is119 / checksec.py

2019_KUCIS_Project_checksec.py
2 stars 7 forks source link

PE - PE헤더에 loadconfig가 없는 경우 #64

Closed koyokr closed 4 years ago

koyokr commented 4 years ago

카톡은 PE 헤더를 거의 다 날려버린 것 같다. 그래서 loadconfig도 없고 그래서 아래와 같은 에러가 발생한다.

PS E:\project\2019_KUCIS_Project_checksec.py\version_elf+pe\ver.1> python .\checksec.py 'C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe'
Traceback (most recent call last):
  File ".\checksec.py", line 91, in <module>
    main()
  File ".\checksec.py", line 55, in main
    results['security'] = engine(file_path)
  File ".\checksec.py", line 28, in engine
    return Analyze_PE.analyze_PE(file_path)
  File "E:\project\2019_KUCIS_Project_checksec.py\version_elf+pe\ver.1\Analyze_PE.py", line 171, in analyze_PE
    pe = PeCheckSec(file_path)
  File "E:\project\2019_KUCIS_Project_checksec.py\version_elf+pe\ver.1\Analyze_PE.py", line 28, in __init__
    self._load_config = self._pe.DIRECTORY_ENTRY_LOAD_CONFIG.struct
AttributeError: 'PE' object has no attribute 'DIRECTORY_ENTRY_LOAD_CONFIG'

실제로 dumpbin으로 loadconfig를 확인해보려 해도 없는 모습

PS C:\Users\koyo\source\repos> dumpbin 'C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe' /loadconfig
Microsoft (R) COFF/PE Dumper Version 14.23.28107.0
Copyright (C) Microsoft Corporation.  All rights reserved.

Dump of file C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe

File Type: EXECUTABLE IMAGE

  Summary

      FEB000
      8D2000
        1000 .idata
       29000 .rsrc
        1000 iufvipei
      5E6000 pleowphq
koyokr commented 4 years ago

image