goblin
goblin copied to clipboard
m4b
An impish, cross-platform binary parsing crate, written in Rust
There is no way to get access to null-terminated C strings that are **not** valid UTF-8, through `goblin::strtab::Strtab`. `Strtab.get()` and `Strtab.get_at()` should return `Option` instead of optional UTF-8 `str`s.
overflow/underflow issue with this line of code it seems: https://docs.rs/goblin/latest/src/goblin/pe/symbol.rs.html#240 ``` stack backtrace: 0: rust_begin_unwind at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/std/src/panicking.rs:575:5 1: core::panicking::panic_fmt at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/panicking.rs:65:14 2: core::panicking::panic at /rustc/69f9c33d71c871fc16ac445211281c6e7a340943/library/core/src/panicking.rs:115:5 3: goblin::pe::symbol::Symbol::name_offset::{{closure}} at /home/username/.cargo/registry/src/github.com-1ecc6299db9ec823/goblin-0.6.0/src/pe/symbol.rs:240:36 4:...
In ELF, the `DT_JMPREL` dynamic array tag is optional, and can be present (holding an address value) or absent. The value of that tag is exposed as `goblin::elf::dynamic::DynamicInfo.jmprel`, which is...
Does Goblin obtain the "Delay Loaded" imports from `"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT"`? I see in the source: `https://docs.rs/goblin/latest/goblin/pe/data_directories/struct.DataDirectories.html#method.get_delay_import_descriptor` I assume that when the `IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT` is present in the `PE File` then the developer...
While trimming down my dependencies, I noticed that building Goblin with `default-features = false, features = ["std", "elf32"]` fails: ``` Checking goblin v0.6.0 error[E0432]: unresolved import `crate::elf64` --> /Users/mjk/.cargo/registry/src/github.com-1ecc6299db9ec823/goblin-0.6.0/src/elf/header.rs:249:17 |...
Adding feature `te` to `if_everything` is a breaking change that causes cargo-deny 0.4.22 to not build anymore. [cargo-deny depends on goblin 0.8 with a specific set of features and with...
This PR addresses the issue https://github.com/m4b/goblin/issues/314. - The change is straightforward. It makes the `DebugData::image_debug_directory: ImageDebugDirectory` into `Vec` as someone pointed out in the https://github.com/m4b/goblin/issues/314#issuecomment-1979849304. So this is to be...
This PR adds parsing of Rich headers, as someone opened issue #400. - Added rich header `goblin::pe::header::RichHeader` `goblin::pe::header::RichMetadata` parsing if present, with success/fail/corrupted tests. - DOS stub is now non-fixed...
[This video](https://youtu.be/uoQL3CE24ls?si=gEQf4dm7U_PIlLB-) goes in depth about various malformations which may be present in PE files.
More about rich header: . Algorithm for parsing: Absence of rich header parsing for me is a non-issue but may be useful for those who do cybersecurity and malware analysis.