Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve PE module when scanning memory and fix PE certificate parsing #1657

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Improve PE module when scanning memory and fix PE certificate parsing #1657

wants to merge 16 commits into from

Conversation

niallnsec
Copy link

Addresses #1372 and #1392

@niallnsec
Added ability for pe module to scan memory mapped images
de44c33
@niallnsec
Fix win process base module location to work with 32 bit builds
98680c3
@niallnsec
Do not attempt to get process module base address when running under …
1a17386 
…WOW64 unless the target is also WOW64
@niallnsec
Return correct process memory region when an offset is on the upper b…
feb2e7c 
…oundary
@niallnsec
Avoid use after free when the block buffer is reallocated to fit the …
3824f56 
…process binary
@niallnsec
Fix typo in libyara vcxproj file
fda8607
@niallnsec
Use correct size for WOW64 ImageBase in 64 bit build
659507f
@niallnsec
Fix bounds checks for memory region buffer data size
9d4212e
@niallnsec
Added vs2019 solution directory for Windows
7564997
@niallnsec
Fix various uninitialised variables when scanning process memory
dc15092
@niallnsec
Set DLLs which are rarely used to delay load for better performance
58b08a0
@niallnsec
Fix issue where certificate subject and issuer are truncated
3ae5bda 
* The X509_NAME_oneline function was being used to extract the certificate issuer and subject. The function
is being provided a static buffer which is only 254 chars in size, meaning that if either string is larger they will
be truncated and essential information may be lost.
* Increasing the buffer size or using a dynamic buffer could solve the issue, however the X509_NAME_oneline
function is deprecated and its use is strongly discouraged. Instead, the issue can be fixed using the newer
X509_NAME_print_ex function which will output the full string in a standard format.
* Unicode data is escaped in the output string by default, so ASN1_STRFLGS_ESC_MSB is explicitly cleared to
force the output of UTF8 encoded data. This allows matching unicode byte sequences in a more natural
and expected manner.
* This change has the side effect of addressing VirusTotal#1392
@niallnsec
Updated vs2019 project for new console module
1046b5f
@niallnsec
Switch from MultiByte to Unicode builds
6617f76
@niallnsec
Fix build error due to use of windows typedef
c0b0b77
@niallnsec niallnsec force-pushed the master branch 3 times, most recently from 0d6be86 to 5d498a4 Compare March 1, 2022 18:36
@hugmyndakassi hugmyndakassi mentioned this pull request Apr 13, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@niallnsec