pedump 0.5.0 → 0.5.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b7032e6e832ba6c7fead77e245952396e8e28f42
+  data.tar.gz: 35bb50e4f1095127491dfe2cf0f902588afd8799
+SHA512:
+  metadata.gz: 70050e12128d7068566db6aec580ebc79066134b16e38538747423bf2a52409adcb2564692463497fbe33906741e0de3d2843571ad613b17cad97d08cae5bea8
+  data.tar.gz: 03ad91ef9cdf5554458ffe2c50ef7ceb2ec79b6368e48e2f96b15c6f4536b82f894edafc52a01bf1b44755229ff282f6321b6db520990721901166fa0fe3541a

data/Gemfile

@@ -1,20 +1,14 @@
 source "http://rubygems.org"
-# Add dependencies required to use your gem here.
-# Example:
-#   gem "activesupport", ">= 2.3.5"
-gem "multipart-post", "~> 1.1.4"
+
+gem "multipart-post", "~> 2.0.0"
 gem "progressbar"
 gem "awesome_print"
 gem "iostruct", ">= 0.0.4"
 gem "zhexdump", ">= 0.0.2"
 
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
 group :development do
   gem "rspec"
   gem "bundler"
-  gem "jeweler"
-#  gem "rcov", ">= 0"
   gem "what_methods"
-#  gem "looksee"
+  gem "rake"
 end

data/Gemfile.lock

@@ -1,29 +1,25 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    awesome_print (1.1.0)
-    diff-lcs (1.1.3)
-    git (1.2.5)
+    awesome_print (1.7.0)
+    diff-lcs (1.2.5)
     iostruct (0.0.4)
-    jeweler (1.8.4)
-      bundler (~> 1.0)
-      git (>= 1.2.5)
-      rake
-      rdoc
-    json (1.7.5)
-    multipart-post (1.1.5)
-    progressbar (0.12.0)
-    rake (10.0.4)
-    rdoc (3.12)
-      json (~> 1.4)
-    rspec (2.12.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    rspec-core (2.12.1)
-    rspec-expectations (2.12.0)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.12.0)
+    multipart-post (2.0.0)
+    progressbar (0.21.0)
+    rake (10.4.2)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.3)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
     what_methods (1.0.1)
     zhexdump (0.0.2)
 
@@ -34,9 +30,12 @@ DEPENDENCIES
   awesome_print
   bundler
   iostruct (>= 0.0.4)
-  jeweler
-  multipart-post (~> 1.1.4)
+  multipart-post (~> 2.0.0)
   progressbar
+  rake
   rspec
   what_methods
   zhexdump (>= 0.0.2)
+
+BUNDLED WITH
+   1.12.5

data/Rakefile

@@ -1,81 +1,12 @@
-# encoding: utf-8
-
-require 'rubygems'
 require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "pedump"
-  gem.homepage = "http://github.com/zed-0xff/pedump"
-  gem.license = "MIT"
-  gem.summary = %Q{dump win32 PE executable files with a pure ruby}
-  gem.description = %Q{dump headers, sections, extract resources of win32 PE exe,dll,etc}
-  gem.email = "zed.0xff@gmail.com"
-  gem.authors = ["Andrey \"Zed\" Zaikin"]
-  gem.executables = %w'pedump'
-  gem.files.include "lib/**/*.rb"
-  gem.files.include "data/*.bin"
-  gem.files.include "data/*.txt"
-
-  gem.files.exclude "samples/*", "README.md.tpl"
-  gem.extra_rdoc_files.exclude "README.md.tpl"
-end
-Jeweler::RubygemsDotOrgTasks.new
-
-require 'rspec/core'
+require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec) do |spec|
-  spec.pattern = FileList['spec/**/*_spec.rb']
-end
 
-RSpec::Core::RakeTask.new(:rcov) do |spec|
-  spec.pattern = 'spec/**/*_spec.rb'
-  spec.rcov = true
-end
+desc "run specs"
+RSpec::Core::RakeTask.new
 
 task :default => :spec
 
-#require 'rake/rdoctask'
-#Rake::RDocTask.new do |rdoc|
-#  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-#
-#  rdoc.rdoc_dir = 'rdoc'
-#  rdoc.title = "pedump #{version}"
-#  rdoc.rdoc_files.include('README*')
-#  rdoc.rdoc_files.include('lib/**/*.rb')
-#end
-
-class Jeweler::Commands::Version::Base
-  alias :commit_version_old :commit_version
-  def commit_version
-    code = <<-EOF
-class PEdump
-  module Version
-    MAJOR = #{version_helper.major}
-    MINOR = #{version_helper.minor}
-    PATCH = #{version_helper.patch}
-    BUILD = nil
-
-    STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
-  end
-end
-    EOF
-    vfile = working_subdir.join("lib/pedump/version.rb")
-    File.open(vfile,"w"){ |f| f << code }
-    self.repo.add vfile if self.repo
-    commit_version_old
-  end
-end
-
 namespace :test do
   desc "test on all files in given path"
   task :all_files do

data/VERSION

@@ -1 +1 @@
-0.5.0
+0.5.1

data/lib/pedump.rb

@@ -474,9 +474,10 @@ class PEdump
     :first_thunk
 
   class ImportedFunction < Struct.new(:hint, :name, :ordinal, :va, :module_name)
-#    def == x
-#      self.hint == x.hint && self.name == x.name && self.ordinal == x.ordinal
-#    end
+    def == x
+      self.hint == x.hint && self.name == x.name && self.ordinal == x.ordinal &&
+        self.module_name == x.module_name
+    end
 #    def <=> x
 #      self.to_a[0..-2] <=> x.to_a[0..-2]
 #    end
@@ -626,7 +627,11 @@ class PEdump
     :name, :entry_points, :names, :name_ordinals, :functions,
     :description # NE only
 
-  ExportedFunction = Struct.new :name, :ord, :va, :file_offset
+  class ExportedFunction < Struct.new :name, :ord, :va, :file_offset
+    def ordinal
+      self.ord
+    end
+  end
 
   def exports f=@io
     if pe(f)

data/lib/pedump/loader.rb

@@ -263,7 +263,7 @@ class PEdump::Loader
     @pedump.imports.each do |iid| # Image Import Descriptor
       va = iid.FirstThunk + @image_base
       (Array(iid.original_first_thunk) + Array(iid.first_thunk)).uniq.each do |func|
-        name = func.name || "##{func.ordinal}"
+        name = "__imp_" + (func.name || "#{func.ordinal}")
         @names[va] = name
         va += 4
       end

data/lib/pedump/loader/minidump.rb

@@ -53,6 +53,24 @@ class PEdump
     end
   end
 
+  MINIDUMP_MEMORY_DESCRIPTOR = IOStruct.new 'QLL',
+    :StartOfMemoryRange,
+    :DataSize,
+    :Rva
+
+  class MINIDUMP_MEMORY_LIST < IOStruct.new 'L',
+    :NumberOfMemoryRanges,
+    :MemoryRanges
+
+    def self.read io
+      r = super
+      r.MemoryRanges = r.NumberOfMemoryRanges.times.map{ MINIDUMP_MEMORY_DESCRIPTOR.read(io) }
+      r
+    end
+
+    def entries; self.MemoryRanges; end
+  end
+
   MINIDUMP_MEMORY_DESCRIPTOR64 = IOStruct.new 'QQ',
     :StartOfMemoryRange,
     :DataSize
@@ -78,7 +96,7 @@ class PEdump
          2 => :ReservedStream1,
          3 => :ThreadListStream,
          4 => :ModuleListStream,
-         5 => :MemoryListStream,
+         5 => :MemoryListStream,             # MINIDUMP_MEMORY_LIST
          6 => :ExceptionStream,
          7 => :SystemInfoStream,
          8 => :ThreadExListStream,
@@ -125,6 +143,14 @@ class PEdump
       end
 
       def memory_list
+        # MINIDUMP_MEMORY_LIST
+        stream = streams.find{ |s| s.StreamType == 5 }
+        return nil unless stream
+        io.seek stream.Location.Rva
+        MINIDUMP_MEMORY_LIST.read io
+      end
+
+      def memory64_list
         # MINIDUMP_MEMORY64_LIST
         stream = streams.find{ |s| s.StreamType == 9 }
         return nil unless stream
@@ -136,27 +162,50 @@ class PEdump
 
       # set options[:merge] = true to merge adjacent memory ranges
       def memory_ranges options = {}
-        ml = memory_list
-        file_offset = ml.BaseRva
-        r = []
-        if options[:merge]
-          ml.entries.each do |x|
-            if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
-              # if section VA == prev_section.VA + prev_section.SIZE
-              # then just increase the size of previous section
-              r.last.size += x.DataSize
-            else
+        if memory64_list
+          ml = memory64_list
+          file_offset = ml.BaseRva
+          r = []
+          if options[:merge]
+            ml.entries.each do |x|
+              if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
+                # if section VA == prev_section.VA + prev_section.SIZE
+                # then just increase the size of previous section
+                r.last.size += x.DataSize
+              else
+                r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
+              end
+              file_offset += x.DataSize
+            end
+          else
+            ml.entries.each do |x|
               r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
+              file_offset += x.DataSize
             end
-            file_offset += x.DataSize
           end
-        else
-          ml.entries.each do |x|
-            r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
-            file_offset += x.DataSize
+          return r
+        elsif memory_list
+          ml = memory_list
+          r = []
+          if options[:merge]
+            ml.entries.each do |x|
+              if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
+                # if section VA == prev_section.VA + prev_section.SIZE
+                # then just increase the size of previous section
+                r.last.size += x.DataSize
+              else
+                r << MemoryRange.new( x.Rva, x.StartOfMemoryRange, x.DataSize )
+              end
+            end
+          else
+            ml.entries.each do |x|
+              r << MemoryRange.new( x.Rva, x.StartOfMemoryRange, x.DataSize )
+            end
           end
+          return r
+        else
+          raise "Could not find memory ranges"
         end
-        r
       end
 
     end # class Minidump

data/lib/pedump/version.rb

@@ -2,7 +2,7 @@ class PEdump
   module Version
     MAJOR = 0
     MINOR = 5
-    PATCH = 0
+    PATCH = 1
     BUILD = nil
 
     STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')

data/pedump.gemspec

@@ -1,137 +1,27 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pedump/version'
 
-Gem::Specification.new do |s|
-  s.name = "pedump"
-  s.version = "0.5.0"
+Gem::Specification.new do |spec|
+  spec.name          = "pedump"
+  spec.version       = PEdump::Version::STRING
+  spec.authors       = ["Andrey \"Zed\" Zaikin"]
+  spec.email         = ["zed.0xff@gmail.com"]
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Andrey \"Zed\" Zaikin"]
-  s.date = "2013-04-20"
-  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
-  s.email = "zed.0xff@gmail.com"
-  s.executables = ["pedump"]
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.md"
-  ]
-  s.files = [
-    ".document",
-    ".rspec",
-    ".travis.yml",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.md",
-    "Rakefile",
-    "VERSION",
-    "bin/pedump",
-    "data/fs.txt",
-    "data/jc-userdb.txt",
-    "data/sig.bin",
-    "data/signatures.txt",
-    "data/userdb.txt",
-    "lib/pedump.rb",
-    "lib/pedump/cli.rb",
-    "lib/pedump/comparer.rb",
-    "lib/pedump/composite_io.rb",
-    "lib/pedump/core.rb",
-    "lib/pedump/core_ext/try.rb",
-    "lib/pedump/loader.rb",
-    "lib/pedump/loader/minidump.rb",
-    "lib/pedump/loader/section.rb",
-    "lib/pedump/logger.rb",
-    "lib/pedump/ne.rb",
-    "lib/pedump/ne/version_info.rb",
-    "lib/pedump/packer.rb",
-    "lib/pedump/pe.rb",
-    "lib/pedump/resources.rb",
-    "lib/pedump/security.rb",
-    "lib/pedump/sig_parser.rb",
-    "lib/pedump/tls.rb",
-    "lib/pedump/unpacker.rb",
-    "lib/pedump/unpacker/aspack.rb",
-    "lib/pedump/unpacker/upx.rb",
-    "lib/pedump/version.rb",
-    "lib/pedump/version_info.rb",
-    "misc/aspack/Makefile",
-    "misc/aspack/aspack_unlzx.c",
-    "misc/aspack/lzxdec.c",
-    "misc/aspack/lzxdec.h",
-    "misc/nedump.c",
-    "pedump.gemspec",
-    "samples/bad/68.exe",
-    "samples/bad/data_dir_15_entries.exe",
-    "spec/65535sects_spec.rb",
-    "spec/bad_imports_spec.rb",
-    "spec/bad_samples_spec.rb",
-    "spec/composite_io_spec.rb",
-    "spec/data/calc.exe_sections.yml",
-    "spec/data/data_dir_15_entries.exe_sections.yml",
-    "spec/dllord_spec.rb",
-    "spec/foldedhdr_spec.rb",
-    "spec/imports_badterm_spec.rb",
-    "spec/imports_vterm_spec.rb",
-    "spec/loader/names_spec.rb",
-    "spec/loader/va_spec.rb",
-    "spec/manyimportsW7_spec.rb",
-    "spec/ne_spec.rb",
-    "spec/packer_spec.rb",
-    "spec/pe_spec.rb",
-    "spec/pedump_spec.rb",
-    "spec/resource_spec.rb",
-    "spec/sections_spec.rb",
-    "spec/sig_all_packers_spec.rb",
-    "spec/sig_spec.rb",
-    "spec/spec_helper.rb",
-    "spec/support/samples.rb",
-    "spec/unpackers/aspack_spec.rb",
-    "spec/unpackers/find_spec.rb",
-    "spec/virtsectblXP_spec.rb",
-    "tmp/.keep"
-  ]
-  s.homepage = "http://github.com/zed-0xff/pedump"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
-  s.summary = "dump win32 PE executable files with a pure ruby"
+  spec.summary       = "dump win32 PE executable files with a pure ruby"
+  spec.description   = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
+  spec.homepage      = "http://github.com/zed-0xff/pedump"
+  spec.license       = "MIT"
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  spec.files         = `git ls-files -z`.split("\x0").
+    reject { |f| f.match(%r{^(test|spec|features|samples|tmp|\.)/}) || f.start_with?('.') || f == "README.md.tpl" }
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_runtime_dependency(%q<progressbar>, [">= 0"])
-      s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
-      s.add_runtime_dependency(%q<iostruct>, [">= 0.0.4"])
-      s.add_runtime_dependency(%q<zhexdump>, [">= 0.0.2"])
-      s.add_development_dependency(%q<rspec>, [">= 0"])
-      s.add_development_dependency(%q<bundler>, [">= 0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<what_methods>, [">= 0"])
-    else
-      s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_dependency(%q<progressbar>, [">= 0"])
-      s.add_dependency(%q<awesome_print>, [">= 0"])
-      s.add_dependency(%q<iostruct>, [">= 0.0.4"])
-      s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
-      s.add_dependency(%q<rspec>, [">= 0"])
-      s.add_dependency(%q<bundler>, [">= 0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<what_methods>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-    s.add_dependency(%q<progressbar>, [">= 0"])
-    s.add_dependency(%q<awesome_print>, [">= 0"])
-    s.add_dependency(%q<iostruct>, [">= 0.0.4"])
-    s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
-    s.add_dependency(%q<rspec>, [">= 0"])
-    s.add_dependency(%q<bundler>, [">= 0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<what_methods>, [">= 0"])
-  end
-end
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
 
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake",    "~> 10.0"
+  spec.add_development_dependency "rspec",   "~> 3.0"
+end