Class: Rex::PeScan::Analyze::ContextMapDumper

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/pescan/analyze.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe) ⇒ ContextMapDumper

Returns a new instance of ContextMapDumper.



308
309
310
 
# File 'lib/rex/pescan/analyze.rb', line 308

def initialize(pe)
	self.pe = pe
end

Instance Attribute Details

#peObject

Returns the value of attribute pe.



306
307
308
 
# File 'lib/rex/pescan/analyze.rb', line 306

def pe
  @pe
end

Instance Method Details

#scan(param) ⇒ Object 



312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
 
# File 'lib/rex/pescan/analyze.rb', line 312

def scan(param)
	dest = param['dir']
	path = ''

	::FileUtils.mkdir_p(dest)

	if(not (param['dir'] and param['file']))
		$stderr.puts "No directory or file specified"
		return
	end

	if (param['file'])
		path = File.join(dest, File.basename(param['file']) + ".map")
	end

	fd = File.new(path, "wb")
	pe.all_sections.each do |section|

		# Skip over known bad sections
		next if section.name == ".data"
		next if section.name == ".reloc"

		offset = 0
		while offset < section.size
			byte = section.read(offset, 1)[0]
			if byte != 0
				chunkbase = pe.rva_to_vma(section.base_rva) + offset
				data = ''
				while byte != 0
					data << byte
					offset += 1
					byte = 0
					byte = section.read(offset, 1)[0] if offset < section.size
				end
				buff = nil
				buff = [ 0x01, chunkbase, data.length, data].pack("CNNA*") if data.length > 0

				fd.write(buff) if buff
			end
			offset += 1
		end

	end


	fd.close
end