Changed default read size for analuze, needs better logic

Changed pattern_offset to work like 2.x - from lin0xx


git-svn-id: file:///home/svn/incoming/trunk@3608 4d416f70-5f16-0410-b530-b9f4589650da

lib/rex/pescan/analyze.rb

@@ -52,7 +52,7 @@ module Analyze
 			config(param)
 
 			epa = pe.hdr.opt.AddressOfEntryPoint
-			buf = pe.read_rva(epa, 1024)
+			buf = pe.read_rva(epa, 256)
 			
 			@sigs.each_pair do |name, data|
 				begin

tools/pattern_offset.rb

@@ -4,12 +4,17 @@ $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 
 require 'rex'
 
-if ARGV.length < 2
-	$stderr.puts("Usage: #{File.basename($0)} buffer [text/integer]")
+if ARGV.length < 1 
+	$stderr.puts("Usage: #{File.basename($0)} <searh item> <length of buffer>")
+	$stderr.puts("Default length of buffer if none is inserted: 8192")
+	$stderr.puts("This buffer is generated by pattern_create() in the Rex library automatically")
+	exit
 end
 
-buffer = ARGV.shift
-value  = ARGV.shift
+value = ARGV.shift
+len   = ARGV.shift || 8192
+
 value  = value.hex if (value.length >= 8 and value.hex > 0)
+buffer = Rex::Text.pattern_create(len.to_i)
 
 puts Rex::Text.pattern_offset(buffer, value)