Class: Rex::PeScan::Search::DumpRVA

Inherits:

Object

• Object
• Rex::PeScan::Search::DumpRVA

Defined in:

lib/rex/pescan/search.rb

Direct Known Subclasses

DumpOffset

Instance Attribute Summary

• #pe ⇒ Object

  Returns the value of attribute pe.

Instance Method Summary

• #config(param) ⇒ Object
• #initialize(pe) ⇒ DumpRVA constructor

  A new instance of DumpRVA.

• #scan(param) ⇒ Object

Constructor Details

#initialize(pe) ⇒ DumpRVA

Returns a new instance of DumpRVA.

# File 'lib/rex/pescan/search.rb', line 10

def initialize(pe)
	self.pe = pe
end

Instance Attribute Details

#pe ⇒ Object

Returns the value of attribute pe.

# File 'lib/rex/pescan/search.rb', line 8

def pe
  @pe
end

Instance Method Details

#config(param) ⇒ Object

# File 'lib/rex/pescan/search.rb', line 14

def config(param)
	@address = pe.vma_to_rva(param['args'])
end

#scan(param) ⇒ Object

# File 'lib/rex/pescan/search.rb', line 18

def scan(param)
	config(param)
	
	$stdout.puts "[#{param['file']}]"
	
	# Adjust based on -A and -B flags
	pre = param['before'] || 0
	suf = param['after']  || 16
	
	@address -= pre
	@address = 0 if (@address < 0 || ! @address)
	
	begin
		buf = pe.read_rva(@address, suf)
	rescue ::Rex::PeParsey::WtfError
		return
	end
	
	$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
	if(param['disasm'])
		insns = []
		buf.gsub!("; ", "\n")
		if buf.include?("retn")
			buf.gsub!("retn", "ret")
		end
		d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, buf)
		addr = 0
		while ((di = d2.disassemble_instruction(addr)))
			insns << di.instruction
			disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
			disasm << di.instruction.to_s
			$stdout.puts disasm
			addr = di.next_addr
		end
	end
	
end