Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detection of rich header offset should also check for valid Rich magic #965

Closed
metthal opened this issue Jun 8, 2021 · 1 comment · Fixed by #973
Closed

Detection of rich header offset should also check for valid Rich magic #965

metthal opened this issue Jun 8, 2021 · 1 comment · Fixed by #973
Assignees
@HoundThe
Labels
bug C-fileformat T-format-pe

Comments

@metthal
Copy link
Member

metthal commented Jun 8, 2021

Right now, valid rich magic Rich is not checked for when detecting rich header offset. In samples like 646679c8decab9e85874c306560e75df410013bf9de2aed17a3e92aedc7c6dad it causes issues because it detects rich header on lower offset than it really is. The real offset of rich header should be 0x90 but we detect it as 0x88.
@HoundThe
Copy link
Member

I think this issue is also fixed by fixing the Rich header analysis algorithm, which also sets the offset to the actual start of the Rich header (The decoded sequence "DanS") #973

@HoundThe HoundThe mentioned this issue Jun 23, 2021
Merged
3 tasks
@HoundThe HoundThe self-assigned this Jun 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HoundThe HoundThe

Labels
bug C-fileformat T-format-pe
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix the Rich header analysis algorithm HoundThe/retdec
2 participants
@metthal @HoundThe