radare2
radare2 copied to clipboard
radareorg
rabin2 -V corrupt
Environment
>> ~/Code/radare2/binr/rabin2/rabin2 -v
rabin2 5.6.6 0 @ linux-x86-64 git.5.6.6
commit: unknown build: 2022-03-24__21:51:21
>> uname -ms
Linux x86_64
Description
Can not get version info by command rabin2 -V xxx.exe
Test
hacksign@XSignLaptop [19:05:27] : ~/Documents/SharedFolder
>> curl -s https://down.360safe.com/setup.exe -o setup.exe
hacksign@XSignLaptop [19:05:58] : ~/Documents/SharedFolder
>> file setup.exe
setup.exe: PE32 executable (GUI) Intel 80386, for MS Windows
hacksign@XSignLaptop [19:06:24] : ~/Documents/SharedFolder
>> ~/Code/radare2/binr/rabin2/rabin2 -v
rabin2 5.6.6 0 @ linux-x86-64 git.5.6.6
commit: unknown build: 2022-03-24__21:51:21
hacksign@XSignLaptop [19:06:37] : ~/Documents/SharedFolder
>> ~/Code/radare2/binr/rabin2/rabin2 -V ./setup.exe
=== VS_VERSIONINFO ===
hacksign@XSignLaptop [19:06:45] : ~/Documents/SharedFolder
>> uname -ms
Linux x86_64
there's nothing corrupt in the r2 output, is this binary suposed to contain any versioninfo? because by checking the parser it fails in many different ways and stops early. but even skipping some of the checks still results on no parseable version info. Could be a bug in the PE parser.
is this binary corrupted?.
the === VS_VER... line is totally misleading and inconsistent with the rest of code in r2, so i'll try to find some time to cleanup the implementation but im not sure if that file may contain any version info here. can you confirm? thanks for reporting!
I'm pretty sure this file contains version information.
This is another file which is compile by myself (with version information controled by myself too):
@trufae there is actually some strings in file, like File Version
Don't know how to read the number after, can't get it as on screan
Where are those strings taken from @alex-bender ? can you find them from RBin?
I don't know what exactly I should do but you can find it at addr 0x00c4a276 in binary https://down.360safe.com/setup.exe