Parsing of PE loadconfig section

sashs / filebytes

Library to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)

https://scoding.de/filebytes-introduction

BSD 3-Clause "New" or "Revised" License

126 stars 25 forks source link

Parsing of PE loadconfig section #3

Closed ganzm closed 8 years ago

ganzm commented 8 years ago

made changes to be able to read Control Flow Guard Function table from the Ropper project

sashs commented 8 years ago

Nice! Thank you.

sashs commented 8 years ago

Added you to the AUTHORS file. https://github.com/sashs/filebytes/blob/master/AUTHORS

ganzm commented 8 years ago

I also made some changes to ropper to make it Microsoft CFG aware for PE files. You can filter gadgets, so any gadget which does not pass the control flow integrity check will not be shown.

This would be the Visual Studio /guard:cf compile flag.

I am not sure whether I put the filter into the right spot of Ropper. I created a "set/unset cfg" flag to enable/disable filtering. Do you want a pull request for this change as well?

sashs commented 8 years ago

Cool. That would be nice, but the option should be implemented in a different way. The set und the unset option are thought for a different thing, e.g. edit the headers (set nx/aslr flag) Look at the option.py and add an option there. An object of the Option-Class is used for all options like color, badbytes, all (to show all gadgets, the double gadgets as well).

sashs commented 8 years ago

If you want you create a pull request and I will merge it into a dev branch and change the implementation.