Class: Rex::PeScan::Scanner::Generic
- Inherits:
-
Object
- Object
- Rex::PeScan::Scanner::Generic
show all
- Defined in:
- lib/rex/pescan/scanner.rb
Instance Attribute Summary collapse
Instance Method Summary
collapse
Constructor Details
#initialize(pe) ⇒ Generic
12
13
14
|
# File 'lib/rex/pescan/scanner.rb', line 12
def initialize(pe)
self.pe = pe
end
|
Instance Attribute Details
#pe ⇒ Object
Returns the value of attribute pe.
10
11
12
|
# File 'lib/rex/pescan/scanner.rb', line 10
def pe
@pe
end
|
#regex ⇒ Object
Returns the value of attribute regex.
10
11
12
|
# File 'lib/rex/pescan/scanner.rb', line 10
def regex
@regex
end
|
Instance Method Details
#config(param) ⇒ Object
16
17
|
# File 'lib/rex/pescan/scanner.rb', line 16
def config(param)
end
|
#scan(param) ⇒ Object
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# File 'lib/rex/pescan/scanner.rb', line 19
def scan(param)
config(param)
$stdout.puts "[#{param['file']}]"
pe.all_sections.each do |section|
hits = scan_section(section, param)
hits.each do |hit|
vma = pe.rva_to_vma(hit[0])
next if (param['filteraddr'] and [vma].pack("V").reverse !~ /#{param['filteraddr']}/)
msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
$stdout.puts pe.ptr_s(vma) + " " + msg
if(param['disasm'])
insns = []
msg.gsub!("; ", "\n")
if msg.include?("retn")
msg.gsub!("retn", "ret")
end
begin
d2 = Metasm::Shellcode.assemble(Metasm::Ia32.new, msg).disassemble
rescue Metasm::ParseError
d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, [msg].pack('H*'))
end
addr = 0
while ((di = d2.disassemble_instruction(addr)))
insns << di.instruction
disasm = "0x%08x\t" % (vma + addr)
disasm << di.instruction.to_s
$stdout.puts disasm
addr = di.next_addr
end
end
end
end
end
|
#scan_section(section, param = {}) ⇒ Object
62
63
64
|
# File 'lib/rex/pescan/scanner.rb', line 62
def scan_section(section, param={})
[]
end
|