pedump 0.6.6 → 0.6.9

Sign up to get free protection for your applications and to get access to all the features.
data/lib/pedump.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ require 'digest/md5'
2
3
  require 'stringio'
3
4
  require 'iostruct'
4
5
  require 'zhexdump'
@@ -9,6 +10,7 @@ unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
9
10
  end
10
11
 
11
12
  require 'pedump/core'
13
+ require 'pedump/ordlookup'
12
14
  require 'pedump/pe'
13
15
  require 'pedump/resources'
14
16
  require 'pedump/version_info'
@@ -573,11 +575,37 @@ class PEdump
573
575
  end
574
576
  end
575
577
 
578
+ def imphash f=@io
579
+ return @imphash if @imphash
580
+ return nil unless pe(f) && pe(f).ioh && f
581
+
582
+ imports = imports(f)
583
+ return nil if imports.empty?
584
+
585
+ a = []
586
+ imports.each do |iid|
587
+ next unless iid.module_name
588
+
589
+ names = [iid.original_first_thunk, iid.first_thunk].compact.flatten.map do |x|
590
+ x.name || PEdump.ordlookup(iid.module_name, x.ordinal, make_name: true)
591
+ end.compact.map(&:downcase).uniq
592
+ libname = iid.module_name.downcase.sub(/\.(ocx|sys|dll)$/,'') # as in python's pefile
593
+ names.each do |name|
594
+ a << "#{libname}.#{name}"
595
+ end
596
+ end
597
+
598
+ return nil if a.empty?
599
+ @imphash = Digest::MD5.hexdigest(a.join(","))
600
+ end
601
+
576
602
  def pe_imports f=@io
577
603
  return @imports if @imports
578
604
  return nil unless pe(f) && pe(f).ioh && f
605
+
579
606
  dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::IMPORT]
580
607
  return [] if !dir || (dir.va == 0 && dir.size == 0)
608
+
581
609
  file_offset = va2file(dir.va)
582
610
  return nil unless file_offset
583
611
 
data/pedump.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: pedump 0.6.6 ruby lib
5
+ # stub: pedump 0.6.9 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "pedump".freeze
9
- s.version = "0.6.6"
9
+ s.version = "0.6.9".freeze
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib".freeze]
13
13
  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
14
- s.date = "2023-04-16"
14
+ s.date = "2024-04-20"
15
15
  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
16
16
  s.email = "zed.0xff@gmail.com".freeze
17
17
  s.executables = ["pedump".freeze]
@@ -31,6 +31,10 @@ Gem::Specification.new do |s|
31
31
  "data/comp_id.txt",
32
32
  "data/fs.txt",
33
33
  "data/jc-userdb.txt",
34
+ "data/ordlookup/oleaut32.dll.yml",
35
+ "data/ordlookup/pefile2json.py",
36
+ "data/ordlookup/ws2_32.dll.yml",
37
+ "data/ordlookup/wsock32.dll.yml",
34
38
  "data/sig.bin",
35
39
  "data/signatures.txt",
36
40
  "data/userdb.txt",
@@ -46,6 +50,7 @@ Gem::Specification.new do |s|
46
50
  "lib/pedump/logger.rb",
47
51
  "lib/pedump/ne.rb",
48
52
  "lib/pedump/ne/version_info.rb",
53
+ "lib/pedump/ordlookup.rb",
49
54
  "lib/pedump/packer.rb",
50
55
  "lib/pedump/pe.rb",
51
56
  "lib/pedump/resources.rb",
@@ -68,33 +73,19 @@ Gem::Specification.new do |s|
68
73
  ]
69
74
  s.homepage = "http://github.com/zed-0xff/pedump".freeze
70
75
  s.licenses = ["MIT".freeze]
71
- s.rubygems_version = "3.3.7".freeze
76
+ s.rubygems_version = "3.5.6".freeze
72
77
  s.summary = "dump win32 PE executable files with a pure ruby".freeze
73
78
 
74
- if s.respond_to? :specification_version then
75
- s.specification_version = 4
76
- end
79
+ s.specification_version = 4
77
80
 
78
- if s.respond_to? :add_runtime_dependency then
79
- s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
80
- s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
81
- s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
82
- s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
83
- s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
84
- s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
85
- s.add_development_dependency(%q<rspec-its>.freeze, [">= 0"])
86
- s.add_development_dependency(%q<bundler>.freeze, [">= 0"])
87
- s.add_development_dependency(%q<juwelier>.freeze, [">= 0"])
88
- else
89
- s.add_dependency(%q<rainbow>.freeze, [">= 0"])
90
- s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
91
- s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
92
- s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
93
- s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
94
- s.add_dependency(%q<rspec>.freeze, [">= 0"])
95
- s.add_dependency(%q<rspec-its>.freeze, [">= 0"])
96
- s.add_dependency(%q<bundler>.freeze, [">= 0"])
97
- s.add_dependency(%q<juwelier>.freeze, [">= 0"])
98
- end
81
+ s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0".freeze])
82
+ s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0".freeze])
83
+ s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4".freeze])
84
+ s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0".freeze])
85
+ s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2".freeze])
86
+ s.add_development_dependency(%q<rspec>.freeze, [">= 0".freeze])
87
+ s.add_development_dependency(%q<rspec-its>.freeze, [">= 0".freeze])
88
+ s.add_development_dependency(%q<bundler>.freeze, [">= 0".freeze])
89
+ s.add_development_dependency(%q<juwelier>.freeze, [">= 0".freeze])
99
90
  end
100
91
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pedump
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.6
4
+ version: 0.6.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrey "Zed" Zaikin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-16 00:00:00.000000000 Z
11
+ date: 2024-04-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rainbow
@@ -156,6 +156,10 @@ files:
156
156
  - data/comp_id.txt
157
157
  - data/fs.txt
158
158
  - data/jc-userdb.txt
159
+ - data/ordlookup/oleaut32.dll.yml
160
+ - data/ordlookup/pefile2json.py
161
+ - data/ordlookup/ws2_32.dll.yml
162
+ - data/ordlookup/wsock32.dll.yml
159
163
  - data/sig.bin
160
164
  - data/signatures.txt
161
165
  - data/userdb.txt
@@ -171,6 +175,7 @@ files:
171
175
  - lib/pedump/logger.rb
172
176
  - lib/pedump/ne.rb
173
177
  - lib/pedump/ne/version_info.rb
178
+ - lib/pedump/ordlookup.rb
174
179
  - lib/pedump/packer.rb
175
180
  - lib/pedump/pe.rb
176
181
  - lib/pedump/resources.rb
@@ -209,7 +214,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
209
214
  - !ruby/object:Gem::Version
210
215
  version: '0'
211
216
  requirements: []
212
- rubygems_version: 3.3.7
217
+ rubygems_version: 3.5.6
213
218
  signing_key:
214
219
  specification_version: 4
215
220
  summary: dump win32 PE executable files with a pure ruby