Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issues in version info parsing in pe module #155

Merged
merged 2 commits into from
May 19, 2024
Merged

Fix issues in version info parsing in pe module #155

merged 2 commits into from
May 19, 2024

Conversation

vthib
Copy link
Owner

@vthib vthib commented May 19, 2024

Fix several issues related to version info parsing:

  • the key name of the string table was assumed to be "040904B0" which
    is not always the case.
  • the alignment handling was not properly applied for rare files: the
    current offset should not be considered, only the relative length
    values of version infos.
  • the parsing of key then value was simplified to remove weird parsing
    from the end of the entry. Alignment is needed between the key and the
    value for proper parsing.
  • Properly handle multiple resource directories containing version
    infos.

Also bound the size of the strings as is done in YARA

vthib added 2 commits May 19, 2024 22:55
@vthib
fix: fix parsing issues in version_info of pe module
c7e048a 
Fix several issues related to version info parsing:

- the key name of the string table was assumed to be "040904B0" which
  is not always the case.
- the alignment handling was not properly applied for rare files: the
  current offset should not be considered, only the relative length
  values of version infos.
- the parsing of key then value was simplified to remove weird parsing
  from the end of the entry. Alignment is needed between the key and the
  value for proper parsing.
- Properly handle multiple resource directories containing version
  infos.
@vthib
feat: limit size of version info key and value
d1af30a 
Use the same limits as YARA for the strings used in version infos.
@vthib vthib changed the title Fix version info Fix issues in version info parsing in pe module May 19, 2024
@vthib vthib merged commit 4a20f5c into master May 19, 2024
17 checks passed
@vthib vthib deleted the fix-version-info branch May 19, 2024 21:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vthib