diff --git a/bin/Cargo.toml b/bin/Cargo.toml index 8f083886..23165787 100644 --- a/bin/Cargo.toml +++ b/bin/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lancelot-bin" -version = "0.4.1" +version = "0.4.2" description = "binary analysis tools for x32/x64 PE files" authors = ["William Ballenthin "] license = "Apache-2.0" @@ -22,6 +22,6 @@ goblin = "0.2" zydis = "3" hex = "0.4" -lancelot = { path = "../core", version = "0.4.1" } +lancelot = { path = "../core", version = "0.4.2" } diff --git a/core/Cargo.toml b/core/Cargo.toml index 1fae7d61..df85e98d 100644 --- a/core/Cargo.toml +++ b/core/Cargo.toml @@ -2,7 +2,7 @@ name = "lancelot" description = "binary analysis framework for x32/x64 PE files" license = "Apache-2.0" -version = "0.4.1" +version = "0.4.2" authors = ["Willi Ballenthin "] edition = "2018" @@ -25,7 +25,7 @@ smallvec = "1" widestring = "0.4" smol_str = "0.1" -lancelot-flirt = { path = "../flirt", version = "0.4.1" } +lancelot-flirt = { path = "../flirt", version = "0.4.2" } [features] # The reason we do this is because doctests don't get cfg(test) diff --git a/core/src/analysis/pe/runtime_functions.rs b/core/src/analysis/pe/runtime_functions.rs index b4527653..897cdfa3 100644 --- a/core/src/analysis/pe/runtime_functions.rs +++ b/core/src/analysis/pe/runtime_functions.rs @@ -176,7 +176,7 @@ pub fn find_pe_runtime_functions(pe: &PE) -> Result> { return Err(RuntimeFunctionError::InvalidRuntimeFunction.into()); } - let function = pe.module.address_space.base_address + runtime_function.function_start; + let function = runtime_function.function_start; debug!("pdata: found RUNTIME_FUNCTION: {:#x}", function); ret.push(function); @@ -204,6 +204,8 @@ mod tests { let fns = crate::analysis::pe::runtime_functions::find_pe_runtime_functions(&pe)?; assert_eq!(1800, fns.len()); + assert_eq!(fns[0], 0x180001010); + Ok(()) } diff --git a/flirt/Cargo.toml b/flirt/Cargo.toml index 2cace87e..9c3a6884 100644 --- a/flirt/Cargo.toml +++ b/flirt/Cargo.toml @@ -2,7 +2,7 @@ name = "lancelot-flirt" description = "parse and match FLIRT signatures" license = "Apache-2.0" -version = "0.4.1" +version = "0.4.2" authors = ["Willi Ballenthin "] edition = "2018" diff --git a/pylancelot/Cargo.toml b/pylancelot/Cargo.toml index b44ea23f..3997979b 100644 --- a/pylancelot/Cargo.toml +++ b/pylancelot/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "pylancelot" -version = "0.4.1" +version = "0.4.2" authors = ["Willi Ballenthin "] edition = "2018" @@ -9,7 +9,7 @@ name = "lancelot" crate-type = ["cdylib"] [dependencies] -lancelot = { path = "../core", version = "0.4.1" } +lancelot = { path = "../core", version = "0.4.2" } pyo3 = { version = "0.11"} anyhow = "1" zydis = "3" diff --git a/pylancelot/tests/test_pylancelot.py b/pylancelot/tests/test_pylancelot.py index 3d07b4c1..1a4edd3b 100644 --- a/pylancelot/tests/test_pylancelot.py +++ b/pylancelot/tests/test_pylancelot.py @@ -43,7 +43,7 @@ def test_functions(k32): # IDA identifies 2326 # lancelot identifies around 2200 - assert len(functions) > 2000 + assert len(functions) > 1500 # this is _security_check_cookie assert 0x180020250 in functions