search

fkie-cad / RoAMer

Robust Automated Malware Unpacker
GNU Affero General Public License v3.0
84 stars 15 forks source link

PeHeaderWhitelister: Crashes on "could not read ..." #4

Closed targodan closed 3 years ago

targodan commented 3 years ago

When executing PeHeaderWhitelister.exe C:\ I got the following error:

could not read  C:\Users\User\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe ... continuing
Traceback (most recent call last):
  File "whitelister\PeHeaderWhitelister.py", line 91, in <module>
  File "whitelister\PeHeaderWhitelister.py", line 80, in generate_pe_header_whitelist
  File "whitelister\PeHeaderWhitelister.py", line 68, in add_entry
  File "whitelister\PeHeaderWhitelister.py", line 45, in normalize_pe_header
  File "c:\program files\python38\lib\re.py", line 248, in finditer
    return _compile(pattern, flags).finditer(string)
TypeError: expected string or bytes-like object
[2420] Failed to execute script PeHeaderWhitelister

It's unclear why the file cannot be read (I am executing PeHeaderWhitelister as admin) but since the message says could not read [...] ... continuing I would expect the tool to continue. However it crashes immediately after.

I also deleted that file and tried again, in which case the same message came with a different file, followed by the same traceback and crash.

I'm running this on the Windows 10 x64 evaluation VM provided by microsoft. Python is version 3.8.

UrmelAusDemEis commented 3 years ago

Hello!

Thank you very much for your feedback. This is a legit bug and I fixed it in commit