Class: PEdump::Loader

Inherits:

Object

• Object
• PEdump::Loader

Defined in:

lib/pedump/loader.rb,
lib/pedump/loader/section.rb

Defined Under Namespace

Classes: Section

Instance Attribute Summary

• #dos_stub ⇒ Object

  Returns the value of attribute dos_stub.

• #mz_hdr ⇒ Object

  Returns the value of attribute mz_hdr.

• #pe_hdr ⇒ Object (also: #pe)

  Returns the value of attribute pe_hdr.

• #pedump ⇒ Object

  Returns the value of attribute pedump.

• #sections ⇒ Object

  Returns the value of attribute sections.

Instance Method Summary

• #[](va, size) ⇒ Object

  virtual memory read/write.

• #[]=(va, size, data) ⇒ Object
• #dump(f) ⇒ Object
• #ep ⇒ Object
• #ep=(v) ⇒ Object
• #initialize(io = nil, pedump_params = {}) ⇒ Loader constructor

  constructors.

• #load_sections(section_hdrs, f = nil) ⇒ Object
• #section_table ⇒ Object

  generating PE binary.

• #va2section(va) ⇒ Object

  VA conversion.

• #va2stream(va) ⇒ Object

Constructor Details

#initialize(io = nil, pedump_params = {}) ⇒ Loader

constructors

# File 'lib/pedump/loader.rb', line 17

def initialize io = nil, pedump_params = {}
  @pedump = PEdump.new(io, pedump_params)
  if io
    @mz_hdr     = @pedump.mz
    @dos_stub   = @pedump.dos_stub
    @pe_hdr     = @pedump.pe
    load_sections @pedump.sections, io
  end
end

Instance Attribute Details

#dos_stub ⇒ Object

Returns the value of attribute dos_stub.

# File 'lib/pedump/loader.rb', line 6

def dos_stub
  @dos_stub
end

#mz_hdr ⇒ Object

Returns the value of attribute mz_hdr.

# File 'lib/pedump/loader.rb', line 6

def mz_hdr
  @mz_hdr
end

#pe_hdr ⇒ Object Also known as: pe

Returns the value of attribute pe_hdr.

# File 'lib/pedump/loader.rb', line 6

def pe_hdr
  @pe_hdr
end

#pedump ⇒ Object

Returns the value of attribute pedump.

# File 'lib/pedump/loader.rb', line 6

def pedump
  @pedump
end

#sections ⇒ Object

Returns the value of attribute sections.

# File 'lib/pedump/loader.rb', line 6

def sections
  @sections
end

Instance Method Details

#[](va, size) ⇒ Object

virtual memory read/write

# File 'lib/pedump/loader.rb', line 65

def [] va, size
  section = va2section(va)
  raise "no section for va=0x#{va.to_s 16}" unless section
  offset = va - section.va
  raise "negative offset #{offset}" if offset < 0
  r = section.data[offset,size]
  if r.size < size
    # append some empty data
    r << ("\x00".force_encoding('binary')) * (size - r.size)
  end
  r
end

#[]=(va, size, data) ⇒ Object

# File 'lib/pedump/loader.rb', line 78

def []= va, size, data
  raise "data.size != size" if data.size != size
  section = va2section(va)
  raise "no section for va=0x#{va.to_s 16}" unless section
  offset = va - section.va
  raise "negative offset #{offset}" if offset < 0
  if section.data.size < offset
    # append some empty data
    section.data << ("\x00".force_encoding('binary') * (offset-section.data.size))
  end
  section.data[offset, data.size] = data
end

#dump(f) ⇒ Object

# File 'lib/pedump/loader.rb', line 102

def dump f
  align = @pe_hdr.ioh.FileAlignment

  mz_size = @mz_hdr.pack.size
  raise "odd mz_size #{mz_size}" if mz_size % 0x10 != 0
  @mz_hdr.header_paragraphs = mz_size / 0x10              # offset of dos_stub
  @mz_hdr.lfanew = mz_size + @dos_stub.size               # offset of PE hdr
  f.write @mz_hdr.pack
  f.write @dos_stub
  f.write @pe_hdr.pack
  f.write @pe_hdr.ioh.DataDirectory.map(&:pack).join

  section_tbl_offset = f.tell # store offset for 2nd write of section table
  f.write section_table

  @sections.each do |section|
    f.seek(align - (f.tell % align), IO::SEEK_CUR) if f.tell % align != 0
    section.hdr.PointerToRawData = f.tell  # fix raw_ptr
    f.write(section.data)
  end

  eof = f.tell

  # 2nd write of section table with correct raw_ptr's
  f.seek section_tbl_offset
  f.write section_table

  f.seek eof
end

#ep ⇒ Object

# File 'lib/pedump/loader.rb', line 10

def ep; @pe_hdr.ioh.AddressOfEntryPoint; end

#ep=(v) ⇒ Object

# File 'lib/pedump/loader.rb', line 11

def ep= v; @pe_hdr.ioh.AddressOfEntryPoint=v; end

#load_sections(section_hdrs, f = nil) ⇒ Object

# File 'lib/pedump/loader.rb', line 27

def load_sections section_hdrs, f = nil
  if section_hdrs.is_a?(Array) && section_hdrs.map(&:class).uniq == [PEdump::IMAGE_SECTION_HEADER]
    @sections = section_hdrs.map{ |x| Section.new(x, :deferred_load_io => f) }
    if f.respond_to?(:seek) && f.respond_to?(:read)
      #
      # converted to deferred loading
      #
#        section_hdrs.each_with_index do |sect_hdr, idx|
#          f.seek sect_hdr.PointerToRawData
#          @sections[idx].data = f.read(sect_hdr.SizeOfRawData)
#        end
    elsif f
      raise "invalid 2nd arg: #{f.inspect}"
    end
  else
    raise "invalid arg: #{section_hdrs.inspect}"
  end
end

#section_table ⇒ Object

generating PE binary

# File 'lib/pedump/loader.rb', line 95

def section_table
  @sections.map do |section|
    section.hdr.SizeOfRawData = section.data.size
    section.hdr.pack
  end.join
end

#va2section(va) ⇒ Object

VA conversion

# File 'lib/pedump/loader.rb', line 50

def va2section va
  @sections.find{ |x| x.range.include?(va) }
end

#va2stream(va) ⇒ Object

# File 'lib/pedump/loader.rb', line 54

def va2stream va
  return nil unless section = va2section(va)
  StringIO.new(section.data).tap do |io|
    io.seek va-section.va
  end
end