Blocked on many samples

[ManSoSec]

Hi,

LIEF (Python interface) is blocked on many binaries during calling parse method and produce the following messages:
Unable to find the section associated with CERTIFICATE_TABLE
Unable to find the section associated with BASE_RELOCATION_TABLE

Sample:451774a07ed807c10a67f68201540928f8cba9c4a620f5fe1062ba2da56eb552

Then the process finishes after blocking for a few minutes:
"Process finished with exit code 137"

Debugging is not also possible.

Would you please let me know how I can fix it? Thanks!!

[romainthomas]

Hi,
Thanks for the sample, I can reproduce the bug and I'll look on it

[ManSoSec]

Thank you very much!
This is another sample: 2cfb9406ac9553c350a333f573a56226419f74747d7a6bdde24cbd81b1d7be4a

[ManSoSec]

It seems that it was a setup file. Is there any attribute in LIEF to discriminate between PE setup executables and non-setup executables?

Thanks!

[romainthomas]

From a format point of view there is no property that discriminate a setup executables from a normal one.

We could use the overlay as heuristic but I don't think is very reliable

[ManSoSec]

Right! Thank you very much!