pedump 0.6.6 → 0.6.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +34 -32
- data/README.md +8 -0
- data/VERSION +1 -1
- data/data/ordlookup/oleaut32.dll.yml +796 -0
- data/data/ordlookup/pefile2json.py +17 -0
- data/data/ordlookup/ws2_32.dll.yml +234 -0
- data/data/ordlookup/wsock32.dll.yml +234 -0
- data/lib/pedump/cli.rb +92 -9
- data/lib/pedump/ordlookup.rb +19 -0
- data/lib/pedump/pe.rb +4 -2
- data/lib/pedump.rb +28 -0
- data/pedump.gemspec +19 -28
- metadata +8 -3
data/lib/pedump.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
require 'digest/md5'
|
2
3
|
require 'stringio'
|
3
4
|
require 'iostruct'
|
4
5
|
require 'zhexdump'
|
@@ -9,6 +10,7 @@ unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
|
|
9
10
|
end
|
10
11
|
|
11
12
|
require 'pedump/core'
|
13
|
+
require 'pedump/ordlookup'
|
12
14
|
require 'pedump/pe'
|
13
15
|
require 'pedump/resources'
|
14
16
|
require 'pedump/version_info'
|
@@ -573,11 +575,37 @@ class PEdump
|
|
573
575
|
end
|
574
576
|
end
|
575
577
|
|
578
|
+
def imphash f=@io
|
579
|
+
return @imphash if @imphash
|
580
|
+
return nil unless pe(f) && pe(f).ioh && f
|
581
|
+
|
582
|
+
imports = imports(f)
|
583
|
+
return nil if imports.empty?
|
584
|
+
|
585
|
+
a = []
|
586
|
+
imports.each do |iid|
|
587
|
+
next unless iid.module_name
|
588
|
+
|
589
|
+
names = [iid.original_first_thunk, iid.first_thunk].compact.flatten.map do |x|
|
590
|
+
x.name || PEdump.ordlookup(iid.module_name, x.ordinal, make_name: true)
|
591
|
+
end.compact.map(&:downcase).uniq
|
592
|
+
libname = iid.module_name.downcase.sub(/\.(ocx|sys|dll)$/,'') # as in python's pefile
|
593
|
+
names.each do |name|
|
594
|
+
a << "#{libname}.#{name}"
|
595
|
+
end
|
596
|
+
end
|
597
|
+
|
598
|
+
return nil if a.empty?
|
599
|
+
@imphash = Digest::MD5.hexdigest(a.join(","))
|
600
|
+
end
|
601
|
+
|
576
602
|
def pe_imports f=@io
|
577
603
|
return @imports if @imports
|
578
604
|
return nil unless pe(f) && pe(f).ioh && f
|
605
|
+
|
579
606
|
dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::IMPORT]
|
580
607
|
return [] if !dir || (dir.va == 0 && dir.size == 0)
|
608
|
+
|
581
609
|
file_offset = va2file(dir.va)
|
582
610
|
return nil unless file_offset
|
583
611
|
|
data/pedump.gemspec
CHANGED
@@ -2,16 +2,16 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: pedump 0.6.
|
5
|
+
# stub: pedump 0.6.9 ruby lib
|
6
6
|
|
7
7
|
Gem::Specification.new do |s|
|
8
8
|
s.name = "pedump".freeze
|
9
|
-
s.version = "0.6.
|
9
|
+
s.version = "0.6.9".freeze
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
12
12
|
s.require_paths = ["lib".freeze]
|
13
13
|
s.authors = ["Andrey \"Zed\" Zaikin".freeze]
|
14
|
-
s.date = "
|
14
|
+
s.date = "2024-04-20"
|
15
15
|
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
|
16
16
|
s.email = "zed.0xff@gmail.com".freeze
|
17
17
|
s.executables = ["pedump".freeze]
|
@@ -31,6 +31,10 @@ Gem::Specification.new do |s|
|
|
31
31
|
"data/comp_id.txt",
|
32
32
|
"data/fs.txt",
|
33
33
|
"data/jc-userdb.txt",
|
34
|
+
"data/ordlookup/oleaut32.dll.yml",
|
35
|
+
"data/ordlookup/pefile2json.py",
|
36
|
+
"data/ordlookup/ws2_32.dll.yml",
|
37
|
+
"data/ordlookup/wsock32.dll.yml",
|
34
38
|
"data/sig.bin",
|
35
39
|
"data/signatures.txt",
|
36
40
|
"data/userdb.txt",
|
@@ -46,6 +50,7 @@ Gem::Specification.new do |s|
|
|
46
50
|
"lib/pedump/logger.rb",
|
47
51
|
"lib/pedump/ne.rb",
|
48
52
|
"lib/pedump/ne/version_info.rb",
|
53
|
+
"lib/pedump/ordlookup.rb",
|
49
54
|
"lib/pedump/packer.rb",
|
50
55
|
"lib/pedump/pe.rb",
|
51
56
|
"lib/pedump/resources.rb",
|
@@ -68,33 +73,19 @@ Gem::Specification.new do |s|
|
|
68
73
|
]
|
69
74
|
s.homepage = "http://github.com/zed-0xff/pedump".freeze
|
70
75
|
s.licenses = ["MIT".freeze]
|
71
|
-
s.rubygems_version = "3.
|
76
|
+
s.rubygems_version = "3.5.6".freeze
|
72
77
|
s.summary = "dump win32 PE executable files with a pure ruby".freeze
|
73
78
|
|
74
|
-
|
75
|
-
s.specification_version = 4
|
76
|
-
end
|
79
|
+
s.specification_version = 4
|
77
80
|
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
s.add_development_dependency(%q<juwelier>.freeze, [">= 0"])
|
88
|
-
else
|
89
|
-
s.add_dependency(%q<rainbow>.freeze, [">= 0"])
|
90
|
-
s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
|
91
|
-
s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
|
92
|
-
s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
|
93
|
-
s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
|
94
|
-
s.add_dependency(%q<rspec>.freeze, [">= 0"])
|
95
|
-
s.add_dependency(%q<rspec-its>.freeze, [">= 0"])
|
96
|
-
s.add_dependency(%q<bundler>.freeze, [">= 0"])
|
97
|
-
s.add_dependency(%q<juwelier>.freeze, [">= 0"])
|
98
|
-
end
|
81
|
+
s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0".freeze])
|
82
|
+
s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0".freeze])
|
83
|
+
s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4".freeze])
|
84
|
+
s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0".freeze])
|
85
|
+
s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2".freeze])
|
86
|
+
s.add_development_dependency(%q<rspec>.freeze, [">= 0".freeze])
|
87
|
+
s.add_development_dependency(%q<rspec-its>.freeze, [">= 0".freeze])
|
88
|
+
s.add_development_dependency(%q<bundler>.freeze, [">= 0".freeze])
|
89
|
+
s.add_development_dependency(%q<juwelier>.freeze, [">= 0".freeze])
|
99
90
|
end
|
100
91
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pedump
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrey "Zed" Zaikin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rainbow
|
@@ -156,6 +156,10 @@ files:
|
|
156
156
|
- data/comp_id.txt
|
157
157
|
- data/fs.txt
|
158
158
|
- data/jc-userdb.txt
|
159
|
+
- data/ordlookup/oleaut32.dll.yml
|
160
|
+
- data/ordlookup/pefile2json.py
|
161
|
+
- data/ordlookup/ws2_32.dll.yml
|
162
|
+
- data/ordlookup/wsock32.dll.yml
|
159
163
|
- data/sig.bin
|
160
164
|
- data/signatures.txt
|
161
165
|
- data/userdb.txt
|
@@ -171,6 +175,7 @@ files:
|
|
171
175
|
- lib/pedump/logger.rb
|
172
176
|
- lib/pedump/ne.rb
|
173
177
|
- lib/pedump/ne/version_info.rb
|
178
|
+
- lib/pedump/ordlookup.rb
|
174
179
|
- lib/pedump/packer.rb
|
175
180
|
- lib/pedump/pe.rb
|
176
181
|
- lib/pedump/resources.rb
|
@@ -209,7 +214,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
209
214
|
- !ruby/object:Gem::Version
|
210
215
|
version: '0'
|
211
216
|
requirements: []
|
212
|
-
rubygems_version: 3.
|
217
|
+
rubygems_version: 3.5.6
|
213
218
|
signing_key:
|
214
219
|
specification_version: 4
|
215
220
|
summary: dump win32 PE executable files with a pure ruby
|