Class: PEdump::Loader::Minidump

Inherits:

Object

• Object
• PEdump::Loader::Minidump

Defined in:

lib/pedump/loader/minidump.rb

Defined Under Namespace

Classes: MemoryRange

Instance Attribute Summary

• #hdr ⇒ Object

  Returns the value of attribute hdr.

• #io ⇒ Object

  Returns the value of attribute io.

• #streams ⇒ Object

  Returns the value of attribute streams.

Instance Method Summary

• #initialize(io) ⇒ Minidump constructor

  A new instance of Minidump.

• #memory64_list ⇒ Object
• #memory_info_list ⇒ Object
• #memory_list ⇒ Object
• #memory_ranges(options = {}) ⇒ Object

  set options = true to merge adjacent memory ranges.

• #stream_by_name(name) ⇒ Object

Constructor Details

#initialize(io) ⇒ Minidump

Returns a new instance of Minidump.

# File 'lib/pedump/loader/minidump.rb', line 147

def initialize io
  @io = io
  @hdr = MINIDUMP_HEADER.read(@io)
  raise "invalid minidump" unless @hdr.valid?
end

Instance Attribute Details

#hdr ⇒ Object

Returns the value of attribute hdr.

# File 'lib/pedump/loader/minidump.rb', line 145

def hdr
  @hdr
end

#io ⇒ Object

Returns the value of attribute io.

# File 'lib/pedump/loader/minidump.rb', line 145

def io
  @io
end

#streams ⇒ Object

Returns the value of attribute streams.

# File 'lib/pedump/loader/minidump.rb', line 145

def streams
  @streams
end

Instance Method Details

#memory64_list ⇒ Object

# File 'lib/pedump/loader/minidump.rb', line 187

def memory64_list
  # MINIDUMP_MEMORY64_LIST
  stream = stream_by_name(:Memory64ListStream)
  return nil unless stream
  io.seek stream.Location.Rva
  MINIDUMP_MEMORY64_LIST.read io
end

#memory_info_list ⇒ Object

# File 'lib/pedump/loader/minidump.rb', line 171

def memory_info_list
  # MINIDUMP_MEMORY_INFO_LIST
  stream = stream_by_name(:MemoryInfoListStream)
  return nil unless stream
  io.seek stream.Location.Rva
  MINIDUMP_MEMORY_INFO_LIST.read io
end

#memory_list ⇒ Object

# File 'lib/pedump/loader/minidump.rb', line 179

def memory_list
  # MINIDUMP_MEMORY_LIST
  stream = stream_by_name(:MemoryListStream)
  return nil unless stream
  io.seek stream.Location.Rva
  MINIDUMP_MEMORY_LIST.read io
end

#memory_ranges(options = {}) ⇒ Object

set options = true to merge adjacent memory ranges

# File 'lib/pedump/loader/minidump.rb', line 198

def memory_ranges options = {}
  if memory64_list
    ml = memory64_list
    file_offset = ml.BaseRva
    r = []
    if options[:merge]
      ml.entries.each do |x|
        if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
          # if section VA == prev_section.VA + prev_section.SIZE
          # then just increase the size of previous section
          r.last.size += x.DataSize
        else
          r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
        end
        file_offset += x.DataSize
      end
    else
      ml.entries.each do |x|
        r << MemoryRange.new( file_offset, x.StartOfMemoryRange, x.DataSize )
        file_offset += x.DataSize
      end
    end
    return r
  elsif memory_list
    ml = memory_list
    r = []
    if options[:merge]
      ml.entries.each do |x|
        if r.last && r.last.va + r.last.size == x.StartOfMemoryRange
          # if section VA == prev_section.VA + prev_section.SIZE
          # then just increase the size of previous section
          r.last.size += x.DataSize
        else
          r << MemoryRange.new( x.Rva, x.StartOfMemoryRange, x.DataSize )
        end
      end
    else
      ml.entries.each do |x|
        r << MemoryRange.new( x.Rva, x.StartOfMemoryRange, x.DataSize )
      end
    end
    return r
  else
    raise "Could not find memory ranges"
  end
end

#stream_by_name(name) ⇒ Object

# File 'lib/pedump/loader/minidump.rb', line 164

def stream_by_name(name)
  type = MINIDUMP_STREAM_TYPE.invert[name]
  raise "Unknown type symbol #{name}!" if !type

  streams.find { |s| s.StreamType == type }
end