Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PE: Fix import parser for non-well-formed import table #429

Merged
merged 2 commits into from
Nov 14, 2024
Merged

PE: Fix import parser for non-well-formed import table #429

merged 2 commits into from
Nov 14, 2024

Conversation

kkent030315
Copy link
Contributor

@kkent030315 kkent030315 commented Oct 29, 2024
edited
Loading

Changelists:

  • Added doc comment for ImportDirectoryEntry::is_null
  • Added impl ImportDirectoryEntry::is_possibly_valid to filter out invalid entries where name_rva and import_address_table_rva are both zero. Those never be zero by design if the entry is valid.
  • Added integration tests for both well-formed and non-well-formed import table parsing.

The change is straightforward, it does as well as how Windows Loader does. Parser should stop if it is not is_possibly_valid is the same behaviour with Windows Loader and should be more safe than before. This is special exception for non-well-formed case and should not affect well-formed binaries at all.

The same behaviour can be found at systeminformer (formely processhacker) implementation (respectively, peview):
https://github.com/winsiderss/systeminformer/blob/82c625783a035fa7eac355783f527bb53fb1a384/phlib/mapldr.c#L1635

This PR is backward compatible; thus minor changes.

@kkent030315 kkent030315 mentioned this pull request Oct 29, 2024
Merged
@kkent030315 kkent030315 mentioned this pull request Nov 3, 2024
Open
17 tasks
m4b
m4b approved these changes Nov 14, 2024
View reviewed changes
Copy link
Owner

@m4b m4b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great; if you don't mind, since you touched the logs, it'd be nice to see them ported to newer style, but if not, that's fine too!

src/pe/import.rs Show resolved Hide resolved
src/pe/import.rs Show resolved Hide resolved
@m4b m4b merged commit b971318 into m4b:master Nov 14, 2024
6 checks passed
@m4b
Copy link
Owner

m4b commented Nov 14, 2024

NB backwards compatible with 0.9

@kkent030315 kkent030315 mentioned this pull request Nov 18, 2024
Closed
@kkent030315 kkent030315 deleted the importfix branch November 18, 2024 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m4b m4b m4b approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kkent030315 @m4b