77e896d9593296b3ab3b16d4cdc88ba1bd8e0eded2ee40f7a8427a6513d6ae817bb234752fc909a72827d8b7afd8d0eb5d3a829b239fc9ed47a
6
+ metadata.gz: d2d43650cebbda5b18cfc215460ce7b6bc077f0488a40bec3cb24fbbb941b02acb29a5ee0345b17faa274780f01531847b37b89fe419eacd094d8f507ea402f3
7
+ data.tar.gz: c5137537e4fe3a27250131012e7d4214e793f4ab648ad7f0ead40a3e6305aea01e8a4760bd503cc887ed0617f18750ea193a7caadb4f500e2aede86b713b1565
data/Gemfile.lock CHANGED
@@ -1,14 +1,15 @@
1
1
  GEM
2
2
  remote: https://rubygems.org/
3
3
  specs:
4
- addressable (2.8.0)
5
- public_suffix (>= 2.0.2, < 5.0)
4
+ addressable (2.8.6)
5
+ public_suffix (>= 2.0.2, < 6.0)
6
6
  awesome_print (1.9.2)
7
+ base64 (0.2.0)
7
8
  builder (3.2.4)
8
9
  descendants_tracker (0.0.4)
9
10
  thread_safe (~> 0.3, >= 0.3.1)
10
- diff-lcs (1.5.0)
11
- faraday (1.9.3)
11
+ diff-lcs (1.5.1)
12
+ faraday (1.10.3)
12
13
  faraday-em_http (~> 1.0)
13
14
  faraday-em_synchrony (~> 1.0)
14
15
  faraday-excon (~> 1.1)
@@ -24,14 +25,14 @@ GEM
24
25
  faraday-em_synchrony (1.0.0)
25
26
  faraday-excon (1.1.0)
26
27
  faraday-httpclient (1.0.1)
27
- faraday-multipart (1.0.3)
28
- multipart-post (>= 1.2, < 3)
28
+ faraday-multipart (1.0.4)
29
+ multipart-post (~> 2)
29
30
  faraday-net_http (1.0.1)
30
31
  faraday-net_http_persistent (1.2.0)
31
32
  faraday-patron (1.0.0)
32
33
  faraday-rack (1.0.0)
33
34
  faraday-retry (1.0.3)
34
- git (1.13.1)
35
+ git (1.19.1)
35
36
  addressable (~> 2.8)
36
37
  rchardet (~> 1.8)
37
38
  github_api (0.19.0)
@@ -41,7 +42,7 @@ GEM
41
42
  hashie (~> 3.5, >= 3.5.2)
42
43
  oauth2 (~> 1.0)
43
44
  hashie (3.6.0)
44
- highline (2.0.3)
45
+ highline (3.0.1)
45
46
  iostruct (0.0.5)
46
47
  juwelier (2.4.9)
47
48
  builder
@@ -55,15 +56,16 @@ GEM
55
56
  rake
56
57
  rdoc
57
58
  semver2
58
- jwt (2.3.0)
59
+ jwt (2.8.1)
60
+ base64
59
61
  kamelcase (0.0.2)
60
62
  semver2 (~> 3)
61
- mini_portile2 (2.8.1)
63
+ mini_portile2 (2.8.6)
62
64
  multi_json (1.15.0)
63
65
  multi_xml (0.6.0)
64
- multipart-post (2.3.0)
65
- nokogiri (1.14.3)
66
- mini_portile2 (~> 2.8.0)
66
+ multipart-post (2.4.0)
67
+ nokogiri (1.16.4)
68
+ mini_portile2 (~> 2.8.2)
67
69
  racc (~> 1.4)
68
70
  oauth2 (1.4.11)
69
71
  faraday (>= 0.17.3, < 3.0)
@@ -71,37 +73,37 @@ GEM
71
73
  multi_json (~> 1.3)
72
74
  multi_xml (~> 0.5)
73
75
  rack (>= 1.2, < 4)
74
- psych (4.0.3)
76
+ psych (5.1.2)
75
77
  stringio
76
- public_suffix (4.0.6)
77
- racc (1.6.2)
78
- rack (3.0.6.1)
78
+ public_suffix (5.0.5)
79
+ racc (1.7.3)
80
+ rack (3.0.10)
79
81
  rainbow (3.1.1)
80
- rake (13.0.6)
82
+ rake (13.2.1)
81
83
  rchardet (1.8.0)
82
- rdoc (6.4.0)
84
+ rdoc (6.6.3.1)
83
85
  psych (>= 4.0.0)
84
- rspec (3.12.0)
85
- rspec-core (~> 3.12.0)
86
- rspec-expectations (~> 3.12.0)
87
- rspec-mocks (~> 3.12.0)
88
- rspec-core (3.12.0)
89
- rspec-support (~> 3.12.0)
90
- rspec-expectations (3.12.0)
86
+ rspec (3.13.0)
87
+ rspec-core (~> 3.13.0)
88
+ rspec-expectations (~> 3.13.0)
89
+ rspec-mocks (~> 3.13.0)
90
+ rspec-core (3.13.0)
91
+ rspec-support (~> 3.13.0)
92
+ rspec-expectations (3.13.0)
91
93
  diff-lcs (>= 1.2.0, < 2.0)
92
- rspec-support (~> 3.12.0)
94
+ rspec-support (~> 3.13.0)
93
95
  rspec-its (1.3.0)
94
96
  rspec-core (>= 3.0.0)
95
97
  rspec-expectations (>= 3.0.0)
96
- rspec-mocks (3.12.0)
98
+ rspec-mocks (3.13.0)
97
99
  diff-lcs (>= 1.2.0, < 2.0)
98
- rspec-support (~> 3.12.0)
99
- rspec-support (3.12.0)
100
+ rspec-support (~> 3.13.0)
101
+ rspec-support (3.13.1)
100
102
  ruby2_keywords (0.0.5)
101
103
  semver2 (3.4.2)
102
- stringio (3.0.1)
104
+ stringio (3.1.0)
103
105
  thread_safe (0.3.6)
104
- zhexdump (0.0.2)
106
+ zhexdump (0.1.0)
105
107
 
106
108
  PLATFORMS
107
109
  ruby
data/README.md CHANGED
@@ -4,6 +4,11 @@ pedump [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=mast
4
4
  News
5
5
  ----
6
6
  ```
7
+ 2024.04.20 - cli: add --set-dll-char to patch dll characteristics
8
+ pe: imphash calculation
9
+ cli: added --imphash option
10
+ 2024.01.15 - add "--set-os-version VER" cmdline option for patching OS version in PE header
11
+ 2023.12.04 - workaround IO.pread() not available on windows
7
12
  2021.02.18 - updated gems; changed open-uri to URI.open; enabled SSL on https://pedump.me/
8
13
  2020.08.09 - CLI: added resource extracting with --extract ID
9
14
  2020.07.28 - 0.6.1; better RICH HDR parsing/output
@@ -73,6 +78,7 @@ Usage
73
78
  -I, --imports
74
79
  -E, --exports
75
80
  -V, --version-info
81
+ --imphash
76
82
  --packer
77
83
  --deep packer deep scan, significantly slower
78
84
  -P, --packer-only packer/compiler detect only,
@@ -88,6 +94,8 @@ Usage
88
94
  ID: section:rva/0x1000 - section by RVA
89
95
  ID: section:raw/0x400 - section by RAW_PTR
90
96
  --va2file VA Convert RVA to file offset
97
+ --set-os-version VER Patch OS version in PE header
98
+ --set-dll-char X Patch IMAGE_OPTIONAL_HEADER32.DllCharacteristics
91
99
 
92
100
  -W, --web Uploads files to a https://pedump.me
93
101
  for a nice HTML tables with image previews,
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.6.6
1
+ 0.6.9