diff --git a/GleeBug/Static.Pe.cpp b/GleeBug/Static.Pe.cpp index d94d69a..ada591e 100644 --- a/GleeBug/Static.Pe.cpp +++ b/GleeBug/Static.Pe.cpp @@ -230,9 +230,15 @@ namespace GleeBug std::sort(sortedHeaders.begin(), sortedHeaders.end(), [](const SectionInfo & a, const SectionInfo & b) { - return a.header.PointerToRawData < b.header.PointerToRawData; + if(a.header.PointerToRawData < b.header.PointerToRawData) + return true; + if(a.header.PointerToRawData > b.header.PointerToRawData) + return false; + //dupsec.exe has 2 identical sections (besides the VirtualAddress) + return a.header.VirtualAddress < b.header.VirtualAddress; }); + /* //get after section headers data auto firstRawAddress = sortedHeaders[0].header.PointerToRawData; auto afterDataSize = mOffset < firstRawAddress ? firstRawAddress - mOffset : 0; @@ -248,10 +254,13 @@ namespace GleeBug section.beforeData = readRegion(beforeSize); if (!section.beforeData) return ErrorBeforeSectionDataRead; - section.data = readRegion(section.header.SizeOfRawData); - if (!section.data) + //bigSoRD.exe: if raw size is bigger than virtual size, then virtual size is taken. + auto rawSize = min(section.header.SizeOfRawData, section.header.Misc.VirtualSize); + section.data = readRegion(rawSize); + if (rawSize && !section.data) return ErrorSectionDataRead; } + */ //re-sort the sections by index std::sort(sortedHeaders.begin(), sortedHeaders.end(), [](const SectionInfo & a, const SectionInfo & b) @@ -282,7 +291,11 @@ namespace GleeBug { //offset -> section index auto offset = section.GetHeader().PointerToRawData; - mOffsetSectionMap.insert({ Range(offset, offset + section.GetHeader().SizeOfRawData - 1), section.GetIndex() }); + //bigSoRD.exe: if raw size is bigger than virtual size, then virtual size is taken. + auto rsize = min(section.GetHeader().SizeOfRawData, section.GetHeader().Misc.VirtualSize); + if(!rsize) //65535sects.exe + continue; + mOffsetSectionMap.insert({ Range(offset, offset + rsize - 1), section.GetIndex() }); //rva -> section index auto rva = alignAdjustAddress(section.GetHeader().VirtualAddress, alignment); diff --git a/MyDebugger/PeTests.h b/MyDebugger/PeTests.h index 2d04f60..7eedbc9 100644 --- a/MyDebugger/PeTests.h +++ b/MyDebugger/PeTests.h @@ -227,5 +227,40 @@ const wchar_t* peTestFiles[] = L"virtrelocXP.exe", L"virtsectblXP.exe", L"weirdsord.exe", - L"winver.exe" + L"winver.exe", + L"a.exe", + L"a2.exe", + L"b.exe", + L"badlogger.exe", + L"base.exe", + L"base_FSG.exe", + L"c.exe", + L"ch22.exe", + L"cmd_adf_sample0.exe", + L"CoST.exe", + L"crackme0x00.exe", + L"crackme0x01.exe", + L"crackme0x02.exe", + L"crackme0x03.exe", + L"crackme0x04.exe", + L"crackme0x05.exe", + L"crackme0x06.exe", + L"crackme0x07.exe", + L"crackme0x08.exe", + L"crackme0x09.exe", + L"ddsect.exe", + L"GleeBugPeEnum.exe", + L"hello-mingw32.exe", + L"hellocxx-mingw32.exe", + L"imports_1210.exe", + L"jman.exe", + L"Lab05-01.dll", + L"mitigation_dynamic.exe", + L"mitigation_nothing.exe", + L"pe.exe", + L"relocOSdet.exe", + L"single_import.exe", + L"test.exe", + L"torivahti.exe", + L"vista-glass.exe" }; \ No newline at end of file diff --git a/MyDebugger/main.cpp b/MyDebugger/main.cpp index 7338c74..b8457a7 100644 --- a/MyDebugger/main.cpp +++ b/MyDebugger/main.cpp @@ -161,8 +161,8 @@ static void testCorkami() int main() { - testDebugger(); - //testCorkami(); + //testDebugger(); + testCorkami(); //testPeFile(L"c:\\!exclude\\pe\\bin\\appendedhdr.exe"); puts(""); system("pause");