Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PE: parse Rich headers #339

Closed
daladim opened this issue Jul 30, 2021 · 3 comments
Closed

PE: parse Rich headers #339

daladim opened this issue Jul 30, 2021 · 3 comments

Comments

@daladim
Copy link
Contributor

daladim commented Jul 30, 2021

A PE rich header is a not-officially-documented header that the Microsoft linker adds between the DOS stub and the PE NT headers.

It has been widely reversed-engineered and documented. Several Python parsers are available.

That would be good that object implements such a parser as well.

It's on my todo-list to add this to object one day and upstream it here, unless someone wants to do so more quickly than I will.
@philipc
Copy link
Contributor

philipc commented Jul 30, 2021

This is really only useful for malware researchers?

@bjorn3
Copy link
Contributor

bjorn3 commented Jul 30, 2021

If you don't want to add a parser for it to object, maybe object could the return rich headers as raw bytes and leave it up for interpretation by the user?

@daladim
Copy link
Contributor Author

daladim commented Jul 30, 2021

Well, I've written a quick and dirty implementation that kind of works. Give me a few days to polish it and I'll make a MR :-)

@daladim daladim mentioned this issue Sep 10, 2021
Merged
@philipc philipc closed this as completed Sep 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philipc @daladim @bjorn3