pedump 0.7.3 → 0.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd0f244a4510c9dd2d331be3789b3deae796e4b87c68a50c5ab21e5a757d1341
-  data.tar.gz: f90e27cecf5b25275e2f53b92d8dd894bc5d10cc61ead2a2f7e6d174fe45c4ed
+  metadata.gz: d422e0cae0fcfb5090f13cdbe0e9fe8635463ba9cfccee49a110f766a962be9f
+  data.tar.gz: cbffb2114ff2b8195ffeb2ed5b92a2cadf4dadd35303802c30d6386c91041b2d
 SHA512:
-  metadata.gz: ca89ec6a27c7f7a0d25756bdcacddbd0e0edcf98d33dd7869ee4404d1c40f47610388d6516d120ef3367075185ec13e560f4835022ab20d35f650243cebce167
-  data.tar.gz: fcc1b0194cd9d3ea39ad44e0f95f0d50432c697d45c5d6608bfeeb98214fef97d27a5660fa6cacdcd718c0a53fe3c043a8b628207be1834cdffb5e0f0f78459d
+  metadata.gz: 9d4d9ca21d96b9ac64339da6208fa049d364384e505ff6e9d2a5232aa2cd711c3bd8b37a5fb1141b601df1f7ef82cc70c6a0a5389d03a2ffc4ab76d1c8b7ea3e
+  data.tar.gz: 8468e35a72ff9d84e475092aee3b8f0e0e0e0b5927197f0a3d6cc2d99d68552d98cb7cbc096f7de6439d5df1a981710f4f53389974d43f5dcc2ac8d5d0f7f5fd

data/Gemfile

@@ -1,15 +1,10 @@
-source "https://rubygems.org"
-#gemspec
+# frozen_string_literal: true
 
-gem 'rainbow'
-gem "awesome_print"
-gem "iostruct",       ">= 0.5.0"
-gem "multipart-post", ">= 2.0.0"
-gem "zhexdump",       ">= 0.0.2"
+source 'https://rubygems.org'
 
-group :development do
-  gem "rspec"
-  gem "rspec-its"
-  gem "bundler"
-  gem "juwelier"
+gemspec
+
+group :development, :test do
+  gem 'rspec'
+  gem 'rspec-its'
 end

data/Gemfile.lock

@@ -1,174 +1,43 @@
+PATH
+  remote: .
+  specs:
+    pedump (0.7.4)
+      iostruct (>= 0.7.0)
+      logger
+      zhexdump (>= 0.0.2)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (8.0.1)
-      base64
-      benchmark (>= 0.3)
-      bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.3.1)
-      connection_pool (>= 2.2.5)
-      drb
-      i18n (>= 1.6, < 2)
-      logger (>= 1.4.2)
-      minitest (>= 5.1)
-      securerandom (>= 0.3)
-      tzinfo (~> 2.0, >= 2.0.5)
-      uri (>= 0.13.1)
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
-    awesome_print (1.9.2)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.9)
-    builder (3.3.0)
-    concurrent-ruby (1.3.5)
-    connection_pool (2.5.0)
-    date (3.4.1)
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
-    diff-lcs (1.6.0)
-    drb (2.2.1)
-    faraday (1.10.4)
-      faraday-em_http (~> 1.0)
-      faraday-em_synchrony (~> 1.0)
-      faraday-excon (~> 1.1)
-      faraday-httpclient (~> 1.0)
-      faraday-multipart (~> 1.0)
-      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.0)
-      faraday-patron (~> 1.0)
-      faraday-rack (~> 1.0)
-      faraday-retry (~> 1.0)
-      ruby2_keywords (>= 0.0.4)
-    faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
-    faraday-excon (1.1.0)
-    faraday-httpclient (1.0.1)
-    faraday-multipart (1.1.0)
-      multipart-post (~> 2.0)
-    faraday-net_http (1.0.2)
-    faraday-net_http_persistent (1.2.0)
-    faraday-patron (1.0.0)
-    faraday-rack (1.0.0)
-    faraday-retry (1.0.3)
-    git (2.3.3)
-      activesupport (>= 5.0)
-      addressable (~> 2.8)
-      process_executer (~> 1.1)
-      rchardet (~> 1.8)
-    github_api (0.19.0)
-      addressable (~> 2.4)
-      descendants_tracker (~> 0.0.4)
-      faraday (>= 0.8, < 2)
-      hashie (~> 3.5, >= 3.5.2)
-      oauth2 (~> 1.0)
-    hashie (3.6.0)
-    highline (3.1.2)
-      reline
-    i18n (1.14.7)
-      concurrent-ruby (~> 1.0)
-    io-console (0.8.0)
-    iostruct (0.5.0)
-    juwelier (2.4.9)
-      builder
-      bundler
-      git
-      github_api
-      highline
-      kamelcase (~> 0)
-      nokogiri
-      psych
-      rake
-      rdoc
-      semver2
-    jwt (2.10.1)
-      base64
-    kamelcase (0.0.2)
-      semver2 (~> 3)
-    logger (1.6.6)
-    mini_portile2 (2.8.8)
-    minitest (5.25.4)
-    multi_json (1.15.0)
-    multi_xml (0.7.1)
-      bigdecimal (~> 3.1)
-    multipart-post (2.4.1)
-    nokogiri (1.18.4)
-      mini_portile2 (~> 2.8.2)
-      racc (~> 1.4)
-    nokogiri (1.18.4-aarch64-linux-gnu)
-      racc (~> 1.4)
-    nokogiri (1.18.4-arm-linux-gnu)
-      racc (~> 1.4)
-    nokogiri (1.18.4-arm64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.18.4-x86_64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.18.4-x86_64-linux-gnu)
-      racc (~> 1.4)
-    oauth2 (1.4.11)
-      faraday (>= 0.17.3, < 3.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 4)
-    process_executer (1.3.0)
-    psych (5.2.3)
-      date
-      stringio
-    public_suffix (6.0.1)
-    racc (1.8.1)
-    rack (3.1.12)
-    rainbow (3.1.1)
-    rake (13.2.1)
-    rchardet (1.9.0)
-    rdoc (6.12.0)
-      psych (>= 4.0.0)
-    reline (0.6.0)
-      io-console (~> 0.5)
-    rspec (3.13.0)
+    diff-lcs (1.6.2)
+    iostruct (0.7.0)
+    logger (1.7.0)
+    rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.3)
+    rspec-core (3.13.6)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-its (2.0.0)
       rspec-core (>= 3.13.0)
       rspec-expectations (>= 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.7)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
-    ruby2_keywords (0.0.5)
-    securerandom (0.4.1)
-    semver2 (3.4.2)
-    stringio (3.1.5)
-    thread_safe (0.3.6)
-    tzinfo (2.0.6)
-      concurrent-ruby (~> 1.0)
-    uri (1.0.3)
-    zhexdump (0.2.0)
+    rspec-support (3.13.6)
+    zhexdump (0.3.0)
 
 PLATFORMS
-  aarch64-linux
-  arm-linux
-  arm64-darwin
-  x86-linux
-  x86_64-darwin
-  x86_64-linux
+  arm64-darwin-24
+  ruby
 
 DEPENDENCIES
-  awesome_print
-  bundler
-  iostruct (>= 0.5.0)
-  juwelier
-  multipart-post (>= 2.0.0)
-  rainbow
+  pedump!
   rspec
   rspec-its
-  zhexdump (>= 0.0.2)
 
 BUNDLED WITH
-   2.5.22
+   2.6.9

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2011 Andrey "Zed" Zaikin
+Copyright (c) 2011-2025 Andrey "Zed" Zaikin
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -4,6 +4,9 @@ pedump    [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=mast
 News
 ----
 ```
+2026.01.28 - 0.7.5; remove awesome_print, multipart-post, rainbow, juwelier; add logger
+2026.01.28 - 0.7.4; update iostruct
+2025.11.11 - 0.7.3; CLI: fix --file2va command :]
 2025.11.11 - 0.7.1; CLI: add --file2va command
 2025.03.16 - added .NET CLR parsing
 2024.04.20 - cli: add --set-dll-char to patch dll characteristics
@@ -111,6 +114,8 @@ Usage
     
             --va2file VA                 Convert VA to file offset
             --file2va OFFSET             Convert file offset to VA
+            --rva2file RVA               Convert RVA to file offset
+            --file2rva OFFSET            Convert file offset to RVA
     
             --set-os-version VER         Patch OS version in PE header
             --set-dll-char X             Patch IMAGE_OPTIONAL_HEADER32.DllCharacteristics
@@ -221,6 +226,28 @@ Usage
                        LoaderFlags:                        0
                NumberOfRvaAndSizes:         16            10
 
+### Convert (R)VA to file offset and back
+
+    # pedump --rva2file 0x4c000 calc.exe
+
+    rva2file(0x4c000) = 0x4ae00  (306688)
+
+    # pedump --file2rva 0x4ae00 calc.exe
+
+    file2rva(0x4ae00) = 0x4c000  (311296)
+
+    # pedump --va2file 0x104c000 calc.exe
+
+    va2file(0x104c000) = 0x4ae00  (306688)
+
+    # pedump --file2va 0x4ae00 calc.exe
+
+    file2va(0x4ae00) = 0x104c000  (17088512)
+
+    # pedump --file2va 0x4ae00 calc.exe --format hex
+
+    104c000
+
 ### Data Directory
 
     # pedump --data-directory calc.exe

data/Rakefile

@@ -1,48 +1,23 @@
-# encoding: utf-8
-
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'juwelier'
-Juwelier::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "pedump"
-  gem.homepage = "http://github.com/zed-0xff/pedump"
-  gem.license = "MIT"
-  gem.summary = %Q{dump win32 PE executable files with a pure ruby}
-  gem.description = %Q{dump headers, sections, extract resources of win32 PE exe,dll,etc}
-  gem.email = "zed.0xff@gmail.com"
-  gem.authors = ["Andrey \"Zed\" Zaikin"]
-  gem.executables = %w'pedump'
-  gem.files.include "lib/**/*.rb"
-  gem.files.exclude %w'samples/**/* spec/**/* tmp/**/* tmp/.keep .* README.md.tpl .github/**/*'
-  gem.extra_rdoc_files.exclude 'README.md.tpl'
-  # dependencies defined in Gemfile
-end
-Juwelier::RubygemsDotOrgTasks.new
+# frozen_string_literal: true
 
-require 'rspec/core'
+require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 
-desc "run specs"
+desc 'run specs'
 RSpec::Core::RakeTask.new
 
-task :default => [:spec, :readme]
+task default: %i[spec readme]
+
+task :init do
+  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), 'lib'))
+  require 'pedump'
+  require 'pedump/cli'
+end
 
 namespace :test do
-  desc "test on all files in given path"
-  task :all_files do
-    require './lib/pedump'
-    require './lib/pedump/cli'
-    path = ENV['path'] || raise("run me with path=...")
+  desc 'test on all files in given path'
+  task all_files: :init do
+    path = ENV['path'] || raise('run me with path=...')
     `find #{path} -type f`.split("\n").each do |fname|
       puts "\n### #{fname}\n"
       PEdump::CLI.new(fname).run
@@ -50,37 +25,33 @@ namespace :test do
   end
 
   namespace :all_files do
-    desc "output file name to stderr, use with stdout redirection"
-    task :stderr do
-      require './lib/pedump'
-      require './lib/pedump/cli'
-      path = ENV['path'] || raise("run me with path=...")
+    desc 'output file name to stderr, use with stdout redirection'
+    task stderr: :init do
+      path = ENV['path'] || raise('run me with path=...')
       `find #{path} -type f`.split("\n").each do |fname|
-        STDERR.puts "\n### #{fname}\n"
+        warn "\n### #{fname}\n"
         PEdump::CLI.new(fname).run
       end
     end
   end
 
-  desc "test on corkami binaries"
-  task :corkami do
-      require './lib/pedump'
-      require './lib/pedump/cli'
-      path = "samples/corkami"
-      `find #{path} -type f`.split("\n").each do |fname|
-        STDERR.puts "\n### #{fname}\n"
-        PEdump::CLI.new(fname).run
-      end
+  desc 'test on corkami binaries'
+  task corkami: :init do
+    path = 'samples/corkami'
+    `find #{path} -type f`.split("\n").each do |fname|
+      warn "\n### #{fname}\n"
+      PEdump::CLI.new(fname).run
+    end
   end
 end
 
-def check_file url, params = {}
+def check_file(url, params = {})
   require 'digest/md5'
   require 'open-uri'
 
   params[:min_size] ||= 80_000
 
-  STDOUT.sync = true
+  $stdout.sync = true
   prefix = params[:prefix]
   fname = File.join 'data', (prefix ? "#{prefix}-" : '') + File.basename(url)
   existing_md5 = File.exist?(fname) ? Digest::MD5.file(fname).hexdigest : ''
@@ -88,127 +59,124 @@ def check_file url, params = {}
   remote_data = URI.open(url).read.force_encoding('cp1252').encode('utf-8')
   puts "#{remote_data.size} bytes"
   raise "too small remote data (#{remote_data.size})" if remote_data.size < params[:min_size]
-  remote_md5   = Digest::MD5.hexdigest(remote_data)
+
+  remote_md5 = Digest::MD5.hexdigest(remote_data)
   if remote_md5 == existing_md5
-    puts "[.] same as local"
+    puts '[.] same as local'
   else
     existing_size = File.exist?(fname) ? File.size(fname) : 0
-    File.open(fname,"wb"){ |f| f << remote_data }
+    File.write(fname, remote_data, mode: 'wb')
     puts "[*] updated: #{existing_size} -> #{remote_data.size}"
   end
 end
 
-RICH_IDS_URL = "https://raw.githubusercontent.com/dishather/richprint/master/comp_id.txt"
+RICH_IDS_URL = 'https://raw.githubusercontent.com/dishather/richprint/master/comp_id.txt'
 
 namespace :rich do
-  desc "update rich comp_id db from net"
+  desc 'update rich comp_id db from net'
   task :update do
-    check_file RICH_IDS_URL, :min_size => 30_000
+    check_file RICH_IDS_URL, min_size: 30_000
   end
 
-  desc "convert"
+  desc 'convert'
   task :convert do
     result = [
-      "class PEdump",
+      'class PEdump',
       "  # data from #{RICH_IDS_URL}",
-      "  RICH_IDS = {"
+      '  RICH_IDS = {'
     ]
     n = 0
     t0 = Time.now
-    File.readlines(File.join("data", File.basename(RICH_IDS_URL))).each do |line|
+    File.readlines(File.join('data', File.basename(RICH_IDS_URL))).each do |line|
       line.strip!
       next if line.empty? || line[0] == '#'
+
       comp_id, desc = line.split(nil, 2)
       raise unless comp_id =~ /\A[0-9a-fA-F]+\Z/
+
       result << "    0x#{comp_id} => #{desc.inspect},"
       n += 1
     end
-    result << "  }"
-    result << "end"
-    printf "[.] parsed %d definitions in %6.3fs\n", n, Time.now-t0
-    File.write("lib/pedump/rich.rb", result.join("\n") + "\n")
+    result << '  }'
+    result << 'end'
+    printf "[.] parsed %d definitions in %6.3fs\n", n, Time.now - t0
+    File.write('lib/pedump/rich.rb', result.join("\n") + "\n")
   end
 end
 
 namespace :sigs do
-  desc "update packers db from net"
-  task :update do
-    require './lib/pedump/packer'
-    check_file "http://research.pandasecurity.com/blogs/images/userdb.txt"
-    check_file "http://fuu.googlecode.com/svn/trunk/src/x86/Tools/Signaturesdb/signatures.txt"
-    check_file "http://handlers.sans.edu/jclausing/userdb.txt", :prefix => "jc"
-  end
-
-  desc "convert txt2bin"
-  task :convert do
+  desc 'convert txt2bin'
+  task convert: :init do
     require './lib/pedump/packer'
     t0 = Time.now
-    sigs = PEdump::SigParser.parse :optimize => true, :verbose => true
-    printf "[.] parsed %d definitions in %6.3fs\n", sigs.size, Time.now-t0
-    File.open(PEdump::Packer::BIN_SIGS_FILE,"wb"){ |f| Marshal.dump(sigs,f) }
+    sigs = PEdump::SigParser.parse optimize: true
+    printf "[.] parsed %d definitions in %6.3fs\n", sigs.size, Time.now - t0
+    File.open(PEdump::Packer::BIN_SIGS_FILE, 'wb') { |f| Marshal.dump(sigs, f) }
   end
 
-  desc "dump"
-  task :dump do
+  desc 'dump'
+  task dump: :init do
     require './lib/pedump/packer'
-    require 'awesome_print'
-    PEdump::Packer.all.
-      group_by{ |sig| sig.name }.
-      sort_by{|name,sigs| name }.
-      each do |name,sigs|
-        next if sigs.size == 1
-        puts name.green
-        sigs.each do |sig|
-          printf "    %-5s  %s\n", sig.ep_only, sig.re.source.inspect
-        end
+    PEdump::Packer.all
+                  .group_by(&:name)
+                  .sort_by { |name, _sigs| name }
+                  .each do |name, sigs|
+      next if sigs.size == 1
+
+      puts name
+      sigs.each do |sig|
+        printf "    %-5s  %s\n", sig.ep_only, sig.re.source.inspect
       end
+    end
   end
 end
 
-desc "build readme"
+desc 'build readme'
 task :readme do
   require 'erb'
   tpl = File.read('README.md.tpl').gsub(/^%\s+(.+)/) do |x|
-    x.sub! /^%/,''
+    x.sub!(/^%/, '')
     "<%= run(\"#{x}\") %>"
   end
-  def run cmd
+  def run(cmd)
     cmd.strip!
     puts "[.] #{cmd} ..."
     r = "    # #{cmd}\n\n"
-    cmd.sub! /^pedump/,"../bin/pedump"
-    lines = `#{cmd}`.sub(/\A\n+/m,'').sub(/\s+\Z/,'').split("\n")
-    lines = lines[0,25] + ['...'] if lines.size > 50 && cmd.split.last != '-h'
-    r << lines.map{|x| "    #{x}"}.join("\n")
+    cmd.sub!(/^pedump/, '../bin/pedump')
+    lines = `#{cmd}`.sub(/\A\n+/m, '').sub(/\s+\Z/, '').split("\n")
+    lines = lines[0, 25] + ['...'] if lines.size > 50 && cmd.split.last != '-h'
+    r << lines.map { |x| "    #{x}" }.join("\n")
     r << "\n"
   end
   Dir.chdir 'samples'
-  result = ERB.new(tpl,nil,'%>').result
+  result = ERB.new(tpl, trim_mode: '%>').result
   Dir.chdir '..'
-  File.open('README.md','w'){ |f| f << result }
+  File.write('README.md', result)
 end
 
 namespace :console do
-  desc "start console with PEdump::Loader with loaded file"
+  desc 'start console with PEdump::Loader with loaded file'
   task :load do
-    raise "gimme a fname" unless fname = ENV['fname']
+    raise 'gimme a fname' unless (fname = ENV['fname'])
+
     require './lib/pedump'
     require './lib/pedump/loader'
     require 'pp'
-    File.open(fname,"rb") do |f|
+    File.open(fname, 'rb') do |f|
       @ldr = PEdump::Loader.new f
-      puts "[.] loader is at @ldr"
+      puts '[.] loader is at @ldr'
       pp @ldr.sections
-      Rake::Task["console"].execute
+      Rake::Task['console'].execute
     end
   end
 end
 
-desc "compare two PE files"
+desc 'compare two PE files'
 task :cmp do
-  raise "gimme a f1" unless f1 = ENV['f1']
-  raise "gimme a f2" unless f2 = ENV['f2']
+  raise 'gimme a f1' unless (f1 = ENV['f1'])
+  raise 'gimme a f2' unless (f2 = ENV['f2'])
+
   require './lib/pedump'
   require './lib/pedump/comparer'
-  PEdump::Comparer.cmp(f1,f2)
+  PEdump::Comparer.cmp(f1, f2)
 end

data/data/jc-userdb.txt

@@ -4301,13 +4301,9 @@ signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24
 ep_only = false
 
 [Microsoft Visual C++ 6.0 - 8.0]
-signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3 &# 40 ;T RU NC AT ED HE RE &# 41
+signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3
 ep_only = true
 
-[Microsoft Visual C++ 6.0 - 8.0]
-signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3 (TRUNCATED HERE&#41
-ep_only = false
-
 [Microsoft Visual C++ 6.0 - 8.0]
 signature = 8B 44 24 08 85 C0 0F 84 ?? ?? ?? ?? 83 F8 01 8B 0D ?? ?? ?? ?? 8B 09 89 0D ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 68 80 00 00 00 FF 15 ?? ?? ?? ?? 85 C0 59 A3 ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? 83 20 00 A1 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? A3 ?? ?? ?? ?? E8
 ep_only = false
@@ -9946,7 +9942,7 @@ signature = E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF
 ep_only = true
 
 [UPX-Shit v0.1 -> 500mhz]
-signature = E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? <SPAN STYLE="FONT-WEIGHT: BOLD">01</SPAN> ?? ?? ?? 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
+signature = E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 01 ?? ?? ?? 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
 ep_only = true
 
 [UPX-Shit v0.1 -> 500mhz]