Class: Rex::PeScan::Search::DumpRVA

Inherits:

Object

Object
Rex::PeScan::Search::DumpRVA

show all

Defined in:: lib/rex/pescan/search.rb

Direct Known Subclasses

DumpOffset

Instance Attribute Summary collapse

#pe ⇒ Object

Returns the value of attribute pe.

Instance Method Summary collapse

#config(param) ⇒ Object
#initialize(pe) ⇒ DumpRVA constructor

A new instance of DumpRVA.
#scan(param) ⇒ Object

Constructor Details

#initialize(pe) ⇒ `DumpRVA`

Returns a new instance of DumpRVA.



10
11
12

# File 'lib/rex/pescan/search.rb', line 10

def initialize(pe)
	self.pe = pe
end

Instance Attribute Details

#pe ⇒ `Object`

Returns the value of attribute pe.



8
9
10

# File 'lib/rex/pescan/search.rb', line 8

def pe
  @pe
end

Instance Method Details

#config(param) ⇒ `Object`



14
15
16

# File 'lib/rex/pescan/search.rb', line 14

def config(param)
	@address = pe.vma_to_rva(param['args'])
end

#scan(param) ⇒ `Object`

# File 'lib/rex/pescan/search.rb', line 18

def scan(param)
	config(param)
	
	$stdout.puts "[#{param['file']}]"
	
	# Adjust based on -A and -B flags
	pre = param['before'] || 0
	suf = param['after']  || 16
	
	@address -= pre
	@address = 0 if (@address < 0 || ! @address)
	
	begin
		buf = pe.read_rva(@address, suf)
	rescue ::Rex::PeParsey::WtfError
		return
	end
	
	$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
	if(param['disasm'])
		::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line|
			$stdout.puts "\t#{line.strip}"
		end
	end
	
end

Class: Rex::PeScan::Search::DumpRVA

Direct Known Subclasses

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe) ⇒ DumpRVA

Instance Attribute Details

#pe ⇒ Object

Instance Method Details

#config(param) ⇒ Object

#scan(param) ⇒ Object

#initialize(pe) ⇒ `DumpRVA`

#pe ⇒ `Object`

#config(param) ⇒ `Object`

#scan(param) ⇒ `Object`