pedump 0.7.3 → 0.7.5

data/lib/pedump.rb

@@ -9,6 +9,7 @@ unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
   require 'pedump/core_ext/try'
 end
 
+require 'pedump/version'
 require 'pedump/core'
 require 'pedump/ordlookup'
 require 'pedump/pe'
@@ -30,7 +31,6 @@ require 'pedump/clr'
 class PEdump
   attr_accessor :fname, :logger, :force, :io
 
-  VERSION    = Version::STRING
   MAX_ERRORS = 100
   MAX_IMAGE_IMPORT_DESCRIPTORS = 1000
   MAX_EXPORT_NUMBER_OF_NAMES = 16384 # got 7977 in https://pedump.me/03ad7400080678c6b1984f995d36fd04
@@ -397,7 +397,7 @@ class PEdump
   alias :rich_header :rich_hdr
   alias :rich        :rich_hdr
 
-  def va2file va, h={}
+  def rva2file va, h={}
     return nil if va.nil?
 
     va0 = va # save for log output of original addr
@@ -445,7 +445,11 @@ class PEdump
     nil
   end
 
-  def file2va offset, h = {}
+  def va2file va, h = {}
+    va && rva2file(va - @pe.ioh.ImageBase.to_i, h)
+  end
+
+  def file2rva offset, h = {}
     return nil if offset.nil?
 
     # a special case - PE without sections
@@ -465,6 +469,11 @@ class PEdump
     nil
   end
 
+  def file2va offset, h = {}
+    va = file2rva(offset, h)
+    va && (va + @pe.ioh.ImageBase.to_i)
+  end
+
   # OPTIONAL: assigns @mz, @rich_hdr, @pe, etc
   def dump f=@io
     if f.is_a?(String)
@@ -601,7 +610,7 @@ class PEdump
     return nil unless pe(f) && pe(f).ioh && f
 
     imports = imports(f)
-    return nil if imports.empty?
+    return nil if imports.nil? || imports.empty?
 
     a = []
     imports.each do |iid|
@@ -628,7 +637,7 @@ class PEdump
     dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::IMPORT]
     return [] if !dir || (dir.va == 0 && dir.size == 0)
 
-    file_offset = va2file(dir.va)
+    file_offset = rva2file(dir.va)
     return nil unless file_offset
 
     # scan TLS first, to catch many fake imports trick from
@@ -636,7 +645,7 @@ class PEdump
     tls_aoi = nil
     if (tls = tls(f)) && tls.any?
       tls_aoi = tls.first.AddressOfIndex.to_i - @pe.ioh.ImageBase.to_i
-      tls_aoi = tls_aoi > 0 ? va2file(tls_aoi) : nil
+      tls_aoi = tls_aoi > 0 ? rva2file(tls_aoi) : nil
     end
 
     r = []; t = nil
@@ -672,7 +681,7 @@ class PEdump
         @imports = @imports[0,iidx]
         break
       end
-      if x.Name.to_i != 0 && (ofs = va2file(x.Name))
+      if x.Name.to_i != 0 && (ofs = rva2file(x.Name))
         begin
         f.seek ofs
         rescue
@@ -683,7 +692,7 @@ class PEdump
       end
       [:original_first_thunk, :first_thunk].each do |tbl|
         camel = tbl.capitalize.to_s.gsub(/_./){ |char| char[1..-1].upcase}
-        if x[camel].to_i != 0 && (ofs = va2file(x[camel])) && f.checked_seek(ofs)
+        if x[camel].to_i != 0 && (ofs = rva2file(x[camel])) && f.checked_seek(ofs)
           x[tbl] ||= []
           if pe.x64?
             x[tbl] << t while (t = f.read(8).to_s.unpack('Q').first).to_i != 0
@@ -701,7 +710,7 @@ class PEdump
           cache[t] ||=
             if t & mask > 0                                 # 0x8000_0000(_0000_0000)
               ImportedFunction.new(nil,nil,t & (mask-1),va) # 0x7fff_ffff(_ffff_ffff)
-            elsif ofs=va2file(t, :quiet => true)
+            elsif ofs=rva2file(t, :quiet => true)
               if !f.checked_seek(ofs) || f.eof?
                 logger.warn "[?] import ofs 0x#{ofs.to_s(16)} VA=0x#{t.to_s(16)} beyond EOF"
                 nil
@@ -788,7 +797,7 @@ class PEdump
     dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::EXPORT]
     return nil if !dir || (dir.va == 0 && dir.size == 0)
     va = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::EXPORT].va
-    file_offset = va2file(va)
+    file_offset = rva2file(va)
     return nil unless file_offset
     if !f.checked_seek(file_offset) || f.eof?
       logger.warn "[?] exports info beyond EOF"
@@ -798,7 +807,7 @@ class PEdump
       x.entry_points = []
       x.name_ordinals = []
       x.names = []
-      if x.Name.to_i != 0 && (ofs = va2file(x.Name))
+      if x.Name.to_i != 0 && (ofs = rva2file(x.Name))
         f.seek ofs
         if f.eof?
           logger.warn "[?] export ofs 0x#{ofs.to_s(16)} beyond EOF"
@@ -808,7 +817,7 @@ class PEdump
         end
       end
       if x.NumberOfFunctions.to_i > 0
-        if x.AddressOfFunctions.to_i !=0 && (ofs = va2file(x.AddressOfFunctions))
+        if x.AddressOfFunctions.to_i !=0 && (ofs = rva2file(x.AddressOfFunctions))
           f.seek ofs
           x.entry_points = []
           x.NumberOfFunctions.times do
@@ -819,7 +828,7 @@ class PEdump
             x.entry_points << f.read(4).unpack('V').first
           end
         end
-        if x.AddressOfNameOrdinals.to_i !=0 && (ofs = va2file(x.AddressOfNameOrdinals))
+        if x.AddressOfNameOrdinals.to_i !=0 && (ofs = rva2file(x.AddressOfNameOrdinals))
           f.seek ofs
           x.name_ordinals = []
           x.NumberOfNames.times do
@@ -831,7 +840,7 @@ class PEdump
           end
         end
       end
-      if x.NumberOfNames.to_i > 0 && x.AddressOfNames.to_i !=0 && (ofs = va2file(x.AddressOfNames))
+      if x.NumberOfNames.to_i > 0 && x.AddressOfNames.to_i !=0 && (ofs = rva2file(x.AddressOfNames))
         f.seek ofs
         x.names = []
         x.NumberOfNames.times do
@@ -844,7 +853,7 @@ class PEdump
         nErrors = 0
         x.names.size.times do |i|
           begin
-            f.seek va2file(x.names[i])
+            f.seek rva2file(x.names[i])
             x.names[i] = f.gets("\x00").to_s.chomp("\x00")
           rescue
             nErrors += 1
@@ -890,7 +899,7 @@ class PEdump
       begin
         dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::TLS]
         return nil if !dir || dir.va == 0
-        return nil unless file_offset = va2file(dir.va)
+        return nil unless file_offset = rva2file(dir.va)
         f.seek file_offset
         if f.eof?
           logger.info "[?] TLS info beyond EOF"
@@ -947,7 +956,10 @@ class PEdump
   ##############################################################################
 
   def tail f=@io
-    tail_start = sections(f).map{ |s| s.PointerToRawData + s.SizeOfRawData }.max
+    secs = sections(f)
+    return nil if secs.nil? || secs.empty?
+
+    tail_start = secs.map{ |s| s.PointerToRawData + s.SizeOfRawData }.max
     if tail_start && tail_start < f.size
       f.seek tail_start
       f

data/pedump.gemspec

@@ -1,94 +1,35 @@
-# Generated by juwelier
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-# stub: pedump 0.7.3 ruby lib
+# frozen_string_literal: true
+
+require 'English'
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pedump/version'
 
 Gem::Specification.new do |s|
-  s.name = "pedump".freeze
-  s.version = "0.7.3".freeze
+  s.name        = 'pedump'
+  s.version     = PEdump::VERSION
+  s.authors     = ['Andrey "Zed" Zaikin']
+  s.email       = 'zed.0xff@gmail.com'
+  s.homepage    = 'http://github.com/zed-0xff/pedump'
+  s.license     = 'MIT'
+  s.summary     = 'dump win32 PE executable files with a pure ruby'
+  s.description = 'dump headers, sections, extract resources of win32 PE exe,dll,etc'
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib".freeze]
-  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
-  s.date = "1980-01-02"
-  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
-  s.email = "zed.0xff@gmail.com".freeze
-  s.executables = ["pedump".freeze]
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.md"
-  ]
-  s.files = [
-    "CODE_OF_CONDUCT.md",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.md",
-    "Rakefile",
-    "VERSION",
-    "bin/pedump",
-    "data/comp_id.txt",
-    "data/fs.txt",
-    "data/jc-userdb.txt",
-    "data/ordlookup/oleaut32.dll.yml",
-    "data/ordlookup/pefile2json.py",
-    "data/ordlookup/ws2_32.dll.yml",
-    "data/ordlookup/wsock32.dll.yml",
-    "data/sig.bin",
-    "data/signatures.txt",
-    "data/userdb.txt",
-    "lib/pedump.rb",
-    "lib/pedump/cli.rb",
-    "lib/pedump/clr.rb",
-    "lib/pedump/clr/readytorun.rb",
-    "lib/pedump/clr/signature.rb",
-    "lib/pedump/comparer.rb",
-    "lib/pedump/composite_io.rb",
-    "lib/pedump/core.rb",
-    "lib/pedump/core_ext/try.rb",
-    "lib/pedump/loader.rb",
-    "lib/pedump/loader/minidump.rb",
-    "lib/pedump/loader/section.rb",
-    "lib/pedump/logger.rb",
-    "lib/pedump/ne.rb",
-    "lib/pedump/ne/version_info.rb",
-    "lib/pedump/ordlookup.rb",
-    "lib/pedump/packer.rb",
-    "lib/pedump/pe.rb",
-    "lib/pedump/resources.rb",
-    "lib/pedump/rich.rb",
-    "lib/pedump/security.rb",
-    "lib/pedump/sig_parser.rb",
-    "lib/pedump/te.rb",
-    "lib/pedump/tls.rb",
-    "lib/pedump/unpacker.rb",
-    "lib/pedump/unpacker/aspack.rb",
-    "lib/pedump/unpacker/upx.rb",
-    "lib/pedump/version.rb",
-    "lib/pedump/version_info.rb",
-    "misc/aspack/Makefile",
-    "misc/aspack/aspack_unlzx.c",
-    "misc/aspack/lzxdec.c",
-    "misc/aspack/lzxdec.h",
-    "misc/nedump.c",
-    "pedump.gemspec"
-  ]
-  s.homepage = "http://github.com/zed-0xff/pedump".freeze
-  s.licenses = ["MIT".freeze]
-  s.rubygems_version = "3.6.9".freeze
-  s.summary = "dump win32 PE executable files with a pure ruby".freeze
+  s.required_rubygems_version = Gem::Requirement.new('>= 0')
+  s.require_paths = ['lib']
 
-  s.specification_version = 4
+  s.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(samples|spec|tmp)/}) ||
+      f.match(/^\./) ||
+      f == 'README.md.tpl'
+  end
+  s.executables = ['pedump']
 
-  s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0".freeze])
-  s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0".freeze])
-  s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.5.0".freeze])
-  s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0".freeze])
-  s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2".freeze])
-  s.add_development_dependency(%q<rspec>.freeze, [">= 0".freeze])
-  s.add_development_dependency(%q<rspec-its>.freeze, [">= 0".freeze])
-  s.add_development_dependency(%q<bundler>.freeze, [">= 0".freeze])
-  s.add_development_dependency(%q<juwelier>.freeze, [">= 0".freeze])
-end
+  s.extra_rdoc_files = ['LICENSE.txt', 'README.md']
 
+  s.add_runtime_dependency 'logger'
+  s.add_runtime_dependency 'iostruct', '>= 0.7.0'
+  s.add_runtime_dependency 'zhexdump', '>= 0.0.2'
+
+  s.metadata['rubygems_mfa_required'] = 'true'
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.7.3
+  version: 0.7.5
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
@@ -10,21 +10,7 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rainbow
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: awesome_print
+  name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -43,28 +29,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.5.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-- !ruby/object:Gem::Dependency
-  name: multipart-post
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 0.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 0.7.0
 - !ruby/object:Gem::Dependency
   name: zhexdump
   requirement: !ruby/object:Gem::Requirement
@@ -79,62 +51,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.2
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-its
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: juwelier
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
 email: zed.0xff@gmail.com
 executables:
@@ -150,7 +66,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- VERSION
 - bin/pedump
 - data/comp_id.txt
 - data/fs.txt
@@ -167,6 +82,7 @@ files:
 - lib/pedump/clr.rb
 - lib/pedump/clr/readytorun.rb
 - lib/pedump/clr/signature.rb
+- lib/pedump/colors.rb
 - lib/pedump/comparer.rb
 - lib/pedump/composite_io.rb
 - lib/pedump/core.rb
@@ -175,6 +91,7 @@ files:
 - lib/pedump/loader/minidump.rb
 - lib/pedump/loader/section.rb
 - lib/pedump/logger.rb
+- lib/pedump/multipart.rb
 - lib/pedump/ne.rb
 - lib/pedump/ne/version_info.rb
 - lib/pedump/ordlookup.rb
@@ -200,7 +117,8 @@ files:
 homepage: http://github.com/zed-0xff/pedump
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib

data/VERSION

@@ -1 +0,0 @@
-0.7.3