You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run the 10.exe and you will see that it exits abnormally.
Expected behavior
You will see "Hello, World!".
Environment (please complete the following information):
System and Version : Ubuntu 18.04 (Building LIEF and modifying original.exe) and Ubuntu 18.04 on WSL1 on Windows 10 1909 (running the 10.exe)
Target format (PE, ELF, Mach-O) : PE
LIEF commit version: 0.11.0-cd286e1
Additional context
This behavior seems to be due to the current implementation of finding the "original" import section logic.
Look at the LIEF/src/PE/Builder.tcc.
// As add_section will change DATA_DIRECTORY::IMPORT_TABLE we have to save it beforeuint32_t offset_imports = this->binary_->rva_to_offset(this->binary_->data_directory(DATA_DIRECTORY::IMPORT_TABLE).RVA());
Section& import_section = this->binary_->add_section(new_import_section, PE_SECTION_TYPES::IMPORT);
// Patch the original IAT with the address of the associated trampolineif (this->patch_imports_) {
Section& original_import = this->binary_->section_from_offset(offset_imports);
std::vector<uint8_t> import_content = original_import.content();
uint32_t roffset_import = offset_imports - original_import.offset();
In some cases, original_import is not corresponding to the "original" import section.
The IAT reconstruction makes an additional section so that an additional section header will be added, too.
This increase the header size and can move sections backward. In this case, original_import returns the previous section of the "original" import section.
I am creating a PR but some tests failed at commit d1ad5ab on Ubuntu 18.04 on EC2 without any modification, so I am investigating the issue.
The text was updated successfully, but these errors were encountered:
Describe the bug
Applying IAT reconstruction by
patch_imports(true)
andbuild_imports(true)
many times can produce broken PE files.To Reproduce
(I used Microsoft Visual Studio Professional 2019 Version 16.3.9 to compile it.)
Assume that this produced "original.exe".
Build LIEF and the example codes including the above modified LIEF/examples/cpp/pe_builder.cpp. This makes modified version of pe_builder.
Applyfing IAT reconstruction by the modified pe_builder 9 times. For example,
Expected behavior
You will see "Hello, World!".
Environment (please complete the following information):
Additional context
This behavior seems to be due to the current implementation of finding the "original" import section logic.
Look at the LIEF/src/PE/Builder.tcc.
In some cases,
original_import
is not corresponding to the "original" import section.The IAT reconstruction makes an additional section so that an additional section header will be added, too.
This increase the header size and can move sections backward. In this case,
original_import
returns the previous section of the "original" import section.I am creating a PR but some tests failed at commit d1ad5ab on Ubuntu 18.04 on EC2 without any modification, so I am investigating the issue.
The text was updated successfully, but these errors were encountered: