Fixes #111. Merge in patch to fix memdump support, still not perfect, but usable
git-svn-id: file:///home/svn/framework3/trunk@5871 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
185787459b
commit
e2a70dd615
|
@ -26,4 +26,7 @@ end
|
|||
class WtfError < PeError
|
||||
end
|
||||
|
||||
end end
|
||||
class SkipError < PeError
|
||||
end
|
||||
|
||||
end end
|
||||
|
|
|
@ -16,16 +16,21 @@ require 'rex/struct2'
|
|||
|
||||
module Rex
|
||||
module PeParsey
|
||||
class PeMemDump < PeBase
|
||||
class PeMemDump < Pe
|
||||
|
||||
def self.new_from_string(data)
|
||||
raise NotImplementError
|
||||
end
|
||||
|
||||
def self.new_from_file(filename, disk_backed = false)
|
||||
|
||||
if filename[-4, 4] != '.rng'
|
||||
raise "Not a .rng file: #{filename}"
|
||||
end
|
||||
|
||||
if filename[-9, 9] == "index.rng"
|
||||
raise SkipError
|
||||
end
|
||||
|
||||
file = File.open(filename, 'rb')
|
||||
|
||||
|
@ -36,16 +41,23 @@ class PeMemDump < PeBase
|
|||
obj.close
|
||||
end
|
||||
|
||||
return self.new(obj, filename[0, 8].hex)
|
||||
return self.new(obj, filename.gsub(/.*[\/\\]/, '')[0,8].hex)
|
||||
end
|
||||
|
||||
def initialize(isource, base)
|
||||
|
||||
self._isource = isource
|
||||
self.header_section = Section.new(isource, base, nil)
|
||||
self.sections = [ ]
|
||||
|
||||
self.sections = [ self.header_section ]
|
||||
self.image_base = 0
|
||||
end
|
||||
|
||||
def all_sections
|
||||
self.sections
|
||||
end
|
||||
|
||||
# No 64-bit support
|
||||
def ptr_64?
|
||||
false
|
||||
end
|
||||
|
||||
end end end
|
||||
end end end
|
||||
|
|
|
@ -26,10 +26,18 @@ module Search
|
|||
|
||||
@address -= pre
|
||||
@address = 0 if (@address < 0 || ! @address)
|
||||
buf = pe.read_rva(@address, suf)
|
||||
|
||||
begin
|
||||
buf = pe.read_rva(@address, suf)
|
||||
rescue ::Rex::PeParsey::WtfError
|
||||
return
|
||||
end
|
||||
|
||||
$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
|
||||
if(param['disasm'])
|
||||
$stdout.puts(::Rex::Assembly::Nasm.disassemble(buf))
|
||||
::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line|
|
||||
$stdout.puts "\t#{line.strip}"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
@ -45,4 +53,4 @@ module Search
|
|||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
32
msfpescan
32
msfpescan
|
@ -118,17 +118,42 @@ if (! worker)
|
|||
exit(0)
|
||||
end
|
||||
|
||||
|
||||
files = []
|
||||
|
||||
ARGV.each do |file|
|
||||
|
||||
if(File.directory?(file))
|
||||
dir = Dir.open(file)
|
||||
dir.entries.each do |ent|
|
||||
path = File.join(file, ent)
|
||||
next if not File.file?(path)
|
||||
files << File.join(path)
|
||||
end
|
||||
else
|
||||
files << file
|
||||
end
|
||||
end
|
||||
|
||||
files.each do |file|
|
||||
$stdout.puts ""
|
||||
|
||||
param['file'] = file
|
||||
|
||||
begin
|
||||
pe = pe_klass.new_from_file(file, true)
|
||||
rescue ::Interrupt
|
||||
raise $!
|
||||
rescue Rex::PeParsey::FileHeaderError
|
||||
next if $!.message == "Couldn't find the PE magic!"
|
||||
raise $!
|
||||
rescue Errno::ENOENT
|
||||
$stderr.puts("File does not exist: #{file}")
|
||||
$stdout.puts("File does not exist: #{file}")
|
||||
next
|
||||
rescue ::Rex::PeParsey::SkipError
|
||||
next
|
||||
rescue ::Exception => e
|
||||
$stdout.puts "[#{file}] #{e.class}: #{e}"
|
||||
next
|
||||
end
|
||||
|
||||
|
@ -140,5 +165,6 @@ ARGV.each do |file|
|
|||
o.scan(param)
|
||||
|
||||
pe.close
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
$stdout.puts ""
|
||||
|
|
Loading…
Reference in New Issue