'Unknwon file format: PE' Error

[ElijahBI]

I was attempting to look at a file which I believe is LX, however it is responding with the error below. Do you think you could offer some assistance as to how I can move forward in getting this file open?

Unknwon file format: PE
java.lang.UnknownError: Unknwon file format: PE
    at lx.LXHeader.<init>(LXHeader.java:130)
    at lx.LX.<init>(LX.java:116)
    at lx.LXLoader.load(LXLoader.java:66)
    at ghidra.app.util.opinion.AbstractLibrarySupportLoader.doLoad(AbstractLibrarySupportLoader.java:347)
    at ghidra.app.util.opinion.AbstractLibrarySupportLoader.loadProgram(AbstractLibrarySupportLoader.java:83)
    at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:112)
    at ghidra.plugin.importer.ImporterUtilities.importSingleFile(ImporterUtilities.java:400)
    at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$7(ImporterDialog.java:349)
    at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:90)
    at ghidra.util.task.Task.monitoredRun(Task.java:124)
    at ghidra.util.task.TaskRunner.lambda$startTaskThread$1(TaskRunner.java:94)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
    at java.base/java.lang.Thread.run(Thread.java:831)

[oshogbo]

Is it a PE binary or clear LX file?

[ElijahBI]

I am pretty sure it is a PE, though am just now getting started with all of this so I could be mistaken...

[oshogbo]

Can you share the binary?

[ElijahBI]

Hey, sorry for the late response. Here is a link to the exe https://mega.nz/file/d1tllYhD#ikIKonxGx8XJ4dzVG2qB0_W0e2woRtSIFeQO9NjqCYI

[oshogbo]

This binary worked for me.

Did you import the plugin? Did you build plugin by yourself or did you use one of the releases? Which version of ghidra are you using?

[oshogbo]

Can you try this build https://github.com/oshogbo/ghidra-lx-loader/releases/tag/1.4 with the ghidra 9.2.3?

[ElijahBI]

I am still having issues an am unsure as to why exactly...

I have tried the 9.2 and 9.2.3 release builds now (with their respective versions of ghidra)

Here are some screen grabs: 9.2.3 Import options (only format selection is raw binary) 9.2 Import options (only format selection is raw binary and LXMF)

I'm extracting the zips to 'ghidra root\Ghidra\Extensions' and then checking in the 'install extensions' screen to see that they are indeed installed. Sorry if I am missing something simple here, it seems like you should be able to just pop this in and go...

One thing I did note: when I extracted your 9.2.3 build into my ghidra 9.2.3 install it would not start up the application until I renamed the folder from LX2 to LX. I kept getting a "Exited with error" message

[oshogbo]

You don't have to extract it. This scenario works for me:

Click plus in the right top corner.

Select the Extension.

Click ok.

Restart ghidra.

And you should get the Portable Executable (PE) with the LE:32.

After all that steps the binary is loaded:

I used the newest version of ghidra.

What error do you get after fallowing these steps?

[ElijahBI]

So your guide is working up until I restart ghidra.

I download the zip for the Build for Ghidra 9.2.3 release and place it on my desk top, then I launch ghidra, go to file > install extensions, hit the + in the upper right, select your zip from my desktop and hit okay. At this point it shows up in the extensions list: it will then ask me to restart: but when I restart the extension will suddenly be missing from the extensions list:

Here are my version numbers, I did note that I have a higher java version than you do in your image:

[oshogbo]

Oh thats really weird. Did you check if ghidra core plugins are enabled?

[ElijahBI]

If the following is what you are referring to, yes it is enabled:

[oshogbo]

To be honest I don't have much more idea why this disappeared. What os are you using?

[madebr]

Deselecting the checkbox in front of the ghidra-lx-loader extension and clicking on OK, will remove the extension. The Install Extensions dialog only shows the default extensions + those that are installed AND enabled.