rabin2 -V corrupt - Githubissues

Hacksign commented 2 years ago

Environment

>> ~/Code/radare2/binr/rabin2/rabin2 -v
rabin2 5.6.6 0 @ linux-x86-64 git.5.6.6
commit: unknown build: 2022-03-24__21:51:21
>> uname -ms
Linux x86_64

Description

Can not get version info by command rabin2 -V xxx.exe

Test

hacksign@XSignLaptop [19:05:27] : ~/Documents/SharedFolder 
>> curl -s https://down.360safe.com/setup.exe -o setup.exe
hacksign@XSignLaptop [19:05:58] : ~/Documents/SharedFolder 
>> file setup.exe 
setup.exe: PE32 executable (GUI) Intel 80386, for MS Windows
hacksign@XSignLaptop [19:06:24] : ~/Documents/SharedFolder 
>> ~/Code/radare2/binr/rabin2/rabin2 -v
rabin2 5.6.6 0 @ linux-x86-64 git.5.6.6
commit: unknown build: 2022-03-24__21:51:21
hacksign@XSignLaptop [19:06:37] : ~/Documents/SharedFolder 
>> ~/Code/radare2/binr/rabin2/rabin2 -V ./setup.exe 
=== VS_VERSIONINFO ===

hacksign@XSignLaptop [19:06:45] : ~/Documents/SharedFolder 
>> uname -ms
Linux x86_64

trufae commented 2 years ago

there's nothing corrupt in the r2 output, is this binary suposed to contain any versioninfo? because by checking the parser it fails in many different ways and stops early. but even skipping some of the checks still results on no parseable version info. Could be a bug in the PE parser.

is this binary corrupted?.

the === VS_VER... line is totally misleading and inconsistent with the rest of code in r2, so i'll try to find some time to cleanup the implementation but im not sure if that file may contain any version info here. can you confirm? thanks for reporting!

Hacksign commented 2 years ago

I'm pretty sure this file contains version information.

This is another file which is compile by myself (with version information controled by myself too):

File with version info