When extracting the debug file name from a codeview debug information directory entry symbolic-debuginfo takes the contents of the array and throws away the last character, assuming that it's the string's NUL terminator, see here.
However we've found several recent Microsoft DLL files in the wild where this assumption doesn't hold. Here's a few examples:
In all the cases above the array holding the debug file name is 256 bytes in length, however the string takes only a portion of it and ends with the NUL character. The remaining characters are padded with the ASCII character '0'.
When extracting the debug file name from a codeview debug information directory entry symbolic-debuginfo takes the contents of the array and throws away the last character, assuming that it's the string's NUL terminator, see here.
However we've found several recent Microsoft DLL files in the wild where this assumption doesn't hold. Here's a few examples:
In all the cases above the array holding the debug file name is 256 bytes in length, however the string takes only a portion of it and ends with the NUL character. The remaining characters are padded with the ASCII character '0'.