Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue #1708 #1710

Merged
merged 3 commits into from
May 28, 2022
Merged

Fix issue #1708 #1710

merged 3 commits into from
May 28, 2022

Conversation

dangodangodango
Copy link
Contributor

Fix: wrong offset used when checking Version string of .net metadata and AddressOfEntryPoint.

@google-cla
Copy link

google-cla bot commented May 17, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

For more information, open the CLA check for this pull request.

wxsBSD
wxsBSD reviewed May 17, 2022
View reviewed changes
Copy link
Collaborator

@wxsBSD wxsBSD left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, and thanks for catching it!

@plusvic
Copy link
Member

plusvic commented May 18, 2022

A test case for this issue would be great. Could you add a .NET binary that triggers this issue to tests/data and add a test case to tests/test-dotnet.c.

@dangodangodango
Copy link
Contributor Author

A test case for this issue would be great. Could you add a .NET binary that triggers this issue to tests/data and add a test case to tests/test-dotnet.c.

OK,I think I can construct one.

@dangodangodango
Copy link
Contributor Author

A test case for this issue would be great. Could you add a .NET binary that triggers this issue to tests/data and add a test case to tests/test-dotnet.c.

I build a dotnet pe that can triggers this issue: https://github.com/dangodangodango/BadDotnetPe , scanning it with dotnet rule will cause yara to return error 4 (ERROR_COULD_NOT_MAP_FILE). I added it into the testcases.

@plusvic plusvic merged commit 94a5de1 into VirusTotal:master May 28, 2022
BitsOfBinary pushed a commit to BitsOfBinary/yara that referenced this pull request May 29, 2022
@dangodangodango @BitsOfBinary
Fix issue VirusTotal#1708 (VirusTotal#1710)
8af832b 
* Fix issue VirusTotal#1708

* Add test case for VirusTotal#1708

Build a dotnet pe that triggers this issue:
https://github.com/dangodangodango/BadDotnetPe
plusvic pushed a commit that referenced this pull request Jun 30, 2022
@dangodangodango @plusvic
Fix issue #1708 (#1710)
ee65486 
* Fix issue #1708

* Add test case for #1708

Build a dotnet pe that triggers this issue:
https://github.com/dangodangodango/BadDotnetPe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wxsBSD wxsBSD wxsBSD left review comments

@plusvic plusvic plusvic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dangodangodango @plusvic @wxsBSD