pedump 0.6.6 → 0.6.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/lib/pedump.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ require 'digest/md5'
2
3
  require 'stringio'
3
4
  require 'iostruct'
4
5
  require 'zhexdump'
@@ -9,6 +10,7 @@ unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
9
10
  end
10
11
 
11
12
  require 'pedump/core'
13
+ require 'pedump/ordlookup'
12
14
  require 'pedump/pe'
13
15
  require 'pedump/resources'
14
16
  require 'pedump/version_info'
@@ -573,11 +575,37 @@ class PEdump
573
575
  end
574
576
  end
575
577
 
578
+ def imphash f=@io
579
+ return @imphash if @imphash
580
+ return nil unless pe(f) && pe(f).ioh && f
581
+
582
+ imports = imports(f)
583
+ return nil if imports.empty?
584
+
585
+ a = []
586
+ imports.each do |iid|
587
+ next unless iid.module_name
588
+
589
+ names = [iid.original_first_thunk, iid.first_thunk].compact.flatten.map do |x|
590
+ x.name || PEdump.ordlookup(iid.module_name, x.ordinal, make_name: true)
591
+ end.compact.map(&:downcase).uniq
592
+ libname = iid.module_name.downcase.sub(/\.(ocx|sys|dll)$/,'') # as in python's pefile
593
+ names.each do |name|
594
+ a << "#{libname}.#{name}"
595
+ end
596
+ end
597
+
598
+ return nil if a.empty?
599
+ @imphash = Digest::MD5.hexdigest(a.join(","))
600
+ end
601
+
576
602
  def pe_imports f=@io
577
603
  return @imports if @imports
578
604
  return nil unless pe(f) && pe(f).ioh && f
605
+
579
606
  dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::IMPORT]
580
607
  return [] if !dir || (dir.va == 0 && dir.size == 0)
608
+
581
609
  file_offset = va2file(dir.va)
582
610
  return nil unless file_offset
583
611
 
data/pedump.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: pedump 0.6.6 ruby lib
5
+ # stub: pedump 0.6.9 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "pedump".freeze
9
- s.version = "0.6.6"
9
+ s.version = "0.6.9".freeze
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib".freeze]
13
13
  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
14
- s.date = "2023-04-16"
14
+ s.date = "2024-04-20"
15
15
  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
16
16
  s.email = "zed.0xff@gmail.com".freeze
17
17
  s.executables = ["pedump".freeze]
@@ -31,6 +31,10 @@ Gem::Specification.new do |s|
31
31
  "data/comp_id.txt",
32
32
  "data/fs.txt",
33
33
  "data/jc-userdb.txt",
34
+ "data/ordlookup/oleaut32.dll.yml",
35
+ "data/ordlookup/pefile2json.py",
36
+ "data/ordlookup/ws2_32.dll.yml",
37
+ "data/ordlookup/wsock32.dll.yml",
34
38
  "data/sig.bin",
35
39
  "data/signatures.txt",
36
40
  "data/userdb.txt",
@@ -46,6 +50,7 @@ Gem::Specification.new do |s|
46
50
  "lib/pedump/logger.rb",
47
51
  "lib/pedump/ne.rb",
48
52
  "lib/pedump/ne/version_info.rb",
53
+ "lib/pedump/ordlookup.rb",
49
54
  "lib/pedump/packer.rb",
50
55
  "lib/pedump/pe.rb",
51
56
  "lib/pedump/resources.rb",
@@ -68,33 +73,19 @@ Gem::Specification.new do |s|
68
73
  ]
69
74
  s.homepage = "http://github.com/zed-0xff/pedump".freeze
70
75
  s.licenses = ["MIT".freeze]
71
- s.rubygems_version = "3.3.7".freeze
76
+ s.rubygems_version = "3.5.6".freeze
72
77
  s.summary = "dump win32 PE executable files with a pure ruby".freeze
73
78
 
74
- if s.respond_to? :specification_version then
75
- s.specification_version = 4
76
- end
79
+ s.specification_version = 4
77
80
 
78
- if s.respond_to? :add_runtime_dependency then
79
- s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
80
- s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
81
- s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
82
- s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
83
- s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
84
- s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
85
- s.add_development_dependency(%q<rspec-its>.freeze, [">= 0"])
86
- s.add_development_dependency(%q<bundler>.freeze, [">= 0"])
87
- s.add_development_dependency(%q<juwelier>.freeze, [">= 0"])
88
- else
89
- s.add_dependency(%q<rainbow>.freeze, [">= 0"])
90
- s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
91
- s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
92
- s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
93
- s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
94
- s.add_dependency(%q<rspec>.freeze, [">= 0"])
95
- s.add_dependency(%q<rspec-its>.freeze, [">= 0"])
96
- s.add_dependency(%q<bundler>.freeze, [">= 0"])
97
- s.add_dependency(%q<juwelier>.freeze, [">= 0"])
98
- end
81
+ s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0".freeze])
82
+ s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0".freeze])
83
+ s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4".freeze])
84
+ s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0".freeze])
85
+ s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2".freeze])
86
+ s.add_development_dependency(%q<rspec>.freeze, [">= 0".freeze])
87
+ s.add_development_dependency(%q<rspec-its>.freeze, [">= 0".freeze])
88
+ s.add_development_dependency(%q<bundler>.freeze, [">= 0".freeze])
89
+ s.add_development_dependency(%q<juwelier>.freeze, [">= 0".freeze])
99
90
  end
100
91
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pedump
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.6
4
+ version: 0.6.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrey "Zed" Zaikin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-16 00:00:00.000000000 Z
11
+ date: 2024-04-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rainbow
@@ -156,6 +156,10 @@ files:
156
156
  - data/comp_id.txt
157
157
  - data/fs.txt
158
158
  - data/jc-userdb.txt
159
+ - data/ordlookup/oleaut32.dll.yml
160
+ - data/ordlookup/pefile2json.py
161
+ - data/ordlookup/ws2_32.dll.yml
162
+ - data/ordlookup/wsock32.dll.yml
159
163
  - data/sig.bin
160
164
  - data/signatures.txt
161
165
  - data/userdb.txt
@@ -171,6 +175,7 @@ files:
171
175
  - lib/pedump/logger.rb
172
176
  - lib/pedump/ne.rb
173
177
  - lib/pedump/ne/version_info.rb
178
+ - lib/pedump/ordlookup.rb
174
179
  - lib/pedump/packer.rb
175
180
  - lib/pedump/pe.rb
176
181
  - lib/pedump/resources.rb
@@ -209,7 +214,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
209
214
  - !ruby/object:Gem::Version
210
215
  version: '0'
211
216
  requirements: []
212
- rubygems_version: 3.3.7
217
+ rubygems_version: 3.5.6
213
218
  signing_key:
214
219
  specification_version: 4
215
220
  summary: dump win32 PE executable files with a pure ruby