Skip to content
This repository has been archived by the owner on Jan 27, 2020. It is now read-only.

Fixed detection of cut import directory #17

Merged
merged 1 commit into from
Jan 17, 2020
Merged

Fixed detection of cut import directory #17

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 21 additions & 8 deletions include/pelib/ImportDirectory.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,8 @@ namespace PeLib
}

std::uint64_t ulFileSize = fileSize(inStream_w);
unsigned int uiOffset = (unsigned int)peHeader.rvaToOffset(peHeader.getIddImportRva());
unsigned int uiRva = peHeader.getIddImportRva();
unsigned int uiOffset = (unsigned int)peHeader.rvaToOffset(uiRva);

if ((uiOffset + PELIB_IMAGE_IMPORT_DESCRIPTOR::size()) > ulFileSize)
{
Expand All @@ -563,15 +564,26 @@ namespace PeLib
// Read and store all descriptors
for (;;)
{
// Are we getting out of the file?
if (uiDescOffset + PELIB_IMAGE_IMPORT_DESCRIPTOR::size() > ulFileSize)
std::vector<unsigned char> vImportDescriptor(PELIB_IMAGE_IMPORT_DESCRIPTOR::size());

// If the required range is within the file, then we read the data.
// If not, it's RVA may still be valid due mapping -> keep zeros.
// Example sample: de0dea00414015bacbcbfc1fa53af9f6731522687d82f5de2e9402410488d190
// (single entry in the import directory at file offset 0x3EC4 followed by end-of-file)
if ((uiDescOffset + PELIB_IMAGE_IMPORT_DESCRIPTOR::size()) <= ulFileSize)
{
setLoaderError(LDR_ERROR_IMPDIR_CUT);
break;
// The offset is within the file range -> read it from the file
inStream_w.read(reinterpret_cast<char*>(vImportDescriptor.data()), PELIB_IMAGE_IMPORT_DESCRIPTOR::size());
}
else
{
// The offset is out of physical file -> is the RVA still valid?
if (!peHeader.isValidRva(uiRva + PELIB_IMAGE_IMPORT_DESCRIPTOR::size()))
{
setLoaderError(LDR_ERROR_IMPDIR_CUT);
break;
}
}

std::vector<unsigned char> vImportDescriptor(PELIB_IMAGE_IMPORT_DESCRIPTOR::size());
inStream_w.read(reinterpret_cast<char*>(vImportDescriptor.data()), PELIB_IMAGE_IMPORT_DESCRIPTOR::size());

InputBuffer inpBuffer(vImportDescriptor);

Expand All @@ -582,6 +594,7 @@ namespace PeLib
inpBuffer >> iidCurr.impdesc.FirstThunk;

uiDescOffset += PELIB_IMAGE_IMPORT_DESCRIPTOR::size();
uiRva += PELIB_IMAGE_IMPORT_DESCRIPTOR::size();
uiDescCounter++;

// If Name or FirstThunk are 0, this descriptor is considered as null-terminator.
Expand Down