fileinfo: Corruption check needs to distinguish between "file is cut" and "file is cut, but executable" #463
Assignees
Labels
Comments
This was referenced Jan 16, 2019
s3rvac
added a commit
that referenced
this issue
Jan 17, 2019
To its current master, which contains an implementation of #463.
|
Implemented by @ladislav-zezula in avast/pelib#5 (tests are in avast/retdec-regression-tests#16). Incorporated into RetDec in 5badadb. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Under some circumstances, a cut PE file might be still executable.
Examples:
82b82208e35402e11a68766f057cfdcabf5cd97c73ee5eeaa008548095597865 (32-bit)
8713f9a10a9e859b245031474acf770d719aab1f8cea1d957af41dea08019bc6 (64-bit)
Both these files were cut but are still loadable and executable, because the last PE section has physical size of 0.
We need a new class for file corruption: LDR_ERROR_FILE_IS_CUT_LOADABLE
The text was updated successfully, but these errors were encountered: