Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pefile service fails when image header doesn't meet expectations #268

Open
mrichard91 opened this issue Aug 19, 2016 · 3 comments
Open

pefile service fails when image header doesn't meet expectations #268

mrichard91 opened this issue Aug 19, 2016 · 3 comments
Labels
Hacktoberfest

Comments

@mrichard91
Copy link

This seems to happen for all samples of type PE32+ executable (console) x86-64, for MS Windows

example md5 5bfca6d8e5f6926942a52f09c4e9cbe4 (in vt)
@mgoffin
Copy link
Contributor

mgoffin commented Aug 19, 2016

Related to #52. Was closed due to the lack of proper pe hash generation techniques as noted by @wxsBSD

@wxsBSD
Copy link
Contributor

wxsBSD commented Aug 20, 2016

There are some fixes floating around for this. As noted in my comment and gist. It shouldn't be too hard to port them to our pehash implementation, which came from totalhash IIRC.

@wxsBSD
Copy link
Contributor

wxsBSD commented Aug 20, 2016

The patch linked in that issue will make the pehash implementation not die on 64bit binaries, but it is still broken and not trustworthy. But at least the rest of the peinfo service will run. The patch is small enough that you can apply it by hand and submit a PR for me!

@wxsBSD wxsBSD mentioned this issue Aug 20, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Hacktoberfest
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mgoffin @wxsBSD @mrichard91