Open peta909 opened 10 months ago
Hi, when you say "loaded correctly", what is the end result you expect?
The line is part of the code of the get_memory_mapped_image()
method. The large section.SizeOfRawData
imply the section will be skipped and its data not added to the simulated "memory mapped image", what would be the behavior you expect, to add any available data for the section to the result? that would seem feasible.
Would it be possible to provide the file or its hash, if available through a service such as VirusTotal?
Hi, I recently came across a binary with its section.SizeOfRawData have a bogus value which is much larger than its actual value. This result in pefile loading the binary wrongly. at pefile/pefile.py line 6290
if ( srd > len(self.__data__) or prd > len(self.__data__) or srd + prd > len(self.__data__) or VirtualAddress_adj >= max_virtual_address ): continue
I had to comment out 2 lines of the above code with "srd" for the binary to be loaded correctly. The same binary was loaded correctly in IDA Pro and Pe-bear.