Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PE loader needs to process relocations #5

Closed
Masrepus opened this issue Oct 10, 2019 · 4 comments
Closed

PE loader needs to process relocations #5

Masrepus opened this issue Oct 10, 2019 · 4 comments

Comments

@Masrepus
Copy link

Masrepus commented Oct 10, 2019
edited
Loading

Consider the
reloaderd sample (from this year's FlareOn): This crashes the loader, as it tries to directly map the PE at a location that is intentionally defined to mess with loaders. The PE loading mechanism should consider using relocations if the image base is just too high to work.
@Masrepus
Copy link
Author

Ah I just looked at the loader code in more detail, and it looks like you are actually already doing relocations. But unfortunately the loader does not consider that the base address might be too high, and just allocates memory from image base onwards. Thus the crash happens already before any actual image loading happens.

@aquynh
Copy link
Member

aquynh commented Oct 10, 2019 via email

@Masrepus
Copy link
Author

Will take a look at it

@Dliv3
Copy link
Collaborator

Dliv3 commented Oct 13, 2019

I added some code to limit the PE base address and relocate the PE, but the pefile's relocate_image api will have an error when relocating the reloaderd.exe. I need to look at the pefile code because I think this might be a pefile bug.

xwings pushed a commit that referenced this issue Feb 25, 2020
@kabeor
Merge pull request #5 from qilingframework/master
e10c496 
sync
chfl4gs added a commit that referenced this issue Mar 10, 2020
@chfl4gs
Update readme and enable docker in travis-ci (#130)
ed6c01a 
* delete win_setup.bat

clean up unnecessary files

* Update usage.md

syncing merge #95

* using pip current for unicorn

* unicorn head with pip

* using -e for pip install

* test 3 pip github

* git install #4

* pip github test #5

* pip install github #6

* src installation unicorn engine

* src install unicorn engine

* src installation

* src install test #7

* revert travis

* Update qltool section in README.md

* Enable docker test with Travis-CI

* update readme and enable docker travis-ci testing

Co-authored-by: chfl4gs <chbse64@gmail.com>
chfl4gs added a commit that referenced this issue Mar 11, 2020
@chfl4gs
Fix travis-ci build (#135)
961230f 
* delete win_setup.bat

clean up unnecessary files

* Update usage.md

syncing merge #95

* using pip current for unicorn

* unicorn head with pip

* using -e for pip install

* test 3 pip github

* git install #4

* pip github test #5

* pip install github #6

* src installation unicorn engine

* src install unicorn engine

* src installation

* src install test #7

* revert travis

* fix travis

* fix travis parser error

* travis error fixed

* fix travis error

* fix travis indent error

* Revert "fix travis error"

This reverts commit c72c42c.

* run docker with privileged mode

* docker test with privilege

* remove osx from allow_failures

Co-authored-by: chfl4gs <chbse64@gmail.com>
xwings pushed a commit that referenced this issue Mar 25, 2020
@0ssigeno
Merge pull request #5 from certego/hooks
545bcc1 
Hooks
@xwings xwings closed this as completed Aug 13, 2020
xwings added a commit that referenced this issue Mar 3, 2022
@xwings
Merge pull request #5 from qilingframework/dev
09f2599 
Dev
xwings pushed a commit that referenced this issue Oct 14, 2022
@kabeor
Merge pull request #5 from kabeor/docker_ci
67bf9ac 
Docker ci update
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xwings @aquynh @Masrepus @Dliv3