Class: PEdump::IMAGE_RESOURCE_DIRECTORY

Inherits:
Object
  • Object
show all
Defined in:
lib/pedump/resources.rb

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.baseObject

Returns the value of attribute base.



263
264
265
 
# File 'lib/pedump/resources.rb', line 263

def base
  @base
end

Class Method Details

.read(f, root = true) ⇒ Object 



265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
 
# File 'lib/pedump/resources.rb', line 265

def read f, root=true
  if root
    @@loopchk1 = Hash.new(0)
    @@loopchk2 = Hash.new(0)
    @@loopchk3 = Hash.new(0)
  elsif (@@loopchk1[f.tell] += 1) > 1
    PEdump.logger.error "[!] #{self}: loop1 detected at file pos #{f.tell}" if @@loopchk1[f.tell] < 2
    return nil
  end
  read_without_children(f).tap do |r|
    nToRead = r.NumberOfNamedEntries.to_i + r.NumberOfIdEntries.to_i
    r.entries = []
    nToRead.times do |i|
      if f.eof?
        PEdump.logger.error "[!] #{self}: #{nToRead} entries in directory, but got EOF on #{i}-th."
        break
      end
      if (@@loopchk2[f.tell] += 1) > 1
        PEdump.logger.error "[!] #{self}: loop2 detected at file pos #{f.tell}" if @@loopchk2[f.tell] < 2
        next
      end
      r.entries << IMAGE_RESOURCE_DIRECTORY_ENTRY.read(f)
    end
    #r.entries.uniq!
    r.entries.each do |entry|
      entry.name =
        if entry.Name.to_i & 0x8000_0000 > 0
          # Name is an address of unicode string
          f.seek base + entry.Name & 0x7fff_ffff
          nChars = f.read(2).to_s.unpack("v").first.to_i
          begin
            f.read(nChars*2).force_encoding('UTF-16LE').encode!('UTF-8')
          rescue
            PEdump.logger.error "[!] #{self} failed to read entry name: #{$!}"
            "???"
          end
        else
          # Name is a numeric id
          "##{entry.Name}"
        end
      if entry.OffsetToData && f.checked_seek(base + entry.OffsetToData & 0x7fff_ffff)
        if (@@loopchk3[f.tell] += 1) > 1
          PEdump.logger.error "[!] #{self}: loop3 detected at file pos #{f.tell}" if @@loopchk3[f.tell] < 2
          next
        end
        entry.data =
          if entry.OffsetToData & 0x8000_0000 > 0
            # child is a directory
            IMAGE_RESOURCE_DIRECTORY.read(f,false)
          else
            # child is a resource
            IMAGE_RESOURCE_DATA_ENTRY.read(f)
          end
      end
    end
    @@loopchk1 = @@loopchk2 = @@loopchk3 = nil if root # save some memory
  end
end

.read_without_childrenObject 



264
 
# File 'lib/pedump/resources.rb', line 264

alias :read_without_children :read