pedump 0.5.3 → 0.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -5
- data/VERSION +1 -1
- data/lib/pedump.rb +6 -4
- data/lib/pedump/cli.rb +6 -3
- data/lib/pedump/version.rb +2 -5
- data/pedump.gemspec +4 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c167f3c637d0eb649e1ff15a7d18a58682ed89b318d2425c8f6713e5c203409e
|
|
4
|
+
data.tar.gz: f362fd8c83ad8697439b212751c7c8b5c4514a92fd5becaf4769bde5566f752a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8997606d9577b1e43e47681151017edfde52b32da1125ee67fab26c9649a9f6d03a9fdb3e5259a790c1519def75e536c124fefe59608af861e17d86e7e201a63
|
|
7
|
+
data.tar.gz: 62ad9a8fef0aaea4cc0b637f033705ee02e1623320bf043ad4e08c8834d95ce92f1b04639ec5e7e46c5212ba23d132181a664d41dd84d454cd72ed55ac19f6a7
|
data/README.md
CHANGED
|
@@ -43,7 +43,7 @@ Usage
|
|
|
43
43
|
(can be used multiple times)
|
|
44
44
|
-F, --force Try to dump by all means
|
|
45
45
|
(can cause exceptions & heavy wounds)
|
|
46
|
-
-f, --format FORMAT Output format: bin,c,dump,hex,inspect,table,yaml
|
|
46
|
+
-f, --format FORMAT Output format: bin,c,dump,hex,inspect,json,table,yaml
|
|
47
47
|
(default: table)
|
|
48
48
|
--mz
|
|
49
49
|
--dos-stub
|
|
@@ -67,9 +67,11 @@ Usage
|
|
|
67
67
|
-r, --recursive recurse dirs in packer detect
|
|
68
68
|
--all Dump all but resource-directory (default)
|
|
69
69
|
--va2file VA Convert RVA to file offset
|
|
70
|
+
|
|
70
71
|
-W, --web Uploads files to a http://pedump.me
|
|
71
72
|
for a nice HTML tables with image previews,
|
|
72
73
|
candies & stuff
|
|
74
|
+
-C, --console opens IRB console with specified file loaded
|
|
73
75
|
|
|
74
76
|
### MZ Header
|
|
75
77
|
|
|
@@ -107,10 +109,10 @@ Usage
|
|
|
107
109
|
|
|
108
110
|
=== DOS STUB ===
|
|
109
111
|
|
|
110
|
-
00000000:
|
|
111
|
-
00000010:
|
|
112
|
-
00000020:
|
|
113
|
-
00000030:
|
|
112
|
+
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
|
|
113
|
+
00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
|
|
114
|
+
00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
|
|
115
|
+
00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
|
|
114
116
|
|
|
115
117
|
### 'Rich' Header
|
|
116
118
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.5.
|
|
1
|
+
0.5.4
|
data/lib/pedump.rb
CHANGED
|
@@ -29,6 +29,8 @@ class PEdump
|
|
|
29
29
|
VERSION = Version::STRING
|
|
30
30
|
MAX_ERRORS = 100
|
|
31
31
|
MAX_IMAGE_IMPORT_DESCRIPTORS = 1000
|
|
32
|
+
MAX_EXPORT_NUMBER_OF_NAMES = 16384 # got 7977 in http://pedump.me/03ad7400080678c6b1984f995d36fd04
|
|
33
|
+
GOOD_FUNCTION_NAME_RE = /\A[\x21-\x7f]+\Z/
|
|
32
34
|
|
|
33
35
|
@@logger = nil
|
|
34
36
|
|
|
@@ -588,7 +590,7 @@ class PEdump
|
|
|
588
590
|
else
|
|
589
591
|
hint = f.read(2).unpack('v').first
|
|
590
592
|
name = f.gets("\x00").chomp("\x00")
|
|
591
|
-
if !name.empty? && name !~
|
|
593
|
+
if !name.empty? && name !~ GOOD_FUNCTION_NAME_RE
|
|
592
594
|
n_bad_names += 1
|
|
593
595
|
if n_bad_names > MAX_ERRORS
|
|
594
596
|
nil
|
|
@@ -741,9 +743,9 @@ class PEdump
|
|
|
741
743
|
ord2name = {}
|
|
742
744
|
if x.names && x.names.any?
|
|
743
745
|
n = x.NumberOfNames
|
|
744
|
-
if n >
|
|
745
|
-
logger.warn "[?] NumberOfNames too big (#{x.NumberOfNames}), limiting to
|
|
746
|
-
n =
|
|
746
|
+
if n > MAX_EXPORT_NUMBER_OF_NAMES
|
|
747
|
+
logger.warn "[?] NumberOfNames too big (#{x.NumberOfNames}), limiting to #{MAX_EXPORT_NUMBER_OF_NAMES}"
|
|
748
|
+
n = MAX_EXPORT_NUMBER_OF_NAMES
|
|
747
749
|
end
|
|
748
750
|
n.times do |i|
|
|
749
751
|
ord2name[x.name_ordinals[i]] ||= []
|
data/lib/pedump/cli.rb
CHANGED
|
@@ -65,8 +65,8 @@ class PEdump::CLI
|
|
|
65
65
|
@options[:force] ||= 0
|
|
66
66
|
@options[:force] += 1
|
|
67
67
|
end
|
|
68
|
-
opts.on "-f", "--format FORMAT", [:binary, :c, :dump, :hex, :inspect, :table, :yaml],
|
|
69
|
-
"Output format: bin,c,dump,hex,inspect,table,yaml","(default: table)" do |v|
|
|
68
|
+
opts.on "-f", "--format FORMAT", [:binary, :c, :dump, :hex, :inspect, :json, :table, :yaml],
|
|
69
|
+
"Output format: bin,c,dump,hex,inspect,json,table,yaml","(default: table)" do |v|
|
|
70
70
|
@options[:format] = v
|
|
71
71
|
end
|
|
72
72
|
KNOWN_ACTIONS.each do |t|
|
|
@@ -326,7 +326,7 @@ class PEdump::CLI
|
|
|
326
326
|
|
|
327
327
|
puts action_title(action) unless @options[:format] == :binary
|
|
328
328
|
|
|
329
|
-
return dump(data) if [:inspect, :table, :yaml].include?(@options[:format])
|
|
329
|
+
return dump(data) if [:inspect, :table, :json, :yaml].include?(@options[:format])
|
|
330
330
|
|
|
331
331
|
dump_opts = {:name => action}
|
|
332
332
|
case action
|
|
@@ -376,6 +376,9 @@ class PEdump::CLI
|
|
|
376
376
|
when :yaml
|
|
377
377
|
require 'yaml'
|
|
378
378
|
puts data.to_yaml
|
|
379
|
+
when :json
|
|
380
|
+
require 'json'
|
|
381
|
+
puts data.to_json
|
|
379
382
|
end
|
|
380
383
|
end
|
|
381
384
|
|
data/lib/pedump/version.rb
CHANGED
|
@@ -1,10 +1,7 @@
|
|
|
1
1
|
class PEdump
|
|
2
2
|
module Version
|
|
3
|
-
|
|
4
|
-
MINOR =
|
|
5
|
-
PATCH = 2
|
|
3
|
+
STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
|
|
4
|
+
MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
|
|
6
5
|
BUILD = nil
|
|
7
|
-
|
|
8
|
-
STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
|
|
9
6
|
end
|
|
10
7
|
end
|
data/pedump.gemspec
CHANGED
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: pedump 0.5.
|
|
5
|
+
# stub: pedump 0.5.4 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "pedump".freeze
|
|
9
|
-
s.version = "0.5.
|
|
9
|
+
s.version = "0.5.4"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["Andrey \"Zed\" Zaikin".freeze]
|
|
14
|
-
s.date = "2020-01-
|
|
14
|
+
s.date = "2020-01-25"
|
|
15
15
|
s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
|
|
16
16
|
s.email = "zed.0xff@gmail.com".freeze
|
|
17
17
|
s.executables = ["pedump".freeze]
|
|
@@ -64,7 +64,7 @@ Gem::Specification.new do |s|
|
|
|
64
64
|
]
|
|
65
65
|
s.homepage = "http://github.com/zed-0xff/pedump".freeze
|
|
66
66
|
s.licenses = ["MIT".freeze]
|
|
67
|
-
s.rubygems_version = "2.7.
|
|
67
|
+
s.rubygems_version = "2.7.10".freeze
|
|
68
68
|
s.summary = "dump win32 PE executable files with a pure ruby".freeze
|
|
69
69
|
|
|
70
70
|
if s.respond_to? :specification_version then
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pedump
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrey "Zed" Zaikin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-01-
|
|
11
|
+
date: 2020-01-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rainbow
|
|
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
220
220
|
version: '0'
|
|
221
221
|
requirements: []
|
|
222
222
|
rubyforge_project:
|
|
223
|
-
rubygems_version: 2.7.
|
|
223
|
+
rubygems_version: 2.7.10
|
|
224
224
|
signing_key:
|
|
225
225
|
specification_version: 4
|
|
226
226
|
summary: dump win32 PE executable files with a pure ruby
|