Class: Rex::PeParsey::PeMemDump

Inherits:
Pe
  • Object
show all
Defined in:
lib/rex/peparsey/pe_memdump.rb

Constant Summary

Constants inherited from PeBase

Rex::PeParsey::PeBase::IMAGE_BASE_RELOCATION, Rex::PeParsey::PeBase::IMAGE_BASE_RELOCATION_TYPE_OFFSET, Rex::PeParsey::PeBase::IMAGE_DATA_DIRECTORY, Rex::PeParsey::PeBase::IMAGE_DATA_DIRECTORY_SIZE, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_ARCHITECTURE, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_BASERELOC, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_COPYRIGHT, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_DEBUG, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_EXCEPTION, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_EXPORT, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_GLOBALPTR, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_IAT, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_IMPORT, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_RESOURCE, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_SECURITY, Rex::PeParsey::PeBase::IMAGE_DIRECTORY_ENTRY_TLS, Rex::PeParsey::PeBase::IMAGE_DOS_HEADER, Rex::PeParsey::PeBase::IMAGE_DOS_HEADER_SIZE, Rex::PeParsey::PeBase::IMAGE_DOS_SIGNATURE, Rex::PeParsey::PeBase::IMAGE_EXPORT_DESCRIPTOR, Rex::PeParsey::PeBase::IMAGE_EXPORT_DESCRIPTOR_SIZE, Rex::PeParsey::PeBase::IMAGE_FILE_HEADER, Rex::PeParsey::PeBase::IMAGE_FILE_HEADER_SIZE, Rex::PeParsey::PeBase::IMAGE_FILE_MACHINE_ALPHA64, Rex::PeParsey::PeBase::IMAGE_FILE_MACHINE_AMD64, Rex::PeParsey::PeBase::IMAGE_FILE_MACHINE_I386, Rex::PeParsey::PeBase::IMAGE_FILE_MACHINE_IA64, Rex::PeParsey::PeBase::IMAGE_IMPORT_DESCRIPTOR, Rex::PeParsey::PeBase::IMAGE_IMPORT_DESCRIPTOR_SIZE, Rex::PeParsey::PeBase::IMAGE_LOAD_CONFIG_DIRECTORY32, Rex::PeParsey::PeBase::IMAGE_LOAD_CONFIG_DIRECTORY64, Rex::PeParsey::PeBase::IMAGE_LOAD_TLS_DIRECTORY32, Rex::PeParsey::PeBase::IMAGE_LOAD_TLS_DIRECTORY64, Rex::PeParsey::PeBase::IMAGE_NT_OPTIONAL_HDR32_MAGIC, Rex::PeParsey::PeBase::IMAGE_NT_OPTIONAL_HDR64_MAGIC, Rex::PeParsey::PeBase::IMAGE_NT_SIGNATURE, Rex::PeParsey::PeBase::IMAGE_NUMBEROF_DIRECTORY_ENTRIES, Rex::PeParsey::PeBase::IMAGE_OPTIONAL_HEADER32, Rex::PeParsey::PeBase::IMAGE_OPTIONAL_HEADER64, Rex::PeParsey::PeBase::IMAGE_ORDINAL_FLAG32, Rex::PeParsey::PeBase::IMAGE_RUNTIME_FUNCTION_ENTRY, Rex::PeParsey::PeBase::IMAGE_RUNTIME_FUNCTION_ENTRY_SZ, Rex::PeParsey::PeBase::IMAGE_SECTION_HEADER, Rex::PeParsey::PeBase::IMAGE_SIZEOF_BASE_RELOCATION, Rex::PeParsey::PeBase::IMAGE_SIZEOF_NT_OPTIONAL32_HEADER, Rex::PeParsey::PeBase::IMAGE_SIZEOF_NT_OPTIONAL64_HEADER, Rex::PeParsey::PeBase::IMAGE_SIZEOF_SECTION_HEADER, Rex::PeParsey::PeBase::SUPPORTED_MACHINES, Rex::PeParsey::PeBase::UNWIND_INFO_HEADER, Rex::PeParsey::PeBase::UNWIND_INFO_HEADER_SZ, Rex::PeParsey::PeBase::UNW_FLAG_CHAININFO, Rex::PeParsey::PeBase::UNW_FLAG_EHANDLER, Rex::PeParsey::PeBase::UNW_FLAG_UHANDLER, Rex::PeParsey::PeBase::UWOP_ALLOC_LARGE, Rex::PeParsey::PeBase::UWOP_ALLOC_SMALL, Rex::PeParsey::PeBase::UWOP_PUSH_MACHFRAME, Rex::PeParsey::PeBase::UWOP_PUSH_NONVOL, Rex::PeParsey::PeBase::UWOP_SAVE_NONVOL, Rex::PeParsey::PeBase::UWOP_SAVE_NONVOL_FAR, Rex::PeParsey::PeBase::UWOP_SAVE_XMM128, Rex::PeParsey::PeBase::UWOP_SAVE_XMM128_FAR, Rex::PeParsey::PeBase::UWOP_SET_FPREG

Instance Attribute Summary

Attributes inherited from PeBase

#_config_header, #_dos_header, #_exception_header, #_exports_cache, #_exports_cached, #_file_header, #_imports_cache, #_imports_cached, #_isource, #_optional_header, #_relocations_cache, #_relocations_cached, #_resources_cache, #_resources_cached, #_section_headers, #_tls_header, #hdr, #header_section, #image_base, #sections

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Pe

#file_offset_to_va, #length, #ptr_32?, #ptr_s, #read, #size

Methods inherited from PeBase

_align_offset, #_find_section_by_rva, #_load_exception_directory, #_load_exports, #_load_imports, #_load_relocations, #_load_resources, #_parse_config_header, _parse_dos_header, _parse_file_header, _parse_optional_header, #_parse_resource_directory, #_parse_resource_entry, #_parse_resource_name, _parse_section_headers, #_parse_tls_header, #_resource_lookup, #close, #config, #exception, #exports, #file_offset_to_rva, #file_offset_to_vma, #find_section_by_rva, #find_section_by_vma, #imports, #read_asciiz_rva, #read_asciiz_vma, #read_rva, #read_vma, #relocations, #resources, #rva_to_file_offset, #rva_to_vma, #tls, #update_checksum, #valid_rva?, #valid_vma?, #vma_to_file_offset, #vma_to_rva

Constructor Details

#initialize(isource, base) ⇒ PeMemDump

Returns a new instance of PeMemDump.



45
46
47
48
49
50
 
# File 'lib/rex/peparsey/pe_memdump.rb', line 45

def initialize(isource, base)
  self._isource = isource
  self.header_section = Section.new(isource, base, nil)
  self.sections = [ self.header_section ]
  self.image_base = 0
end

Class Method Details

.new_from_file(filename, disk_backed = false) ⇒ Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/rex/peparsey/pe_memdump.rb', line 23

def self.new_from_file(filename, disk_backed = false)

  if filename[-4, 4] != '.rng'
    raise "Not a .rng file: #{filename}"
  end

  if filename[-9, 9] == "index.rng"
    raise SkipError
  end

  file = File.open(filename, 'rb')

  if disk_backed
    obj = ImageSource::Disk.new(file)
  else
    obj = ImageSource::Memory.new(file.read)
    obj.close
  end

  return self.new(obj, filename.gsub(/.*[\/\\]/, '')[0,8].hex)
end

.new_from_string(data) ⇒ Object

Raises:

  • (NotImplementError) 


19
20
21
 
# File 'lib/rex/peparsey/pe_memdump.rb', line 19

def self.new_from_string(data)
  raise NotImplementError
end

Instance Method Details

#all_sectionsObject 



52
53
54
 
# File 'lib/rex/peparsey/pe_memdump.rb', line 52

def all_sections
  self.sections
end

#ptr_64?Boolean

No 64-bit support

Returns:

  • (Boolean) 


57
58
59
 
# File 'lib/rex/peparsey/pe_memdump.rb', line 57

def ptr_64?
  false
end