pedump 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/pedump.rb +25 -8
- data/lib/pedump/cli.rb +4 -1
- data/pedump.gemspec +1 -1
- metadata +10 -10
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.1
|
data/lib/pedump.rb
CHANGED
|
@@ -322,9 +322,14 @@ class PEdump
|
|
|
322
322
|
end
|
|
323
323
|
|
|
324
324
|
def mz f=nil
|
|
325
|
-
@mz ||= MZ.read(f).tap do |mz|
|
|
325
|
+
@mz ||= f && MZ.read(f).tap do |mz|
|
|
326
326
|
if mz.signature != 'MZ' && mz.signature != 'ZM'
|
|
327
|
-
|
|
327
|
+
if @force
|
|
328
|
+
logger.warn "[?] no MZ signature. want: 'MZ' or 'ZM', got: #{mz.signature.inspect}"
|
|
329
|
+
else
|
|
330
|
+
logger.error "[!] no MZ signature. want: 'MZ' or 'ZM', got: #{mz.signature.inspect}. (not forced)"
|
|
331
|
+
return nil
|
|
332
|
+
end
|
|
328
333
|
end
|
|
329
334
|
end
|
|
330
335
|
end
|
|
@@ -332,7 +337,7 @@ class PEdump
|
|
|
332
337
|
def dos_stub f=nil
|
|
333
338
|
@dos_stub ||=
|
|
334
339
|
begin
|
|
335
|
-
mz = mz(f)
|
|
340
|
+
return nil unless mz = mz(f)
|
|
336
341
|
dos_stub_offset = mz.header_paragraphs.to_i * 0x10
|
|
337
342
|
dos_stub_size = mz.lfanew.to_i - dos_stub_offset
|
|
338
343
|
if dos_stub_offset <= 0
|
|
@@ -374,7 +379,7 @@ class PEdump
|
|
|
374
379
|
def pe f=nil
|
|
375
380
|
@pe ||=
|
|
376
381
|
begin
|
|
377
|
-
pe_offset = mz(f).
|
|
382
|
+
pe_offset = mz(f) && mz(f).lfanew
|
|
378
383
|
if pe_offset.nil?
|
|
379
384
|
logger.fatal "[!] NULL PE offset (e_lfanew). cannot continue."
|
|
380
385
|
nil
|
|
@@ -385,7 +390,14 @@ class PEdump
|
|
|
385
390
|
f.seek pe_offset
|
|
386
391
|
pe_sig = f.read 4
|
|
387
392
|
logger.error "[!] 'NE' format is not supported!" if pe_sig == "NE\x00\x00"
|
|
388
|
-
|
|
393
|
+
if pe_sig != "PE\x00\x00"
|
|
394
|
+
if @force
|
|
395
|
+
logger.warn "[?] no PE signature (want: 'PE\\x00\\x00', got: #{pe_sig.inspect})"
|
|
396
|
+
else
|
|
397
|
+
logger.error "[?] no PE signature (want: 'PE\\x00\\x00', got: #{pe_sig.inspect}). (not forced)"
|
|
398
|
+
return nil
|
|
399
|
+
end
|
|
400
|
+
end
|
|
389
401
|
PE.new(pe_sig).tap do |pe|
|
|
390
402
|
pe.image_file_header = IMAGE_FILE_HEADER.read(f)
|
|
391
403
|
if pe.ifh.SizeOfOptionalHeader > 0
|
|
@@ -397,7 +409,7 @@ class PEdump
|
|
|
397
409
|
end
|
|
398
410
|
|
|
399
411
|
if (nToRead=pe.ifh.NumberOfSections) > 32
|
|
400
|
-
if @force
|
|
412
|
+
if @force.is_a?(Numeric) && @force > 1
|
|
401
413
|
logger.warn "[!] too many sections (#{pe.ifh.NumberOfSections}). forced. reading all"
|
|
402
414
|
else
|
|
403
415
|
logger.warn "[!] too many sections (#{pe.ifh.NumberOfSections}). not forced, reading first 32"
|
|
@@ -418,10 +430,15 @@ class PEdump
|
|
|
418
430
|
|
|
419
431
|
# OPTIONAL: assigns @mz, @rich_hdr, @pe, etc
|
|
420
432
|
def dump f=nil
|
|
421
|
-
f ?
|
|
433
|
+
f ? _dump_handle(f) : File.open(@fname){ |f| _dump_handle(f) }
|
|
422
434
|
self
|
|
423
435
|
end
|
|
424
436
|
|
|
437
|
+
def _dump_handle h
|
|
438
|
+
rich_hdr(h) # includes mz(h)
|
|
439
|
+
resources(h) # includes pe(h)
|
|
440
|
+
end
|
|
441
|
+
|
|
425
442
|
def data_directory f=nil
|
|
426
443
|
pe(f) && pe.ioh && pe.ioh.DataDirectory
|
|
427
444
|
end
|
|
@@ -517,7 +534,7 @@ class PEdump
|
|
|
517
534
|
end
|
|
518
535
|
|
|
519
536
|
def _read_resource_directory_tree f
|
|
520
|
-
return nil unless pe(f).
|
|
537
|
+
return nil unless pe(f) && pe(f).ioh && f
|
|
521
538
|
res_dir = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::RESOURCE]
|
|
522
539
|
return [] if !res_dir || (res_dir.va == 0 && res_dir.size == 0)
|
|
523
540
|
res_va = @pe.ioh.DataDirectory[IMAGE_DATA_DIRECTORY::RESOURCE].va
|
data/lib/pedump/cli.rb
CHANGED
|
@@ -30,7 +30,8 @@ class PEdump::CLI
|
|
|
30
30
|
@options[:verbose] += 1
|
|
31
31
|
end
|
|
32
32
|
opts.on "-F", "--force", "Try to dump by all means (can cause exceptions & heavy wounds)" do |v|
|
|
33
|
-
@options[:force]
|
|
33
|
+
@options[:force] ||= 0
|
|
34
|
+
@options[:force] += 1
|
|
34
35
|
end
|
|
35
36
|
opts.on "-f", "--format FORMAT", [:binary, :c, :dump, :hex, :inspect, :table],
|
|
36
37
|
"Output format: bin,c,dump,hex,inspect,table (default)" do |v|
|
|
@@ -71,6 +72,8 @@ class PEdump::CLI
|
|
|
71
72
|
end
|
|
72
73
|
end
|
|
73
74
|
|
|
75
|
+
return if !@options[:force] && !@pedump.mz(f)
|
|
76
|
+
|
|
74
77
|
@actions.each do |action|
|
|
75
78
|
dump_action action,f
|
|
76
79
|
end
|
data/pedump.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pedump
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -13,7 +13,7 @@ date: 2011-12-09 00:00:00.000000000Z
|
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rspec
|
|
16
|
-
requirement: &
|
|
16
|
+
requirement: &70262192852620 !ruby/object:Gem::Requirement
|
|
17
17
|
none: false
|
|
18
18
|
requirements:
|
|
19
19
|
- - ~>
|
|
@@ -21,10 +21,10 @@ dependencies:
|
|
|
21
21
|
version: 2.3.0
|
|
22
22
|
type: :development
|
|
23
23
|
prerelease: false
|
|
24
|
-
version_requirements: *
|
|
24
|
+
version_requirements: *70262192852620
|
|
25
25
|
- !ruby/object:Gem::Dependency
|
|
26
26
|
name: bundler
|
|
27
|
-
requirement: &
|
|
27
|
+
requirement: &70262192851380 !ruby/object:Gem::Requirement
|
|
28
28
|
none: false
|
|
29
29
|
requirements:
|
|
30
30
|
- - ~>
|
|
@@ -32,10 +32,10 @@ dependencies:
|
|
|
32
32
|
version: 1.0.0
|
|
33
33
|
type: :development
|
|
34
34
|
prerelease: false
|
|
35
|
-
version_requirements: *
|
|
35
|
+
version_requirements: *70262192851380
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: jeweler
|
|
38
|
-
requirement: &
|
|
38
|
+
requirement: &70262192849440 !ruby/object:Gem::Requirement
|
|
39
39
|
none: false
|
|
40
40
|
requirements:
|
|
41
41
|
- - ~>
|
|
@@ -43,10 +43,10 @@ dependencies:
|
|
|
43
43
|
version: 1.6.4
|
|
44
44
|
type: :development
|
|
45
45
|
prerelease: false
|
|
46
|
-
version_requirements: *
|
|
46
|
+
version_requirements: *70262192849440
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: rcov
|
|
49
|
-
requirement: &
|
|
49
|
+
requirement: &70262192846320 !ruby/object:Gem::Requirement
|
|
50
50
|
none: false
|
|
51
51
|
requirements:
|
|
52
52
|
- - ! '>='
|
|
@@ -54,7 +54,7 @@ dependencies:
|
|
|
54
54
|
version: '0'
|
|
55
55
|
type: :development
|
|
56
56
|
prerelease: false
|
|
57
|
-
version_requirements: *
|
|
57
|
+
version_requirements: *70262192846320
|
|
58
58
|
description: dump headers, sections, extract resources of win32 PE exe,dll,etc
|
|
59
59
|
email: zed.0xff@gmail.com
|
|
60
60
|
executables:
|
|
@@ -93,7 +93,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
93
93
|
version: '0'
|
|
94
94
|
segments:
|
|
95
95
|
- 0
|
|
96
|
-
hash:
|
|
96
|
+
hash: -2508940562784118037
|
|
97
97
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
98
98
|
none: false
|
|
99
99
|
requirements:
|