pedump 0.5.3 → 0.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09298f0bc9e608f9b7636a80f6f4b9aeb29aaf6f8f3bf72aa743a06d1bc3dd30'
-  data.tar.gz: e86dc4d6edd01222416e4937cec876a2551dea3b4ba8cb7eefb7aaa09d0375ce
+  metadata.gz: c167f3c637d0eb649e1ff15a7d18a58682ed89b318d2425c8f6713e5c203409e
+  data.tar.gz: f362fd8c83ad8697439b212751c7c8b5c4514a92fd5becaf4769bde5566f752a
 SHA512:
-  metadata.gz: 3b83b01e940fb0388a95566d4ca53fe61913f02b9d474987a35deb9c0b4073d66712a9179f801bc617f7202a3d42fd0d05e5a1cbe34ec332f3cf38c494e2f660
-  data.tar.gz: 64d7ae8c83a01f7e9772ed1e7e631474079baedd914f19ec26c725bb2a663155076d50777c14080532de3bcc3241fa0423705326e8f20067ec568b10e934d84b
+  metadata.gz: 8997606d9577b1e43e47681151017edfde52b32da1125ee67fab26c9649a9f6d03a9fdb3e5259a790c1519def75e536c124fefe59608af861e17d86e7e201a63
+  data.tar.gz: 62ad9a8fef0aaea4cc0b637f033705ee02e1623320bf043ad4e08c8834d95ce92f1b04639ec5e7e46c5212ba23d132181a664d41dd84d454cd72ed55ac19f6a7

data/README.md

@@ -43,7 +43,7 @@ Usage
                                          (can be used multiple times)
         -F, --force                      Try to dump by all means
                                          (can cause exceptions & heavy wounds)
-        -f, --format FORMAT              Output format: bin,c,dump,hex,inspect,table,yaml
+        -f, --format FORMAT              Output format: bin,c,dump,hex,inspect,json,table,yaml
                                          (default: table)
             --mz
             --dos-stub
@@ -67,9 +67,11 @@ Usage
         -r, --recursive                  recurse dirs in packer detect
             --all                        Dump all but resource-directory (default)
             --va2file VA                 Convert RVA to file offset
+    
         -W, --web                        Uploads files to a http://pedump.me
                                          for a nice HTML tables with image previews,
                                          candies & stuff
+        -C, --console                    opens IRB console with specified file loaded
 
 ### MZ Header
 
@@ -107,10 +109,10 @@ Usage
 
     === DOS STUB ===
     
-    00000000:  0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
-    00000010:  69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
-    00000020:  74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
-    00000030:  6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
+    00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
+    00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
+    00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
+    00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|
 
 ### 'Rich' Header
 

data/VERSION

@@ -1 +1 @@
-0.5.3
+0.5.4

data/lib/pedump.rb

@@ -29,6 +29,8 @@ class PEdump
   VERSION    = Version::STRING
   MAX_ERRORS = 100
   MAX_IMAGE_IMPORT_DESCRIPTORS = 1000
+  MAX_EXPORT_NUMBER_OF_NAMES = 16384 # got 7977 in http://pedump.me/03ad7400080678c6b1984f995d36fd04
+  GOOD_FUNCTION_NAME_RE = /\A[\x21-\x7f]+\Z/
 
   @@logger = nil
 
@@ -588,7 +590,7 @@ class PEdump
               else
                 hint = f.read(2).unpack('v').first
                 name = f.gets("\x00").chomp("\x00")
-                if !name.empty? && name !~ /\A[\x33-\x7f]+\Z/
+                if !name.empty? && name !~ GOOD_FUNCTION_NAME_RE
                   n_bad_names += 1
                   if n_bad_names > MAX_ERRORS
                     nil
@@ -741,9 +743,9 @@ class PEdump
       ord2name = {}
       if x.names && x.names.any?
         n = x.NumberOfNames
-        if n > 2048
-          logger.warn "[?] NumberOfNames too big (#{x.NumberOfNames}), limiting to 2048"
-          n = 2048
+        if n > MAX_EXPORT_NUMBER_OF_NAMES
+          logger.warn "[?] NumberOfNames too big (#{x.NumberOfNames}), limiting to #{MAX_EXPORT_NUMBER_OF_NAMES}"
+          n = MAX_EXPORT_NUMBER_OF_NAMES
         end
         n.times do |i|
           ord2name[x.name_ordinals[i]] ||= []

data/lib/pedump/cli.rb

@@ -65,8 +65,8 @@ class PEdump::CLI
         @options[:force] ||= 0
         @options[:force] += 1
       end
-      opts.on "-f", "--format FORMAT", [:binary, :c, :dump, :hex, :inspect, :table, :yaml],
-        "Output format: bin,c,dump,hex,inspect,table,yaml","(default: table)" do |v|
+      opts.on "-f", "--format FORMAT", [:binary, :c, :dump, :hex, :inspect, :json, :table, :yaml],
+        "Output format: bin,c,dump,hex,inspect,json,table,yaml","(default: table)" do |v|
         @options[:format] = v
       end
       KNOWN_ACTIONS.each do |t|
@@ -326,7 +326,7 @@ class PEdump::CLI
 
     puts action_title(action) unless @options[:format] == :binary
 
-    return dump(data) if [:inspect, :table, :yaml].include?(@options[:format])
+    return dump(data) if [:inspect, :table, :json, :yaml].include?(@options[:format])
 
     dump_opts = {:name => action}
     case action
@@ -376,6 +376,9 @@ class PEdump::CLI
     when :yaml
       require 'yaml'
       puts data.to_yaml
+    when :json
+      require 'json'
+      puts data.to_json
     end
   end
 

data/lib/pedump/version.rb

@@ -1,10 +1,7 @@
 class PEdump
   module Version
-    MAJOR = 0
-    MINOR = 5
-    PATCH = 2
+    STRING = File.read(File.join(File.dirname(File.dirname(File.dirname(__FILE__))), 'VERSION')).strip
+    MAJOR, MINOR, PATCH = STRING.split('.').map(&:to_i)
     BUILD = nil
-
-    STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
   end
 end

data/pedump.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: pedump 0.5.3 ruby lib
+# stub: pedump 0.5.4 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "pedump".freeze
-  s.version = "0.5.3"
+  s.version = "0.5.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Andrey \"Zed\" Zaikin".freeze]
-  s.date = "2020-01-24"
+  s.date = "2020-01-25"
   s.description = "dump headers, sections, extract resources of win32 PE exe,dll,etc".freeze
   s.email = "zed.0xff@gmail.com".freeze
   s.executables = ["pedump".freeze]
@@ -64,7 +64,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "http://github.com/zed-0xff/pedump".freeze
   s.licenses = ["MIT".freeze]
-  s.rubygems_version = "2.7.6".freeze
+  s.rubygems_version = "2.7.10".freeze
   s.summary = "dump win32 PE executable files with a pure ruby".freeze
 
   if s.respond_to? :specification_version then

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pedump
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors:
 - Andrey "Zed" Zaikin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-24 00:00:00.000000000 Z
+date: 2020-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rainbow
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.10
 signing_key: 
 specification_version: 4
 summary: dump win32 PE executable files with a pure ruby