pedump 0.7.3 → 0.7.5

data/lib/pedump/cli.rb

@@ -145,6 +145,12 @@ class PEdump::CLI
       opts.on "--file2va OFFSET", "Convert file offset to VA" do |offset|
         @actions << [:file2va, offset]
       end
+      opts.on "--rva2file RVA", "Convert RVA to file offset" do |va|
+        @actions << [:rva2file, va]
+      end
+      opts.on "--file2rva OFFSET", "Convert file offset to RVA" do |offset|
+        @actions << [:file2rva, offset]
+      end
 
       opts.separator ''
       opts.on "--set-os-version VER", "Patch OS version in PE header" do |ver|
@@ -287,7 +293,7 @@ class PEdump::CLI
     require 'digest/md5'
     require 'open-uri'
     require 'net/http'
-    require 'net/http/post/multipart'
+    require 'pedump/multipart'
 
     stdout_sync = $stdout.sync
     $stdout.sync = true
@@ -314,12 +320,26 @@ class PEdump::CLI
 
     f.rewind
 
-    # upload with progress
+    # upload with progress using manual multipart POST
     post_url = URI.parse(URL_BASE+'/upload')
-    # UploadIO is from multipart-post
-    uio = UploadIO.new(f, "application/octet-stream", File.basename(f.path))
-    ppx = ProgressProxy.new(uio)
-    req = Net::HTTP::Post::Multipart.new post_url.path, "file" => ppx
+    boundary = MultipartBody.generate_boundary
+    filename = File.basename(f.path)
+
+    # Build multipart body parts
+    header_part = "--#{boundary}\r\n" \
+                  "Content-Disposition: form-data; name=\"file\"; filename=\"#{filename}\"\r\n" \
+                  "Content-Type: application/octet-stream\r\n\r\n"
+    footer_part = "\r\n--#{boundary}--\r\n"
+
+    content_length = header_part.bytesize + f.size + footer_part.bytesize
+
+    req = Net::HTTP::Post.new(post_url.path)
+    req['Content-Type'] = "multipart/form-data; boundary=#{boundary}"
+    req['Content-Length'] = content_length
+
+    ppx = ProgressProxy.new(f)
+    req.body_stream = MultipartBody.new(header_part, ppx, footer_part, content_length)
+
     res = Net::HTTP.start(post_url.host, post_url.port, use_ssl: (post_url.scheme == 'https')) do |http|
       http.request(req)
     end
@@ -355,7 +375,7 @@ class PEdump::CLI
       end
     end
 
-    puts "[.] ldr = PEdump::Loader.new(open(#{f.path.inspect}))".gray
+    puts "[.] ldr = PEdump::Loader.new(open(#{f.path.inspect}))"
     IRB.start
   end
 
@@ -385,13 +405,17 @@ class PEdump::CLI
       case action[0]
       when :disasm
         return
-      when :va2file, :file2va
+      when :rva2file, :file2rva, :va2file, :file2va
         cmd = action[0]
         @pedump.sections(f)
-        va = action[1] =~ /(^0x)|(h$)/i ? action[1].to_i(16) : action[1].to_i
-        file_offset = @pedump.send(cmd, va)
-        if file_offset
-          printf("%s(0x%x) = 0x%x  (%d)\n", cmd, va, file_offset, file_offset)
+        arg = action[1] =~ /(^0x)|(h$)/i ? action[1].to_i(16) : action[1].to_i
+        result = @pedump.send(cmd, arg)
+        if result
+          if @options[:format] == :hex
+            puts result.to_s(16)
+          else
+            printf("%s(0x%x) = 0x%x  (%d)\n", cmd, arg, result, result)
+          end
         else
           @success = false
         end
@@ -652,7 +676,7 @@ class PEdump::CLI
 
   def dump_clr_streams data
     clr_header = @pedump.clr_header
-    clr_data_file_ofs = clr_header.MetaData.va.to_i > 0 && @pedump.va2file(clr_header.MetaData.va)
+    clr_data_file_ofs = clr_header.MetaData.va.to_i > 0 && @pedump.rva2file(clr_header.MetaData.va)
 
     fmt = "%8x %8x  %-32s\n"
     printf fmt.tr('x','s'), *%w'offset size name'
@@ -675,7 +699,7 @@ class PEdump::CLI
     blob_stream = @pedump.clr_streams.find{ |s| s.name == "#Blob" }
 
     clr_header = @pedump.clr_header
-    clr_data_file_ofs = clr_header.MetaData.va.to_i > 0 && @pedump.va2file(clr_header.MetaData.va)
+    clr_data_file_ofs = clr_header.MetaData.va.to_i > 0 && @pedump.rva2file(clr_header.MetaData.va)
     blob_file_ofs = blob_stream.offset + clr_data_file_ofs if blob_stream
     blob_size = blob_stream&.size
 
@@ -892,7 +916,7 @@ class PEdump::CLI
     if @options[:verbose] > 0
       [%w'Names', %w'EntryPoints Functions', %w'Ordinals NameOrdinals'].each do |x|
         va  = data["AddressOf"+x.last]
-        ofs = @pedump.va2file(va) || '?'
+        ofs = @pedump.rva2file(va) || '?'
         printf("# %-12s rva=0x%08x  file_offset=%8s\n", x.first, va, ofs) if va
       end
     end
@@ -1132,7 +1156,7 @@ class PEdump::CLI
       exit(1)
     end
     if entry.size != 0
-      _copy_stream @pedump.io, $stdout, entry.size, @pedump.va2file(entry.va)
+      _copy_stream @pedump.io, $stdout, entry.size, @pedump.rva2file(entry.va)
     end
   end
 

data/lib/pedump/clr/readytorun.rb

@@ -102,7 +102,7 @@ class PEdump
     dir = hdr.ManagedNativeHeader
     return nil if !dir || (dir.va.to_i == 0 && dir.size.to_i == 0)
 
-    file_offset = va2file(dir.va)
+    file_offset = rva2file(dir.va)
     return nil unless file_offset
 
     f.seek(file_offset)

data/lib/pedump/clr.rb

@@ -584,7 +584,7 @@ class PEdump
     dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::CLR_Header]
     return nil if !dir || (dir.va == 0 && dir.size == 0)
 
-    file_offset = va2file(dir.va)
+    file_offset = rva2file(dir.va)
     return nil unless file_offset
 
     if f.checked_seek(file_offset)
@@ -601,7 +601,7 @@ class PEdump
     dir = hdr&.MetaData
     return nil if !dir || (dir.va.to_i == 0 || dir.size.to_i == 0)
 
-    file_offset = va2file(dir.va)
+    file_offset = rva2file(dir.va)
     return nil unless file_offset
 
     if f.checked_seek(file_offset)
@@ -635,7 +635,7 @@ class PEdump
     streams.each do |stream|
       next unless stream.name == '#Strings'
 
-      unless f.checked_seek(va2file(dir.va) + stream.offset)
+      unless f.checked_seek(rva2file(dir.va) + stream.offset)
         logger.warn "[?] Error seeking to CLR strings stream"
         return nil
       end
@@ -678,7 +678,7 @@ class PEdump
     streams.each do |stream|
       next if stream.name != '#~' && stream.name != '#-' # Metadata Table Stream
 
-      unless f.checked_seek(va2file(dir.va) + stream.offset)
+      unless f.checked_seek(rva2file(dir.va) + stream.offset)
         logger.warn "[?] Error seeking to CLR table stream"
         return nil
       end

data/lib/pedump/colors.rb

@@ -0,0 +1,29 @@
+module PEdump::Colors
+  def gray(str)
+    "\e[1;30m#{str}\e[0m"
+  end
+
+  def red(str)
+    "\e[1;31m#{str}\e[0m"
+  end
+
+  def green(str)
+    "\e[1;32m#{str}\e[0m"
+  end
+
+  def yellow(str)
+    "\e[1;33m#{str}\e[0m"
+  end
+
+  def redish(str)
+    "\e[0;31m#{str}\e[0m"
+  end
+
+  def greenish(str)
+    "\e[0;32m#{str}\e[0m"
+  end
+
+  def yellowish(str)
+    "\e[0;33m#{str}\e[0m"
+  end
+end

data/lib/pedump/comparer.rb

@@ -1,4 +1,5 @@
 require 'pedump'
+require 'pedump/colors'
 require 'pedump/loader'
 
 ########################################################################
@@ -9,6 +10,8 @@ class PEdump::Comparer
   attr_accessor :verbose
   attr_accessor :ignored_data_dirs, :ignored_sections
 
+  include PEdump::Colors
+
   METHODS = [:sections, :data_dirs, :imports, :resources, :pe_hdr]
 
   def initialize ldr1, ldr2
@@ -53,12 +56,12 @@ class PEdump::Comparer
 
       if !s2
         r = false
-        printf "[!] extra section %-12s in %s\n".red, s1.name.inspect, f1
+        printf red("[!] extra section %-12s in %s\n"), s1.name.inspect, f1
       elsif s1.data == s2.data
-        printf "[.] section: %s == %s\n".green, s1.name, s2.name if @verbose
+        printf green("[.] section: %s == %s\n"), s1.name, s2.name if @verbose
       else
         r = false
-        printf "[!] section: %s != %s\n".red, s1.name, s2.name
+        printf red("[!] section: %s != %s\n"), s1.name, s2.name
         self.class.cmp_ios *[s1,s2].map{ |section| StringIO.new(section.data) }
       end
     end
@@ -81,14 +84,14 @@ class PEdump::Comparer
 
       if d1.va != d2.va && d1.size != d2.size
         r = false
-        printf "[!] data_dir: %-12s:  SIZE & VA: %6x %6x  |  %6x %6x\n".red, d1.type,
+        printf red("[!] data_dir: %-12s:  SIZE & VA: %6x %6x  |  %6x %6x\n"), d1.type,
           d1.va, d1.size, d2.va, d2.size
       elsif d1.va != d2.va
         r = false
-        printf "[!] data_dir: %-12s:  VA       : %x != %x\n".red, d1.type, d1.va, d2.va
+        printf red("[!] data_dir: %-12s:  VA       : %x != %x\n"), d1.type, d1.va, d2.va
       elsif d1.size != d2.size
         r = false
-        printf "[!] data_dir: %-12s:  SIZE     : %x != %x\n".red, d1.type, d1.size, d2.size
+        printf red("[!] data_dir: %-12s:  SIZE     : %x != %x\n"), d1.type, d1.size, d2.size
       end
     end
     r
@@ -98,7 +101,7 @@ class PEdump::Comparer
     @ldr1.pedump.imports.each_with_index do |iid1,idx|
       iid2 = @ldr2.pedump.imports[idx]
       if iid1 != iid2
-        puts "[!] diff imports".red
+        puts red("[!] diff imports")
         return false
       end
     end
@@ -133,9 +136,9 @@ class PEdump::Comparer
         bytes = ios.map(&:readbyte)
         if bytes.uniq.size > 1
           ndiff += 1
-          printf ("\t%08x:"+" %02x"*ios.size).yellow+"\n", ios[0].pos-1, *bytes
+          printf(yellow("\t%08x:"+" %02x"*ios.size)+"\n", ios[0].pos-1, *bytes)
           if ndiff >= 5
-            puts "\t...".yellow
+            puts yellow("\t...")
             break
           end
         end

data/lib/pedump/loader/minidump.rb

@@ -21,13 +21,13 @@ class PEdump
 
   MINIDUMP_LOCATION_DESCRIPTOR = IOStruct.new 'LL', :DataSize, :Rva
 
-  class MINIDUMP_DIRECTORY < IOStruct.new 'L', :StreamType, :Location
-    def self.read io
-      r = super
-      r.Location = MINIDUMP_LOCATION_DESCRIPTOR.read(io)
-      r
-    end
-  end
+  # Using nested struct - Location is automatically parsed
+  MINIDUMP_DIRECTORY = IOStruct.new(
+    fields: {
+      StreamType: 'uint32_t',
+      Location:   MINIDUMP_LOCATION_DESCRIPTOR,
+    }
+  )
 
   MINIDUMP_MEMORY_INFO = IOStruct.new 'QQLLQLLLL',
     :BaseAddress,

data/lib/pedump/logger.rb

@@ -1,4 +1,4 @@
-require 'awesome_print' # for colored tty logging
+require 'pedump/colors'
 
 class PEdump
   class Logger < ::Logger
@@ -39,6 +39,8 @@ class PEdump
   end
 
   class ColoredLogger < ::Logger
+    include PEdump::Colors
+
     def initialize *args
       super
       @formatter = proc do |severity,_,_,msg|
@@ -58,7 +60,7 @@ class PEdump
             when 'DEBUG'
               :gray
             end
-          "#{color ? msg.send(color) : msg}\n"
+          "#{color ? send(color, msg) : msg}\n"
         end
       end
       @level = WARN

data/lib/pedump/multipart.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+class PEdump
+  class CLI
+    # Streaming multipart body for file uploads
+    class MultipartBody
+      BOUNDARY_CHARS = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a
+
+      def self.generate_boundary
+        "----PEdumpUpload#{Array.new(32) { BOUNDARY_CHARS.sample }.join}"
+      end
+
+      def initialize(header, file_io, footer, total_size)
+        @parts = [
+          StringIO.new(header),
+          file_io,
+          StringIO.new(footer)
+        ]
+        @part_index = 0
+        @size = total_size
+      end
+
+      attr_reader :size
+
+      def read(length = nil, outbuf = nil)
+        outbuf ||= String.new
+        outbuf.clear
+        outbuf.force_encoding(Encoding::BINARY)
+
+        return nil if @part_index >= @parts.length
+
+        while @part_index < @parts.length
+          chunk = if length
+                    @parts[@part_index].read(length - outbuf.bytesize)
+                  else
+                    @parts[@part_index].read
+                  end
+
+          if chunk
+            outbuf << chunk
+            break if length && outbuf.bytesize >= length
+          else
+            @part_index += 1
+          end
+        end
+
+        outbuf.empty? && length ? nil : outbuf
+      end
+
+      def rewind
+        @parts.each(&:rewind)
+        @part_index = 0
+      end
+    end
+  end
+end

data/lib/pedump/packer.rb

@@ -73,7 +73,7 @@ class PEdump
         elsif va == 0 && pe.dll?
           pedump.logger.debug "[.] it's a DLL with no EntryPoint"
           nil
-        elsif !(ofs = pedump.va2file(va))
+        elsif !(ofs = pedump.rva2file(va))
           pedump.logger.error "[?] can't find EntryPoint RVA (0x#{va.to_s(16)}) file offset"
           nil
         else

data/lib/pedump/resources.rb

@@ -403,7 +403,7 @@ class PEdump
             end
           end
         when IMAGE_RESOURCE_DATA_ENTRY
-          file_offset = va2file(entry.data.OffsetToData, :quiet => (@pe_res_errors > MAX_ERRORS))
+          file_offset = rva2file(entry.data.OffsetToData, :quiet => (@pe_res_errors > MAX_ERRORS))
           unless file_offset
             @pe_res_errors += 1
             if @pe_res_errors > MAX_ERRORS

data/lib/pedump/sig_parser.rb

@@ -1,3 +1,5 @@
+#coding: binary
+
 class PEdump
   module SigParser
 
@@ -47,8 +49,6 @@ class PEdump
           puts "[=] #{sigs.size-n0} sigs from #{File.basename(fname)}\n\n" if args[:verbose]
         end
 
-        bins = Hash.new{ |k,v| k[v] = ''.force_encoding('binary') }
-
         # convert strings to Regexps
         sigs = sigs.values
         sigs.each_with_index do |sig,idx|
@@ -57,16 +57,14 @@ class PEdump
               sig.size = a.size
             end.map do |x|
               case x
-              when /\A\?\?\Z/
-                bins[sig] << '.'
-                '.'
-              when /\A.\?/,/\?.\Z/
-                puts "[?] #{x.inspect} -> \"??\" in #{sig.name}" if args[:verbose]
-                bins[sig] << '.'
+              when /\A\?\?\z/
                 '.'
-              when /\A[a-f0-9]{2}\Z/i
+              when /\A\h\?\z/ # 'f?'
+                "[\\x#{x[0]}0-\\x#{x[0]}f]"
+              when /\A\?\h\z/ # '?4'
+                '[' + (0..15).map{ |i| "\\x#{i.to_s(16)}#{x[1]}" }.join + ']'
+              when /\A[a-f0-9]{2}\z/i
                 x = x.to_i(16).chr
-                bins[sig] << x
                 if args[:raw]
                   x
                 elsif args[:raword]
@@ -89,34 +87,6 @@ class PEdump
         sigs.delete_if{ |sig| !sig.re || sig.re.index('BAD_RE') }
         return sigs if args[:raw] || args[:raword]
 
-#        require 'awesome_print'
-#        bins.each do |bin_sig, bin|
-#          next if bin.size < 5
-#          #next unless bin_sig.name['UPX']
-#
-#          bin_re = Regexp.new(bin_sig.re.join, Regexp::MULTILINE)
-#          was = false
-#          sigs.each do |sig|
-#            next if sig.size < 5 || sig == bin_sig
-#            #next unless sig.name['UPX']
-#
-#            re = Regexp.new(sig.re.join, Regexp::MULTILINE)
-#            if bin.index(re) == 0
-#              rd = _re_diff(bin_re.source, re.source)
-#              if rd.any? && rd.size <= 4
-#                #if sig.name.split.first.upcase != bin_sig.name.split.first.upcase
-#                  puts "\n[.] #{bin_sig.name.yellow}\n#{bin_re.source.inspect.red}" unless was
-#                  puts "[=] #{sig.name}"
-#                  puts re.source.inspect.green
-#                  p rd
-#                  was = true
-#                #end
-#              end
-#            end
-#          end
-#        end
-
-
         optimize sigs if args[:optimize]
 
         # convert re-arrays to Regexps
@@ -141,6 +111,7 @@ class PEdump
         return if sig.name == "JAR Archive"
         return if sig.name == "Turbo / Borland Pascal v7.x Unit"
         return if sig.re == "54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F" # dos stub
+        return if sig.re =~ /T RU E/
 
         sig.name.sub!(/^\*\s+/,    '')
         sig.name.sub!(/\s+\(h\)$/, '')
@@ -172,8 +143,8 @@ class PEdump
 
         # too short signatures
         if sig.re.split.delete_if{ |x| x['?'] }.size < 3
-          require 'awesome_print'
-          puts sig.inspect.red
+          puts "[?] too short signature: #{sig.inspect}" if args[:verbose]
+          return
         end
 
         # fs.txt contains a lot of signatures that copied from other sources
@@ -223,12 +194,6 @@ class PEdump
         return if d.all?(&:empty?) # no different words => can keep ANY name
 
 
-#        if name1 =~ /pecompact/i
-#          require 'awesome_print'
-#          puts "[d] #{name1}".yellow
-#          puts "[d] #{name2}".yellow
-#        end
-
         # [["v1.14/v1.20"], ["v1.14,", "v1.20"]]]
         # [["EXEShield", "v0.3b/v0.3", "v0.6"], ["Shield", "v0.3b,", "v0.3"]]]
         2.times do |i|
@@ -241,9 +206,6 @@ class PEdump
           end
         end
 
-#        require 'awesome_print'
-#        puts "[d] #{name1.yellow} #{name2.green}"
-
         a = name1.split
         b = name2.split
 
@@ -282,12 +244,6 @@ class PEdump
         new_name = new_name_head
         new_name << [a.join(' '), b.join(' ')].delete_if{|x| x.empty?}.join(' / ')
         new_name += new_name_tail
-#        if name1 =~ /pecompact/i
-#          p a
-#          p b
-#          p new_name_tail
-#        puts "[=] #{new_name.inspect}".red
-#        end
         new_name = new_name.join(' ')
       end
 

data/lib/pedump/te.rb

@@ -4,33 +4,33 @@ class PEdump
   # https://formats.kaitai.io/uefi_te/index.html
   # http://ho.ax/tag/efi/
   # https://github.com/gdbinit/TELoader
-  
-  EFI_IMAGE_DATA_DIRECTORY = IOStruct.new( "VV", :va, :size )
+
+  EFI_IMAGE_DATA_DIRECTORY = IOStruct.new("VV", :va, :size)
   EFI_IMAGE_DATA_DIRECTORY::TYPES = %w'BASERELOC DEBUG'
-  EFI_IMAGE_DATA_DIRECTORY::TYPES.each_with_index do |type,idx|
-    EFI_IMAGE_DATA_DIRECTORY.const_set(type,idx)
+  EFI_IMAGE_DATA_DIRECTORY::TYPES.each_with_index do |type, idx|
+    EFI_IMAGE_DATA_DIRECTORY.const_set(type, idx)
   end
 
-  class EFI_TE_IMAGE_HEADER < IOStruct.new 'vvCCvVVQ',
-    :Signature,
-    :Machine,
-    :NumberOfSections,
-    :Subsystem,
-    :StrippedSize,
-    :AddressOfEntryPoint,
-    :BaseOfCode,
-    :ImageBase,
-    :DataDirectory # readed manually: EFI_IMAGE_DATA_DIRECTORY DataDirectory[2]
-
-    REAL_SIZE = SIZE + EFI_IMAGE_DATA_DIRECTORY::SIZE * 2
+  # Using hash format with nested struct array for DataDirectory
+  class EFI_TE_IMAGE_HEADER < IOStruct.new(
+    fields: {
+      Signature:          'uint16_t',
+      Machine:            'uint16_t',
+      NumberOfSections:   'uint8_t',
+      Subsystem:          'uint8_t',
+      StrippedSize:       'uint16_t',
+      AddressOfEntryPoint: 'uint32_t',
+      BaseOfCode:         'uint32_t',
+      ImageBase:          'uint64_t',
+      DataDirectory:      { type: EFI_IMAGE_DATA_DIRECTORY, count: 2 },
+    }
+  )
+    REAL_SIZE = SIZE
 
     attr_accessor :sections
 
     def self.read io, args = {}
       super(io).tap do |te|
-        te.DataDirectory = 2.times.map do
-          EFI_IMAGE_DATA_DIRECTORY.read(io)
-        end
         te.sections = PE.read_sections(io, te.NumberOfSections, args)
       end
     end

data/lib/pedump/tls.rb

@@ -1,17 +1,15 @@
 class PEdump
-  IMAGE_TLS_DIRECTORY32 = IOStruct.new 'V6',
-    :StartAddressOfRawData,
-    :EndAddressOfRawData,
-    :AddressOfIndex,
-    :AddressOfCallBacks,
-    :SizeOfZeroFill,
-    :Characteristics
+  TLS_DIRECTORY_FIELDS = %i[
+    StartAddressOfRawData
+    EndAddressOfRawData
+    AddressOfIndex
+    AddressOfCallBacks
+    SizeOfZeroFill
+    Characteristics
+  ].freeze
 
-  IMAGE_TLS_DIRECTORY64 = IOStruct.new 'Q4V2',
-    :StartAddressOfRawData,
-    :EndAddressOfRawData,
-    :AddressOfIndex,
-    :AddressOfCallBacks,
-    :SizeOfZeroFill,
-    :Characteristics
+  # 32-bit: all fields are 32-bit (V6)
+  # 64-bit: first 4 fields are 64-bit pointers (Q4), last 2 are 32-bit (V2)
+  IMAGE_TLS_DIRECTORY32 = IOStruct.new('V6', *TLS_DIRECTORY_FIELDS)
+  IMAGE_TLS_DIRECTORY64 = IOStruct.new('Q4V2', *TLS_DIRECTORY_FIELDS)
 end

data/lib/pedump/unpacker/aspack.rb

@@ -788,13 +788,13 @@ class PEdump::Unpacker::ASPack
     ###
 
     rebuild_tls :step => 1
-    sorted_obj_tbl = @obj_tbl.sort_by{ |x| @ldr.pedump.va2file(x.va) }
+    sorted_obj_tbl = @obj_tbl.sort_by{ |x| @ldr.pedump.rva2file(x.va) }
     sorted_obj_tbl.each_with_index do |obj,idx|
       # restore section flags, if any
       @ldr.va2section(obj.va).flags = obj.flags if obj.flags
 
       next if obj.size < 0 # empty section
-      #file_offset = @ldr.pedump.va2file(obj.va)
+      #file_offset = @ldr.pedump.rva2file(obj.va)
       #@io.seek file_offset
       packed_size =
         if idx == sorted_obj_tbl.size - 1
@@ -802,7 +802,7 @@ class PEdump::Unpacker::ASPack
           obj.size
         else
           # subtract this file_offset from next object file_offset
-          @ldr.pedump.va2file(sorted_obj_tbl[idx+1].va) - @ldr.pedump.va2file(obj.va)
+          @ldr.pedump.rva2file(sorted_obj_tbl[idx+1].va) - @ldr.pedump.rva2file(obj.va)
         end
       #packed_data = @io.read packed_size
       packed_data = @ldr[obj.va, packed_size]
@@ -840,7 +840,7 @@ if __FILE__ == $0
       next unless packer = Array(pedump.packer(f)).first
       next unless packer.name =~ /aspack/i
 
-      STDERR.puts "\n=== #{fname}".green
+      STDERR.puts "\n=== #{fname}"
 
       f.rewind
       unpacker = PEdump::Unpacker::ASPack.new(f,

data/lib/pedump/version.rb

@@ -1,7 +1,5 @@
+# frozen_string_literal: true
+
 class PEdump
-  module Version
-    STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
-    MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
-    BUILD = nil
-  end
+  VERSION = '0.7.5'
 end