LIEF icon indicating copy to clipboard operation
LIEF copied to clipboard

Published 20 hours ago verified publisher icon lief-project

PE: Possible bug on x86_64 import creation

Open 0xcpu opened this issue 7 years ago • 3 comments

dololi.zip I built an x86_64 Windows executable and it crashes. I observed in the disassembly that one of my imported DLLs name is incomplete.

Screenshot

Script attached. (A 64 bit DLL is needed as argument)

0xcpu avatar Feb 14 '18 09:02 0xcpu

Hi,

I also ran into this bug and when I tried to fix it I was wondering why you create trampolines for existing IAT slots ?! The problem is that you are destroying the RAX/EAX register and this will break the functionality of some imports that I'm using.

So I tried to fix it by not patching in the trampolines but reusing the IAT slots of existing imports.

Could you please make this the default behavior or at least an additional option?!

Thanks, Peter

` @@ -210,12 +210,19 @@ void Builder::build_import_table(void) { // Process libraries for (const Import& import : this->binary_->imports()) { // Header pe_import header; header.ImportLookupTableRVA = static_cast<uint__>(import_section.virtual_address() + lookuptable_offset); bool CreateIATSlot = false; pe_import header;
if (import.import_lookup_table_rva() != 0) { header.ImportLookupTableRVA = static_cast<uint32_t>(import.import_lookup_table_rva()); header.ImportAddressTableRVA = static_cast<uint__>(import.import_address_table_rva()); } else { CreateIATSlot = true; header.ImportLookupTableRVA = static_cast<uint__>(import_section.virtual_address() + lookuptable_offset); header.ImportAddressTableRVA = static_cast<uint__>(import_section.virtual_address() + iat_offset);
} header.TimeDateStamp = static_cast<uint32_t>(import.timedatestamp()); header.ForwarderChain = static_cast<uint32_t>(import.forwarder_chain()); header.NameRVA = static_cast<uint__>(import_section.virtual_address() + libraries_name_offset); header.ImportAddressTableRVA = static_cast<uint__>(import_section.virtual_address() + iat_offset); header.NameRVA = static_cast<uint__>(import_section.virtual_address() + libraries_name_offset);

// Copy the header in the "header section"
std::copy(

@ -322,9 +329,10 @@ void Builder::build_import_table(void) { content.data() + iat_offset + sizeof(uint__), 0);

lookuptable_offset  += sizeof(uint__);
iat_offset += sizeof(uint__);

if (CreateIATSlot) {
  lookuptable_offset  += sizeof(uint__);
  iat_offset += sizeof(uint__);
}

}

// Insert null entry at the end `

pgarba avatar Mar 27 '19 12:03 pgarba

Hi! Indeed the way it is currently done is not the best. I working on a better solution on this branch: peimports

romainthomas avatar Mar 28 '19 07:03 romainthomas

Good to know. So far my patch is working great for LIEF so I will stay with it until your branch is finished.

Thanks, Peter

pgarba avatar Mar 28 '19 08:03 pgarba