RubyGems - pedump - Versions diffs - 0.5.0 → 0.5.1 - Mend

pedump 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

checksums.yaml +7 -0
data/Gemfile +3 -9
data/Gemfile.lock +23 -24
data/Rakefile +3 -72
data/VERSION +1 -1
data/lib/pedump.rb +9 -4
data/lib/pedump/loader.rb +1 -1
data/lib/pedump/loader/minidump.rb +66 -17
data/lib/pedump/version.rb +1 -1
data/pedump.gemspec +22 -132
metadata +24 -164
data/.document +0 -5
data/.rspec +0 -1
data/.travis.yml +0 -4
data/samples/bad/68.exe +0 -0
data/samples/bad/data_dir_15_entries.exe +0 -0
data/spec/65535sects_spec.rb +0 -8
data/spec/bad_imports_spec.rb +0 -20
data/spec/bad_samples_spec.rb +0 -13
data/spec/composite_io_spec.rb +0 -122
data/spec/data/calc.exe_sections.yml +0 -49
data/spec/data/data_dir_15_entries.exe_sections.yml +0 -95
data/spec/dllord_spec.rb +0 -21
data/spec/foldedhdr_spec.rb +0 -28
data/spec/imports_badterm_spec.rb +0 -52
data/spec/imports_vterm_spec.rb +0 -52
data/spec/loader/names_spec.rb +0 -24
data/spec/loader/va_spec.rb +0 -44
data/spec/manyimportsW7_spec.rb +0 -22
data/spec/ne_spec.rb +0 -125
data/spec/packer_spec.rb +0 -17
data/spec/pe_spec.rb +0 -67
data/spec/pedump_spec.rb +0 -19
data/spec/resource_spec.rb +0 -13
data/spec/sections_spec.rb +0 -11
data/spec/sig_all_packers_spec.rb +0 -24
data/spec/sig_spec.rb +0 -68
data/spec/spec_helper.rb +0 -24
data/spec/support/samples.rb +0 -24
data/spec/unpackers/aspack_spec.rb +0 -69
data/spec/unpackers/find_spec.rb +0 -21
data/spec/virtsectblXP_spec.rb +0 -12
data/tmp/.keep +0 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b7032e6e832ba6c7fead77e245952396e8e28f42
+  data.tar.gz: 35bb50e4f1095127491dfe2cf0f902588afd8799
+SHA512:
+  metadata.gz: 70050e12128d7068566db6aec580ebc79066134b16e38538747423bf2a52409adcb2564692463497fbe33906741e0de3d2843571ad613b17cad97d08cae5bea8
+  data.tar.gz: 03ad91ef9cdf5554458ffe2c50ef7ceb2ec79b6368e48e2f96b15c6f4536b82f894edafc52a01bf1b44755229ff282f6321b6db520990721901166fa0fe3541a

data/Gemfile CHANGED

@@ -1,20 +1,14 @@
 source "http://rubygems.org"
-# Add dependencies required to use your gem here.
-# Example:
-#   gem "activesupport", ">= 2.3.5"
-gem "multipart-post", "~> 1.1.4"
+gem "multipart-post", "~> 2.0.0"
 gem "progressbar"
 gem "awesome_print"
 gem "iostruct", ">= 0.0.4"
 gem "zhexdump", ">= 0.0.2"
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
 group :development do
   gem "rspec"
   gem "bundler"
-  gem "jeweler"
-#  gem "rcov", ">= 0"
   gem "what_methods"
-#  gem "looksee"
+  gem "rake"
 end

data/Gemfile.lock CHANGED

@@ -1,29 +1,25 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    awesome_print (1.1.0)
-    diff-lcs (1.1.3)
-    git (1.2.5)
+    awesome_print (1.7.0)
+    diff-lcs (1.2.5)
     iostruct (0.0.4)
-    jeweler (1.8.4)
-      bundler (~> 1.0)
-      git (>= 1.2.5)
-      rake
-      rdoc
-    json (1.7.5)
-    multipart-post (1.1.5)
-    progressbar (0.12.0)
-    rake (10.0.4)
-    rdoc (3.12)
-      json (~> 1.4)
-    rspec (2.12.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    rspec-core (2.12.1)
-    rspec-expectations (2.12.0)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.12.0)
+    multipart-post (2.0.0)
+    progressbar (0.21.0)
+    rake (10.4.2)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.3)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
     what_methods (1.0.1)
     zhexdump (0.0.2)
@@ -34,9 +30,12 @@ DEPENDENCIES
   awesome_print
   bundler
   iostruct (>= 0.0.4)
-  jeweler
-  multipart-post (~> 1.1.4)
+  multipart-post (~> 2.0.0)
   progressbar
+  rake
   rspec
   what_methods
   zhexdump (>= 0.0.2)
+BUNDLED WITH
+   1.12.5

data/Rakefile CHANGED

@@ -1,81 +1,12 @@
-# encoding: utf-8
-require 'rubygems'
 require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "pedump"
-  gem.homepage = "http://github.com/zed-0xff/pedump"
-  gem.license = "MIT"
-  gem.summary = %Q{dump win32 PE executable files with a pure ruby}
-  gem.description = %Q{dump headers, sections, extract resources of win32 PE exe,dll,etc}
-  gem.email = "zed.0xff@gmail.com"
-  gem.authors = ["Andrey \"Zed\" Zaikin"]
-  gem.executables = %w'pedump'
-  gem.files.include "lib/**/*.rb"
-  gem.files.include "data/*.bin"
-  gem.files.include "data/*.txt"
-  gem.files.exclude "samples/*", "README.md.tpl"
-  gem.extra_rdoc_files.exclude "README.md.tpl"
-end
-Jeweler::RubygemsDotOrgTasks.new
-require 'rspec/core'
+require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec) do |spec|
-  spec.pattern = FileList['spec/**/*_spec.rb']
-end
-RSpec::Core::RakeTask.new(:rcov) do |spec|
-  spec.pattern = 'spec/**/*_spec.rb'
-  spec.rcov = true
-end
+desc "run specs"
+RSpec::Core::RakeTask.new
 task :default => :spec
-#require 'rake/rdoctask'
-#Rake::RDocTask.new do |rdoc|
-#  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-#
-#  rdoc.rdoc_dir = 'rdoc'
-#  rdoc.title = "pedump #{version}"
-#  rdoc.rdoc_files.include('README*')
-#  rdoc.rdoc_files.include('lib/**/*.rb')
-#end
-class Jeweler::Commands::Version::Base
-  alias :commit_version_old :commit_version
-  def commit_version
-    code = <<-EOF
-class PEdump
-  module Version
-    MAJOR = #{version_helper.major}
-    MINOR = #{version_helper.minor}
-    PATCH = #{version_helper.patch}
-    BUILD = nil
-    STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
-  end
-end
-    EOF
-    vfile = working_subdir.join("lib/pedump/version.rb")
-    File.open(vfile,"w"){ |f| f << code }
-    self.repo.add vfile if self.repo
-    commit_version_old
-  end
-end
 namespace :test do
   desc "test on all files in given path"
   task :all_files do

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.5.0
1	+ 0.5.1

data/lib/pedump.rb CHANGED

@@ -474,9 +474,10 @@ class PEdump
     :first_thunk
   class ImportedFunction < Struct.new(:hint, :name, :ordinal, :va, :module_name)
-#    def == x
-#      self.hint == x.hint && self.name == x.name && self.ordinal == x.ordinal
-#    end
+    def == x
+      self.hint == x.hint && self.name == x.name && self.ordinal == x.ordinal &&
+        self.module_name == x.module_name
+    end
 #    def <=> x
 #      self.to_a[0..-2] <=> x.to_a[0..-2]
 #    end
@@ -626,7 +627,11 @@ class PEdump
     :name, :entry_points, :names, :name_ordinals, :functions,
     :description # NE only
-  ExportedFunction = Struct.new :name, :ord, :va, :file_offset
+  class ExportedFunction < Struct.new :name, :ord, :va, :file_offset
+    def ordinal
+      self.ord
+    end
+  end
   def exports f=@io
     if pe(f)

data/lib/pedump/loader.rb CHANGED

@@ -263,7 +263,7 @@ class PEdump::Loader
     @pedump.imports.each do |iid| # Image Import Descriptor
       va = iid.FirstThunk + @image_base
       (Array(iid.original_first_thunk) + Array(iid.first_thunk)).uniq.each do |func|
-        name = func.name || "##{func.ordinal}"
+        name = "__imp_" + (func.name || "#{func.ordinal}")
         @names[va] = name
         va += 4
       end

data/lib/pedump/loader/minidump.rb CHANGED

@@ -53,6 +53,24 @@ class PEdump
     end
   end
+  MINIDUMP_MEMORY_DESCRIPTOR = IOStruct.new 'QLL',
+    :StartOfMemoryRange,
+    :DataSize,
+    :Rva
+  class MINIDUMP_MEMORY_LIST < IOStruct.new 'L',
+    :NumberOfMemoryRanges,
+    :MemoryRanges
+    def self.read io
+      r = super
+      r.MemoryRanges = r.NumberOfMemoryRanges.times.map{ MINIDUMP_MEMORY_DESCRIPTOR.read(io) }
+      r
+    end
+    def entries; self.MemoryRanges; end
+  end
   MINIDUMP_MEMORY_DESCRIPTOR64 = IOStruct.new 'QQ',
     :StartOfMemoryRange,
     :DataSize
@@ -78,7 +96,7 @@ class PEdump
          2 => :ReservedStream1,
          3 => :ThreadListStream,
          4 => :ModuleListStream,
-         5 => :MemoryListStream,
+         5 => :MemoryListStream,             # MINIDUMP_MEMORY_LIST
          6 => :ExceptionStream,
          7 => :SystemInfoStream,
          8 => :ThreadExListStream,
@@ -125,6 +143,14 @@ class PEdump
       end
       def memory_list
+        # MINIDUMP_MEMORY_LIST
+        stream = streams.find{ |s| s.StreamType == 5 }
+        return nil unless stream
+        io.seek stream.Location.Rva
+        MINIDUMP_MEMORY_LIST.read io
+      end
+      def memory64_list
         # MINIDUMP_MEMORY64_LIST
         stream = streams.find{ |s| s.StreamType == 9 }
         return nil unless stream
@@ -136,27 +162,50 @@ class PEdump
       # set options[:merge] = true to merge adjacent memory ranges
       def memory_ranges options = {}
-        ml = memory_list
-        file_offset = ml.BaseRva
-        r = []
-        if options[:merge]
-          ml.entries.each do |x|
-            if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
-              # if section VA == prev_section.VA + prev_section.SIZE
-              # then just increase the size of previous section
-              r.last.size += x.DataSize
-            else
+        if memory64_list
+          ml = memory64_list
+          file_offset = ml.BaseRva
+          r = []
+          if options[:merge]
+            ml.entries.each do |x|
+              if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
+                # if section VA == prev_section.VA + prev_section.SIZE
+                # then just increase the size of previous section
+                r.last.size += x.DataSize
+              else
+                r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
+              end
+              file_offset += x.DataSize
+            end
+          else
+            ml.entries.each do |x|
               r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
+              file_offset += x.DataSize
             end
-            file_offset += x.DataSize
           end
-        else
-          ml.entries.each do |x|
-            r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
-            file_offset += x.DataSize
+          return r
+        elsif memory_list
+          ml = memory_list
+          r = []
+          if options[:merge]
+            ml.entries.each do |x|
+              if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
+                # if section VA == prev_section.VA + prev_section.SIZE
+                # then just increase the size of previous section
+                r.last.size += x.DataSize
+              else
+                r << MemoryRange.new( x.Rva, x.StartOfMemoryRange, x.DataSize )
+              end
+            end
+          else
+            ml.entries.each do |x|
+              r << MemoryRange.new( x.Rva, x.StartOfMemoryRange, x.DataSize )
+            end
           end
+          return r
+        else
+          raise "Could not find memory ranges"
         end
-        r
       end
     end # class Minidump

data/lib/pedump/version.rb CHANGED

@@ -2,7 +2,7 @@ class PEdump
   module Version
     MAJOR = 0
     MINOR = 5
-    PATCH = 0
+    PATCH = 1
     BUILD = nil
     STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')

data/pedump.gemspec CHANGED

@@ -1,137 +1,27 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pedump/version'
-Gem::Specification.new do |s|
-  s.name = "pedump"
-  s.version = "0.5.0"
+Gem::Specification.new do |spec|
+  spec.name          = "pedump"
+  spec.version       = PEdump::Version::STRING
+  spec.authors       = ["Andrey \"Zed\" Zaikin"]
+  spec.email         = ["zed.0xff@gmail.com"]
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Andrey \"Zed\" Zaikin"]
-  s.date = "2013-04-20"
-  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
-  s.email = "zed.0xff@gmail.com"
-  s.executables = ["pedump"]
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.md"
-  ]
-  s.files = [
-    ".document",
-    ".rspec",
-    ".travis.yml",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.md",
-    "Rakefile",
-    "VERSION",
-    "bin/pedump",
-    "data/fs.txt",
-    "data/jc-userdb.txt",
-    "data/sig.bin",
-    "data/signatures.txt",
-    "data/userdb.txt",
-    "lib/pedump.rb",
-    "lib/pedump/cli.rb",
-    "lib/pedump/comparer.rb",
-    "lib/pedump/composite_io.rb",
-    "lib/pedump/core.rb",
-    "lib/pedump/core_ext/try.rb",
-    "lib/pedump/loader.rb",
-    "lib/pedump/loader/minidump.rb",
-    "lib/pedump/loader/section.rb",
-    "lib/pedump/logger.rb",
-    "lib/pedump/ne.rb",
-    "lib/pedump/ne/version_info.rb",
-    "lib/pedump/packer.rb",
-    "lib/pedump/pe.rb",
-    "lib/pedump/resources.rb",
-    "lib/pedump/security.rb",
-    "lib/pedump/sig_parser.rb",
-    "lib/pedump/tls.rb",
-    "lib/pedump/unpacker.rb",
-    "lib/pedump/unpacker/aspack.rb",
-    "lib/pedump/unpacker/upx.rb",
-    "lib/pedump/version.rb",
-    "lib/pedump/version_info.rb",
-    "misc/aspack/Makefile",
-    "misc/aspack/aspack_unlzx.c",
-    "misc/aspack/lzxdec.c",
-    "misc/aspack/lzxdec.h",
-    "misc/nedump.c",
-    "pedump.gemspec",
-    "samples/bad/68.exe",
-    "samples/bad/data_dir_15_entries.exe",
-    "spec/65535sects_spec.rb",
-    "spec/bad_imports_spec.rb",
-    "spec/bad_samples_spec.rb",
-    "spec/composite_io_spec.rb",
-    "spec/data/calc.exe_sections.yml",
-    "spec/data/data_dir_15_entries.exe_sections.yml",
-    "spec/dllord_spec.rb",
-    "spec/foldedhdr_spec.rb",
-    "spec/imports_badterm_spec.rb",
-    "spec/imports_vterm_spec.rb",
-    "spec/loader/names_spec.rb",
-    "spec/loader/va_spec.rb",
-    "spec/manyimportsW7_spec.rb",
-    "spec/ne_spec.rb",
-    "spec/packer_spec.rb",
-    "spec/pe_spec.rb",
-    "spec/pedump_spec.rb",
-    "spec/resource_spec.rb",
-    "spec/sections_spec.rb",
-    "spec/sig_all_packers_spec.rb",
-    "spec/sig_spec.rb",
-    "spec/spec_helper.rb",
-    "spec/support/samples.rb",
-    "spec/unpackers/aspack_spec.rb",
-    "spec/unpackers/find_spec.rb",
-    "spec/virtsectblXP_spec.rb",
-    "tmp/.keep"
-  ]
-  s.homepage = "http://github.com/zed-0xff/pedump"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
-  s.summary = "dump win32 PE executable files with a pure ruby"
+  spec.summary       = "dump win32 PE executable files with a pure ruby"
+  spec.description   = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
+  spec.homepage      = "http://github.com/zed-0xff/pedump"
+  spec.license       = "MIT"
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  spec.files         = `git ls-files -z`.split("\x0").
+    reject { |f| f.match(%r{^(test|spec|features|samples|tmp|\.)/}) || f.start_with?('.') || f == "README.md.tpl" }
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_runtime_dependency(%q<progressbar>, [">= 0"])
-      s.add_runtime_dependency(%q<awesome_print>, [">= 0"])
-      s.add_runtime_dependency(%q<iostruct>, [">= 0.0.4"])
-      s.add_runtime_dependency(%q<zhexdump>, [">= 0.0.2"])
-      s.add_development_dependency(%q<rspec>, [">= 0"])
-      s.add_development_dependency(%q<bundler>, [">= 0"])
-      s.add_development_dependency(%q<jeweler>, [">= 0"])
-      s.add_development_dependency(%q<what_methods>, [">= 0"])
-    else
-      s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-      s.add_dependency(%q<progressbar>, [">= 0"])
-      s.add_dependency(%q<awesome_print>, [">= 0"])
-      s.add_dependency(%q<iostruct>, [">= 0.0.4"])
-      s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
-      s.add_dependency(%q<rspec>, [">= 0"])
-      s.add_dependency(%q<bundler>, [">= 0"])
-      s.add_dependency(%q<jeweler>, [">= 0"])
-      s.add_dependency(%q<what_methods>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<multipart-post>, ["~> 1.1.4"])
-    s.add_dependency(%q<progressbar>, [">= 0"])
-    s.add_dependency(%q<awesome_print>, [">= 0"])
-    s.add_dependency(%q<iostruct>, [">= 0.0.4"])
-    s.add_dependency(%q<zhexdump>, [">= 0.0.2"])
-    s.add_dependency(%q<rspec>, [">= 0"])
-    s.add_dependency(%q<bundler>, [">= 0"])
-    s.add_dependency(%q<jeweler>, [">= 0"])
-    s.add_dependency(%q<what_methods>, [">= 0"])
-  end
-end
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake",    "~> 10.0"
+  spec.add_development_dependency "rspec",   "~> 3.0"
+end