Fix get_memory_mapped_image copy much header data

erocarrera / pefile

pefile is a Python module to read and work with PE (Portable Executable) files

MIT License

1.83k stars 516 forks source link

Fix get_memory_mapped_image copy much header data #385

Open qux-bbb opened 8 months ago

qux-bbb commented 8 months ago

Before this changing, some non b"\0" data will be copied to the header.
After this changing, the header will be clear.

erocarrera commented 6 months ago

I want to understand better what is the reason for this change? does it mirror the behavior of the OS or is it simply to keep it "clean" of the values outside the header? I have the recollection (but I have not verified it) that the OS does not clear the values when mapping the file into memory. pefile attempts to mirror that behavior.

qux-bbb commented 6 months ago

This change want to mirror the behavior of the OS.
The OS just maps PE file to memory. For mapped header, it does not contain latter data.
But before this commit, pefile will map latter data to header in memory.