Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PE binaries should be handled as 'fat' binaries #662

Open
radare opened this issue Feb 26, 2014 · 8 comments
Open

PE binaries should be handled as 'fat' binaries #662

radare opened this issue Feb 26, 2014 · 8 comments
Labels
enhancement fat bin PE Portable Executable file format handling refactor
Milestone
Attic

Comments

@radare
Copy link
Collaborator

radare commented Feb 26, 2014
edited by Maijin
Loading

They can contain a DOS program, Windows one and .NET runtime. each code is located at different range.

r2 -A .net hello.exe  -> -a msil -b 32/64
r2 -A pe hello.exe -> -a x86/arm -b 32/64
r2 -A dos hello.exe -> -a x86 -b 16  # MZ

Default loaded subbin should be the newest (.net > win > dos)
https://github.com/VirusTotal/yara/blob/master/libyara/modules/dotnet.c
@radare radare added this to the 0.9.8 milestone Feb 26, 2014
@radare radare modified the milestones: 0.9.9, 0.9.8 Jul 1, 2014
@radare radare modified the milestones: 1.0.0, 0.9.9 Dec 1, 2014
@XVilka
Copy link
Contributor

XVilka commented Oct 28, 2015

@radare isn't this already done?

@radare
Copy link
Collaborator Author

radare commented Oct 28, 2015

nope, this is not done yet.

@lionaneesh
Copy link
Contributor

I am working on this

@radare
Copy link
Collaborator Author

radare commented Mar 13, 2016

👍

On 13 Mar 2016, at 22:21, Aneesh Dogra notifications@github.com wrote:

I am interested in working on this.


Reply to this email directly or view it on GitHub.

@radare radare added the fat bin label Mar 21, 2016
@Maijin Maijin added the PE Portable Executable file format handling label Jun 20, 2016
@radare radare modified the milestones: 9999, 1.0.0 Oct 27, 2016
@Maijin
Copy link
Contributor

Maijin commented Nov 2, 2016
edited
Loading

Here is a good binary example for that here: (waiting end of CTF)

@Maijin
Copy link
Contributor

Maijin commented Nov 7, 2016

Ok here is the bin:

CHIMERA.ZIP

@XVilka
Copy link
Contributor

XVilka commented Jul 4, 2017

@xarkes for you to think, what part can be done during GSoC, if possible, or not. Depending on how much changes are needed.

@Maijin Maijin mentioned this issue Dec 19, 2017
Closed
@Maijin
Copy link
Contributor

Maijin commented Aug 1, 2018

See #10835

@trufae trufae removed the bug label Jun 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement fat bin PE Portable Executable file format handling refactor
Projects
None yet
Milestone
Attic
Development

No branches or pull requests
6 participants
@XVilka @radare @jroimartin @lionaneesh @Maijin @trufae