pedump 0.5.2 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 36cf566a0402466825375c371ef074e1512e0f68
-  data.tar.gz: 57c35cffa2643d1e02884f5e3acbadd6bc435963
+SHA256:
+  metadata.gz: '09298f0bc9e608f9b7636a80f6f4b9aeb29aaf6f8f3bf72aa743a06d1bc3dd30'
+  data.tar.gz: e86dc4d6edd01222416e4937cec876a2551dea3b4ba8cb7eefb7aaa09d0375ce
 SHA512:
-  metadata.gz: 6064efb885476ed1f789e8ab4d7ca9ea59202c41d61a9b5434cda1bdc906aa9972ca8b73f5808427110137c9f72d869b8a9bcacc8a6a52ef992c77b66ef45bd1
-  data.tar.gz: 1dbe9488d26068fc432e338ae1225d4eea6359334a30ed7f335a7229a7fde5fdf158f4a5eb458264bcf0006a37d62b634072afc887abf0e253f783ee7e96cb9c
+  metadata.gz: 3b83b01e940fb0388a95566d4ca53fe61913f02b9d474987a35deb9c0b4073d66712a9179f801bc617f7202a3d42fd0d05e5a1cbe34ec332f3cf38c494e2f660
+  data.tar.gz: 64d7ae8c83a01f7e9772ed1e7e631474079baedd914f19ec26c725bb2a663155076d50777c14080532de3bcc3241fa0423705326e8f20067ec568b10e934d84b

data/Gemfile

@@ -1,2 +1,16 @@
 source "https://rubygems.org"
-gemspec
+#gemspec
+
+gem 'rainbow'
+gem "awesome_print"
+gem "iostruct",       ">= 0.0.4"
+gem "multipart-post", ">= 2.0.0"
+gem "progressbar"
+gem "zhexdump",       ">= 0.0.2"
+
+group :development do
+  gem "rspec",   "~> 3.9.0"
+  gem "rspec-its", "~> 1.3.0"
+  gem "bundler", "~> 2.1.4"
+  gem "jeweler", "~> 2.3.9"
+end

data/Gemfile.lock

@@ -1,45 +1,90 @@
-PATH
-  remote: .
-  specs:
-    pedump (0.5.1)
-      awesome_print
-      iostruct (>= 0.0.4)
-      multipart-post (~> 2.0.0)
-      progressbar
-      zhexdump (>= 0.0.2)
-
 GEM
   remote: https://rubygems.org/
   specs:
-    awesome_print (1.7.0)
-    diff-lcs (1.2.5)
+    addressable (2.4.0)
+    awesome_print (1.8.0)
+    builder (3.2.4)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.3)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
+    git (1.5.0)
+    github_api (0.16.0)
+      addressable (~> 2.4.0)
+      descendants_tracker (~> 0.0.4)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 3.4)
+      mime-types (>= 1.16, < 3.0)
+      oauth2 (~> 1.0)
+    hashie (4.0.0)
+    highline (2.0.3)
     iostruct (0.0.4)
+    jeweler (2.3.9)
+      builder
+      bundler
+      git (>= 1.2.5)
+      github_api (~> 0.16.0)
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      psych
+      rake
+      rdoc
+      semver2
+    jwt (2.2.1)
+    mime-types (2.99.3)
+    mini_portile2 (2.4.0)
+    multi_json (1.14.1)
+    multi_xml (0.6.0)
     multipart-post (2.0.0)
-    progressbar (0.21.0)
-    rake (10.5.0)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.3)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
+    nokogiri (1.10.7)
+      mini_portile2 (~> 2.4.0)
+    oauth2 (1.4.2)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    progressbar (1.10.1)
+    psych (3.1.0)
+    rack (2.1.1)
+    rainbow (3.0.0)
+    rake (13.0.1)
+    rdoc (6.2.1)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
+      rspec-support (~> 3.9.0)
+    rspec-its (1.3.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+    semver2 (3.4.2)
+    thread_safe (0.3.6)
     zhexdump (0.0.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.11)
-  pedump!
-  rake (~> 10.0)
-  rspec (~> 3.0)
+  awesome_print
+  bundler (~> 2.1.4)
+  iostruct (>= 0.0.4)
+  jeweler (~> 2.3.9)
+  multipart-post (>= 2.0.0)
+  progressbar
+  rainbow
+  rspec (~> 3.9.0)
+  rspec-its (~> 1.3.0)
+  zhexdump (>= 0.0.2)
 
 BUNDLED WITH
-   1.12.5
+   2.1.4

data/Rakefile

@@ -1,5 +1,35 @@
+# encoding: utf-8
+
+require 'rubygems'
 require 'bundler'
-require 'bundler/gem_tasks'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "pedump"
+  gem.homepage = "http://github.com/zed-0xff/pedump"
+  gem.license = "MIT"
+  gem.summary = %Q{dump win32 PE executable files with a pure ruby}
+  gem.description = %Q{dump headers, sections, extract resources of win32 PE exe,dll,etc}
+  gem.email = "zed.0xff@gmail.com"
+  gem.authors = ["Andrey \"Zed\" Zaikin"]
+  gem.executables = %w'pedump'
+  gem.files.include "lib/**/*.rb"
+  gem.files.exclude %w'samples/**/* spec/**/* tmp/**/* tmp/.keep .* README.md.tpl'
+  gem.extra_rdoc_files.exclude 'README.md.tpl'
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
 require 'rspec/core/rake_task'
 
 desc "run specs"

data/VERSION

@@ -1 +1 @@
-0.5.2
+0.5.3

data/lib/pedump.rb

@@ -2,6 +2,7 @@
 require 'stringio'
 require 'iostruct'
 require 'zhexdump'
+require 'set'
 
 unless Object.new.respond_to?(:try) && nil.respond_to?(:try)
   require 'pedump/core_ext/try'
@@ -27,6 +28,7 @@ class PEdump
 
   VERSION    = Version::STRING
   MAX_ERRORS = 100
+  MAX_IMAGE_IMPORT_DESCRIPTORS = 1000
 
   @@logger = nil
 
@@ -527,7 +529,11 @@ class PEdump
           # http://code.google.com/p/corkami/source/browse/trunk/asm/PE/manyimportsW7.asm
           break
         end
-        t=IMAGE_IMPORT_DESCRIPTOR.read(f)
+        if r.size >= MAX_IMAGE_IMPORT_DESCRIPTORS
+          logger.warn "[!] too many IMAGE_IMPORT_DESCRIPTORs, not reading more than #{r.size}"
+          break
+        end
+        t = IMAGE_IMPORT_DESCRIPTOR.read(f)
         break if t.Name.to_i == 0 # also catches EOF
         r << t
         file_offset += IMAGE_IMPORT_DESCRIPTOR::SIZE
@@ -536,8 +542,16 @@ class PEdump
       logger.warn "[?] imports info beyond EOF"
     end
 
+    n_bad_names = 0
     logger.warn "[?] non-empty last IMAGE_IMPORT_DESCRIPTOR: #{t.inspect}" if t && !t.empty?
-    @imports = r.each do |x|
+    @imports = r
+    r = nil
+    @imports.each_with_index do |x, iidx|
+      if n_bad_names > MAX_ERRORS
+        logger.warn "[!] too many bad imported function names. skipping further imports parsing"
+        @imports = @imports[0,iidx]
+        break
+      end
       if x.Name.to_i != 0 && (ofs = va2file(x.Name))
         begin
         f.seek ofs
@@ -572,12 +586,18 @@ class PEdump
                 logger.warn "[?] import ofs 0x#{ofs.to_s(16)} VA=0x#{t.to_s(16)} beyond EOF"
                 nil
               else
-                ImportedFunction.new(
-                  f.read(2).unpack('v').first,
-                  f.gets("\x00").chomp("\x00"),
-                  nil,
-                  va
-                )
+                hint = f.read(2).unpack('v').first
+                name = f.gets("\x00").chomp("\x00")
+                if !name.empty? && name !~ /\A[\x33-\x7f]+\Z/
+                  n_bad_names += 1
+                  if n_bad_names > MAX_ERRORS
+                    nil
+                  else
+                    ImportedFunction.new(hint, name, nil, va)
+                  end
+                else
+                  ImportedFunction.new(hint, name, nil, va)
+                end
               end
             elsif tbl == :original_first_thunk
               # OriginalFirstThunk entries can not be invalid, show a warning msg
@@ -592,7 +612,7 @@ class PEdump
             end
         end
         x[tbl] && x[tbl].compact!
-      end
+      end # [:original_first_thunk, :first_thunk].each
       if x.original_first_thunk && !x.first_thunk
         logger.warn "[?] import table: empty FirstThunk for #{x.module_name}"
       elsif !x.original_first_thunk && x.first_thunk
@@ -603,7 +623,8 @@ class PEdump
           logger.debug "[?] import table: OriginalFirstThunk != FirstThunk for #{x.module_name}"
         end
       end
-    end
+    end # r.each
+    @imports
   end
 
   ##############################################################################

data/lib/pedump/loader/minidump.rb

@@ -110,7 +110,34 @@ class PEdump
         16 => :MemoryInfoListStream,         # MINIDUMP_MEMORY_INFO_LIST
         17 => :ThreadInfoListStream,
         18 => :HandleOperationListStream,
-    0xffff => :LastReservedStream
+    0xffff => :LastReservedStream,
+
+    # Special types saved by google breakpad
+    # https://chromium.googlesource.com/breakpad/breakpad/+/846b6335c5b0ba46dfa2ed96fccfa3f7a02fa2f1/src/google_breakpad/common/minidump_format.h#311
+    0x47670001 => :BreakpadInfoStream,
+    0x47670002 => :BreakpadAssertionInfoStream,
+    0x47670003 => :BreakpadLinuxCpuInfo,
+    0x47670004 => :BreakpadLinuxProcStatus,
+    0x47670005 => :BreakpadLinuxLsbRelease,
+    0x47670006 => :BreakpadLinuxCmdLine,
+    0x47670007 => :BreakpadLinuxEnviron,
+    0x47670008 => :BreakpadLinuxAuxv,
+    0x47670009 => :BreakpadLinuxMaps,
+    0x4767000A => :BreakpadLinuxDsoDebug,
+
+    # Saved by crashpad
+    # https://chromium.googlesource.com/crashpad/crashpad/+/doc/minidump/minidump_extensions.h#95
+    0x43500001 => :CrashpadInfo,
+
+    # Saved by Syzyasan
+    # https://github.com/google/syzygy/blob/c8bb4927f07fec0de8834c4774ddaafef0bc099f/syzygy/kasko/api/client.h#L28
+    # https://github.com/google/syzygy/blob/master/syzygy/crashdata/crashdata.proto
+    0x4B6B0001 => :SyzyasanCrashdata,
+
+    # Saved by Chromium
+    0x4B6B0002 => :ChromiumStabilityReport,
+    0x4B6B0003 => :ChromiumSystemProfile,
+    0x4B6B0004 => :ChromiumGwpAsanData,
   }
 
   class Loader
@@ -134,9 +161,16 @@ class PEdump
           end
       end
 
+      def stream_by_name(name)
+        type = MINIDUMP_STREAM_TYPE.invert[name]
+        raise "Unknown type symbol #{name}!" if !type
+
+        streams.find { |s| s.StreamType == type }
+      end
+
       def memory_info_list
         # MINIDUMP_MEMORY_INFO_LIST
-        stream = streams.find{ |s| s.StreamType == 16 }
+        stream = stream_by_name(:MemoryInfoListStream)
         return nil unless stream
         io.seek stream.Location.Rva
         MINIDUMP_MEMORY_INFO_LIST.read io
@@ -144,7 +178,7 @@ class PEdump
 
       def memory_list
         # MINIDUMP_MEMORY_LIST
-        stream = streams.find{ |s| s.StreamType == 5 }
+        stream = stream_by_name(:MemoryListStream)
         return nil unless stream
         io.seek stream.Location.Rva
         MINIDUMP_MEMORY_LIST.read io
@@ -152,7 +186,7 @@ class PEdump
 
       def memory64_list
         # MINIDUMP_MEMORY64_LIST
-        stream = streams.find{ |s| s.StreamType == 9 }
+        stream = stream_by_name(:Memory64ListStream)
         return nil unless stream
         io.seek stream.Location.Rva
         MINIDUMP_MEMORY64_LIST.read io
@@ -216,21 +250,102 @@ end # module PEdump
 
 if $0 == __FILE__
   require 'pp'
+  require 'optparse'
+
+  options = {}
+  opt_parse = OptionParser.new do |opts|
+    opts.banner = "Usage: #{$0} [options] <minidump>"
+
+    opts.on("--all", "Print all of the following sections") do
+      options[:all] = true
+    end
+    opts.on("--header", "Print minidump header") do
+      options[:header] = true
+    end
+    opts.on("--streams", "Print out the streams present") do
+      options[:streams] = true
+    end
+    opts.on("--memory-ranges", "Print out memory ranges included in the minidump") do
+      options[:memory_ranges] = true
+    end
+    opts.on("--breakpad", "Print out breakpad text sections if present") do
+      options[:breakpad] = true
+    end
+    opts.separator ''
+
+    opts.on("--memory <address>", "Print the memory range beginning at address") do |m|
+      options[:memory] = m.hex
+    end
+    opts.separator ''
+
+    opts.on("-h", "--help", "Help") do
+      puts opts
+      exit 0
+    end
+  end
+
+  opt_parse.parse!
 
-  raise "gimme a fname" if ARGV.empty?
-  io = open(ARGV.first,"rb")
+  if ARGV.empty?
+    $stderr.puts opt_parse.help
+    exit 1
+  end
 
+  io = open(ARGV.first, "rb")
   md = PEdump::Loader::Minidump.new io
-  pp md.hdr
-  puts
-  puts "[.] #{md.memory_ranges.size} memory ranges"
-  puts "[.] #{md.memory_ranges(:merge => true).size} merged memory ranges"
-  puts
 
-#  pp md.memory_info_list
-#  pp md.memory_list
+  if options[:all] || options[:header]
+    pp md.hdr
+    puts
+  end
+
+  if options[:all] || options[:streams]
+    puts "[.] Streams present in the minidump:"
+    md.streams.each do |s|
+      if PEdump::MINIDUMP_STREAM_TYPE[s.StreamType]
+        puts "[.] #{PEdump::MINIDUMP_STREAM_TYPE[s.StreamType]}"
+      else
+        puts "[.] Unknown stream type #{s.StreamType}"
+      end
+    end
+    puts
+  end
+
+  if options[:all] || options[:breakpad]
+    [ :BreakpadLinuxCpuInfo, :BreakpadLinuxProcStatus, :BreakpadLinuxMaps,
+      :BreakpadLinuxCmdLine, :BreakpadLinuxEnviron ].each { |name|
+      stream = md.stream_by_name(name)
+      next if !stream
+
+      io.seek stream.Location.Rva
+      contents = io.read(stream.Location.DataSize)
+
+      if contents !~ /[^[:print:][:space:]]/
+        puts "[.] Section #{name}:"
+        puts contents
+      else
+        puts "[.] Section #{name}: #{contents.inspect}"
+      end
+      puts
+    }
+  end
+
+  if options[:all] || options[:memory_ranges]
+    puts "[.] #{md.memory_ranges.size} memory ranges"
+    puts "[.] #{md.memory_ranges(:merge => true).size} merged memory ranges"
+    puts
+
+    printf "[.] %16s %8s\n", "addr", "size"
+    md.memory_ranges(:merge => true).sort_by { |mr| mr.va }.each do |mr|
+      printf "[.] %16x %8x\n", mr.va, mr.size
+    end
+  end
+
+  if options[:memory]
+    mr = md.memory_ranges(:merge => true).find { |r| r.va == options[:memory] }
+    raise "Could not find the specified region" if !mr
 
-  md.memory_ranges(:merge => true).each do |mr|
-    printf "[.] %8x %8x %8x\n", mr.file_offset, mr.va, mr.size
+    io.seek(mr.file_offset)
+    print io.read(mr.size)
   end
 end

data/lib/pedump/unpacker/aspack.rb

@@ -607,7 +607,7 @@ class PEdump::Unpacker::ASPack
     if m = @data.match(RELOCS_RE)
       a = m[1..-1].map{|x| x.unpack('V').first }
     else
-      logger.error "[!] cannot find imports"
+      logger.error "[!] cannot find relocs"
       raise
       return
     end

data/pedump.gemspec

@@ -1,33 +1,109 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'pedump/version'
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: pedump 0.5.3 ruby lib
 
-Gem::Specification.new do |spec|
-  spec.name          = "pedump"
-  spec.version       = PEdump::Version::STRING
-  spec.authors       = ["Andrey \"Zed\" Zaikin"]
-  spec.email         = ["zed.0xff@gmail.com"]
+Gem::Specification.new do |s|
+  s.name = "pedump".freeze
+  s.version = "0.5.3"
 
-  spec.summary       = "dump win32 PE executable files with a pure ruby"
-  spec.description   = "dump headers, sections, extract resources of win32 PE exe,dll,etc"
-  spec.homepage      = "http://github.com/zed-0xff/pedump"
-  spec.license       = "MIT"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["Andrey \"Zed\" Zaikin".freeze]
+  s.date = "2020-01-24"
+  s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
+  s.email = "zed.0xff@gmail.com".freeze
+  s.executables = ["pedump".freeze]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "bin/pedump",
+    "data/fs.txt",
+    "data/jc-userdb.txt",
+    "data/sig.bin",
+    "data/signatures.txt",
+    "data/userdb.txt",
+    "lib/pedump.rb",
+    "lib/pedump/cli.rb",
+    "lib/pedump/comparer.rb",
+    "lib/pedump/composite_io.rb",
+    "lib/pedump/core.rb",
+    "lib/pedump/core_ext/try.rb",
+    "lib/pedump/loader.rb",
+    "lib/pedump/loader/minidump.rb",
+    "lib/pedump/loader/section.rb",
+    "lib/pedump/logger.rb",
+    "lib/pedump/ne.rb",
+    "lib/pedump/ne/version_info.rb",
+    "lib/pedump/packer.rb",
+    "lib/pedump/pe.rb",
+    "lib/pedump/resources.rb",
+    "lib/pedump/security.rb",
+    "lib/pedump/sig_parser.rb",
+    "lib/pedump/tls.rb",
+    "lib/pedump/unpacker.rb",
+    "lib/pedump/unpacker/aspack.rb",
+    "lib/pedump/unpacker/upx.rb",
+    "lib/pedump/version.rb",
+    "lib/pedump/version_info.rb",
+    "misc/aspack/Makefile",
+    "misc/aspack/aspack_unlzx.c",
+    "misc/aspack/lzxdec.c",
+    "misc/aspack/lzxdec.h",
+    "misc/nedump.c",
+    "pedump.gemspec"
+  ]
+  s.homepage = "http://github.com/zed-0xff/pedump".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.7.6".freeze
+  s.summary = "dump win32 PE executable files with a pure ruby".freeze
 
-  spec.files         = `git ls-files -z`.split("\x0").
-    reject { |f| f.match(%r{^(test|spec|features|samples|tmp|\.)/}) || f.start_with?('.') || f == "README.md.tpl" }
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
 
-  spec.bindir        = "bin"
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "awesome_print"
-  spec.add_dependency "iostruct",       ">= 0.0.4"
-  spec.add_dependency "multipart-post", "~> 2.0.0"
-  spec.add_dependency "progressbar"
-  spec.add_dependency "zhexdump",       ">= 0.0.2"
-
-  spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake",    "~> 10.0"
-  spec.add_development_dependency "rspec",   "~> 3.0"
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rainbow>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<awesome_print>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+      s.add_runtime_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+      s.add_runtime_dependency(%q<progressbar>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+      s.add_development_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+      s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+      s.add_development_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
+      s.add_development_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+    else
+      s.add_dependency(%q<rainbow>.freeze, [">= 0"])
+      s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
+      s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+      s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+      s.add_dependency(%q<progressbar>.freeze, [">= 0"])
+      s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+      s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+      s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+      s.add_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
+      s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+    end
+  else
+    s.add_dependency(%q<rainbow>.freeze, [">= 0"])
+    s.add_dependency(%q<awesome_print>.freeze, [">= 0"])
+    s.add_dependency(%q<iostruct>.freeze, [">= 0.0.4"])
+    s.add_dependency(%q<multipart-post>.freeze, [">= 2.0.0"])
+    s.add_dependency(%q<progressbar>.freeze, [">= 0"])
+    s.add_dependency(%q<zhexdump>.freeze, [">= 0.0.2"])
+    s.add_dependency(%q<rspec>.freeze, ["~> 3.9.0"])
+    s.add_dependency(%q<rspec-its>.freeze, ["~> 1.3.0"])
+    s.add_dependency(%q<bundler>.freeze, ["~> 2.1.4"])
+    s.add_dependency(%q<jeweler>.freeze, ["~> 2.3.9"])
+  end
 end
+

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.5.3
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-09 00:00:00.000000000 Z
+date: 2020-01-24 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: awesome_print
   requirement: !ruby/object:Gem::Requirement
@@ -42,14 +56,14 @@ dependencies:
   name: multipart-post
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.0
 - !ruby/object:Gem::Dependency
@@ -81,54 +95,69 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.0.2
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: 3.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: 3.9.0
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.1.4
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.9
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.9
 description: dump headers, sections, extract resources of win32 PE exe,dll,etc
-email:
-- zed.0xff@gmail.com
+email: zed.0xff@gmail.com
 executables:
 - pedump
 extensions: []
-extra_rdoc_files: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
 files:
 - Gemfile
 - Gemfile.lock
@@ -191,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: dump win32 PE executable files with a pure ruby