metasploit-framework/lib/rex/pescan/search.rb

69 lines
1.4 KiB
Ruby
Raw Normal View History

# -*- coding: binary -*-
module Rex
module PeScan
module Search
2013-08-30 21:28:33 +00:00
require "rex/assembly/nasm"
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
class DumpRVA
attr_accessor :pe
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
def initialize(pe)
self.pe = pe
end
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
def config(param)
@address = pe.vma_to_rva(param['args'])
end
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
def scan(param)
config(param)
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
$stdout.puts "[#{param['file']}]"
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
# Adjust based on -A and -B flags
pre = param['before'] || 0
suf = param['after'] || 16
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
@address -= pre
@address = 0 if (@address < 0 || ! @address)
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
begin
buf = pe.read_rva(@address, suf)
rescue ::Rex::PeParsey::PeParseyError
2013-08-30 21:28:33 +00:00
return
end
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
if(param['disasm'])
insns = []
buf.gsub!("; ", "\n")
if buf.include?("retn")
buf.gsub!("retn", "ret")
end
d2 = Metasm::Shellcode.disassemble(Metasm::Ia32.new, buf)
addr = 0
while ((di = d2.disassemble_instruction(addr)))
insns << di.instruction
disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
disasm << di.instruction.to_s
$stdout.puts disasm
addr = di.next_addr
end
end
2013-03-08 00:16:57 +00:00
2013-08-30 21:28:33 +00:00
end
end
2013-08-30 21:28:33 +00:00
class DumpOffset < DumpRVA
def config(param)
begin
@address = pe.file_offset_to_rva(param['args'])
rescue Rex::PeParsey::BoundsError
end
end
end
end
end
end