added some more pe files to test

GleeBug/Static.Pe.cpp

@@ -230,9 +230,15 @@ namespace GleeBug
 
         std::sort(sortedHeaders.begin(), sortedHeaders.end(), [](const SectionInfo & a, const SectionInfo & b)
         {
-            return a.header.PointerToRawData < b.header.PointerToRawData;
+            if(a.header.PointerToRawData < b.header.PointerToRawData)
+                return true;
+            if(a.header.PointerToRawData > b.header.PointerToRawData)
+                return false;
+            //dupsec.exe has 2 identical sections (besides the VirtualAddress)
+            return a.header.VirtualAddress < b.header.VirtualAddress;
         });
 
+        /*
         //get after section headers data
         auto firstRawAddress = sortedHeaders[0].header.PointerToRawData;
         auto afterDataSize = mOffset < firstRawAddress ? firstRawAddress - mOffset : 0;
@@ -248,10 +254,13 @@ namespace GleeBug
             section.beforeData = readRegion<uint8>(beforeSize);
             if (!section.beforeData)
                 return ErrorBeforeSectionDataRead;
-            section.data = readRegion<uint8>(section.header.SizeOfRawData);
+            //bigSoRD.exe: if raw size is bigger than virtual size, then virtual size is taken.
-            if (!section.data)
+            auto rawSize = min(section.header.SizeOfRawData, section.header.Misc.VirtualSize);
+            section.data = readRegion<uint8>(rawSize);
+            if (rawSize && !section.data)
                 return ErrorSectionDataRead;
         }
+        */
 
         //re-sort the sections by index
         std::sort(sortedHeaders.begin(), sortedHeaders.end(), [](const SectionInfo & a, const SectionInfo & b)
@@ -282,7 +291,11 @@ namespace GleeBug
         {
             //offset -> section index
             auto offset = section.GetHeader().PointerToRawData;
-            mOffsetSectionMap.insert({ Range(offset, offset + section.GetHeader().SizeOfRawData - 1), section.GetIndex() });
+            //bigSoRD.exe: if raw size is bigger than virtual size, then virtual size is taken.
+            auto rsize = min(section.GetHeader().SizeOfRawData, section.GetHeader().Misc.VirtualSize);
+            if(!rsize) //65535sects.exe
+                continue;
+            mOffsetSectionMap.insert({ Range(offset, offset + rsize - 1), section.GetIndex() });
 
             //rva -> section index
             auto rva = alignAdjustAddress(section.GetHeader().VirtualAddress, alignment);

MyDebugger/PeTests.h

@@ -227,5 +227,40 @@ const wchar_t* peTestFiles[] =
     L"virtrelocXP.exe",
     L"virtsectblXP.exe",
     L"weirdsord.exe",
-    L"winver.exe"
+    L"winver.exe",
+    L"a.exe",
+    L"a2.exe",
+    L"b.exe",
+    L"badlogger.exe",
+    L"base.exe",
+    L"base_FSG.exe",
+    L"c.exe",
+    L"ch22.exe",
+    L"cmd_adf_sample0.exe",
+    L"CoST.exe",
+    L"crackme0x00.exe",
+    L"crackme0x01.exe",
+    L"crackme0x02.exe",
+    L"crackme0x03.exe",
+    L"crackme0x04.exe",
+    L"crackme0x05.exe",
+    L"crackme0x06.exe",
+    L"crackme0x07.exe",
+    L"crackme0x08.exe",
+    L"crackme0x09.exe",
+    L"ddsect.exe",
+    L"GleeBugPeEnum.exe",
+    L"hello-mingw32.exe",
+    L"hellocxx-mingw32.exe",
+    L"imports_1210.exe",
+    L"jman.exe",
+    L"Lab05-01.dll",
+    L"mitigation_dynamic.exe",
+    L"mitigation_nothing.exe",
+    L"pe.exe",
+    L"relocOSdet.exe",
+    L"single_import.exe",
+    L"test.exe",
+    L"torivahti.exe",
+    L"vista-glass.exe"
 };

MyDebugger/main.cpp

@@ -161,8 +161,8 @@ static void testCorkami()
 
 int main()
 {
-    testDebugger();
+    //testDebugger();
-    //testCorkami();
+    testCorkami();
     //testPeFile(L"c:\\!exclude\\pe\\bin\\appendedhdr.exe");
     puts("");
     system("pause");