Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PE from scratch seems to have section headers shifted #733

Closed
ZehMatt opened this issue Jun 21, 2022 · 4 comments · Fixed by #734
Closed

PE from scratch seems to have section headers shifted #733

ZehMatt opened this issue Jun 21, 2022 · 4 comments · Fixed by #734
Assignees
@romainthomas

Comments

@ZehMatt
Copy link
Contributor

ZehMatt commented Jun 21, 2022

Describe the bug
Building a PE from scratch like the Python example seems to have some issue with the output, it seems that the section headers are slightly shifted by a few bytes, I had a brief look at it but I couldn't spot the issue so far.

image

Virtual size holds 4 bytes of the name, raw address is virtual address and so on.

To Reproduce
Steps to reproduce the behavior:

        const uint64_t imageBase = 0x00400000;
        const uint64_t firstSectRVA = 0x1000;

        LIEF::PE::Binary binary("output", LIEF::PE::PE_TYPE::PE32_PLUS);
        binary.optional_header().imagebase(imageBase);

        // Add 3 sections
        uint64_t sectRVA = firstSectRVA;
        for (int i = 0; i < 3; i++)
        {
            std::vector<uint8_t> sectBuf;
            sectBuf.resize(0x200);

            LIEF::PE::Section newSect(".text" + std::to_string(i));
            newSect.content(sectBuf);
            newSect.virtual_address(sectRVA);
            newSect.virtual_size(0x900);

            newSect.add_characteristic(LIEF::PE::SECTION_CHARACTERISTICS::IMAGE_SCN_CNT_CODE);
            newSect.add_characteristic(LIEF::PE::SECTION_CHARACTERISTICS::IMAGE_SCN_MEM_EXECUTE);
            newSect.add_characteristic(LIEF::PE::SECTION_CHARACTERISTICS::IMAGE_SCN_MEM_READ);

            sectRVA += 0x1000;

            binary.add_section(newSect);
        }

        LIEF::PE::Builder builder(binary);

        builder.build();
        builder.write("test.exe");

Expected behavior
Maybe I'm not using the API correctly but the headers should be at the correct position, I'm also building this using x64 if that's relevant.

Environment (please complete the following information):

  • Windows
  • PE32-Plus
  • Commit: c52a398

Additional context
Produced output file
test.zip
@ZehMatt
Copy link
Contributor Author

ZehMatt commented Jun 21, 2022

I figured out why the tool doesn't properly show the sections, in the file header SizeOfOptionalHeader seems to be wrong, its set to 00E8 but should be 00F0

@ZehMatt
Copy link
Contributor Author

ZehMatt commented Jun 21, 2022

Further investigation seems that details::DEFAULT_NUMBER_DATA_DIRECTORIES is 15 but it should be 16, there are 16 data directories in the PE and it also does add 16 in total so thats why the computation is off.

ZehMatt added a commit to ZehMatt/LIEF that referenced this issue Jun 21, 2022
@ZehMatt
Fix lief-project#733: Use correct count for data directories (PE)
8ad11c2
@ZehMatt ZehMatt mentioned this issue Jun 21, 2022
Merged
romainthomas added a commit that referenced this issue Jun 23, 2022
@romainthomas
Merge pull request #734 from ZehMatt/fix-733
ddaf968 
Fix #733: Use correct count for data directories (PE)
@ZehMatt ZehMatt mentioned this issue Jul 22, 2022
Open
@immortalp0ny
Copy link

@ZehMatt Did you find the way how to handle it ?

@ZehMatt
Copy link
Contributor Author

ZehMatt commented Mar 23, 2023

The bug should be fixed, see #734

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romainthomas romainthomas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #733: Use correct count for data directories (PE) ZehMatt/LIEF
3 participants
@ZehMatt @romainthomas @immortalp0ny