pedump 0.4.9.2 → 0.4.10
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +4 -4
- data/Gemfile.lock +19 -17
- data/VERSION +1 -1
- data/lib/pedump.rb +23 -7
- data/lib/pedump/version.rb +1 -1
- data/pedump.gemspec +11 -14
- metadata +11 -27
data/Gemfile
CHANGED
@@ -9,10 +9,10 @@ gem "awesome_print"
|
|
9
9
|
# Add dependencies to develop your gem here.
|
10
10
|
# Include everything needed to run rake, tests, features, etc.
|
11
11
|
group :development do
|
12
|
-
gem "rspec"
|
13
|
-
gem "bundler"
|
14
|
-
gem "jeweler"
|
15
|
-
gem "rcov", ">= 0"
|
12
|
+
gem "rspec"
|
13
|
+
gem "bundler"
|
14
|
+
gem "jeweler"
|
15
|
+
# gem "rcov", ">= 0"
|
16
16
|
gem "what_methods"
|
17
17
|
gem "looksee"
|
18
18
|
end
|
data/Gemfile.lock
CHANGED
@@ -1,26 +1,29 @@
|
|
1
1
|
GEM
|
2
2
|
remote: http://rubygems.org/
|
3
3
|
specs:
|
4
|
-
awesome_print (1.0
|
4
|
+
awesome_print (1.1.0)
|
5
5
|
diff-lcs (1.1.3)
|
6
6
|
git (1.2.5)
|
7
|
-
jeweler (1.
|
7
|
+
jeweler (1.8.4)
|
8
8
|
bundler (~> 1.0)
|
9
9
|
git (>= 1.2.5)
|
10
10
|
rake
|
11
|
+
rdoc
|
12
|
+
json (1.7.5)
|
11
13
|
looksee (1.0.3)
|
12
|
-
multipart-post (1.1.
|
14
|
+
multipart-post (1.1.5)
|
13
15
|
progressbar (0.9.2)
|
14
|
-
rake (0.
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
rspec-
|
19
|
-
rspec-
|
20
|
-
|
21
|
-
rspec-
|
22
|
-
|
23
|
-
|
16
|
+
rake (10.0.2)
|
17
|
+
rdoc (3.12)
|
18
|
+
json (~> 1.4)
|
19
|
+
rspec (2.12.0)
|
20
|
+
rspec-core (~> 2.12.0)
|
21
|
+
rspec-expectations (~> 2.12.0)
|
22
|
+
rspec-mocks (~> 2.12.0)
|
23
|
+
rspec-core (2.12.1)
|
24
|
+
rspec-expectations (2.12.0)
|
25
|
+
diff-lcs (~> 1.1.3)
|
26
|
+
rspec-mocks (2.12.0)
|
24
27
|
what_methods (1.0.1)
|
25
28
|
|
26
29
|
PLATFORMS
|
@@ -28,11 +31,10 @@ PLATFORMS
|
|
28
31
|
|
29
32
|
DEPENDENCIES
|
30
33
|
awesome_print
|
31
|
-
bundler
|
32
|
-
jeweler
|
34
|
+
bundler
|
35
|
+
jeweler
|
33
36
|
looksee
|
34
37
|
multipart-post (~> 1.1.4)
|
35
38
|
progressbar (~> 0.9.2)
|
36
|
-
|
37
|
-
rspec (~> 2.3.0)
|
39
|
+
rspec
|
38
40
|
what_methods
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.4.
|
1
|
+
0.4.10
|
data/lib/pedump.rb
CHANGED
@@ -587,7 +587,7 @@ class PEdump
|
|
587
587
|
##############################################################################
|
588
588
|
|
589
589
|
#http://msdn.microsoft.com/en-us/library/ms809762.aspx
|
590
|
-
IMAGE_EXPORT_DIRECTORY = create_struct '
|
590
|
+
IMAGE_EXPORT_DIRECTORY = create_struct 'V2v2V2l2V3',
|
591
591
|
:Characteristics,
|
592
592
|
:TimeDateStamp,
|
593
593
|
:MajorVersion, # These fields appear to be unused and are set to 0.
|
@@ -639,7 +639,7 @@ class PEdump
|
|
639
639
|
x.name = f.gets("\x00").chomp("\x00")
|
640
640
|
end
|
641
641
|
end
|
642
|
-
if x.NumberOfFunctions.to_i
|
642
|
+
if x.NumberOfFunctions.to_i > 0
|
643
643
|
if x.AddressOfFunctions.to_i !=0 && (ofs = va2file(x.AddressOfFunctions))
|
644
644
|
f.seek ofs
|
645
645
|
x.entry_points = []
|
@@ -663,7 +663,7 @@ class PEdump
|
|
663
663
|
end
|
664
664
|
end
|
665
665
|
end
|
666
|
-
if x.NumberOfNames.to_i
|
666
|
+
if x.NumberOfNames.to_i > 0 && x.AddressOfNames.to_i !=0 && (ofs = va2file(x.AddressOfNames))
|
667
667
|
f.seek ofs
|
668
668
|
x.names = []
|
669
669
|
x.NumberOfNames.times do
|
@@ -673,15 +673,31 @@ class PEdump
|
|
673
673
|
end
|
674
674
|
x.names << f.read(4).unpack('V').first
|
675
675
|
end
|
676
|
-
|
677
|
-
|
678
|
-
|
676
|
+
nErrors = 0
|
677
|
+
x.names.size.times do |i|
|
678
|
+
begin
|
679
|
+
f.seek va2file(x.names[i])
|
680
|
+
x.names[i] = f.gets("\x00").to_s.chomp("\x00")
|
681
|
+
rescue
|
682
|
+
nErrors += 1
|
683
|
+
if nErrors > 100
|
684
|
+
logger.warn "[?] too many errors getting export names, stopped on #{i} of #{x.names.size}"
|
685
|
+
x.names = x.names[0,i]
|
686
|
+
break
|
687
|
+
end
|
688
|
+
nil
|
689
|
+
end
|
679
690
|
end
|
680
691
|
end
|
681
692
|
|
682
693
|
ord2name = {}
|
683
694
|
if x.names && x.names.any?
|
684
|
-
x.NumberOfNames
|
695
|
+
n = x.NumberOfNames
|
696
|
+
if n > 2048
|
697
|
+
logger.warn "[?] NumberOfNames too big (#{x.NumberOfNames}), limiting to 2048"
|
698
|
+
n = 2048
|
699
|
+
end
|
700
|
+
n.times do |i|
|
685
701
|
ord2name[x.name_ordinals[i]] ||= []
|
686
702
|
ord2name[x.name_ordinals[i]] << x.names[i]
|
687
703
|
end
|
data/lib/pedump/version.rb
CHANGED
data/pedump.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "pedump"
|
8
|
-
s.version = "0.4.
|
8
|
+
s.version = "0.4.10"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Andrey \"Zed\" Zaikin"]
|
12
|
-
s.date = "2012-
|
12
|
+
s.date = "2012-12-10"
|
13
13
|
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
|
14
14
|
s.email = "zed.0xff@gmail.com"
|
15
15
|
s.executables = ["pedump"]
|
@@ -90,20 +90,18 @@ Gem::Specification.new do |s|
|
|
90
90
|
s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
91
91
|
s.add_runtime_dependency(%q<progressbar>, ["~> 0.9.2"])
|
92
92
|
s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
|
93
|
-
s.add_development_dependency(%q<rspec>, ["
|
94
|
-
s.add_development_dependency(%q<bundler>, ["
|
95
|
-
s.add_development_dependency(%q<jeweler>, ["
|
96
|
-
s.add_development_dependency(%q<rcov>, [">= 0"])
|
93
|
+
s.add_development_dependency(%q<rspec>, [">= 0"])
|
94
|
+
s.add_development_dependency(%q<bundler>, [">= 0"])
|
95
|
+
s.add_development_dependency(%q<jeweler>, [">= 0"])
|
97
96
|
s.add_development_dependency(%q<what_methods>, [">= 0"])
|
98
97
|
s.add_development_dependency(%q<looksee>, [">= 0"])
|
99
98
|
else
|
100
99
|
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
101
100
|
s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
|
102
101
|
s.add_dependency(%q<awesome_print>, [">= 0"])
|
103
|
-
s.add_dependency(%q<rspec>, ["
|
104
|
-
s.add_dependency(%q<bundler>, ["
|
105
|
-
s.add_dependency(%q<jeweler>, ["
|
106
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
102
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
103
|
+
s.add_dependency(%q<bundler>, [">= 0"])
|
104
|
+
s.add_dependency(%q<jeweler>, [">= 0"])
|
107
105
|
s.add_dependency(%q<what_methods>, [">= 0"])
|
108
106
|
s.add_dependency(%q<looksee>, [">= 0"])
|
109
107
|
end
|
@@ -111,10 +109,9 @@ Gem::Specification.new do |s|
|
|
111
109
|
s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
|
112
110
|
s.add_dependency(%q<progressbar>, ["~> 0.9.2"])
|
113
111
|
s.add_dependency(%q<awesome_print>, [">= 0"])
|
114
|
-
s.add_dependency(%q<rspec>, ["
|
115
|
-
s.add_dependency(%q<bundler>, ["
|
116
|
-
s.add_dependency(%q<jeweler>, ["
|
117
|
-
s.add_dependency(%q<rcov>, [">= 0"])
|
112
|
+
s.add_dependency(%q<rspec>, [">= 0"])
|
113
|
+
s.add_dependency(%q<bundler>, [">= 0"])
|
114
|
+
s.add_dependency(%q<jeweler>, [">= 0"])
|
118
115
|
s.add_dependency(%q<what_methods>, [">= 0"])
|
119
116
|
s.add_dependency(%q<looksee>, [">= 0"])
|
120
117
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pedump
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.10
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-12-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: multipart-post
|
@@ -64,51 +64,35 @@ dependencies:
|
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
65
65
|
none: false
|
66
66
|
requirements:
|
67
|
-
- -
|
67
|
+
- - ! '>='
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version:
|
69
|
+
version: '0'
|
70
70
|
type: :development
|
71
71
|
prerelease: false
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
73
73
|
none: false
|
74
74
|
requirements:
|
75
|
-
- -
|
75
|
+
- - ! '>='
|
76
76
|
- !ruby/object:Gem::Version
|
77
|
-
version:
|
77
|
+
version: '0'
|
78
78
|
- !ruby/object:Gem::Dependency
|
79
79
|
name: bundler
|
80
80
|
requirement: !ruby/object:Gem::Requirement
|
81
81
|
none: false
|
82
82
|
requirements:
|
83
|
-
- -
|
83
|
+
- - ! '>='
|
84
84
|
- !ruby/object:Gem::Version
|
85
|
-
version:
|
85
|
+
version: '0'
|
86
86
|
type: :development
|
87
87
|
prerelease: false
|
88
88
|
version_requirements: !ruby/object:Gem::Requirement
|
89
89
|
none: false
|
90
90
|
requirements:
|
91
|
-
- -
|
91
|
+
- - ! '>='
|
92
92
|
- !ruby/object:Gem::Version
|
93
|
-
version:
|
93
|
+
version: '0'
|
94
94
|
- !ruby/object:Gem::Dependency
|
95
95
|
name: jeweler
|
96
|
-
requirement: !ruby/object:Gem::Requirement
|
97
|
-
none: false
|
98
|
-
requirements:
|
99
|
-
- - ~>
|
100
|
-
- !ruby/object:Gem::Version
|
101
|
-
version: 1.6.4
|
102
|
-
type: :development
|
103
|
-
prerelease: false
|
104
|
-
version_requirements: !ruby/object:Gem::Requirement
|
105
|
-
none: false
|
106
|
-
requirements:
|
107
|
-
- - ~>
|
108
|
-
- !ruby/object:Gem::Version
|
109
|
-
version: 1.6.4
|
110
|
-
- !ruby/object:Gem::Dependency
|
111
|
-
name: rcov
|
112
96
|
requirement: !ruby/object:Gem::Requirement
|
113
97
|
none: false
|
114
98
|
requirements:
|
@@ -237,7 +221,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
237
221
|
version: '0'
|
238
222
|
segments:
|
239
223
|
- 0
|
240
|
-
hash:
|
224
|
+
hash: 1643171094839400469
|
241
225
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
242
226
|
none: false
|
243
227
|
requirements:
|