pedump 0.6.6 → 0.6.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +34 -32
- data/README.md +8 -0
- data/VERSION +1 -1
- data/data/ordlookup/oleaut32.dll.yml +796 -0
- data/data/ordlookup/pefile2json.py +17 -0
- data/data/ordlookup/ws2_32.dll.yml +234 -0
- data/data/ordlookup/wsock32.dll.yml +234 -0
- data/lib/pedump/cli.rb +92 -9
- data/lib/pedump/ordlookup.rb +19 -0
- data/lib/pedump/pe.rb +4 -2
- data/lib/pedump.rb +28 -0
- data/pedump.gemspec +19 -28
- metadata +8 -3
data/lib/pedump.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
|
+
require 'digest/md5'
|
|
2
3
|
require 'stringio'
|
|
3
4
|
require 'iostruct'
|
|
4
5
|
require 'zhexdump'
|
|
@@ -9,6 +10,7 @@ unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
|
|
|
9
10
|
end
|
|
10
11
|
|
|
11
12
|
require 'pedump/core'
|
|
13
|
+
require 'pedump/ordlookup'
|
|
12
14
|
require 'pedump/pe'
|
|
13
15
|
require 'pedump/resources'
|
|
14
16
|
require 'pedump/version_info'
|
|
@@ -573,11 +575,37 @@ class PEdump
|
|
|
573
575
|
end
|
|
574
576
|
end
|
|
575
577
|
|
|
578
|
+
def imphash f=@io
|
|
579
|
+
return @imphash if @imphash
|
|
580
|
+
return nil unless pe(f) && pe(f).ioh && f
|
|
581
|
+
|
|
582
|
+
imports = imports(f)
|
|
583
|
+
return nil if imports.empty?
|
|
584
|
+
|
|
585
|
+
a = []
|
|
586
|
+
imports.each do |iid|
|
|
587
|
+
next unless iid.module_name
|
|
588
|
+
|
|
589
|
+
names = [iid.original_first_thunk, iid.first_thunk].compact.flatten.map do |x|
|
|
590
|
+
x.name || PEdump.ordlookup(iid.module_name, x.ordinal, make_name: true)
|
|
591
|
+
end.compact.map(&:downcase).uniq
|
|
592
|
+
libname = iid.module_name.downcase.sub(/\.(ocx|sys|dll)$/,'') # as in python's pefile
|
|
593
|
+
names.each do |name|
|
|
594
|
+
a << "#{libname}.#{name}"
|
|
595
|
+
end
|
|
596
|
+
end
|
|
597
|
+
|
|
598
|
+
return nil if a.empty?
|
|
599
|
+
@imphash = Digest::MD5.hexdigest(a.join(","))
|
|
600
|
+
end
|
|
601
|
+
|
|
576
602
|
def pe_imports f=@io
|
|
577
603
|
return @imports if @imports
|
|
578
604
|
return nil unless pe(f) && pe(f).ioh && f
|
|
605
|
+
|
|
579
606
|
dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::IMPORT]
|
|
580
607
|
return [] if !dir || (dir.va == 0 && dir.size == 0)
|
|
608
|
+
|
|
581
609
|
file_offset = va2file(dir.va)
|
|
582
610
|
return nil unless file_offset
|
|
583
611
|
|
data/pedump.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: pedump 0.6.
|
|
5
|
+
# stub: pedump 0.6.9 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "pedump".freeze
|
|
9
|
-
s.version = "0.6.
|
|
9
|
+
s.version = "0.6.9".freeze
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["Andrey \"Zed\" Zaikin".freeze]
|
|
14
|
-
s.date = "
|
|
14
|
+
s.date = "2024-04-20"
|
|
15
15
|
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
|
|
16
16
|
s.email = "zed.0xff@gmail.com".freeze
|
|
17
17
|
s.executables = ["pedump".freeze]
|
|
@@ -31,6 +31,10 @@ Gem::Specification.new do |s|
|
|
|
31
31
|
"data/comp_id.txt",
|
|
32
32
|
"data/fs.txt",
|
|
33
33
|
"data/jc-userdb.txt",
|
|
34
|
+
"data/ordlookup/oleaut32.dll.yml",
|
|
35
|
+
"data/ordlookup/pefile2json.py",
|
|
36
|
+
"data/ordlookup/ws2_32.dll.yml",
|
|
37
|
+
"data/ordlookup/wsock32.dll.yml",
|
|
34
38
|
"data/sig.bin",
|
|
35
39
|
"data/signatures.txt",
|
|
36
40
|
"data/userdb.txt",
|
|
@@ -46,6 +50,7 @@ Gem::Specification.new do |s|
|
|
|
46
50
|
"lib/pedump/logger.rb",
|
|
47
51
|
"lib/pedump/ne.rb",
|
|
48
52
|
"lib/pedump/ne/version_info.rb",
|
|
53
|
+
"lib/pedump/ordlookup.rb",
|
|
49
54
|
"lib/pedump/packer.rb",
|
|
50
55
|
"lib/pedump/pe.rb",
|
|
51
56
|
"lib/pedump/resources.rb",
|
|
@@ -68,33 +73,19 @@ Gem::Specification.new do |s|
|
|
|
68
73
|
]
|
|
69
74
|
s.homepage = "http://github.com/zed-0xff/pedump".freeze
|
|
70
75
|
s.licenses = ["MIT".freeze]
|
|
71
|
-
s.rubygems_version = "3.
|
|
76
|
+
s.rubygems_version = "3.5.6".freeze
|
|
72
77
|
s.summary = "dump win32 PE executable files with a pure ruby".freeze
|
|
73
78
|
|
|
74
|
-
|
|
75
|
-
s.specification_version = 4
|
|
76
|
-
end
|
|
79
|
+
s.specification_version = 4
|
|
77
80
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
s.add_development_dependency(%q<juwelier>.freeze, [">= 0"])
|
|
88
|
-
else
|
|
89
|
-
s.add_dependency(%q<rainbow>.freeze, [">= 0"])
|
|
90
|
-
s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
|
|
91
|
-
s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
|
|
92
|
-
s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
|
|
93
|
-
s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
|
|
94
|
-
s.add_dependency(%q<rspec>.freeze, [">= 0"])
|
|
95
|
-
s.add_dependency(%q<rspec-its>.freeze, [">= 0"])
|
|
96
|
-
s.add_dependency(%q<bundler>.freeze, [">= 0"])
|
|
97
|
-
s.add_dependency(%q<juwelier>.freeze, [">= 0"])
|
|
98
|
-
end
|
|
81
|
+
s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0".freeze])
|
|
82
|
+
s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0".freeze])
|
|
83
|
+
s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4".freeze])
|
|
84
|
+
s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0".freeze])
|
|
85
|
+
s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2".freeze])
|
|
86
|
+
s.add_development_dependency(%q<rspec>.freeze, [">= 0".freeze])
|
|
87
|
+
s.add_development_dependency(%q<rspec-its>.freeze, [">= 0".freeze])
|
|
88
|
+
s.add_development_dependency(%q<bundler>.freeze, [">= 0".freeze])
|
|
89
|
+
s.add_development_dependency(%q<juwelier>.freeze, [">= 0".freeze])
|
|
99
90
|
end
|
|
100
91
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pedump
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrey "Zed" Zaikin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-04-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rainbow
|
|
@@ -156,6 +156,10 @@ files:
|
|
|
156
156
|
- data/comp_id.txt
|
|
157
157
|
- data/fs.txt
|
|
158
158
|
- data/jc-userdb.txt
|
|
159
|
+
- data/ordlookup/oleaut32.dll.yml
|
|
160
|
+
- data/ordlookup/pefile2json.py
|
|
161
|
+
- data/ordlookup/ws2_32.dll.yml
|
|
162
|
+
- data/ordlookup/wsock32.dll.yml
|
|
159
163
|
- data/sig.bin
|
|
160
164
|
- data/signatures.txt
|
|
161
165
|
- data/userdb.txt
|
|
@@ -171,6 +175,7 @@ files:
|
|
|
171
175
|
- lib/pedump/logger.rb
|
|
172
176
|
- lib/pedump/ne.rb
|
|
173
177
|
- lib/pedump/ne/version_info.rb
|
|
178
|
+
- lib/pedump/ordlookup.rb
|
|
174
179
|
- lib/pedump/packer.rb
|
|
175
180
|
- lib/pedump/pe.rb
|
|
176
181
|
- lib/pedump/resources.rb
|
|
@@ -209,7 +214,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
209
214
|
- !ruby/object:Gem::Version
|
|
210
215
|
version: '0'
|
|
211
216
|
requirements: []
|
|
212
|
-
rubygems_version: 3.
|
|
217
|
+
rubygems_version: 3.5.6
|
|
213
218
|
signing_key:
|
|
214
219
|
specification_version: 4
|
|
215
220
|
summary: dump win32 PE executable files with a pure ruby
|