search

hasherezade / pe-bear

Portable Executable reversing tool with a friendly GUI
https://hshrzd.wordpress.com/pe-bear/
GNU General Public License v2.0
2.64k stars 161 forks source link

NumberOfRvaAndSizes is ignored when reading data directories #31

Closed IanLilleyT closed 10 months ago

IanLilleyT commented 1 year ago

Always reads 16 data directories, even when NumberOfRvaAndSizes is lower (SizeOfOptionalHeader is adjusted accordingly)

From the PE documentation:

Note that the number of directories is not fixed. Before looking for a specific directory, check the NumberOfRvaAndSizes field in the optional header.

Here's a simple executable showing the problem: test.exe (I had to add .txt to upload it here)

This file has two data directories. The rest are being interpreted from the section header, which starts at 0xD8 (notice how Resource Directory also thinks it's located at 0xD8).

image

Thanks for reading - this is a really nice tool!

hasherezade commented 1 year ago

hi @IanLilleyT ! thanks for reporting. It will be fixed soon.

hasherezade commented 1 year ago

@IanLilleyT - I fixed it, please check the updated version and let me know if everything is fine: https://ci.appveyor.com/project/hasherezade/pe-bear/builds/47217430/job/busafyrhhuy9ogka/artifacts The fix will be included in the next release.

IanLilleyT commented 1 year ago

Works great, thanks!