Class: Rex::PeScan::Search::DumpRVA

Inherits:

Object

Object
Rex::PeScan::Search::DumpRVA

show all

Defined in:: lib/rex/pescan/search.rb

Direct Known Subclasses

DumpOffset

Instance Attribute Summary collapse

#pe ⇒ Object

Returns the value of attribute pe.

Instance Method Summary collapse

#config(param) ⇒ Object
#initialize(pe) ⇒ DumpRVA constructor

A new instance of DumpRVA.
#scan(param) ⇒ Object

Constructor Details

#initialize(pe) ⇒ `DumpRVA`

Returns a new instance of DumpRVA.



10
11
12

# File 'lib/rex/pescan/search.rb', line 10

def initialize(pe)
  self.pe = pe
end

Instance Attribute Details

#pe ⇒ `Object`

Returns the value of attribute pe.



8
9
10

# File 'lib/rex/pescan/search.rb', line 8

def pe
  @pe
end

Instance Method Details

#config(param) ⇒ `Object`



14
15
16

# File 'lib/rex/pescan/search.rb', line 14

def config(param)
  @address = pe.vma_to_rva(param['args'])
end

#scan(param) ⇒ `Object`

# File 'lib/rex/pescan/search.rb', line 18

def scan(param)
  config(param)
  
  $stdout.puts "[#{param['file']}]"
  
  # Adjust based on -A and -B flags
  pre = param['before'] || 0
  suf = param['after']  || 16
  
  @address -= pre
  @address = 0 if (@address < 0 || ! @address)
  
  begin
    buf = pe.read_rva(@address, suf)
  rescue ::Rex::PeParsey::WtfError
    return
  end
  
  $stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
  if(param['disasm'])
    ::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line|
      $stdout.puts "\t#{line.strip}"
    end
  end
  
end

Class: Rex::PeScan::Search::DumpRVA

Direct Known Subclasses

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe) ⇒ DumpRVA

Instance Attribute Details

#pe ⇒ Object

Instance Method Details

#config(param) ⇒ Object

#scan(param) ⇒ Object

#initialize(pe) ⇒ `DumpRVA`

#pe ⇒ `Object`

#config(param) ⇒ `Object`

#scan(param) ⇒ `Object`