[BinHandler] Error in section reading about b2r2 HOT 11 CLOSED

Thanks for reporting the bug! I currently cannot reproduce the bug. I tried with some windows files such as calc.exe, ntdll.dll, etc., but none of them seems to produce the bug. Can you upload your PE file somewhere?

from b2r2.

Hi,

find attached a base64 encoded version (as you can image it is a malware):

malware.txt

In order to trigger the bug, run the following code:

        let handler =        
            BinHandler.Init(
                ISA.OfString "x86", 
                ArchOperationMode.NoMode, 
                true, 
                Addr.MinValue, 
                (System.IO.File.ReadAllText >> System.Convert.FromBase64String)("malware.txt")
            )

        handler.FileInfo.GetSections()
        |> Seq.iter(fun section ->
            Console.Write("Read all data from section: {0} => ", section.Name)
            handler.ReadBytes(section.Address, int32 section.Size) |> ignore
            Console.WriteLine("DONE")
        )

from b2r2.

Hmm.. this is really weird. I cannot reproduce it.

So I downloaded the malware.txt file (on Linux) and decoded the file to create a PE file called m.exe.

$ file m.exe
m.exe: PE32 executable (GUI) Intel 80386, for MS Windows

The SHA-1 hash of the PE file, before/after decoding is as follows:

5d13a5ebfb2f015ec6dd646872395f239bc5dae2  malware.txt
6ac0829d260061ea5a139cbfeb383808e5797feb  m.exe

And then I copy pasted your code (without base64 decoding) on a local project, and ran the following:

$ dotnet run -- ./m.exe
Read all data from section: .text => DONE
Read all data from section: .data => DONE
Read all data from section: .reloc => DONE

No problem as you can see. To be clear, I didn't create an FSX script, but just used a dotnet project.

To help debug this issue, I just created a branch called debug. You can see my modification here: 29479e6

May I ask you to checkout the debug branch, and go to the src/Utilities/FileViewer directory, and then run dotnet run -- <your PE file>? If you can still produce the issue with the same PE file on the branch, please let me know.

from b2r2.

Hi,

sure, I'll do as you said and check if I can reproduce the problem in my environment.

from b2r2.

Hi @sangkilc,

I did a test as you said and I didn't received any errors. After digging a bit I discovered that the problem was due to the fact that my project is not .NET Core and my Start Up point project didn't referenced B2R2.Core. This cause some really weird behavior (I wasn't able to step into the Core routine due to a missing debug symbol file, ...).

In my case, the solution was to directly reference the B2R2.Core library, and not only the used libraries.

So in the end, this is definitely not a B2R2 bug but maybe it can be useful as reference for others that have a mixed solution.

from b2r2.

Thanks for your report. May I ask what kind .NET project it was? Was it .NET framework 4.8? I really would be interested to reproduce this bug because I think "not referencing B2R2.Core" should not create this problem. A minimal example project would definitely help.

from b2r2.

Hi @enkomio ,

I have created a minimal project for .NET framework 4.7.2 @ https://github.com/sangkilc/testdotnet, but I still cannot reproduce the issue that you reported. Could you test with the project if you can reproduce it?

The project uses the B2R2 nuget package, and I presume you are using a different approach? If you can create a minimal project that looks like the one that I showed, and if the project triggers the same bug that you described, it will be extremely helpful for me to understand the problem. Please let me know, and thank you very much for your help!

from b2r2.

I'll try to create a Visual Studio project that trigger the problem

from b2r2.

Thank you! Let me reopen this issue for now.

from b2r2.

Hi,

I tried to create a basic solution that trigger the problem but after many tries I wasn't able to reproduce it. When I encountered the error I referenced the B2R2 framework as sub-module in my solution. I tried also in this way, by creating a simple project that doesn't reference B2R2.Core (since this was the problem at the time). The solution doesn't compile (of course) since it is unable to create a BinHandler.

So in the end, I think it was a very border situation due to some problem with Visual Studio. Definitely not a bug in B2R2 (it is a False Report). Sorry for the wrong report.

from b2r2.

No problem at all. Thank you for letting me know! Let me close this issue.

from b2r2.