binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard

Published 20 hours ago verified publisher icon Vector35

IMAGE_LOAD_CONFIG_DIRECTORY{32,64} structure is incomplete

Open alexrp opened this issue 3 years ago • 4 comments
trafficstars

Version and Platform (required):

  • Binary Ninja Version: 3.1.3484-dev
  • OS: Windows
  • OS Version: 10.0.25131.1000
  • CPU Architecture: x64

Bug Description: Binary Ninja has IMAGE_SCN_MEM_PURGEABLE as 0x10000.

(I'm not actually sure where Binary Ninja sources these values from, so I might be filing a bug in the wrong place...)

Expected Behavior: IMAGE_SCN_MEM_PURGEABLE should be 0x20000 (i.e. same as IMAGE_SCN_MEM_16BIT) according to Windows SDK headers. 0x10000 is the obsolete (and undefined) IMAGE_SCN_MEM_SYSHEAP.

alexrp avatar Jun 07 '22 10:06 alexrp

Somewhat related: I just noticed that BN's IMAGE_LOAD_CONFIG_DIRECTORY{32,64} structure is incomplete. It's presumably based on this documentation, but the structure is more involved.

alexrp avatar Jun 08 '22 17:06 alexrp

Strange I don't see that

[<typelib 'dbghelp.dll':x86>]
>>> bv.platform.get_type_libraries_by_name("dbghelp.dll")[0].get_named_type("IMAGE_SECTION_CHARACTERISTICS").members
[<IMAGE_SCN_TYPE_NO_PAD = 0x8>, <IMAGE_SCN_CNT_CODE = 0x20>, <IMAGE_SCN_CNT_INITIALIZED_DATA = 0x40>, <IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x80>, <IMAGE_SCN_LNK_OTHER = 0x100>, <IMAGE_SCN_LNK_INFO = 0x200>, <IMAGE_SCN_LNK_REMOVE = 0x800>, <IMAGE_SCN_LNK_COMDAT = 0x1000>, <IMAGE_SCN_NO_DEFER_SPEC_EXC = 0x4000>, <IMAGE_SCN_GPREL = 0x8000>, <IMAGE_SCN_MEM_FARDATA = 0x8000>, <IMAGE_SCN_MEM_PURGEABLE = 0x20000>, <IMAGE_SCN_MEM_16BIT = 0x20000>, <IMAGE_SCN_MEM_LOCKED = 0x40000>, <IMAGE_SCN_MEM_PRELOAD = 0x80000>, <IMAGE_SCN_ALIGN_1BYTES = 0x100000>, <IMAGE_SCN_ALIGN_2BYTES = 0x200000>, <IMAGE_SCN_ALIGN_4BYTES = 0x300000>, <IMAGE_SCN_ALIGN_8BYTES = 0x400000>, <IMAGE_SCN_ALIGN_16BYTES = 0x500000>, <IMAGE_SCN_ALIGN_32BYTES = 0x600000>, <IMAGE_SCN_ALIGN_64BYTES = 0x700000>, <IMAGE_SCN_ALIGN_128BYTES = 0x800000>, <IMAGE_SCN_ALIGN_256BYTES = 0x900000>, <IMAGE_SCN_ALIGN_512BYTES = 0xa00000>, <IMAGE_SCN_ALIGN_1024BYTES = 0xb00000>, <IMAGE_SCN_ALIGN_2048BYTES = 0xc00000>, <IMAGE_SCN_ALIGN_4096BYTES = 0xd00000>, <IMAGE_SCN_ALIGN_8192BYTES = 0xe00000>, <IMAGE_SCN_ALIGN_MASK = 0xf00000>, <IMAGE_SCN_LNK_NRELOC_OVFL = 0x1000000>, <IMAGE_SCN_MEM_DISCARDABLE = 0x2000000>, <IMAGE_SCN_MEM_NOT_CACHED = 0x4000000>, <IMAGE_SCN_MEM_NOT_PAGED = 0x8000000>, <IMAGE_SCN_MEM_SHARED = 0x10000000>, <IMAGE_SCN_MEM_EXECUTE = 0x20000000>, <IMAGE_SCN_MEM_READ = 0x40000000>, <IMAGE_SCN_MEM_WRITE = 0x80000000>, <IMAGE_SCN_SCALE_INDEX = 0x1>]

plafosse avatar Jul 29 '22 14:07 plafosse

Concerning the IMAGE_LOAD_CONFIG_DIRECTORY32 it seems like just the last field is missing GuardMemcpyFunctionPointer

plafosse avatar Jul 29 '22 14:07 plafosse

I've submitted a ticket with the upstream source to get this fixed. This issue is blocked on that issue. https://github.com/microsoft/win32metadata/issues/1049

plafosse avatar Aug 16 '22 17:08 plafosse

Upstream issue appears to have been fixed fwiw.

alexrp avatar Apr 02 '23 15:04 alexrp