Class: Rex::PeScan::Search::DumpRVA

Inherits:

Object

• Object
• Rex::PeScan::Search::DumpRVA

Defined in:

lib/rex/pescan/search.rb

Direct Known Subclasses

DumpOffset

Instance Attribute Summary

• #pe ⇒ Object

  Returns the value of attribute pe.

Instance Method Summary

• #config(param) ⇒ Object
• #initialize(pe) ⇒ DumpRVA constructor

  A new instance of DumpRVA.

• #scan(param) ⇒ Object

Constructor Details

#initialize(pe) ⇒ DumpRVA

Returns a new instance of DumpRVA.

# File 'lib/rex/pescan/search.rb', line 11

def initialize(pe)
  self.pe = pe
end

Instance Attribute Details

#pe ⇒ Object

Returns the value of attribute pe.

# File 'lib/rex/pescan/search.rb', line 9

def pe
  @pe
end

Instance Method Details

#config(param) ⇒ Object

# File 'lib/rex/pescan/search.rb', line 15

def config(param)
  @address = pe.vma_to_rva(param['args'])
end

#scan(param) ⇒ Object

# File 'lib/rex/pescan/search.rb', line 19

def scan(param)
  config(param)

  $stdout.puts "[#{param['file']}]"

  # Adjust based on -A and -B flags
  pre = param['before'] || 0
  suf = param['after']  || 16

  @address -= pre
  @address = 0 if (@address < 0 || ! @address)

  begin
    buf = pe.read_rva(@address, suf)
  rescue ::Rex::PeParsey::WtfError
    return
  end

  $stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
  if(param['disasm'])
    insns = []
    buf.gsub!("; ", "\n")
    if buf.include?("retn")
      buf.gsub!("retn", "ret")
    end
    d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, buf)
    addr = 0
    while ((di = d2.disassemble_instruction(addr)))
      insns << di.instruction
      disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
      disasm << di.instruction.to_s
      $stdout.puts disasm
      addr = di.next_addr
    end
  end

end