Fixes #452. Solves a number of crashes caused by Regexp.new() on 1.9 without an explicit language specified
git-svn-id: file:///home/svn/framework3/trunk@7320 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
c0a0507fdf
commit
176996fe61
|
@ -1,12 +1,12 @@
|
||||||
###
|
###
|
||||||
#
|
#
|
||||||
# This module provides methods for parseing and interacting
|
# This module provides methods for parseing and interacting
|
||||||
# with the PDF format.
|
# with the PDF format.
|
||||||
#
|
#
|
||||||
###
|
###
|
||||||
|
|
||||||
module Msf
|
module Msf
|
||||||
|
|
||||||
module Exploit::PDF_Parse
|
module Exploit::PDF_Parse
|
||||||
|
|
||||||
|
|
||||||
|
@ -27,21 +27,21 @@ module Msf
|
||||||
end
|
end
|
||||||
|
|
||||||
def xref_trailer_parse(offset, stream)
|
def xref_trailer_parse(offset, stream)
|
||||||
|
|
||||||
a = offset
|
a = offset
|
||||||
b = stream.index(/>>/,a) + 2
|
b = stream.index(/>>/,a) + 2
|
||||||
return stream[a..b]
|
return stream[a..b]
|
||||||
end
|
end
|
||||||
|
|
||||||
def trailer_parse(xref_trailer)
|
def trailer_parse(xref_trailer)
|
||||||
trailer = Hash.new()
|
trailer = Hash.new()
|
||||||
|
|
||||||
trailer["Size"] = xref_trailer.match(/Size (\d+)/m)[1]
|
trailer["Size"] = xref_trailer.match(/Size (\d+)/m)[1]
|
||||||
|
|
||||||
if match = xref_trailer.match(/Root (\d+ \d)/m)
|
if match = xref_trailer.match(/Root (\d+ \d)/m)
|
||||||
trailer["Root"] = match[1]
|
trailer["Root"] = match[1]
|
||||||
end
|
end
|
||||||
|
|
||||||
if match = xref_trailer.match(/Info (\d+ \d)/m)
|
if match = xref_trailer.match(/Info (\d+ \d)/m)
|
||||||
trailer["Info"] = match[1]
|
trailer["Info"] = match[1]
|
||||||
end
|
end
|
||||||
|
@ -49,36 +49,36 @@ module Msf
|
||||||
if match = xref_trailer.match(/ID(\[.+\])/m)
|
if match = xref_trailer.match(/ID(\[.+\])/m)
|
||||||
trailer["ID"] = match[1]
|
trailer["ID"] = match[1]
|
||||||
end
|
end
|
||||||
|
|
||||||
if match = xref_trailer.match(/Prev (\d+)/m)
|
if match = xref_trailer.match(/Prev (\d+)/m)
|
||||||
trailer["Prev"] = match[1]
|
trailer["Prev"] = match[1]
|
||||||
end
|
end
|
||||||
|
|
||||||
if match = xref_trailer.match(/XRefStm (\d+)/m)
|
if match = xref_trailer.match(/XRefStm (\d+)/m)
|
||||||
trailer["XRefStm"] = match[1]
|
trailer["XRefStm"] = match[1]
|
||||||
end
|
end
|
||||||
|
|
||||||
return trailer
|
return trailer
|
||||||
end
|
end
|
||||||
|
|
||||||
def object_locate(xref_trailer,obj_name)
|
def object_locate(xref_trailer,obj_name)
|
||||||
|
|
||||||
found = false
|
found = false
|
||||||
match = obj_name.match(/(\d+) (\d+)/)
|
match = obj_name.match(/(\d+) (\d+)/)
|
||||||
obj = match[1]
|
obj = match[1]
|
||||||
gen = match[2]
|
gen = match[2]
|
||||||
|
|
||||||
xrefs_end = xref_trailer.index(/trailer/) - 1
|
xrefs_end = xref_trailer.index(/trailer/) - 1
|
||||||
xrefs = xref_trailer[0..xrefs_end]
|
xrefs = xref_trailer[0..xrefs_end]
|
||||||
|
|
||||||
if gen.to_i != 0
|
if gen.to_i != 0
|
||||||
|
|
||||||
else
|
else
|
||||||
len = xrefs.length
|
len = xrefs.length
|
||||||
match = xrefs.match(/xref\r?\n?(\d+) (\d+)\r?\n?/m)
|
match = xrefs.match(/xref\r?\n?(\d+) (\d+)\r?\n?/m)
|
||||||
offset = 0
|
offset = 0
|
||||||
|
|
||||||
|
|
||||||
while offset < len
|
while offset < len
|
||||||
|
|
||||||
if match
|
if match
|
||||||
|
@ -93,8 +93,8 @@ module Msf
|
||||||
jump = num_obj.to_i * 20
|
jump = num_obj.to_i * 20
|
||||||
offset += jump
|
offset += jump
|
||||||
else
|
else
|
||||||
if obj.to_i <= ( start_obj.to_i + num_obj.to_i - 1)
|
if obj.to_i <= ( start_obj.to_i + num_obj.to_i - 1)
|
||||||
|
|
||||||
jump = (obj.to_i - start_obj.to_i) * 20
|
jump = (obj.to_i - start_obj.to_i) * 20
|
||||||
offset += jump
|
offset += jump
|
||||||
found = true
|
found = true
|
||||||
|
@ -104,34 +104,34 @@ module Msf
|
||||||
offset += jump
|
offset += jump
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
xrefs.index(/(\d+) (\d+)\r?\n?/m,offset)
|
xrefs.index(/(\d+) (\d+)\r?\n?/m,offset)
|
||||||
match = Regexp.last_match
|
match = Regexp.last_match
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
if found
|
if found
|
||||||
offset_end = offset + 11
|
offset_end = offset + 11
|
||||||
return xrefs[offset..offset_end].to_i
|
return xrefs[offset..offset_end].to_i
|
||||||
else
|
else
|
||||||
return nil
|
return nil
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_object(xref_trailers,obj_name,stream)
|
def parse_object(xref_trailers,obj_name,stream)
|
||||||
|
|
||||||
for xrefs in xref_trailers
|
for xrefs in xref_trailers
|
||||||
offset = object_locate(xrefs,obj_name)
|
offset = object_locate(xrefs,obj_name)
|
||||||
if offset
|
if offset
|
||||||
break
|
break
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
if offset
|
|
||||||
|
if offset
|
||||||
stream.index(/endobj/,offset)
|
stream.index(/endobj/,offset)
|
||||||
object_end = Regexp.last_match.end(0)
|
object_end = Regexp.last_match.end(0)
|
||||||
return stream[offset..object_end]
|
return stream[offset..object_end]
|
||||||
|
@ -139,22 +139,22 @@ module Msf
|
||||||
return nil
|
return nil
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def xref_create(stream,offset,num_obj)
|
def xref_create(stream,offset,num_obj)
|
||||||
|
|
||||||
|
|
||||||
xref = Array.new()
|
xref = Array.new()
|
||||||
object = String.new()
|
object = String.new()
|
||||||
|
|
||||||
case
|
case
|
||||||
when num_obj.to_s == "1"
|
when num_obj.to_s == "1"
|
||||||
|
|
||||||
obj = stream.index(/(\d+) \d obj/,offset)
|
obj = stream.index(/(\d+) \d obj/,offset)
|
||||||
if obj
|
if obj
|
||||||
num = obj.to_s
|
num = obj.to_s
|
||||||
dif = 10 - num.length
|
dif = 10 - num.length
|
||||||
out = String.new
|
out = String.new
|
||||||
while dif > 0
|
while dif > 0
|
||||||
out << "0"
|
out << "0"
|
||||||
dif -= 1
|
dif -= 1
|
||||||
end
|
end
|
||||||
|
@ -162,13 +162,13 @@ module Msf
|
||||||
xref.push("#{out}")
|
xref.push("#{out}")
|
||||||
object = "#{Regexp.last_match(1)}"
|
object = "#{Regexp.last_match(1)}"
|
||||||
end
|
end
|
||||||
|
|
||||||
when num_obj.to_s == "*"
|
when num_obj.to_s == "*"
|
||||||
|
|
||||||
len = stream.length
|
len = stream.length
|
||||||
n = offset
|
n = offset
|
||||||
while n < len
|
while n < len
|
||||||
obj = stream.index(/(\d+) \d obj/,n)
|
obj = stream.index(/(\d+) \d obj/,n)
|
||||||
if obj != nil
|
if obj != nil
|
||||||
num = obj.to_s
|
num = obj.to_s
|
||||||
dif = 10 - num.length
|
dif = 10 - num.length
|
||||||
|
@ -177,10 +177,10 @@ module Msf
|
||||||
out << "0"
|
out << "0"
|
||||||
dif -= 1
|
dif -= 1
|
||||||
end
|
end
|
||||||
out << num
|
out << num
|
||||||
xref.push("#{out}")
|
xref.push("#{out}")
|
||||||
n = Regexp.last_match.end(0)
|
n = Regexp.last_match.end(0)
|
||||||
|
|
||||||
if object.empty?
|
if object.empty?
|
||||||
object = "#{Regexp.last_match(1)}"
|
object = "#{Regexp.last_match(1)}"
|
||||||
end
|
end
|
||||||
|
@ -188,59 +188,59 @@ module Msf
|
||||||
break
|
break
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
output = String.new()
|
output = String.new()
|
||||||
output << "#{object} #{xref.length}\r\n"
|
output << "#{object} #{xref.length}\r\n"
|
||||||
xref.each {|xref_| output << "#{xref_} 00000 n\r\n"}
|
xref.each {|xref_| output << "#{xref_} 00000 n\r\n"}
|
||||||
|
|
||||||
return output
|
return output
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_pdf(stream)
|
def parse_pdf(stream)
|
||||||
|
|
||||||
xref_array = Array.new()
|
xref_array = Array.new()
|
||||||
|
|
||||||
startxrefs = Array.new()
|
startxrefs = Array.new()
|
||||||
startxref_offsets = Hash.new()
|
startxref_offsets = Hash.new()
|
||||||
|
|
||||||
xref_trailers = Array.new()
|
xref_trailers = Array.new()
|
||||||
xref_trailer = Hash.new()
|
xref_trailer = Hash.new()
|
||||||
|
|
||||||
trailers = Array.new()
|
trailers = Array.new()
|
||||||
trailer = Hash.new()
|
trailer = Hash.new()
|
||||||
|
|
||||||
len = stream.length
|
len = stream.length
|
||||||
n = 0
|
n = 0
|
||||||
while n < len
|
while n < len
|
||||||
obj = stream.index(/startxref\r?\n?/m,n)
|
obj = stream.index(/startxref\r?\n?/m,n)
|
||||||
if obj != nil
|
if obj != nil
|
||||||
n = Regexp.last_match.end(0)
|
n = Regexp.last_match.end(0)
|
||||||
stream.index(/\d+/,n)
|
stream.index(/\d+/,n)
|
||||||
startxref_offsets["#{Regexp.last_match}"] = "#{obj}"
|
startxref_offsets["#{Regexp.last_match}"] = "#{obj}"
|
||||||
startxrefs.push("#{Regexp.last_match}")
|
startxrefs.push("#{Regexp.last_match}")
|
||||||
else
|
else
|
||||||
break
|
break
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
xref_trailer = xref_trailer_parse(startxrefs.last.to_i,stream)
|
xref_trailer = xref_trailer_parse(startxrefs.last.to_i,stream)
|
||||||
xref_trailers.push(xref_trailer)
|
xref_trailers.push(xref_trailer)
|
||||||
|
|
||||||
|
|
||||||
trailer = trailer_parse(xref_trailer)
|
trailer = trailer_parse(xref_trailer)
|
||||||
trailers.push(trailer)
|
trailers.push(trailer)
|
||||||
|
|
||||||
root_obj = trailers[0].fetch("Root")
|
root_obj = trailers[0].fetch("Root")
|
||||||
|
|
||||||
while trailer["Prev"]
|
while trailer["Prev"]
|
||||||
xref_trailer = xref_trailer_parse(trailer.fetch("Prev").to_i,stream)
|
xref_trailer = xref_trailer_parse(trailer.fetch("Prev").to_i,stream)
|
||||||
xref_trailers.push(xref_trailer)
|
xref_trailers.push(xref_trailer)
|
||||||
|
|
||||||
|
|
||||||
trailer = trailer_parse(xref_trailer)
|
trailer = trailer_parse(xref_trailer)
|
||||||
trailers.each {|check| if check.fetch("Prev") == trailer["Prev"] then trailer.delete("Prev") end}
|
trailers.each {|check| if check.fetch("Prev") == trailer["Prev"] then trailer.delete("Prev") end}
|
||||||
if trailer.has_key?("Prev")
|
if trailer.has_key?("Prev")
|
||||||
|
@ -250,7 +250,8 @@ module Msf
|
||||||
|
|
||||||
return xref_trailers, trailers, startxrefs, root_obj
|
return xref_trailers, trailers, startxrefs, root_obj
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -904,7 +904,7 @@ class Core
|
||||||
end
|
end
|
||||||
|
|
||||||
begin
|
begin
|
||||||
regex = Regexp.new(match, true)
|
regex = Regexp.new(match, true, 'n')
|
||||||
rescue RegexpError => e
|
rescue RegexpError => e
|
||||||
print_error("Invalid regular expression: #{match} (hint: try .*)")
|
print_error("Invalid regular expression: #{match} (hint: try .*)")
|
||||||
return
|
return
|
||||||
|
|
|
@ -56,7 +56,7 @@ module Msf
|
||||||
|
|
||||||
# Perform the search
|
# Perform the search
|
||||||
found = []
|
found = []
|
||||||
filter = Regexp.new(text, Regexp::IGNORECASE)
|
filter = Regexp.new(text, Regexp::IGNORECASE, 'n')
|
||||||
|
|
||||||
$gtk2driver.module_tree.refresh(filter)
|
$gtk2driver.module_tree.refresh(filter)
|
||||||
$gtk2driver.module_tree.expand
|
$gtk2driver.module_tree.expand
|
||||||
|
@ -115,4 +115,4 @@ module Msf
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -74,7 +74,7 @@ module Net # :nodoc:
|
||||||
Net::DNS::RR::Classes.regexp +
|
Net::DNS::RR::Classes.regexp +
|
||||||
"|CLASS\\d+)?\\s*(" +
|
"|CLASS\\d+)?\\s*(" +
|
||||||
Net::DNS::RR::Types.regexp +
|
Net::DNS::RR::Types.regexp +
|
||||||
"|TYPE\\d+)?\\s*(.*)$", Regexp::IGNORECASE)
|
"|TYPE\\d+)?\\s*(.*)$", Regexp::IGNORECASE, 'n')
|
||||||
|
|
||||||
# Dimension of the sum of class, type, TTL and rdlength fields in a
|
# Dimension of the sum of class, type, TTL and rdlength fields in a
|
||||||
# RR portion of the packet, in bytes
|
# RR portion of the packet, in bytes
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
#!/usr/bin/env ruby
|
|
||||||
|
|
||||||
# $Id$
|
# $Id$
|
||||||
|
|
||||||
|
@ -6,19 +5,19 @@ module Rex
|
||||||
module ElfScan
|
module ElfScan
|
||||||
module Scanner
|
module Scanner
|
||||||
class Generic
|
class Generic
|
||||||
|
|
||||||
attr_accessor :elf, :regex
|
attr_accessor :elf, :regex
|
||||||
|
|
||||||
def initialize(elf)
|
def initialize(elf)
|
||||||
self.elf = elf
|
self.elf = elf
|
||||||
end
|
end
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan(param)
|
def scan(param)
|
||||||
config(param)
|
config(param)
|
||||||
|
|
||||||
$stdout.puts "[#{param['file']}]"
|
$stdout.puts "[#{param['file']}]"
|
||||||
elf.program_header.each do |program_header|
|
elf.program_header.each do |program_header|
|
||||||
|
|
||||||
|
@ -33,7 +32,7 @@ class Generic
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_segment(program_header, param={})
|
def scan_segment(program_header, param={})
|
||||||
[]
|
[]
|
||||||
|
@ -44,7 +43,7 @@ class JmpRegScanner < Generic
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
regnums = param['args']
|
regnums = param['args']
|
||||||
|
|
||||||
# build a list of the call bytes
|
# build a list of the call bytes
|
||||||
calls = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
|
calls = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
|
||||||
jmps = _build_byte_list(0xe0, regnums)
|
jmps = _build_byte_list(0xe0, regnums)
|
||||||
|
@ -58,7 +57,7 @@ class JmpRegScanner < Generic
|
||||||
|
|
||||||
regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
|
regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
|
||||||
|
|
||||||
self.regex = Regexp.new(regexstr)
|
self.regex = Regexp.new(regexstr, nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
# build a list for regex of the possible bytes, based on a base
|
# build a list for regex of the possible bytes, based on a base
|
||||||
|
@ -119,7 +118,7 @@ class JmpRegScanner < Generic
|
||||||
else
|
else
|
||||||
raise "wtf"
|
raise "wtf"
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
|
regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
|
||||||
retsize = _ret_size(offset+1)
|
retsize = _ret_size(offset+1)
|
||||||
message = "push #{regname}; " + _parse_ret(elf.read(offset+1, retsize))
|
message = "push #{regname}; " + _parse_ret(elf.read(offset+1, retsize))
|
||||||
|
@ -137,7 +136,7 @@ class PopPopRetScanner < JmpRegScanner
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
|
pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
|
||||||
self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)")
|
self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)", nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_segment(program_header, param={})
|
def scan_segment(program_header, param={})
|
||||||
|
@ -172,7 +171,7 @@ end
|
||||||
class RegexScanner < JmpRegScanner
|
class RegexScanner < JmpRegScanner
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
self.regex = Regexp.new(param['args'])
|
self.regex = Regexp.new(param['args'], nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_segment(program_header, param={})
|
def scan_segment(program_header, param={})
|
||||||
|
@ -186,12 +185,12 @@ class RegexScanner < JmpRegScanner
|
||||||
idx = offset
|
idx = offset
|
||||||
buf = ''
|
buf = ''
|
||||||
mat = nil
|
mat = nil
|
||||||
|
|
||||||
while (! (mat = buf.match(regex)))
|
while (! (mat = buf.match(regex)))
|
||||||
buf << elf.read(idx, 1)
|
buf << elf.read(idx, 1)
|
||||||
idx += 1
|
idx += 1
|
||||||
end
|
end
|
||||||
|
|
||||||
rva = elf.offset_to_rva(offset)
|
rva = elf.offset_to_rva(offset)
|
||||||
|
|
||||||
hits << [ rva, buf.unpack("H*") ]
|
hits << [ rva, buf.unpack("H*") ]
|
||||||
|
@ -200,8 +199,9 @@ class RegexScanner < JmpRegScanner
|
||||||
|
|
||||||
return hits
|
return hits
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@ class Generic
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_segment(segment, param={})
|
def scan_segment(segment, param={})
|
||||||
[]
|
[]
|
||||||
|
@ -66,7 +66,7 @@ class JmpRegScanner < Generic
|
||||||
|
|
||||||
regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
|
regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
|
||||||
|
|
||||||
self.regex = Regexp.new(regexstr)
|
self.regex = Regexp.new(regexstr, nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
# build a list for regex of the possible bytes, based on a base
|
# build a list for regex of the possible bytes, based on a base
|
||||||
|
@ -127,7 +127,7 @@ class JmpRegScanner < Generic
|
||||||
else
|
else
|
||||||
raise "wtf"
|
raise "wtf"
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
|
regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
|
||||||
retsize = _ret_size(offset+1)
|
retsize = _ret_size(offset+1)
|
||||||
message = "push #{regname}; " + _parse_ret(mach.read(offset+1, retsize))
|
message = "push #{regname}; " + _parse_ret(mach.read(offset+1, retsize))
|
||||||
|
@ -145,7 +145,7 @@ class PopPopRetScanner < JmpRegScanner
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
|
pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
|
||||||
self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)")
|
self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)", nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_segment(segment, param={})
|
def scan_segment(segment, param={})
|
||||||
|
@ -181,7 +181,7 @@ end
|
||||||
class RegexScanner < JmpRegScanner
|
class RegexScanner < JmpRegScanner
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
self.regex = Regexp.new(param['args'])
|
self.regex = Regexp.new(param['args'], nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_segment(segment, param={})
|
def scan_segment(segment, param={})
|
||||||
|
@ -209,8 +209,9 @@ class RegexScanner < JmpRegScanner
|
||||||
end
|
end
|
||||||
return hits
|
return hits
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -3,22 +3,22 @@ module PeScan
|
||||||
module Analyze
|
module Analyze
|
||||||
|
|
||||||
require "rex/ui/text/table"
|
require "rex/ui/text/table"
|
||||||
|
|
||||||
class Fingerprint
|
class Fingerprint
|
||||||
attr_accessor :pe
|
attr_accessor :pe
|
||||||
|
|
||||||
def initialize(pe)
|
def initialize(pe)
|
||||||
self.pe = pe
|
self.pe = pe
|
||||||
end
|
end
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
@sigs = {}
|
@sigs = {}
|
||||||
|
|
||||||
name = nil
|
name = nil
|
||||||
regx = ''
|
regx = ''
|
||||||
epon = 0
|
epon = 0
|
||||||
sidx = 0
|
sidx = 0
|
||||||
|
|
||||||
fd = File.open(param['database'], 'rb')
|
fd = File.open(param['database'], 'rb')
|
||||||
fd.each_line do |line|
|
fd.each_line do |line|
|
||||||
case line
|
case line
|
||||||
|
@ -42,35 +42,35 @@ module Analyze
|
||||||
epon = ($1 =~ /^T/i) ? 1 : 0
|
epon = ($1 =~ /^T/i) ? 1 : 0
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if (name and ! @sigs[name])
|
if (name and ! @sigs[name])
|
||||||
@sigs[ name ] = [regx, epon]
|
@sigs[ name ] = [regx, epon]
|
||||||
end
|
end
|
||||||
|
|
||||||
fd.close
|
fd.close
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan(param)
|
def scan(param)
|
||||||
config(param)
|
config(param)
|
||||||
|
|
||||||
epa = pe.hdr.opt.AddressOfEntryPoint
|
epa = pe.hdr.opt.AddressOfEntryPoint
|
||||||
buf = pe.read_rva(epa, 256)
|
buf = pe.read_rva(epa, 256)
|
||||||
|
|
||||||
@sigs.each_pair do |name, data|
|
@sigs.each_pair do |name, data|
|
||||||
begin
|
begin
|
||||||
if (buf.match(Regexp.new('^' + data[0])))
|
if (buf.match(Regexp.new('^' + data[0], nil, 'n')))
|
||||||
$stdout.puts param['file'] + ": " + name
|
$stdout.puts param['file'] + ": " + name
|
||||||
end
|
end
|
||||||
rescue RegexpError
|
rescue RegexpError
|
||||||
$stderr.puts "Invalid signature: #{name} #{data[0]}"
|
$stderr.puts "Invalid signature: #{name} #{data[0]}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
class Information
|
class Information
|
||||||
attr_accessor :pe
|
attr_accessor :pe
|
||||||
|
|
||||||
def initialize(pe)
|
def initialize(pe)
|
||||||
self.pe = pe
|
self.pe = pe
|
||||||
end
|
end
|
||||||
|
@ -86,9 +86,9 @@ module Analyze
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan(param)
|
def scan(param)
|
||||||
|
|
||||||
$stdout.puts "\n\n"
|
$stdout.puts "\n\n"
|
||||||
|
|
||||||
tbl = table("Image Headers", ['Name', 'Value'])
|
tbl = table("Image Headers", ['Name', 'Value'])
|
||||||
add_fields(tbl, pe.hdr.file, %W{
|
add_fields(tbl, pe.hdr.file, %W{
|
||||||
Characteristics
|
Characteristics
|
||||||
|
@ -137,7 +137,7 @@ module Analyze
|
||||||
$stdout.puts tbl.to_s
|
$stdout.puts tbl.to_s
|
||||||
$stdout.puts "\n\n"
|
$stdout.puts "\n\n"
|
||||||
|
|
||||||
if (pe.exports)
|
if (pe.exports)
|
||||||
tbl = table("Exported Functions", ['Ordinal', 'Name', 'Address'])
|
tbl = table("Exported Functions", ['Ordinal', 'Name', 'Address'])
|
||||||
pe.exports.entries.each do |ent|
|
pe.exports.entries.each do |ent|
|
||||||
tbl << [ent.ordinal, ent.name, "0x%.8x" % pe.rva_to_vma(ent.rva)]
|
tbl << [ent.ordinal, ent.name, "0x%.8x" % pe.rva_to_vma(ent.rva)]
|
||||||
|
@ -145,7 +145,7 @@ module Analyze
|
||||||
$stdout.puts tbl.to_s
|
$stdout.puts tbl.to_s
|
||||||
$stdout.puts "\n\n"
|
$stdout.puts "\n\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
if (pe.imports)
|
if (pe.imports)
|
||||||
tbl = table("Imported Functions", ['Library', 'Ordinal', 'Name'])
|
tbl = table("Imported Functions", ['Library', 'Ordinal', 'Name'])
|
||||||
pe.imports.each do |lib|
|
pe.imports.each do |lib|
|
||||||
|
@ -156,10 +156,10 @@ module Analyze
|
||||||
$stdout.puts tbl.to_s
|
$stdout.puts tbl.to_s
|
||||||
$stdout.puts "\n\n"
|
$stdout.puts "\n\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
if(pe.config)
|
if(pe.config)
|
||||||
tbl = table("Configuration Header", ['Name', 'Value'])
|
tbl = table("Configuration Header", ['Name', 'Value'])
|
||||||
add_fields(tbl, pe.config, %W{
|
add_fields(tbl, pe.config, %W{
|
||||||
Size
|
Size
|
||||||
TimeDateStamp
|
TimeDateStamp
|
||||||
MajorVersion
|
MajorVersion
|
||||||
|
@ -195,16 +195,16 @@ module Analyze
|
||||||
$stdout.puts tbl.to_s
|
$stdout.puts tbl.to_s
|
||||||
$stdout.puts "\n\n"
|
$stdout.puts "\n\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
tbl = table("Section Header", ["Name", "VirtualAddress", "SizeOfRawData", "Characteristics"])
|
tbl = table("Section Header", ["Name", "VirtualAddress", "SizeOfRawData", "Characteristics"])
|
||||||
pe.sections.each do |sec|
|
pe.sections.each do |sec|
|
||||||
tbl << [ sec.name, *[sec.vma, sec.raw_size, sec.flags].map{|x| "0x%.8x" % x} ]
|
tbl << [ sec.name, *[sec.vma, sec.raw_size, sec.flags].map{|x| "0x%.8x" % x} ]
|
||||||
end
|
end
|
||||||
$stdout.puts tbl.to_s
|
$stdout.puts tbl.to_s
|
||||||
$stdout.puts "\n\n"
|
$stdout.puts "\n\n"
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def table(name, cols)
|
def table(name, cols)
|
||||||
Rex::Ui::Text::Table.new(
|
Rex::Ui::Text::Table.new(
|
||||||
'Header' => name,
|
'Header' => name,
|
||||||
|
@ -215,70 +215,70 @@ module Analyze
|
||||||
|
|
||||||
|
|
||||||
class Ripper
|
class Ripper
|
||||||
|
|
||||||
require "fileutils"
|
require "fileutils"
|
||||||
|
|
||||||
attr_accessor :pe
|
attr_accessor :pe
|
||||||
|
|
||||||
def initialize(pe)
|
def initialize(pe)
|
||||||
self.pe = pe
|
self.pe = pe
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan(param)
|
def scan(param)
|
||||||
dest = param['dir']
|
dest = param['dir']
|
||||||
|
|
||||||
if (param['file'])
|
if (param['file'])
|
||||||
dest = File.join(dest, File.basename(param['file']))
|
dest = File.join(dest, File.basename(param['file']))
|
||||||
end
|
end
|
||||||
|
|
||||||
::FileUtils.mkdir_p(dest)
|
::FileUtils.mkdir_p(dest)
|
||||||
|
|
||||||
pe.resources.keys.sort.each do |rkey|
|
pe.resources.keys.sort.each do |rkey|
|
||||||
res = pe.resources[rkey]
|
res = pe.resources[rkey]
|
||||||
path = File.join(dest, rkey.split('/')[1] + '_' + res.file)
|
path = File.join(dest, rkey.split('/')[1] + '_' + res.file)
|
||||||
|
|
||||||
fd = File.new(path, 'w')
|
fd = File.new(path, 'wb')
|
||||||
fd.write(res.data)
|
fd.write(res.data)
|
||||||
fd.close
|
fd.close
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
class ContextMapDumper
|
class ContextMapDumper
|
||||||
|
|
||||||
attr_accessor :pe
|
attr_accessor :pe
|
||||||
|
|
||||||
def initialize(pe)
|
def initialize(pe)
|
||||||
self.pe = pe
|
self.pe = pe
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan(param)
|
def scan(param)
|
||||||
dest = param['dir']
|
dest = param['dir']
|
||||||
path = ''
|
path = ''
|
||||||
|
|
||||||
::FileUtils.mkdir_p(dest)
|
::FileUtils.mkdir_p(dest)
|
||||||
|
|
||||||
if(not (param['dir'] and param['file']))
|
if(not (param['dir'] and param['file']))
|
||||||
$stderr.puts "No directory or file specified"
|
$stderr.puts "No directory or file specified"
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
if (param['file'])
|
if (param['file'])
|
||||||
path = File.join(dest, File.basename(param['file']) + ".map")
|
path = File.join(dest, File.basename(param['file']) + ".map")
|
||||||
end
|
end
|
||||||
|
|
||||||
fd = File.new(path, "w")
|
fd = File.new(path, "wb")
|
||||||
pe.all_sections.each do |section|
|
pe.all_sections.each do |section|
|
||||||
|
|
||||||
# Skip over known bad sections
|
# Skip over known bad sections
|
||||||
next if section.name == ".data"
|
next if section.name == ".data"
|
||||||
next if section.name == ".reloc"
|
next if section.name == ".reloc"
|
||||||
|
|
||||||
offset = 0
|
offset = 0
|
||||||
while offset < section.size
|
while offset < section.size
|
||||||
byte = section.read(offset, 1)[0]
|
byte = section.read(offset, 1)[0]
|
||||||
if byte != 0
|
if byte != 0
|
||||||
chunkbase = pe.rva_to_vma( section.base_rva) + offset
|
chunkbase = pe.rva_to_vma(section.base_rva) + offset
|
||||||
data = ''
|
data = ''
|
||||||
while byte != 0
|
while byte != 0
|
||||||
data << byte
|
data << byte
|
||||||
|
@ -288,21 +288,22 @@ module Analyze
|
||||||
end
|
end
|
||||||
buff = nil
|
buff = nil
|
||||||
buff = [ 0x01, chunkbase, data.length, data].pack("CNNA*") if data.length > 0
|
buff = [ 0x01, chunkbase, data.length, data].pack("CNNA*") if data.length > 0
|
||||||
|
|
||||||
fd.write(buff) if buff
|
fd.write(buff) if buff
|
||||||
end
|
end
|
||||||
offset += 1
|
offset += 1
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
fd.close
|
fd.close
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# EOC
|
# EOC
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -3,48 +3,48 @@ module PeScan
|
||||||
module Scanner
|
module Scanner
|
||||||
|
|
||||||
class Generic
|
class Generic
|
||||||
|
|
||||||
attr_accessor :pe, :regex
|
attr_accessor :pe, :regex
|
||||||
|
|
||||||
def initialize(pe)
|
def initialize(pe)
|
||||||
self.pe = pe
|
self.pe = pe
|
||||||
end
|
end
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan(param)
|
def scan(param)
|
||||||
config(param)
|
config(param)
|
||||||
|
|
||||||
$stdout.puts "[#{param['file']}]"
|
$stdout.puts "[#{param['file']}]"
|
||||||
pe.all_sections.each do |section|
|
pe.all_sections.each do |section|
|
||||||
hits = scan_section(section, param)
|
hits = scan_section(section, param)
|
||||||
hits.each do |hit|
|
hits.each do |hit|
|
||||||
vma = pe.rva_to_vma(hit[0])
|
vma = pe.rva_to_vma(hit[0])
|
||||||
|
|
||||||
next if (param['filteraddr'] and [vma].pack("V").reverse !~ /#{param['filteraddr']}/)
|
next if (param['filteraddr'] and [vma].pack("V").reverse !~ /#{param['filteraddr']}/)
|
||||||
|
|
||||||
msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
|
msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
|
||||||
$stdout.puts pe.ptr_s(vma) + " " + msg
|
$stdout.puts pe.ptr_s(vma) + " " + msg
|
||||||
if(param['disasm'])
|
if(param['disasm'])
|
||||||
::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
|
::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
|
||||||
$stdout.puts "\t#{line.strip}"
|
$stdout.puts "\t#{line.strip}"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_section(section, param={})
|
def scan_section(section, param={})
|
||||||
[]
|
[]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
class JmpRegScanner < Generic
|
class JmpRegScanner < Generic
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
regnums = param['args']
|
regnums = param['args']
|
||||||
|
|
||||||
# build a list of the call bytes
|
# build a list of the call bytes
|
||||||
calls = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
|
calls = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
|
||||||
jmps = _build_byte_list(0xe0, regnums)
|
jmps = _build_byte_list(0xe0, regnums)
|
||||||
|
@ -58,7 +58,7 @@ module Scanner
|
||||||
|
|
||||||
regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
|
regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
|
||||||
|
|
||||||
self.regex = Regexp.new(regexstr)
|
self.regex = Regexp.new(regexstr, nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
# build a list for regex of the possible bytes, based on a base
|
# build a list for regex of the possible bytes, based on a base
|
||||||
|
@ -119,7 +119,7 @@ module Scanner
|
||||||
else
|
else
|
||||||
raise "wtf"
|
raise "wtf"
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
|
regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
|
||||||
retsize = _ret_size(section, index+1)
|
retsize = _ret_size(section, index+1)
|
||||||
message = "push #{regname}; " + _parse_ret(section.read(index+1, retsize))
|
message = "push #{regname}; " + _parse_ret(section.read(index+1, retsize))
|
||||||
|
@ -132,12 +132,12 @@ module Scanner
|
||||||
return hits
|
return hits
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
class PopPopRetScanner < JmpRegScanner
|
class PopPopRetScanner < JmpRegScanner
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
|
pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
|
||||||
self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)")
|
self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)", nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_section(section, param={})
|
def scan_section(section, param={})
|
||||||
|
@ -169,9 +169,9 @@ module Scanner
|
||||||
end
|
end
|
||||||
|
|
||||||
class RegexScanner < JmpRegScanner
|
class RegexScanner < JmpRegScanner
|
||||||
|
|
||||||
def config(param)
|
def config(param)
|
||||||
self.regex = Regexp.new(param['args'])
|
self.regex = Regexp.new(param['args'], nil, 'n')
|
||||||
end
|
end
|
||||||
|
|
||||||
def scan_section(section, param={})
|
def scan_section(section, param={})
|
||||||
|
@ -184,12 +184,12 @@ module Scanner
|
||||||
idx = index
|
idx = index
|
||||||
buf = ''
|
buf = ''
|
||||||
mat = nil
|
mat = nil
|
||||||
|
|
||||||
while (! (mat = buf.match(regex)))
|
while (! (mat = buf.match(regex)))
|
||||||
buf << section.read(idx, 1)
|
buf << section.read(idx, 1)
|
||||||
idx += 1
|
idx += 1
|
||||||
end
|
end
|
||||||
|
|
||||||
rva = section.offset_to_rva(index)
|
rva = section.offset_to_rva(index)
|
||||||
|
|
||||||
hits << [ rva, buf.unpack("H*") ]
|
hits << [ rva, buf.unpack("H*") ]
|
||||||
|
@ -198,8 +198,9 @@ module Scanner
|
||||||
|
|
||||||
return hits
|
return hits
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ class Handle
|
||||||
uuid_re = '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}'
|
uuid_re = '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}'
|
||||||
rev_re = '\d+.\d+'
|
rev_re = '\d+.\d+'
|
||||||
proto_re = '(?:' + @@protocols.join('|') + ')'
|
proto_re = '(?:' + @@protocols.join('|') + ')'
|
||||||
re = Regexp.new("(#{uuid_re}):(#{rev_re})\@(#{proto_re}):(.*?)\\[(.*)\\]$")
|
re = Regexp.new("(#{uuid_re}):(#{rev_re})\@(#{proto_re}):(.*?)\\[(.*)\\]$", true, 'n')
|
||||||
match = re.match(handle)
|
match = re.match(handle)
|
||||||
raise ArgumentError if !match
|
raise ArgumentError if !match
|
||||||
|
|
||||||
|
@ -44,4 +44,4 @@ class Handle
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -168,7 +168,7 @@ module Text
|
||||||
# the regex the first time it is used and never check again. Since we
|
# the regex the first time it is used and never check again. Since we
|
||||||
# want to know how many to capture on every instance, we do it this
|
# want to know how many to capture on every instance, we do it this
|
||||||
# way.
|
# way.
|
||||||
return str.unpack('H*')[0].gsub(Regexp.new(".{#{count * 2}}")) { |s| prefix + s }
|
return str.unpack('H*')[0].gsub(Regexp.new(".{#{count * 2}}", nil, 'n')) { |s| prefix + s }
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
@ -465,7 +465,7 @@ module Zip
|
||||||
end
|
end
|
||||||
path = @file.expand_path(aDirectoryName).ensure_end("/")
|
path = @file.expand_path(aDirectoryName).ensure_end("/")
|
||||||
|
|
||||||
subDirEntriesRegex = Regexp.new("^#{path}([^/]+)$")
|
subDirEntriesRegex = Regexp.new("^#{path}([^/]+)$", nil, 'n')
|
||||||
@mappedZip.each {
|
@mappedZip.each {
|
||||||
|fileName|
|
|fileName|
|
||||||
match = subDirEntriesRegex.match(fileName)
|
match = subDirEntriesRegex.match(fileName)
|
||||||
|
@ -606,4 +606,4 @@ end
|
||||||
|
|
||||||
# Copyright (C) 2002, 2003 Thomas Sondergaard
|
# Copyright (C) 2002, 2003 Thomas Sondergaard
|
||||||
# rubyzip is free software; you can redistribute it and/or
|
# rubyzip is free software; you can redistribute it and/or
|
||||||
# modify it under the terms of the ruby license.
|
# modify it under the terms of the ruby license.
|
||||||
|
|
|
@ -76,7 +76,7 @@ module Kernel #:nodoc:all
|
||||||
end
|
end
|
||||||
|
|
||||||
def already_loaded?(moduleName)
|
def already_loaded?(moduleName)
|
||||||
moduleRE = Regexp.new("^"+moduleName+"(\.rb|\.so|\.dll|\.o)?$")
|
moduleRE = Regexp.new("^"+moduleName+"(\.rb|\.so|\.dll|\.o)?$", nil, 'n')
|
||||||
$".detect { |e| e =~ moduleRE } != nil
|
$".detect { |e| e =~ moduleRE } != nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -87,4 +87,4 @@ end
|
||||||
|
|
||||||
# Copyright (C) 2002 Thomas Sondergaard
|
# Copyright (C) 2002 Thomas Sondergaard
|
||||||
# rubyzip is free software; you can redistribute it and/or
|
# rubyzip is free software; you can redistribute it and/or
|
||||||
# modify it under the terms of the ruby license.
|
# modify it under the terms of the ruby license.
|
||||||
|
|
Loading…
Reference in New Issue