forked from zed-0xff/pedump
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.md.tpl
98 lines (62 loc) · 2.01 KB
/
README.md.tpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
pedump [](https://travis-ci.org/zed-0xff/pedump) [](https://gemnasium.com/zed-0xff/pedump)
======
Description
-----------
A pure ruby implementation of win32 PE binary files dumper.
Supported formats:
* DOS MZ EXE
* win16 NE
* win32 PE
* win64 PE
Can dump:
* MZ/NE/PE Header
* DOS stub
* ['Rich' Header](http://ntcore.com/files/richsign.htm)
* Data Directory
* Sections
* Resources
* Strings
* Imports & Exports
* VS_VERSIONINFO parsing
* PE Packer/Compiler detection
* a convenient way to upload your PE's to http://pedump.me for a nice HTML tables with image previews, candies & stuff
Installation
------------
gem install pedump
Usage
-----
% pedump -h
### MZ Header
% pedump --mz calc.exe
### DOS stub
% pedump --dos-stub calc.exe
### 'Rich' Header
% pedump --rich calc.exe
### PE Header
% pedump --pe calc.exe
### Data Directory
% pedump --data-directory calc.exe
### Sections
% pedump --sections calc.exe
### Resources
% pedump --resources calc.exe
### Strings
% pedump --strings calc.exe.mui
### Imports
% pedump --imports zlib.dll
### Exports
% pedump --exports zlib.dll
### VS_VERSIONINFO parsing
% pedump --version-info calc.exe
### Packer / Compiler detection
% pedump --packer zlib.dll
#### pedump can mimic 'file' command output:
#pedump --packer-only -qqq samples/*
samples/StringLoader.dll: Microsoft Visual C++ 6.0 DLL (Debug)
samples/control.exe: ASPack v2.12
samples/gms_v1_0_3.exe: UPX 2.90 [LZMA] (Markus Oberhumer, Laszlo Molnar & John Reiser)
samples/unpackme.exe: ASProtect 1.33 - 2.1 Registered (Alexey Solodovnikov)
samples/zlib.dll: Microsoft Visual C v2.0
License
-------
Released under the MIT License. See the [LICENSE](https://github.com/zed-0xff/pedump/blob/master/LICENSE.txt) file for further details.