Pe Versions Save

Added

• feat: improve PR dumper to print CLR directory by @LordNoteworthy in https://github.com/saferwall/pe/pull/73
• feat: allow custom hash algo selection for authentihash calculation by @hansinator in https://github.com/saferwall/pe/pull/76
• feat: version resource parsing by @rabbitstack in https://github.com/saferwall/pe/pull/78
• feat: verify authenticode hash from signature by @secDre4mer in https://github.com/saferwall/pe/pull/84
• feat: parse a large number of .NET metadata headers by @veramine in https://github.com/saferwall/pe/pull/86
• feat: annotate structs missing json tags by @LordNoteworthy in https://github.com/saferwall/pe/pull/90
• feat(dumper): walk dir in async mode + print rsrc version info by @LordNoteworthy in https://github.com/saferwall/pe/pull/92

Changed

• dotnet: don't skip the GenericParamConstraint metadata table by @veramine in https://github.com/saferwall/pe/pull/85

Fixed

• fix: AuthentiHash() out of bound access check by @LordNoteworthy in https://github.com/saferwall/pe/pull/91
• fix: do not print to stdout unhandled metadata table by @LordNoteworthy in https://github.com/saferwall/pe/pull/89
• fix: correct broken reflection compare by @secDre4mer in https://github.com/saferwall/pe/pull/81
• fix offset issue when reading StringFileInfo by @dmjb in https://github.com/saferwall/pe/pull/79
• chore: increase unit test coverage to 80% by @LordNoteworthy in https://github.com/saferwall/pe/pull/74

New Contributors

• @hansinator made their first contribution in https://github.com/saferwall/pe/pull/76
• @dmjb made their first contribution in https://github.com/saferwall/pe/pull/79
• @veramine made their first contribution in https://github.com/saferwall/pe/pull/85

Full Changelog: https://github.com/saferwall/pe/compare/v1.4.0...v1.5.0

Added

• Permit more granular control over which data directories are parsed by rabbitstack #72.
• Support parsing the different retpoline types: Imported Address, Indirect Branch and Switchable retpoline #70.
• Unit tests for load config directory #70.
• Unit tests for TLS directory #69.
• Unit tests for debug directory #68.
• Unit tests for resource directory and add functions to prettify resource (sub)languages #66.
• Annotate PE structures with JSON tags during JSON encoding #64, #65 and #67.
• Improve PE dumper to print imports and unit test parsing imports data directory#63.
• Improve PE dumper to print section headers #62.
• Improve PE dumper to print PE headers #61.
• Add SerialNumber, SignatureAlgorithm and PubKeyAlgorithm to the CertInfo #60.
• Option to disable certificate validation #59.
• Improve PE dumper to print exceptions #57.
• Unit tests for debug directory #49.

Fixed

• Bug while iterating over VolatileInfoRangeTable entries #70.
• Bug while iterating (additional padding and loop condition) over DVRT relocation block entries #70.
• Bug while appending (twice) Control Flow Guard IAT entries #70.
• Bug while parsing POGO debug entry types #68.
• Authentihash() for instances w/o fd thanks to flanfly #47.

Changed

• Some fields has been renamed for consistency:
  • RichHeader.XorKey -> RichHeader.XORKey.
  • Any Rva substring -> RVA and any Iat substring -> IAT.
  • And many more.
• Some fields used internally in imports parsing were changed from a slice of pointers to a simple slice.
• Certificate.Content changed from *pkcs7.PKCS7 to pkcs7.PKCS7.
• Section.Entropy changed from float64 to float64* to distinguish between the case when the section entropy is equal to zero and the case when the entropy is equal to nil - meaning that it was never calculated.
• Remove cobra dependency from cmd/pedumper #56.

New Contributors

• @flanfly made their first contribution in https://github.com/saferwall/pe/pull/47
• @smallzhong made their first contribution in https://github.com/saferwall/pe/pull/53
• @rabbitstack made their first contribution in https://github.com/saferwall/pe/pull/72

Full Changelog: https://github.com/saferwall/pe/compare/v1.3.0...v1.4.0

[1.3.0] - 2022-08-04

Added

• Authenticode signature validation in Windows #43.
• File information structure that helps to identify what parts of the PE file we have, such as HasImports() #42..
• Calculate Rich header hash thanks to wanglei-coder #38.
• PE Overlay thanks to wanglei-coder #37.
• Unit tests for DOS header parsing.
• Unit tests for CLR directory #34.
• Unit tests for Rich header #33.

Changed

• Do not return an error when parsing a data directory fails #45.
• Remove pointers from fields in the main File structure #44.

Fixed

• Fix getting section data repeatedly thanks to wanglei-coder #41.
• Fix adjustSectionAlignment() thanks to wanglei-coder #40.
• Fix authentihash calculation thanks to wanglei-coder #38.
• Memory leak in Close() function that missed a call to unmap() thanks to Mamba24L8.

New Contributors

• @wanglei-coder made their first contribution in https://github.com/saferwall/pe/pull/37

Full Changelog: https://github.com/saferwall/pe/compare/v1.2.0...v1.3.0

[1.2.0] - 2022-06-12

Added

• Unit tests for export directory #28.
• Add a new option to allow usage of a custom logger #24.
• Unit tests for delay imports directory #23.
• Allow access to the raw certificates content #22.
• Unit tests for security directory #19.
• Unit tests for bound imports directory #18.

Changed

• Make GetData() and GetRVAFromOffset() and GetOffsetFromRva() helper routines public.
• Keep parsing in exports directories even when anomalies are found #26.

Fixed

• Incorrect check for skipCertVerification in security directory.
• Null pointer dereference in GetExportFunctionByRVA() and out of bounds when calculating symbolAddress in export directory #28.
• Reading unicode string from resource directory readUnicodeStringAtRVA() #26.
• Null pointer dereference in resource directory parsing #25.
• Imphash calculation #17 thanks to @secDre4mer.
• Null certificate header in security directory #19

[1.1.0] - 2021-12-20

Added

• Add .editorconfig and .vscode config.
• Add github action CI workflow to test the package.
• Add few badges for the README.md to track build status, coverage and code quality.
• Introduce a new API to parse a file from a byte array.
• Parse .net metadata Module table.
• Parse .net metadata stream headers and metadata tables stream header.
• Add cmd/pedumper to illustrate how to use the library.
• Add unit test for relocation, exception, security, symbol, file, nt header, section and helper files.
• Add an option New() to customize max of relocations entries and COFF symbols to parse.

Changed

• Remove uneeded break statements & lowercase error messages and anomalies.
• Make COFF entry in File struct a pointer.
• Remove unsafe pointer usage from resource directory.
• Do not return an error when COFF symbol table is not found.
• License from Apache 2 to MIT.

Fixed

• Probe for invalid Nt Header offset.
• Fix authenticode hash calculation.
• Compile correctly on 32 bit thnkas to @Max Altgelt.
• COFF symbol table readASCIIStringAtOffset() out of bounds exception.
• Probe for optional header section alignment != 0.
• Fix infinite loop in exception unwind code parsing.
• Fix last data directory entry is reserved and must be zero.
• Safe ready of global pointer register

• Works with PE32/PE32+ file fomat.
• Supports Intel x86/AMD64/ARM7ARM7 Thumb/ARM8-64/IA64/CHPE architectures.
• MS DOS header.
• Rich Header (calculate checksum).
• NT Header (file header + optional header).
• COFF symbol table and string table.
• Sections headers + entropy calculation.
• Data directories:
  • Import Table + ImpHash calculation.
  • Export Table.
  • Resource Table.
  • Exceptions Table.
  • Security Table + Authentihash calculation.
  • Relocations Table.
  • Debug Table (CODEVIEW, POGO, VC FEATURE, REPRO, FPO, EXDLL CHARACTERISTICS debug types).
  • TLS Table.
  • Load Config Directory (SEH, GFID, GIAT, Guard LongJumps, CHPE, Dynamic Value Reloc Table, Enclave Configuration, Volatile Metadata tables).
  • Bound Import Table.
  • Delay Import Table.
  • COM Table (CLR Metadata Header, Metadata Table Streams).
  • Report several anomalies.