removed nasm calls inplace of metasm, cleaned up some formatting as well

git-svn-id: file:///home/svn/framework3/trunk@12741 4d416f70-5f16-0410-b530-b9f4589650da
unstable
David Rude 2011-05-27 17:34:31 +00:00
parent a891d53be4
commit f92819e754
2 changed files with 31 additions and 16 deletions

View File

@ -1,3 +1,5 @@
require 'metasm'
module Rex
module PeScan
module Scanner
@ -27,8 +29,15 @@ module Scanner
msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
$stdout.puts pe.ptr_s(vma) + " " + msg
if(param['disasm'])
::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line|
$stdout.puts "\t#{line.strip}"
insns = []
d2 = Metasm::Shellcode.decode(msg, Metasm::Ia32.new).disassembler
addr = 0
while ((di = d2.disassemble_instruction(addr)))
insns << di.instruction
disasm = "0x%08x\t" % (vma + addr)
disasm << di.instruction.to_s
$stdout.puts disasm
addr = di.next_addr
end
end
end

View File

@ -3,44 +3,50 @@ module PeScan
module Search
require "rex/assembly/nasm"
class DumpRVA
attr_accessor :pe
def initialize(pe)
self.pe = pe
end
def config(param)
@address = pe.vma_to_rva(param['args'])
end
def scan(param)
config(param)
$stdout.puts "[#{param['file']}]"
# Adjust based on -A and -B flags
pre = param['before'] || 0
suf = param['after'] || 16
@address -= pre
@address = 0 if (@address < 0 || ! @address)
begin
buf = pe.read_rva(@address, suf)
rescue ::Rex::PeParsey::WtfError
return
end
$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
if(param['disasm'])
::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line|
$stdout.puts "\t#{line.strip}"
insns = []
d2 = Metasm::Shellcode.decode(buf, Metasm::Ia32.new).disassembler
addr = 0
while ((di = d2.disassemble_instruction(addr)))
insns << di.instruction
disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
disasm << di.instruction.to_s
$stdout.puts disasm
addr = di.next_addr
end
end
end
end
end
class DumpOffset < DumpRVA
@ -50,7 +56,7 @@ module Search
rescue Rex::PeParsey::BoundsError
end
end
end
end
end
end
end