pedump 0.7.4 → 0.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a9b3066ff9e670b8562e068856e45b94e82cbcaf27f95626da87abc09b94f8f
-  data.tar.gz: 6f05ee901ce249c363ccafd0f54a04e693c8fcefd4c6ecca2663169a6db2cefd
+  metadata.gz: d422e0cae0fcfb5090f13cdbe0e9fe8635463ba9cfccee49a110f766a962be9f
+  data.tar.gz: cbffb2114ff2b8195ffeb2ed5b92a2cadf4dadd35303802c30d6386c91041b2d
 SHA512:
-  metadata.gz: c8a3eae0788ed2e1723324d1c4409f88f922ab23db56e899b1624847879506677cd98a437ce0f5980012fd6c1d6f70cae43bec9f9f8f75ad9ca09e7aad2e9cb5
-  data.tar.gz: 410622db1bc1052d2bbb114ea6e2d92989004a06e72ebbf9efaade47e4bc95d15ca028122901eba2ed087d40c97df765bc0e68bd38c4a0527d10925dc1c3954f
+  metadata.gz: 9d4d9ca21d96b9ac64339da6208fa049d364384e505ff6e9d2a5232aa2cd711c3bd8b37a5fb1141b601df1f7ef82cc70c6a0a5389d03a2ffc4ab76d1c8b7ea3e
+  data.tar.gz: 8468e35a72ff9d84e475092aee3b8f0e0e0e0b5927197f0a3d6cc2d99d68552d98cb7cbc096f7de6439d5df1a981710f4f53389974d43f5dcc2ac8d5d0f7f5fd

data/Gemfile

@@ -1,15 +1,10 @@
-source "https://rubygems.org"
-#gemspec
+# frozen_string_literal: true
 
-gem 'rainbow'
-gem "awesome_print"
-gem "iostruct",       ">= 0.7.0"
-gem "multipart-post", ">= 2.0.0"
-gem "zhexdump",       ">= 0.0.2"
+source 'https://rubygems.org'
 
-group :development do
-  gem "rspec"
-  gem "rspec-its"
-  gem "bundler"
-  gem "juwelier"
+gemspec
+
+group :development, :test do
+  gem 'rspec'
+  gem 'rspec-its'
 end

data/Gemfile.lock

@@ -1,136 +1,17 @@
+PATH
+  remote: .
+  specs:
+    pedump (0.7.4)
+      iostruct (>= 0.7.0)
+      logger
+      zhexdump (>= 0.0.2)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (8.1.2)
-      base64
-      bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.3.1)
-      connection_pool (>= 2.2.5)
-      drb
-      i18n (>= 1.6, < 2)
-      json
-      logger (>= 1.4.2)
-      minitest (>= 5.1)
-      securerandom (>= 0.3)
-      tzinfo (~> 2.0, >= 2.0.5)
-      uri (>= 0.13.1)
-    addressable (2.8.8)
-      public_suffix (>= 2.0.2, < 8.0)
-    awesome_print (1.9.2)
-    base64 (0.3.0)
-    bigdecimal (4.0.1)
-    builder (3.3.0)
-    concurrent-ruby (1.3.6)
-    connection_pool (3.0.2)
-    date (3.5.1)
-    descendants_tracker (0.0.4)
-      thread_safe (~> 0.3, >= 0.3.1)
     diff-lcs (1.6.2)
-    drb (2.2.3)
-    erb (6.0.1)
-    faraday (1.10.4)
-      faraday-em_http (~> 1.0)
-      faraday-em_synchrony (~> 1.0)
-      faraday-excon (~> 1.1)
-      faraday-httpclient (~> 1.0)
-      faraday-multipart (~> 1.0)
-      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.0)
-      faraday-patron (~> 1.0)
-      faraday-rack (~> 1.0)
-      faraday-retry (~> 1.0)
-      ruby2_keywords (>= 0.0.4)
-    faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.1)
-    faraday-excon (1.1.0)
-    faraday-httpclient (1.0.1)
-    faraday-multipart (1.2.0)
-      multipart-post (~> 2.0)
-    faraday-net_http (1.0.2)
-    faraday-net_http_persistent (1.2.0)
-    faraday-patron (1.0.0)
-    faraday-rack (1.0.0)
-    faraday-retry (1.0.3)
-    git (4.3.0)
-      activesupport (>= 5.0)
-      addressable (~> 2.8)
-      process_executer (~> 4.0)
-      rchardet (~> 1.9)
-    github_api (0.19.0)
-      addressable (~> 2.4)
-      descendants_tracker (~> 0.0.4)
-      faraday (>= 0.8, < 2)
-      hashie (~> 3.5, >= 3.5.2)
-      oauth2 (~> 1.0)
-    hashie (3.6.0)
-    highline (3.1.2)
-      reline
-    i18n (1.14.8)
-      concurrent-ruby (~> 1.0)
-    io-console (0.8.2)
     iostruct (0.7.0)
-    json (2.18.0)
-    juwelier (2.4.9)
-      builder
-      bundler
-      git
-      github_api
-      highline
-      kamelcase (~> 0)
-      nokogiri
-      psych
-      rake
-      rdoc
-      semver2
-    jwt (2.10.2)
-      base64
-    kamelcase (0.0.2)
-      semver2 (~> 3)
     logger (1.7.0)
-    mini_portile2 (2.8.9)
-    minitest (6.0.1)
-      prism (~> 1.5)
-    multi_json (1.19.1)
-    multi_xml (0.8.1)
-      bigdecimal (>= 3.1, < 5)
-    multipart-post (2.4.1)
-    nokogiri (1.19.0)
-      mini_portile2 (~> 2.8.2)
-      racc (~> 1.4)
-    nokogiri (1.19.0-aarch64-linux-gnu)
-      racc (~> 1.4)
-    nokogiri (1.19.0-arm-linux-gnu)
-      racc (~> 1.4)
-    nokogiri (1.19.0-arm64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.19.0-x86_64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.19.0-x86_64-linux-gnu)
-      racc (~> 1.4)
-    oauth2 (1.4.11)
-      faraday (>= 0.17.3, < 3.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 4)
-    prism (1.9.0)
-    process_executer (4.0.2)
-      track_open_instances (~> 0.1)
-    psych (5.3.1)
-      date
-      stringio
-    public_suffix (7.0.2)
-    racc (1.8.1)
-    rack (3.2.4)
-    rainbow (3.1.1)
-    rake (13.3.1)
-    rchardet (1.10.0)
-    rdoc (7.1.0)
-      erb
-      psych (>= 4.0.0)
-      tsort
-    reline (0.6.3)
-      io-console (~> 0.5)
     rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -147,36 +28,16 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.6)
-    ruby2_keywords (0.0.5)
-    securerandom (0.4.1)
-    semver2 (3.4.2)
-    stringio (3.2.0)
-    thread_safe (0.3.6)
-    track_open_instances (0.1.15)
-    tsort (0.2.0)
-    tzinfo (2.0.6)
-      concurrent-ruby (~> 1.0)
-    uri (1.1.1)
     zhexdump (0.3.0)
 
 PLATFORMS
-  aarch64-linux
-  arm-linux
-  arm64-darwin
-  x86-linux
-  x86_64-darwin
-  x86_64-linux
+  arm64-darwin-24
+  ruby
 
 DEPENDENCIES
-  awesome_print
-  bundler
-  iostruct (>= 0.7.0)
-  juwelier
-  multipart-post (>= 2.0.0)
-  rainbow
+  pedump!
   rspec
   rspec-its
-  zhexdump (>= 0.0.2)
 
 BUNDLED WITH
-   2.5.22
+   2.6.9

data/README.md

@@ -4,6 +4,7 @@ pedump    [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=mast
 News
 ----
 ```
+2026.01.28 - 0.7.5; remove awesome_print, multipart-post, rainbow, juwelier; add logger
 2026.01.28 - 0.7.4; update iostruct
 2025.11.11 - 0.7.3; CLI: fix --file2va command :]
 2025.11.11 - 0.7.1; CLI: add --file2va command

data/Rakefile

@@ -1,41 +1,12 @@
-# encoding: utf-8
-
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'juwelier'
-Juwelier::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "pedump"
-  gem.homepage = "http://github.com/zed-0xff/pedump"
-  gem.license = "MIT"
-  gem.summary = %Q{dump win32 PE executable files with a pure ruby}
-  gem.description = %Q{dump headers, sections, extract resources of win32 PE exe,dll,etc}
-  gem.email = "zed.0xff@gmail.com"
-  gem.authors = ["Andrey \"Zed\" Zaikin"]
-  gem.executables = %w'pedump'
-  gem.files.include "lib/**/*.rb"
-  gem.files.exclude %w'samples/**/* spec/**/* tmp/**/* tmp/.keep .* README.md.tpl .github/**/*'
-  gem.extra_rdoc_files.exclude 'README.md.tpl'
-  # dependencies defined in Gemfile
-end
-Juwelier::RubygemsDotOrgTasks.new
+# frozen_string_literal: true
 
-require 'rspec/core'
+require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 
-desc "run specs"
+desc 'run specs'
 RSpec::Core::RakeTask.new
 
-task :default => [:spec, :readme]
+task default: %i[spec readme]
 
 task :init do
   $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), 'lib'))
@@ -44,9 +15,9 @@ task :init do
 end
 
 namespace :test do
-  desc "test on all files in given path"
-  task :all_files => :init do
-    path = ENV['path'] || raise("run me with path=...")
+  desc 'test on all files in given path'
+  task all_files: :init do
+    path = ENV['path'] || raise('run me with path=...')
     `find #{path} -type f`.split("\n").each do |fname|
       puts "\n### #{fname}\n"
       PEdump::CLI.new(fname).run
@@ -54,33 +25,33 @@ namespace :test do
   end
 
   namespace :all_files do
-    desc "output file name to stderr, use with stdout redirection"
-    task :stderr => :init do
-      path = ENV['path'] || raise("run me with path=...")
+    desc 'output file name to stderr, use with stdout redirection'
+    task stderr: :init do
+      path = ENV['path'] || raise('run me with path=...')
       `find #{path} -type f`.split("\n").each do |fname|
-        STDERR.puts "\n### #{fname}\n"
+        warn "\n### #{fname}\n"
         PEdump::CLI.new(fname).run
       end
     end
   end
 
-  desc "test on corkami binaries"
-  task :corkami => :init do
-      path = "samples/corkami"
-      `find #{path} -type f`.split("\n").each do |fname|
-        STDERR.puts "\n### #{fname}\n"
-        PEdump::CLI.new(fname).run
-      end
+  desc 'test on corkami binaries'
+  task corkami: :init do
+    path = 'samples/corkami'
+    `find #{path} -type f`.split("\n").each do |fname|
+      warn "\n### #{fname}\n"
+      PEdump::CLI.new(fname).run
+    end
   end
 end
 
-def check_file url, params = {}
+def check_file(url, params = {})
   require 'digest/md5'
   require 'open-uri'
 
   params[:min_size] ||= 80_000
 
-  STDOUT.sync = true
+  $stdout.sync = true
   prefix = params[:prefix]
   fname = File.join 'data', (prefix ? "#{prefix}-" : '') + File.basename(url)
   existing_md5 = File.exist?(fname) ? Digest::MD5.file(fname).hexdigest : ''
@@ -88,127 +59,124 @@ def check_file url, params = {}
   remote_data = URI.open(url).read.force_encoding('cp1252').encode('utf-8')
   puts "#{remote_data.size} bytes"
   raise "too small remote data (#{remote_data.size})" if remote_data.size < params[:min_size]
-  remote_md5   = Digest::MD5.hexdigest(remote_data)
+
+  remote_md5 = Digest::MD5.hexdigest(remote_data)
   if remote_md5 == existing_md5
-    puts "[.] same as local"
+    puts '[.] same as local'
   else
     existing_size = File.exist?(fname) ? File.size(fname) : 0
-    File.open(fname,"wb"){ |f| f << remote_data }
+    File.write(fname, remote_data, mode: 'wb')
     puts "[*] updated: #{existing_size} -> #{remote_data.size}"
   end
 end
 
-RICH_IDS_URL = "https://raw.githubusercontent.com/dishather/richprint/master/comp_id.txt"
+RICH_IDS_URL = 'https://raw.githubusercontent.com/dishather/richprint/master/comp_id.txt'
 
 namespace :rich do
-  desc "update rich comp_id db from net"
+  desc 'update rich comp_id db from net'
   task :update do
-    check_file RICH_IDS_URL, :min_size => 30_000
+    check_file RICH_IDS_URL, min_size: 30_000
   end
 
-  desc "convert"
+  desc 'convert'
   task :convert do
     result = [
-      "class PEdump",
+      'class PEdump',
       "  # data from #{RICH_IDS_URL}",
-      "  RICH_IDS = {"
+      '  RICH_IDS = {'
     ]
     n = 0
     t0 = Time.now
-    File.readlines(File.join("data", File.basename(RICH_IDS_URL))).each do |line|
+    File.readlines(File.join('data', File.basename(RICH_IDS_URL))).each do |line|
       line.strip!
       next if line.empty? || line[0] == '#'
+
       comp_id, desc = line.split(nil, 2)
       raise unless comp_id =~ /\A[0-9a-fA-F]+\Z/
+
       result << "    0x#{comp_id} => #{desc.inspect},"
       n += 1
     end
-    result << "  }"
-    result << "end"
-    printf "[.] parsed %d definitions in %6.3fs\n", n, Time.now-t0
-    File.write("lib/pedump/rich.rb", result.join("\n") + "\n")
+    result << '  }'
+    result << 'end'
+    printf "[.] parsed %d definitions in %6.3fs\n", n, Time.now - t0
+    File.write('lib/pedump/rich.rb', result.join("\n") + "\n")
   end
 end
 
 namespace :sigs do
-  desc "update packers db from net"
-  task :update do
-    require './lib/pedump/packer'
-    check_file "http://research.pandasecurity.com/blogs/images/userdb.txt"
-    check_file "http://fuu.googlecode.com/svn/trunk/src/x86/Tools/Signaturesdb/signatures.txt"
-    check_file "http://handlers.sans.edu/jclausing/userdb.txt", :prefix => "jc"
-  end
-
-  desc "convert txt2bin"
-  task :convert do
+  desc 'convert txt2bin'
+  task convert: :init do
     require './lib/pedump/packer'
     t0 = Time.now
-    sigs = PEdump::SigParser.parse :optimize => true, :verbose => true
-    printf "[.] parsed %d definitions in %6.3fs\n", sigs.size, Time.now-t0
-    File.open(PEdump::Packer::BIN_SIGS_FILE,"wb"){ |f| Marshal.dump(sigs,f) }
+    sigs = PEdump::SigParser.parse optimize: true
+    printf "[.] parsed %d definitions in %6.3fs\n", sigs.size, Time.now - t0
+    File.open(PEdump::Packer::BIN_SIGS_FILE, 'wb') { |f| Marshal.dump(sigs, f) }
   end
 
-  desc "dump"
-  task :dump do
+  desc 'dump'
+  task dump: :init do
     require './lib/pedump/packer'
-    require 'awesome_print'
-    PEdump::Packer.all.
-      group_by{ |sig| sig.name }.
-      sort_by{|name,sigs| name }.
-      each do |name,sigs|
-        next if sigs.size == 1
-        puts name.green
-        sigs.each do |sig|
-          printf "    %-5s  %s\n", sig.ep_only, sig.re.source.inspect
-        end
+    PEdump::Packer.all
+                  .group_by(&:name)
+                  .sort_by { |name, _sigs| name }
+                  .each do |name, sigs|
+      next if sigs.size == 1
+
+      puts name
+      sigs.each do |sig|
+        printf "    %-5s  %s\n", sig.ep_only, sig.re.source.inspect
       end
+    end
   end
 end
 
-desc "build readme"
+desc 'build readme'
 task :readme do
   require 'erb'
   tpl = File.read('README.md.tpl').gsub(/^%\s+(.+)/) do |x|
-    x.sub! /^%/,''
+    x.sub!(/^%/, '')
     "<%= run(\"#{x}\") %>"
   end
-  def run cmd
+  def run(cmd)
     cmd.strip!
     puts "[.] #{cmd} ..."
     r = "    # #{cmd}\n\n"
-    cmd.sub! /^pedump/,"../bin/pedump"
-    lines = `#{cmd}`.sub(/\A\n+/m,'').sub(/\s+\Z/,'').split("\n")
-    lines = lines[0,25] + ['...'] if lines.size > 50 && cmd.split.last != '-h'
-    r << lines.map{|x| "    #{x}"}.join("\n")
+    cmd.sub!(/^pedump/, '../bin/pedump')
+    lines = `#{cmd}`.sub(/\A\n+/m, '').sub(/\s+\Z/, '').split("\n")
+    lines = lines[0, 25] + ['...'] if lines.size > 50 && cmd.split.last != '-h'
+    r << lines.map { |x| "    #{x}" }.join("\n")
     r << "\n"
   end
   Dir.chdir 'samples'
   result = ERB.new(tpl, trim_mode: '%>').result
   Dir.chdir '..'
-  File.open('README.md','w'){ |f| f << result }
+  File.write('README.md', result)
 end
 
 namespace :console do
-  desc "start console with PEdump::Loader with loaded file"
+  desc 'start console with PEdump::Loader with loaded file'
   task :load do
-    raise "gimme a fname" unless fname = ENV['fname']
+    raise 'gimme a fname' unless (fname = ENV['fname'])
+
     require './lib/pedump'
     require './lib/pedump/loader'
     require 'pp'
-    File.open(fname,"rb") do |f|
+    File.open(fname, 'rb') do |f|
       @ldr = PEdump::Loader.new f
-      puts "[.] loader is at @ldr"
+      puts '[.] loader is at @ldr'
       pp @ldr.sections
-      Rake::Task["console"].execute
+      Rake::Task['console'].execute
     end
   end
 end
 
-desc "compare two PE files"
+desc 'compare two PE files'
 task :cmp do
-  raise "gimme a f1" unless f1 = ENV['f1']
-  raise "gimme a f2" unless f2 = ENV['f2']
+  raise 'gimme a f1' unless (f1 = ENV['f1'])
+  raise 'gimme a f2' unless (f2 = ENV['f2'])
+
   require './lib/pedump'
   require './lib/pedump/comparer'
-  PEdump::Comparer.cmp(f1,f2)
+  PEdump::Comparer.cmp(f1, f2)
 end

data/data/jc-userdb.txt

@@ -4301,13 +4301,9 @@ signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24
 ep_only = false
 
 [Microsoft Visual C++ 6.0 - 8.0]
-signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3 &# 40 ;T RU NC AT ED HE RE &# 41
+signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3
 ep_only = true
 
-[Microsoft Visual C++ 6.0 - 8.0]
-signature = 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0 53 56 57 8B 45 F8 89 65 E8 50 8B 45 FC C7 45 FC FF FF FF FF 89 45 F8 8D 45 F0 64 A3 00 00 00 00 C3 8B 4D F0 64 89 0D 00 00 00 00 59 5F 5E 5B C9 51 C3 (TRUNCATED HERE&#41
-ep_only = false
-
 [Microsoft Visual C++ 6.0 - 8.0]
 signature = 8B 44 24 08 85 C0 0F 84 ?? ?? ?? ?? 83 F8 01 8B 0D ?? ?? ?? ?? 8B 09 89 0D ?? ?? ?? ?? 0F 85 ?? ?? ?? ?? 68 80 00 00 00 FF 15 ?? ?? ?? ?? 85 C0 59 A3 ?? ?? ?? ?? 0F 84 ?? ?? ?? ?? 83 20 00 A1 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? A3 ?? ?? ?? ?? E8
 ep_only = false
@@ -9946,7 +9942,7 @@ signature = E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF
 ep_only = true
 
 [UPX-Shit v0.1 -> 500mhz]
-signature = E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? <SPAN STYLE="FONT-WEIGHT: BOLD">01</SPAN> ?? ?? ?? 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
+signature = E8 00 00 00 00 5E 83 C6 14 AD 89 C7 AD 89 C1 AD 30 07 47 E2 FB AD FF E0 C3 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 01 ?? ?? ?? 00 55 50 58 2D 53 68 69 74 20 76 30 2E 31 20 2D 20 77 77 77 2E 62 6C 61 63 6B 6C 6F 67 69 63 2E 6E 65 74 20 2D 20 63 6F 64 65 20 62 79 20 5B 35 30 30 6D 68 7A 5D
 ep_only = true
 
 [UPX-Shit v0.1 -> 500mhz]

data/lib/pedump/cli.rb

@@ -293,7 +293,7 @@ class PEdump::CLI
     require 'digest/md5'
     require 'open-uri'
     require 'net/http'
-    require 'net/http/post/multipart'
+    require 'pedump/multipart'
 
     stdout_sync = $stdout.sync
     $stdout.sync = true
@@ -320,12 +320,26 @@ class PEdump::CLI
 
     f.rewind
 
-    # upload with progress
+    # upload with progress using manual multipart POST
     post_url = URI.parse(URL_BASE+'/upload')
-    # UploadIO is from multipart-post
-    uio = UploadIO.new(f, "application/octet-stream", File.basename(f.path))
-    ppx = ProgressProxy.new(uio)
-    req = Net::HTTP::Post::Multipart.new post_url.path, "file" => ppx
+    boundary = MultipartBody.generate_boundary
+    filename = File.basename(f.path)
+
+    # Build multipart body parts
+    header_part = "--#{boundary}\r\n" \
+                  "Content-Disposition: form-data; name=\"file\"; filename=\"#{filename}\"\r\n" \
+                  "Content-Type: application/octet-stream\r\n\r\n"
+    footer_part = "\r\n--#{boundary}--\r\n"
+
+    content_length = header_part.bytesize + f.size + footer_part.bytesize
+
+    req = Net::HTTP::Post.new(post_url.path)
+    req['Content-Type'] = "multipart/form-data; boundary=#{boundary}"
+    req['Content-Length'] = content_length
+
+    ppx = ProgressProxy.new(f)
+    req.body_stream = MultipartBody.new(header_part, ppx, footer_part, content_length)
+
     res = Net::HTTP.start(post_url.host, post_url.port, use_ssl: (post_url.scheme == 'https')) do |http|
       http.request(req)
     end
@@ -361,7 +375,7 @@ class PEdump::CLI
       end
     end
 
-    puts "[.] ldr = PEdump::Loader.new(open(#{f.path.inspect}))".gray
+    puts "[.] ldr = PEdump::Loader.new(open(#{f.path.inspect}))"
     IRB.start
   end
 

data/lib/pedump/colors.rb

@@ -0,0 +1,29 @@
+module PEdump::Colors
+  def gray(str)
+    "\e[1;30m#{str}\e[0m"
+  end
+
+  def red(str)
+    "\e[1;31m#{str}\e[0m"
+  end
+
+  def green(str)
+    "\e[1;32m#{str}\e[0m"
+  end
+
+  def yellow(str)
+    "\e[1;33m#{str}\e[0m"
+  end
+
+  def redish(str)
+    "\e[0;31m#{str}\e[0m"
+  end
+
+  def greenish(str)
+    "\e[0;32m#{str}\e[0m"
+  end
+
+  def yellowish(str)
+    "\e[0;33m#{str}\e[0m"
+  end
+end

data/lib/pedump/comparer.rb

@@ -1,4 +1,5 @@
 require 'pedump'
+require 'pedump/colors'
 require 'pedump/loader'
 
 ########################################################################
@@ -9,6 +10,8 @@ class PEdump::Comparer
   attr_accessor :verbose
   attr_accessor :ignored_data_dirs, :ignored_sections
 
+  include PEdump::Colors
+
   METHODS = [:sections, :data_dirs, :imports, :resources, :pe_hdr]
 
   def initialize ldr1, ldr2
@@ -53,12 +56,12 @@ class PEdump::Comparer
 
       if !s2
         r = false
-        printf "[!] extra section %-12s in %s\n".red, s1.name.inspect, f1
+        printf red("[!] extra section %-12s in %s\n"), s1.name.inspect, f1
       elsif s1.data == s2.data
-        printf "[.] section: %s == %s\n".green, s1.name, s2.name if @verbose
+        printf green("[.] section: %s == %s\n"), s1.name, s2.name if @verbose
       else
         r = false
-        printf "[!] section: %s != %s\n".red, s1.name, s2.name
+        printf red("[!] section: %s != %s\n"), s1.name, s2.name
         self.class.cmp_ios *[s1,s2].map{ |section| StringIO.new(section.data) }
       end
     end
@@ -81,14 +84,14 @@ class PEdump::Comparer
 
       if d1.va != d2.va && d1.size != d2.size
         r = false
-        printf "[!] data_dir: %-12s:  SIZE & VA: %6x %6x  |  %6x %6x\n".red, d1.type,
+        printf red("[!] data_dir: %-12s:  SIZE & VA: %6x %6x  |  %6x %6x\n"), d1.type,
           d1.va, d1.size, d2.va, d2.size
       elsif d1.va != d2.va
         r = false
-        printf "[!] data_dir: %-12s:  VA       : %x != %x\n".red, d1.type, d1.va, d2.va
+        printf red("[!] data_dir: %-12s:  VA       : %x != %x\n"), d1.type, d1.va, d2.va
       elsif d1.size != d2.size
         r = false
-        printf "[!] data_dir: %-12s:  SIZE     : %x != %x\n".red, d1.type, d1.size, d2.size
+        printf red("[!] data_dir: %-12s:  SIZE     : %x != %x\n"), d1.type, d1.size, d2.size
       end
     end
     r
@@ -98,7 +101,7 @@ class PEdump::Comparer
     @ldr1.pedump.imports.each_with_index do |iid1,idx|
       iid2 = @ldr2.pedump.imports[idx]
       if iid1 != iid2
-        puts "[!] diff imports".red
+        puts red("[!] diff imports")
         return false
       end
     end
@@ -133,9 +136,9 @@ class PEdump::Comparer
         bytes = ios.map(&:readbyte)
         if bytes.uniq.size > 1
           ndiff += 1
-          printf ("\t%08x:"+" %02x"*ios.size).yellow+"\n", ios[0].pos-1, *bytes
+          printf(yellow("\t%08x:"+" %02x"*ios.size)+"\n", ios[0].pos-1, *bytes)
           if ndiff >= 5
-            puts "\t...".yellow
+            puts yellow("\t...")
             break
           end
         end

data/lib/pedump/logger.rb

@@ -1,4 +1,4 @@
-require 'awesome_print' # for colored tty logging
+require 'pedump/colors'
 
 class PEdump
   class Logger < ::Logger
@@ -39,6 +39,8 @@ class PEdump
   end
 
   class ColoredLogger < ::Logger
+    include PEdump::Colors
+
     def initialize *args
       super
       @formatter = proc do |severity,_,_,msg|
@@ -58,7 +60,7 @@ class PEdump
             when 'DEBUG'
               :gray
             end
-          "#{color ? msg.send(color) : msg}\n"
+          "#{color ? send(color, msg) : msg}\n"
         end
       end
       @level = WARN

data/lib/pedump/multipart.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+class PEdump
+  class CLI
+    # Streaming multipart body for file uploads
+    class MultipartBody
+      BOUNDARY_CHARS = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a
+
+      def self.generate_boundary
+        "----PEdumpUpload#{Array.new(32) { BOUNDARY_CHARS.sample }.join}"
+      end
+
+      def initialize(header, file_io, footer, total_size)
+        @parts = [
+          StringIO.new(header),
+          file_io,
+          StringIO.new(footer)
+        ]
+        @part_index = 0
+        @size = total_size
+      end
+
+      attr_reader :size
+
+      def read(length = nil, outbuf = nil)
+        outbuf ||= String.new
+        outbuf.clear
+        outbuf.force_encoding(Encoding::BINARY)
+
+        return nil if @part_index >= @parts.length
+
+        while @part_index < @parts.length
+          chunk = if length
+                    @parts[@part_index].read(length - outbuf.bytesize)
+                  else
+                    @parts[@part_index].read
+                  end
+
+          if chunk
+            outbuf << chunk
+            break if length && outbuf.bytesize >= length
+          else
+            @part_index += 1
+          end
+        end
+
+        outbuf.empty? && length ? nil : outbuf
+      end
+
+      def rewind
+        @parts.each(&:rewind)
+        @part_index = 0
+      end
+    end
+  end
+end

data/lib/pedump/sig_parser.rb

@@ -1,3 +1,5 @@
+#coding: binary
+
 class PEdump
   module SigParser
 
@@ -47,8 +49,6 @@ class PEdump
           puts "[=] #{sigs.size-n0} sigs from #{File.basename(fname)}\n\n" if args[:verbose]
         end
 
-        bins = Hash.new{ |k,v| k[v] = ''.force_encoding('binary') }
-
         # convert strings to Regexps
         sigs = sigs.values
         sigs.each_with_index do |sig,idx|
@@ -57,16 +57,14 @@ class PEdump
               sig.size = a.size
             end.map do |x|
               case x
-              when /\A\?\?\Z/
-                bins[sig] << '.'
-                '.'
-              when /\A.\?/,/\?.\Z/
-                puts "[?] #{x.inspect} -> \"??\" in #{sig.name}" if args[:verbose]
-                bins[sig] << '.'
+              when /\A\?\?\z/
                 '.'
-              when /\A[a-f0-9]{2}\Z/i
+              when /\A\h\?\z/ # 'f?'
+                "[\\x#{x[0]}0-\\x#{x[0]}f]"
+              when /\A\?\h\z/ # '?4'
+                '[' + (0..15).map{ |i| "\\x#{i.to_s(16)}#{x[1]}" }.join + ']'
+              when /\A[a-f0-9]{2}\z/i
                 x = x.to_i(16).chr
-                bins[sig] << x
                 if args[:raw]
                   x
                 elsif args[:raword]
@@ -89,34 +87,6 @@ class PEdump
         sigs.delete_if{ |sig| !sig.re || sig.re.index('BAD_RE') }
         return sigs if args[:raw] || args[:raword]
 
-#        require 'awesome_print'
-#        bins.each do |bin_sig, bin|
-#          next if bin.size < 5
-#          #next unless bin_sig.name['UPX']
-#
-#          bin_re = Regexp.new(bin_sig.re.join, Regexp::MULTILINE)
-#          was = false
-#          sigs.each do |sig|
-#            next if sig.size < 5 || sig == bin_sig
-#            #next unless sig.name['UPX']
-#
-#            re = Regexp.new(sig.re.join, Regexp::MULTILINE)
-#            if bin.index(re) == 0
-#              rd = _re_diff(bin_re.source, re.source)
-#              if rd.any? && rd.size <= 4
-#                #if sig.name.split.first.upcase != bin_sig.name.split.first.upcase
-#                  puts "\n[.] #{bin_sig.name.yellow}\n#{bin_re.source.inspect.red}" unless was
-#                  puts "[=] #{sig.name}"
-#                  puts re.source.inspect.green
-#                  p rd
-#                  was = true
-#                #end
-#              end
-#            end
-#          end
-#        end
-
-
         optimize sigs if args[:optimize]
 
         # convert re-arrays to Regexps
@@ -141,6 +111,7 @@ class PEdump
         return if sig.name == "JAR Archive"
         return if sig.name == "Turbo / Borland Pascal v7.x Unit"
         return if sig.re == "54 68 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 6D 6F" # dos stub
+        return if sig.re =~ /T RU E/
 
         sig.name.sub!(/^\*\s+/,    '')
         sig.name.sub!(/\s+\(h\)$/, '')
@@ -172,8 +143,8 @@ class PEdump
 
         # too short signatures
         if sig.re.split.delete_if{ |x| x['?'] }.size < 3
-          require 'awesome_print'
-          puts sig.inspect.red
+          puts "[?] too short signature: #{sig.inspect}" if args[:verbose]
+          return
         end
 
         # fs.txt contains a lot of signatures that copied from other sources
@@ -223,12 +194,6 @@ class PEdump
         return if d.all?(&:empty?) # no different words => can keep ANY name
 
 
-#        if name1 =~ /pecompact/i
-#          require 'awesome_print'
-#          puts "[d] #{name1}".yellow
-#          puts "[d] #{name2}".yellow
-#        end
-
         # [["v1.14/v1.20"], ["v1.14,", "v1.20"]]]
         # [["EXEShield", "v0.3b/v0.3", "v0.6"], ["Shield", "v0.3b,", "v0.3"]]]
         2.times do |i|
@@ -241,9 +206,6 @@ class PEdump
           end
         end
 
-#        require 'awesome_print'
-#        puts "[d] #{name1.yellow} #{name2.green}"
-
         a = name1.split
         b = name2.split
 
@@ -282,12 +244,6 @@ class PEdump
         new_name = new_name_head
         new_name << [a.join(' '), b.join(' ')].delete_if{|x| x.empty?}.join(' / ')
         new_name += new_name_tail
-#        if name1 =~ /pecompact/i
-#          p a
-#          p b
-#          p new_name_tail
-#        puts "[=] #{new_name.inspect}".red
-#        end
         new_name = new_name.join(' ')
       end
 

data/lib/pedump/unpacker/aspack.rb

@@ -840,7 +840,7 @@ if __FILE__ == $0
       next unless packer = Array(pedump.packer(f)).first
       next unless packer.name =~ /aspack/i
 
-      STDERR.puts "\n=== #{fname}".green
+      STDERR.puts "\n=== #{fname}"
 
       f.rewind
       unpacker = PEdump::Unpacker::ASPack.new(f,

data/lib/pedump/version.rb

@@ -1,7 +1,5 @@
+# frozen_string_literal: true
+
 class PEdump
-  module Version
-    STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
-    MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
-    BUILD = nil
-  end
+  VERSION = '0.7.5'
 end

data/lib/pedump.rb

@@ -9,6 +9,7 @@ unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
   require 'pedump/core_ext/try'
 end
 
+require 'pedump/version'
 require 'pedump/core'
 require 'pedump/ordlookup'
 require 'pedump/pe'
@@ -30,7 +31,6 @@ require 'pedump/clr'
 class PEdump
   attr_accessor :fname, :logger, :force, :io
 
-  VERSION    = Version::STRING
   MAX_ERRORS = 100
   MAX_IMAGE_IMPORT_DESCRIPTORS = 1000
   MAX_EXPORT_NUMBER_OF_NAMES = 16384 # got 7977 in https://pedump.me/03ad7400080678c6b1984f995d36fd04

data/pedump.gemspec

@@ -1,94 +1,35 @@
-# Generated by juwelier
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Juwelier::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-# stub: pedump 0.7.4 ruby lib
+# frozen_string_literal: true
+
+require 'English'
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pedump/version'
 
 Gem::Specification.new do |s|
-  s.name = "pedump".freeze
-  s.version = "0.7.4".freeze
+  s.name        = 'pedump'
+  s.version     = PEdump::VERSION
+  s.authors     = ['Andrey "Zed" Zaikin']
+  s.email       = 'zed.0xff@gmail.com'
+  s.homepage    = 'http://github.com/zed-0xff/pedump'
+  s.license     = 'MIT'
+  s.summary     = 'dump win32 PE executable files with a pure ruby'
+  s.description = 'dump headers, sections, extract resources of win32 PE exe,dll,etc'
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib".freeze]
-  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
-  s.date = "1980-01-02"
-  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
-  s.email = "zed.0xff@gmail.com".freeze
-  s.executables = ["pedump".freeze]
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.md"
-  ]
-  s.files = [
-    "CODE_OF_CONDUCT.md",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.md",
-    "Rakefile",
-    "VERSION",
-    "bin/pedump",
-    "data/comp_id.txt",
-    "data/fs.txt",
-    "data/jc-userdb.txt",
-    "data/ordlookup/oleaut32.dll.yml",
-    "data/ordlookup/pefile2json.py",
-    "data/ordlookup/ws2_32.dll.yml",
-    "data/ordlookup/wsock32.dll.yml",
-    "data/sig.bin",
-    "data/signatures.txt",
-    "data/userdb.txt",
-    "lib/pedump.rb",
-    "lib/pedump/cli.rb",
-    "lib/pedump/clr.rb",
-    "lib/pedump/clr/readytorun.rb",
-    "lib/pedump/clr/signature.rb",
-    "lib/pedump/comparer.rb",
-    "lib/pedump/composite_io.rb",
-    "lib/pedump/core.rb",
-    "lib/pedump/core_ext/try.rb",
-    "lib/pedump/loader.rb",
-    "lib/pedump/loader/minidump.rb",
-    "lib/pedump/loader/section.rb",
-    "lib/pedump/logger.rb",
-    "lib/pedump/ne.rb",
-    "lib/pedump/ne/version_info.rb",
-    "lib/pedump/ordlookup.rb",
-    "lib/pedump/packer.rb",
-    "lib/pedump/pe.rb",
-    "lib/pedump/resources.rb",
-    "lib/pedump/rich.rb",
-    "lib/pedump/security.rb",
-    "lib/pedump/sig_parser.rb",
-    "lib/pedump/te.rb",
-    "lib/pedump/tls.rb",
-    "lib/pedump/unpacker.rb",
-    "lib/pedump/unpacker/aspack.rb",
-    "lib/pedump/unpacker/upx.rb",
-    "lib/pedump/version.rb",
-    "lib/pedump/version_info.rb",
-    "misc/aspack/Makefile",
-    "misc/aspack/aspack_unlzx.c",
-    "misc/aspack/lzxdec.c",
-    "misc/aspack/lzxdec.h",
-    "misc/nedump.c",
-    "pedump.gemspec"
-  ]
-  s.homepage = "http://github.com/zed-0xff/pedump".freeze
-  s.licenses = ["MIT".freeze]
-  s.rubygems_version = "3.6.9".freeze
-  s.summary = "dump win32 PE executable files with a pure ruby".freeze
+  s.required_rubygems_version = Gem::Requirement.new('>= 0')
+  s.require_paths = ['lib']
 
-  s.specification_version = 4
+  s.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(samples|spec|tmp)/}) ||
+      f.match(/^\./) ||
+      f == 'README.md.tpl'
+  end
+  s.executables = ['pedump']
 
-  s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0".freeze])
-  s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0".freeze])
-  s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.7.0".freeze])
-  s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0".freeze])
-  s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2".freeze])
-  s.add_development_dependency(%q<rspec>.freeze, [">= 0".freeze])
-  s.add_development_dependency(%q<rspec-its>.freeze, [">= 0".freeze])
-  s.add_development_dependency(%q<bundler>.freeze, [">= 0".freeze])
-  s.add_development_dependency(%q<juwelier>.freeze, [">= 0".freeze])
-end
+  s.extra_rdoc_files = ['LICENSE.txt', 'README.md']
 
+  s.add_runtime_dependency 'logger'
+  s.add_runtime_dependency 'iostruct', '>= 0.7.0'
+  s.add_runtime_dependency 'zhexdump', '>= 0.0.2'
+
+  s.metadata['rubygems_mfa_required'] = 'true'
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.7.4
+  version: 0.7.5
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
@@ -10,21 +10,7 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rainbow
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: awesome_print
+  name: logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -51,20 +37,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.7.0
-- !ruby/object:Gem::Dependency
-  name: multipart-post
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: zhexdump
   requirement: !ruby/object:Gem::Requirement
@@ -79,62 +51,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.2
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rspec-its
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: juwelier
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
 email: zed.0xff@gmail.com
 executables:
@@ -150,7 +66,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- VERSION
 - bin/pedump
 - data/comp_id.txt
 - data/fs.txt
@@ -167,6 +82,7 @@ files:
 - lib/pedump/clr.rb
 - lib/pedump/clr/readytorun.rb
 - lib/pedump/clr/signature.rb
+- lib/pedump/colors.rb
 - lib/pedump/comparer.rb
 - lib/pedump/composite_io.rb
 - lib/pedump/core.rb
@@ -175,6 +91,7 @@ files:
 - lib/pedump/loader/minidump.rb
 - lib/pedump/loader/section.rb
 - lib/pedump/logger.rb
+- lib/pedump/multipart.rb
 - lib/pedump/ne.rb
 - lib/pedump/ne/version_info.rb
 - lib/pedump/ordlookup.rb
@@ -200,7 +117,8 @@ files:
 homepage: http://github.com/zed-0xff/pedump
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib

data/VERSION

@@ -1 +0,0 @@
-0.7.4