Skip to content

Commit

Permalink
read/pe: fix parsing of empty export tables (#362)
Browse files Browse the repository at this point in the history
It's common for the export table to have 0 for each virtual address,
and number of names set to 64.
  • Loading branch information
philipc authored Aug 22, 2021
1 parent 9271d2c commit 66c071d
Showing 1 changed file with 23 additions and 19 deletions.
42 changes: 23 additions & 19 deletions src/read/pe/export.rs
Original file line number Diff line number Diff line change
Expand Up @@ -97,38 +97,42 @@ impl<'data> ExportTable<'data> {
let directory = data
.read_at::<pe::ImageExportDirectory>(0)
.read_error("Invalid PE export dir size")?;
let addresses = data
.read_slice_at::<U32Bytes<_>>(
directory
.address_of_functions
.get(LE)
.wrapping_sub(virtual_address) as usize,
directory.number_of_functions.get(LE) as usize,
)
.read_error("Invalid PE export address table")?;

let mut addresses = &[][..];
let address_of_functions = directory.address_of_functions.get(LE);
if address_of_functions != 0 {
addresses = data
.read_slice_at::<U32Bytes<_>>(
address_of_functions.wrapping_sub(virtual_address) as usize,
directory.number_of_functions.get(LE) as usize,
)
.read_error("Invalid PE export address table")?;
}

let mut names = &[][..];
let mut name_ordinals = &[][..];
let number = directory.number_of_names.get(LE) as usize;
if number != 0 {
let address_of_names = directory.address_of_names.get(LE);
let address_of_name_ordinals = directory.address_of_name_ordinals.get(LE);
if address_of_names != 0 {
if address_of_name_ordinals == 0 {
return Err(Error("Missing PE export ordinal table"));
}

let number = directory.number_of_names.get(LE) as usize;
names = data
.read_slice_at::<U32Bytes<_>>(
directory
.address_of_names
.get(LE)
.wrapping_sub(virtual_address) as usize,
address_of_names.wrapping_sub(virtual_address) as usize,
number,
)
.read_error("Invalid PE export name pointer table")?;
name_ordinals = data
.read_slice_at::<U16Bytes<_>>(
directory
.address_of_name_ordinals
.get(LE)
.wrapping_sub(virtual_address) as usize,
address_of_name_ordinals.wrapping_sub(virtual_address) as usize,
number,
)
.read_error("Invalid PE export ordinal table")?;
}

Ok(ExportTable {
data,
virtual_address,
Expand Down

0 comments on commit 66c071d

Please sign in to comment.