Corrupted PE not detected as such

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a folder called crap
2. Extract corrupted file into the crap folder
3. Run py.scan.py (attached)

What is the expected output? What do you see instead?
I expect file to be listed as corrupted, but instead it is stored for analysis

What version of the product are you using? On what operating system?
pefile-1.2.10-139
Python 2.7.6

File is definatelly corrupted
Could you please check if something can be done to detect that ?

Thanks
Momchil

Original issue reported on code.google.com by momc...@bojinov.info on 29 Jan 2014 at 12:12

Attachments:

• py.scan.zip
• corrupted_file.zip

[GoogleCodeExporter]

The file seems to be truncated but some of the headers can be parsed correctly. 
pefile will always try to parse as much as possible and only fail when it's 
impossible for it to make sense of the PE file.

Problems encountered parsing the file are reported as warnings. You could call 
"get_warnings()" to retrieve the list and decide to drop the file if you judge 
that they indicate the file is corrupted for your application.
In this case there are a few warnings regarding data structures referring to 
data beyond the end of the file, those could be telltale signs that it has been 
truncated.

Original comment by ero.carr...@gmail.com on 27 Oct 2014 at 3:45

• Changed state: WontFix
• Added labels: ****
• Removed labels: ****