Sha256: d075c1aea832d4237b748a0ee08c8766d4629f665fd5ccc3758fdd5e212b0149
Contents?: true
Size: 1.25 KB
Versions: 2
Compression:
Stored size: 1.25 KB
Contents
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id: pe_memdump.rb 15548 2012-06-29 06:08:20Z rapid7 $
require 'rex/image_source'
require 'rex/peparsey/exceptions'
require 'rex/peparsey/pebase'
require 'rex/peparsey/section'
require 'rex/struct2'
#
# This class is for use with memdump.exe generated dump images. It basically
# just lies, gets the ImageBase from the file name, and generates 1 big
# header_section with all of the data in it...
#
module Rex
module PeParsey
class PeMemDump < Pe
def self.new_from_string(data)
raise NotImplementError
end
def self.new_from_file(filename, disk_backed = false)
if filename[-4, 4] != '.rng'
raise "Not a .rng file: #{filename}"
end
if filename[-9, 9] == "index.rng"
raise SkipError
end
file = File.open(filename, 'rb')
if disk_backed
obj = ImageSource::Disk.new(file)
else
obj = ImageSource::Memory.new(file.read)
obj.close
end
return self.new(obj, filename.gsub(/.*[\/\\]/, '')[0,8].hex)
end
def initialize(isource, base)
self._isource = isource
self.header_section = Section.new(isource, base, nil)
self.sections = [ self.header_section ]
self.image_base = 0
end
def all_sections
self.sections
end
# No 64-bit support
def ptr_64?
false
end
end end end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| librex-0.0.68 | lib/rex/peparsey/pe_memdump.rb |
| librex-0.0.66 | lib/rex/peparsey/pe_memdump.rb |