Fix IAT Reconstruction #528
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
section_from_offset(original_import_offset) can return the previous section of original import section, so use this->binary_->section_from_offset((*original_import_section)->pointerto_raw_data()) where original_import_section is corresponding to the original import section. To obtain original_import_section after adding the new import section, we introduce PE_SECTION_TYPES::OLD_IMPORT type. This type is just used to mark the original import section.
We use section_from_offset(offset_imports) as the original import section if no section has OLD_IMPORT type.
|
I found this PR works for C++, but doesn't work for Python API. That is, applying the following code 9 times creates an invalid PE file. binary = lief.PE.parse(input_path)
binary.optional_header.dll_characteristics &= (
~lief.PE.DLL_CHARACTERISTICS.DYNAMIC_BASE
)
builder = lief.PE.Builder(binary)
builder.build_imports(True).patch_imports(True)
builder.build()
builder.write(output_path)I'm investigating this issue. |
|
The above my comment is wrong and I conformed that this PR do work for Python API. |
romainthomas
force-pushed
the
master
branch
2 times, most recently
from
e72a173
to
cadb803
Compare
romainthomas
force-pushed
the
master
branch
3 times, most recently
from
63c3ce5
to
e4a7f67
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will be fix #523
Currently,
this->binary_->section_from_offset(offset_imports)is used as the original import section.However, if the "backward shift" (explained in #523 ) happens, this returns the previous section of the original import section. So I try another way to obtain the original import section.
I introduce
PE_SECTION_TYPES::OLD_IMPORTtype to mark the original import section.The type will be added to the target section when the
PE_SECTION_TYPES::IMPORTtype will be removed from it.After adding the new import section, we can find the original import section by looking to see if the type is
PE_SECTION_TYPES::OLD_IMPORT.If we can not find the original import section, it will fall back to the current implementation, that is,
this->binary_->section_from_offset(offset_imports)will be used.macOS and iOS CI jobs currently failed, but I suspect that they are due to the GitHub Actions' issue (actions/runner-images#841).
In fact, I see the "(X) This check failed" message and these jobs are unstable...
https://github.com/Catminusminus/LIEF/actions/runs/492792964
Sorry if I my suspicions are wrong. I'll re-run the jobs to find out what's wrong, anyway.