Error in appending a new Import Table #96

hasherezade · 2021-12-22T18:59:32Z

Sample:

ce9f47913b5d50a6f0cc5f1b6c730956cdcc851e731d30ee11c18376a16e95ee

Commandline:

mal_unpack.exe /exe ce9f47913b5d50a6f0cc5f1b6c730956cdcc851e731d30ee11c18376a16e95ee.exe /trigger T /timeout 10000 /data 3 /imp A

Problem:
PE-sieve validly detects imports, and attempts to reconstruct import table. But, due to the malformed PE header, the new import table is not properly written to the dump.

Trace log (from TinyTracer): s1.exe.tag
The dumped import table: c450000.exe.imports.txt
The dumped payload: 1376707cb15d0b098dc6ade4cca6c80b64c8de64b241f29fef59456e432f87d9
Sections of the unpacked payload:

The text was updated successfully, but these errors were encountered:

)

hasherezade · 2021-12-22T22:43:44Z

Improved in: 5c14d2a

hasherezade · 2021-12-22T22:48:14Z

The invalid sections are now cut out:

And the new import table is validly appended.

hasherezade added the bug label Dec 22, 2021

hasherezade self-assigned this Dec 22, 2021

hasherezade added a commit that referenced this issue Dec 22, 2021

[BUGFIX] In fixSectionsVirtualSize: trim out invalid sections (Issue #96

8493ee6

)

hasherezade closed this as completed Dec 22, 2021

hasherezade changed the title ~~Error reconstructing Import Table~~ Error in appending a new Import Table Dec 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error in appending a new Import Table #96

Error in appending a new Import Table #96

hasherezade commented Dec 22, 2021 •

edited

Loading

hasherezade commented Dec 22, 2021

hasherezade commented Dec 22, 2021

Error in appending a new Import Table #96

Error in appending a new Import Table #96

Comments

hasherezade commented Dec 22, 2021 • edited Loading

hasherezade commented Dec 22, 2021

hasherezade commented Dec 22, 2021

hasherezade commented Dec 22, 2021 •

edited

Loading