Class: Rex::PeScan::Analyze::ContextMapDumper

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/pescan/analyze.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe) ⇒ ContextMapDumper

Returns a new instance of ContextMapDumper.



308
309
310
 
# File 'lib/rex/pescan/analyze.rb', line 308

def initialize(pe)
  self.pe = pe
end

Instance Attribute Details

#peObject

Returns the value of attribute pe.



306
307
308
 
# File 'lib/rex/pescan/analyze.rb', line 306

def pe
  @pe
end

Instance Method Details

#scan(param) ⇒ Object 



312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
 
# File 'lib/rex/pescan/analyze.rb', line 312

def scan(param)
  dest = param['dir']
  path = ''

  ::FileUtils.mkdir_p(dest)

  if(not (param['dir'] and param['file']))
    $stderr.puts "No directory or file specified"
    return
  end

  if (param['file'])
    path = File.join(dest, File.basename(param['file']) + ".map")
  end

  fd = File.new(path, "wb")
  pe.all_sections.each do |section|

    # Skip over known bad sections
    next if section.name == ".data"
    next if section.name == ".reloc"

    offset = 0
    while offset < section.size
      byte = section.read(offset, 1)[0]
      if byte != 0
        chunkbase = pe.rva_to_vma(section.base_rva) + offset
        data = ''
        while byte != 0
          data << byte
          offset += 1
          byte = 0
          byte = section.read(offset, 1)[0] if offset < section.size
        end
        buff = nil
        buff = [ 0x01, chunkbase, data.length, data].pack("CNNA*") if data.length > 0

        fd.write(buff) if buff
      end
      offset += 1
    end

  end


  fd.close
end