Class: Rex::PeScan::Analyze::ContextMapDumper

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/pescan/analyze.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe) ⇒ ContextMapDumper

Returns a new instance of ContextMapDumper.



251
252
253
 
# File 'lib/rex/pescan/analyze.rb', line 251

def initialize(pe)
	self.pe = pe
end

Instance Attribute Details

#peObject

Returns the value of attribute pe.



249
250
251
 
# File 'lib/rex/pescan/analyze.rb', line 249

def pe
  @pe
end

Instance Method Details

#scan(param) ⇒ Object 



255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
 
# File 'lib/rex/pescan/analyze.rb', line 255

def scan(param)
	dest = param['dir']
	path = ''

	::FileUtils.mkdir_p(dest)

	if(not (param['dir'] and param['file']))
		$stderr.puts "No directory or file specified"
		return
	end

	if (param['file'])
		path = File.join(dest, File.basename(param['file']) + ".map")
	end

	fd = File.new(path, "wb")
	pe.all_sections.each do |section|

		# Skip over known bad sections
		next if section.name == ".data"
		next if section.name == ".reloc"

		offset = 0
		while offset < section.size
			byte = section.read(offset, 1)[0]
			if byte != 0
				chunkbase = pe.rva_to_vma(section.base_rva) + offset
				data = ''
				while byte != 0
					data << byte
					offset += 1
					byte = 0
					byte = section.read(offset, 1)[0] if offset < section.size
				end
				buff = nil
				buff = [ 0x01, chunkbase, data.length, data].pack("CNNA*") if data.length > 0

				fd.write(buff) if buff
			end
			offset += 1
		end

	end


	fd.close
end