search

Squiblydoo / debloat

A GUI and CLI tool for removing bloat from executables
BSD 3-Clause "New" or "Revised" License
341 stars 28 forks source link

Escaping non-unicode section names #45

Closed gdesmar closed 4 months ago

gdesmar commented 4 months ago

I found a few samples like this one which are causing this error in debloat

>>> import debloat.processor
>>> import pefile
>>> import os
>>> file_path = "1b7babe5fde91a44f8488aef2873078cc9f4ac5810625bcd6c271cf13e8d6145"
>>> binary = pefile.PE(file_path, fast_load=True)
>>> file_size = os.path.getsize(file_path)
>>> debloat.processor.process_pe(binary, out_path="out", last_ditch_processing=False, cert_preservation=True, log_message=print, beginning_file_size=file_size)
Section: .text   Compression Ratio: 250.98%     Size of section: 1024 bytes.
Section: .rdata  Compression Ratio: 204.8%      Size of section: 512 bytes.
Section: .data   Compression Ratio: 116.04%     Size of section: 38.5 MB.
Section: .rsrc   Compression Ratio: 261.76%     Size of section: 266.0 KB.
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File ".../debloat/processor.py", line 578, in process_pe
    result, result_code = check_section_compression(pe, data_to_delete, log_message=log_message)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".../debloat/processor.py", line 358, in check_section_compression
    section_name = section.Name.decode()
                   ^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x9b in position 0: invalid start byte

After this small fix, they will show the following:

>>> file_path = "1b7babe5fde91a44f8488aef2873078cc9f4ac5810625bcd6c271cf13e8d6145"
>>> file_size = os.path.getsize(file_path)
>>> binary = pefile.PE(file_path, fast_load=True)
>>> debloat.processor.process_pe(binary, out_path="out", last_ditch_processing=False, cert_preservation=True, log_message=print, beginning_file_size=file_size)
Section: .text   Compression Ratio: 250.98%     Size of section: 1024 bytes.
Section: .rdata  Compression Ratio: 204.8%      Size of section: 512 bytes.
Section: .data   Compression Ratio: 116.04%     Size of section: 38.5 MB.
Section: .rsrc   Compression Ratio: 261.76%     Size of section: 266.0 KB.
Section: \x9b\xa3\xff\xa3u       Compression Ratio: 128.63%     Size of section: 16.5 KB.

No automated method for reducing the size worked. Please consider sharing the
sample for additional analysis.
Email: Squiblydoo@pm.me
Twitter: @SquiblydooBlog.

0

I can change it to not specify the encoding if preferred, and/or a different error handling. Thank you!

Squiblydoo commented 4 months ago

I am merging another branch today with other improvements. This change will be documented in the change-log and the version number will be incremented. The next release will include changes from both branches.