Skip to content

Commit

Permalink
Refactored ArtefactsScanner (including fix for Issue #25)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hasherezade
hasherezade committed Dec 10, 2018
2 parents 357bc3c + 3843918 commit ea56b75
Show file tree
Hide file tree
Showing 5 changed files with 219 additions and 99 deletions.
2 changes: 1 addition & 1 deletion pe_sieve.h
View file
Expand Up @@ -8,7 +8,7 @@
#include "scanners/scan_report.h"
#include "postprocessors/report_formatter.h"

static char PESIEVE_VERSION[] = "0.1.5.4-b";
static char PESIEVE_VERSION[] = "0.1.5.4-g";
static DWORD PESIEVE_VERSION_ID = 0x00010504; // 00 01 05 04
static char PESIEVE_URL[] = "https://github.com/hasherezade/pe-sieve";

Expand Down
7 changes: 7 additions & 0 deletions postprocessors/pe_reconstructor.cpp
View file
Expand Up @@ -127,6 +127,13 @@ bool PeReconstructor::reconstructPeHdr()
//write signature:
nt32->Signature = IMAGE_NT_SIGNATURE;

IMAGE_FILE_HEADER *file_hdr = &nt32->FileHeader;

bool is64bit = (file_hdr->Machine == IMAGE_FILE_MACHINE_AMD64) ? true : false;

if (nt32->FileHeader.SizeOfOptionalHeader == 0) {
nt32->FileHeader.SizeOfOptionalHeader = is64bit ? sizeof(IMAGE_OPTIONAL_HEADER64) : sizeof(IMAGE_OPTIONAL_HEADER32);
}
LONG pe_offset = LONG((ULONGLONG)pe_ptr - (ULONGLONG)this->vBuf);
IMAGE_DOS_HEADER* dosHdr = (IMAGE_DOS_HEADER*) vBuf;
dosHdr->e_magic = IMAGE_DOS_SIGNATURE;
Expand Down

0 comments on commit ea56b75

Please sign in to comment.