pedump 0.6.6 → 0.6.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +34 -32
- data/README.md +8 -0
- data/VERSION +1 -1
- data/data/ordlookup/oleaut32.dll.yml +796 -0
- data/data/ordlookup/pefile2json.py +17 -0
- data/data/ordlookup/ws2_32.dll.yml +234 -0
- data/data/ordlookup/wsock32.dll.yml +234 -0
- data/lib/pedump/cli.rb +92 -9
- data/lib/pedump/ordlookup.rb +19 -0
- data/lib/pedump/pe.rb +4 -2
- data/lib/pedump.rb +28 -0
- data/pedump.gemspec +19 -28
- metadata +8 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 71cf1d5280d69bb55528610be1281415edb247ab051dc30e8f473deb3478b2e2
|
4
|
+
data.tar.gz: f35b57ee5d35f2ebffbef16904ed0393f29b5eea1b235e43f13fced736826401
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d2d43650cebbda5b18cfc215460ce7b6bc077f0488a40bec3cb24fbbb941b02acb29a5ee0345b17faa274780f01531847b37b89fe419eacd094d8f507ea402f3
|
7
|
+
data.tar.gz: c5137537e4fe3a27250131012e7d4214e793f4ab648ad7f0ead40a3e6305aea01e8a4760bd503cc887ed0617f18750ea193a7caadb4f500e2aede86b713b1565
|
data/Gemfile.lock
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
GEM
|
2
2
|
remote: https://rubygems.org/
|
3
3
|
specs:
|
4
|
-
addressable (2.8.
|
5
|
-
public_suffix (>= 2.0.2, <
|
4
|
+
addressable (2.8.6)
|
5
|
+
public_suffix (>= 2.0.2, < 6.0)
|
6
6
|
awesome_print (1.9.2)
|
7
|
+
base64 (0.2.0)
|
7
8
|
builder (3.2.4)
|
8
9
|
descendants_tracker (0.0.4)
|
9
10
|
thread_safe (~> 0.3, >= 0.3.1)
|
10
|
-
diff-lcs (1.5.
|
11
|
-
faraday (1.
|
11
|
+
diff-lcs (1.5.1)
|
12
|
+
faraday (1.10.3)
|
12
13
|
faraday-em_http (~> 1.0)
|
13
14
|
faraday-em_synchrony (~> 1.0)
|
14
15
|
faraday-excon (~> 1.1)
|
@@ -24,14 +25,14 @@ GEM
|
|
24
25
|
faraday-em_synchrony (1.0.0)
|
25
26
|
faraday-excon (1.1.0)
|
26
27
|
faraday-httpclient (1.0.1)
|
27
|
-
faraday-multipart (1.0.
|
28
|
-
multipart-post (
|
28
|
+
faraday-multipart (1.0.4)
|
29
|
+
multipart-post (~> 2)
|
29
30
|
faraday-net_http (1.0.1)
|
30
31
|
faraday-net_http_persistent (1.2.0)
|
31
32
|
faraday-patron (1.0.0)
|
32
33
|
faraday-rack (1.0.0)
|
33
34
|
faraday-retry (1.0.3)
|
34
|
-
git (1.
|
35
|
+
git (1.19.1)
|
35
36
|
addressable (~> 2.8)
|
36
37
|
rchardet (~> 1.8)
|
37
38
|
github_api (0.19.0)
|
@@ -41,7 +42,7 @@ GEM
|
|
41
42
|
hashie (~> 3.5, >= 3.5.2)
|
42
43
|
oauth2 (~> 1.0)
|
43
44
|
hashie (3.6.0)
|
44
|
-
highline (
|
45
|
+
highline (3.0.1)
|
45
46
|
iostruct (0.0.5)
|
46
47
|
juwelier (2.4.9)
|
47
48
|
builder
|
@@ -55,15 +56,16 @@ GEM
|
|
55
56
|
rake
|
56
57
|
rdoc
|
57
58
|
semver2
|
58
|
-
jwt (2.
|
59
|
+
jwt (2.8.1)
|
60
|
+
base64
|
59
61
|
kamelcase (0.0.2)
|
60
62
|
semver2 (~> 3)
|
61
|
-
mini_portile2 (2.8.
|
63
|
+
mini_portile2 (2.8.6)
|
62
64
|
multi_json (1.15.0)
|
63
65
|
multi_xml (0.6.0)
|
64
|
-
multipart-post (2.
|
65
|
-
nokogiri (1.
|
66
|
-
mini_portile2 (~> 2.8.
|
66
|
+
multipart-post (2.4.0)
|
67
|
+
nokogiri (1.16.4)
|
68
|
+
mini_portile2 (~> 2.8.2)
|
67
69
|
racc (~> 1.4)
|
68
70
|
oauth2 (1.4.11)
|
69
71
|
faraday (>= 0.17.3, < 3.0)
|
@@ -71,37 +73,37 @@ GEM
|
|
71
73
|
multi_json (~> 1.3)
|
72
74
|
multi_xml (~> 0.5)
|
73
75
|
rack (>= 1.2, < 4)
|
74
|
-
psych (
|
76
|
+
psych (5.1.2)
|
75
77
|
stringio
|
76
|
-
public_suffix (
|
77
|
-
racc (1.
|
78
|
-
rack (3.0.
|
78
|
+
public_suffix (5.0.5)
|
79
|
+
racc (1.7.3)
|
80
|
+
rack (3.0.10)
|
79
81
|
rainbow (3.1.1)
|
80
|
-
rake (13.
|
82
|
+
rake (13.2.1)
|
81
83
|
rchardet (1.8.0)
|
82
|
-
rdoc (6.
|
84
|
+
rdoc (6.6.3.1)
|
83
85
|
psych (>= 4.0.0)
|
84
|
-
rspec (3.
|
85
|
-
rspec-core (~> 3.
|
86
|
-
rspec-expectations (~> 3.
|
87
|
-
rspec-mocks (~> 3.
|
88
|
-
rspec-core (3.
|
89
|
-
rspec-support (~> 3.
|
90
|
-
rspec-expectations (3.
|
86
|
+
rspec (3.13.0)
|
87
|
+
rspec-core (~> 3.13.0)
|
88
|
+
rspec-expectations (~> 3.13.0)
|
89
|
+
rspec-mocks (~> 3.13.0)
|
90
|
+
rspec-core (3.13.0)
|
91
|
+
rspec-support (~> 3.13.0)
|
92
|
+
rspec-expectations (3.13.0)
|
91
93
|
diff-lcs (>= 1.2.0, < 2.0)
|
92
|
-
rspec-support (~> 3.
|
94
|
+
rspec-support (~> 3.13.0)
|
93
95
|
rspec-its (1.3.0)
|
94
96
|
rspec-core (>= 3.0.0)
|
95
97
|
rspec-expectations (>= 3.0.0)
|
96
|
-
rspec-mocks (3.
|
98
|
+
rspec-mocks (3.13.0)
|
97
99
|
diff-lcs (>= 1.2.0, < 2.0)
|
98
|
-
rspec-support (~> 3.
|
99
|
-
rspec-support (3.
|
100
|
+
rspec-support (~> 3.13.0)
|
101
|
+
rspec-support (3.13.1)
|
100
102
|
ruby2_keywords (0.0.5)
|
101
103
|
semver2 (3.4.2)
|
102
|
-
stringio (3.0
|
104
|
+
stringio (3.1.0)
|
103
105
|
thread_safe (0.3.6)
|
104
|
-
zhexdump (0.0
|
106
|
+
zhexdump (0.1.0)
|
105
107
|
|
106
108
|
PLATFORMS
|
107
109
|
ruby
|
data/README.md
CHANGED
@@ -4,6 +4,11 @@ pedump [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=mast
|
|
4
4
|
News
|
5
5
|
----
|
6
6
|
```
|
7
|
+
2024.04.20 - cli: add --set-dll-char to patch dll characteristics
|
8
|
+
pe: imphash calculation
|
9
|
+
cli: added --imphash option
|
10
|
+
2024.01.15 - add "--set-os-version VER" cmdline option for patching OS version in PE header
|
11
|
+
2023.12.04 - workaround IO.pread() not available on windows
|
7
12
|
2021.02.18 - updated gems; changed open-uri to URI.open; enabled SSL on https://pedump.me/
|
8
13
|
2020.08.09 - CLI: added resource extracting with --extract ID
|
9
14
|
2020.07.28 - 0.6.1; better RICH HDR parsing/output
|
@@ -73,6 +78,7 @@ Usage
|
|
73
78
|
-I, --imports
|
74
79
|
-E, --exports
|
75
80
|
-V, --version-info
|
81
|
+
--imphash
|
76
82
|
--packer
|
77
83
|
--deep packer deep scan, significantly slower
|
78
84
|
-P, --packer-only packer/compiler detect only,
|
@@ -88,6 +94,8 @@ Usage
|
|
88
94
|
ID: section:rva/0x1000 - section by RVA
|
89
95
|
ID: section:raw/0x400 - section by RAW_PTR
|
90
96
|
--va2file VA Convert RVA to file offset
|
97
|
+
--set-os-version VER Patch OS version in PE header
|
98
|
+
--set-dll-char X Patch IMAGE_OPTIONAL_HEADER32.DllCharacteristics
|
91
99
|
|
92
100
|
-W, --web Uploads files to a https://pedump.me
|
93
101
|
for a nice HTML tables with image previews,
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.6.
|
1
|
+
0.6.9
|