Fixes #111. Merge in patch to fix memdump support, still not perfect, but usable

git-svn-id: file:///home/svn/framework3/trunk@5871 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-10 21:18:12 +00:00 · 2008-11-10 21:18:12 +00:00 · e2a70dd615
parent 185787459b
commit e2a70dd615
4 changed files with 62 additions and 13 deletions
--- a/lib/rex/peparsey/exceptions.rb
+++ b/lib/rex/peparsey/exceptions.rb
@ -26,4 +26,7 @@ end
 class WtfError < PeError
 end

+class SkipError < PeError
+end
+
 end end
--- a/lib/rex/peparsey/pe_memdump.rb
+++ b/lib/rex/peparsey/pe_memdump.rb
@ -16,17 +16,22 @@ require 'rex/struct2'

 module Rex
 module PeParsey
-class PeMemDump < PeBase
+class PeMemDump < Pe

 	def self.new_from_string(data)
 		raise NotImplementError
 	end

 	def self.new_from_file(filename, disk_backed = false)
+	
 		if filename[-4, 4] != '.rng'
 			raise "Not a .rng file: #{filename}"
 		end
 		
+		if filename[-9, 9] == "index.rng"
+			raise SkipError
+		end
+
 		file = File.open(filename, 'rb')

 		if disk_backed
@ -36,16 +41,23 @@ class PeMemDump < PeBase
 			obj.close
 		end

-		return self.new(obj, filename[0, 8].hex)
+		return self.new(obj, filename.gsub(/.*[\/\\]/, '')[0,8].hex)
 	end

 	def initialize(isource, base)
-
 		self._isource = isource
 		self.header_section = Section.new(isource, base, nil)
-		self.sections = [ ]
-
+		self.sections = [ self.header_section ]
+		self.image_base = 0
 	end
 	
+	def all_sections
+		self.sections
+	end
+
+	# No 64-bit support
+	def ptr_64?
+		false
+	end

 end end end
--- a/lib/rex/pescan/search.rb
+++ b/lib/rex/pescan/search.rb
@ -26,10 +26,18 @@ module Search
 			
 			@address -= pre
 			@address = 0 if (@address < 0 || ! @address)
-			buf = pe.read_rva(@address, suf)
+			
+			begin
+				buf = pe.read_rva(@address, suf)
+			rescue ::Rex::PeParsey::WtfError
+				return
+			end
+			
 			$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
 			if(param['disasm'])
-				$stdout.puts(::Rex::Assembly::Nasm.disassemble(buf))
+				::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line|
+					$stdout.puts "\t#{line.strip}"
+				end
 			end
 			
 		end	
--- a/28
+++ b/28
@ -118,17 +118,42 @@ if (! worker)
 	exit(0)
 end

+
+files = []
+
 ARGV.each do |file|
 	
+	if(File.directory?(file))
+		dir = Dir.open(file)
+		dir.entries.each do |ent|
+			path = File.join(file, ent)
+			next if not File.file?(path)
+			files << File.join(path)
+		end
+	else
+		files << file
+	end
+end
+
+files.each do |file|
+	$stdout.puts ""
+
 	param['file'] = file
 	
 	begin
 		pe = pe_klass.new_from_file(file, true)
+	rescue ::Interrupt
+		raise $!
 	rescue Rex::PeParsey::FileHeaderError
 		next if $!.message == "Couldn't find the PE magic!"
 		raise $!
 	rescue Errno::ENOENT
-		$stderr.puts("File does not exist: #{file}")
+		$stdout.puts("File does not exist: #{file}")
+		next
+	rescue ::Rex::PeParsey::SkipError
+		next
+	rescue ::Exception => e
+		$stdout.puts "[#{file}] #{e.class}: #{e}"
 		next
 	end
 	
@ -142,3 +167,4 @@ ARGV.each do |file|
 	pe.close
 	
 end
+$stdout.puts ""