Skip to content

Releases: saferwall/pe

v1.6.0

08 Apr 06:32
@ayoubfaouzi ayoubfaouzi
v1.6.0
0de8973
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.6.0 Latest
Latest

What's Changed

Features

Fixes

  • fix: Do not spawn visibile consoles, hide certutil window by @StefanoBalzarottiNozomi in #93
  • fix(security): hide console window only in Windows by @ayoubfaouzi in #94
  • fix: use file.opt instead of opt when setting logger creating a file instance. by @Snshadow in #97
  • fix: use Valuelength for parseString instead of whole String size by @Snshadow in #96
  • feat: make loadSystemRoots() use exit code to test command success by @ayoubfaouzi in #104
  • fix dotnet coded index bugs by @matanix in #112
  • fix: catch out-of-bounds access by @secDre4mer in #115
  • chore: port changes from secDre4mer/pkcs7 + smallstep/pkcs7 to own fork by @ayoubfaouzi in #118
  • fix: translation of algo identifier to hash algo in cert parseHashAlgorithm by @ayoubfaouzi in #119
  • fix: signature valid when both the authentihash matches and the cert chains to a trusted root by @ayoubfaouzi in #120
  • fix: typo in ImageSectionLnkMRelocOvfl -> ImageSectionLnkNRelocOvfl by @ayoubfaouzi in #121

Chore

New Contributors

Full Changelog: v1.5.0...v1.6.0

Contributors

edeca, getvictor, and 7 other contributors
Assets 2
Loading

v1.5.0

12 Feb 09:02
@ayoubfaouzi ayoubfaouzi
v1.5.0
8980c0f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.5.0

Added

  • feat: improve PR dumper to print CLR directory by @LordNoteworthy in #73
  • feat: allow custom hash algo selection for authentihash calculation by @hansinator in #76
  • feat: version resource parsing by @rabbitstack in #78
  • feat: verify authenticode hash from signature by @secDre4mer in #84
  • feat: parse a large number of .NET metadata headers by @veramine in #86
  • feat: annotate structs missing json tags by @LordNoteworthy in #90
  • feat(dumper): walk dir in async mode + print rsrc version info by @LordNoteworthy in #92

Changed

  • dotnet: don't skip the GenericParamConstraint metadata table by @veramine in #85

Fixed

  • fix: AuthentiHash() out of bound access check by @LordNoteworthy in #91
  • fix: do not print to stdout unhandled metadata table by @LordNoteworthy in #89
  • fix: correct broken reflection compare by @secDre4mer in #81
  • fix offset issue when reading StringFileInfo by @dmjb in #79
  • chore: increase unit test coverage to 80% by @LordNoteworthy in #74

New Contributors

Full Changelog: v1.4.0...v1.5.0

Contributors

hansinator, ayoubfaouzi, and 4 other contributors
Loading

v1.4.0

21 Mar 00:15
@ayoubfaouzi ayoubfaouzi
v1.4.0
3952e07
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.0

Added

  • Permit more granular control over which data directories are parsed by rabbitstack #72.
  • Support parsing the different retpoline types: Imported Address, Indirect Branch and Switchable retpoline #70.
  • Unit tests for load config directory #70.
  • Unit tests for TLS directory #69.
  • Unit tests for debug directory #68.
  • Unit tests for resource directory and add functions to prettify resource (sub)languages #66.
  • Annotate PE structures with JSON tags during JSON encoding #64, #65 and #67.
  • Improve PE dumper to print imports and unit test parsing imports data directory#63.
  • Improve PE dumper to print section headers #62.
  • Improve PE dumper to print PE headers #61.
  • Add SerialNumber, SignatureAlgorithm and PubKeyAlgorithm to the CertInfo #60.
  • Option to disable certificate validation #59.
  • Improve PE dumper to print exceptions #57.
  • Unit tests for debug directory #49.

Fixed

  • Bug while iterating over VolatileInfoRangeTable entries #70.
  • Bug while iterating (additional padding and loop condition) over DVRT relocation block entries #70.
  • Bug while appending (twice) Control Flow Guard IAT entries #70.
  • Bug while parsing POGO debug entry types #68.
  • Authentihash() for instances w/o fd thanks to flanfly #47.

Changed

  • Some fields has been renamed for consistency:
    • RichHeader.XorKey -> RichHeader.XORKey.
    • Any Rva substring -> RVA and any Iat substring -> IAT.
    • And many more.
  • Some fields used internally in imports parsing were changed from a slice of pointers to a simple slice.
  • Certificate.Content changed from *pkcs7.PKCS7 to pkcs7.PKCS7.
  • Section.Entropy changed from float64 to float64* to distinguish between the case when the section entropy is equal to zero and the case when the entropy is equal to nil - meaning that it was never calculated.
  • Remove cobra dependency from cmd/pedumper #56.

New Contributors

Full Changelog: v1.3.0...v1.4.0

Contributors

flanfly, rabbitstack, and smallzhong
Loading

v1.3.0

04 Aug 17:32
@ayoubfaouzi ayoubfaouzi
v1.3.0
ad766b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.3.0

[1.3.0] - 2022-08-04

Added

  • Authenticode signature validation in Windows #43.
  • File information structure that helps to identify what parts of the PE file we have, such as HasImports() #42..
  • Calculate Rich header hash thanks to wanglei-coder #38.
  • PE Overlay thanks to wanglei-coder #37.
  • Unit tests for DOS header parsing.
  • Unit tests for CLR directory #34.
  • Unit tests for Rich header #33.

Changed

  • Do not return an error when parsing a data directory fails #45.
  • Remove pointers from fields in the main File structure #44.

Fixed

New Contributors

Full Changelog: v1.2.0...v1.3.0

Contributors

wanglei-coder
Loading

v1.2.0

12 Jun 11:31
@ayoubfaouzi ayoubfaouzi
v1.2.0
8f26e64

Choose a tag to compare

View all tags
v1.2.0

[1.2.0] - 2022-06-12

Added

  • Unit tests for export directory #28.
  • Add a new option to allow usage of a custom logger #24.
  • Unit tests for delay imports directory #23.
  • Allow access to the raw certificates content #22.
  • Unit tests for security directory #19.
  • Unit tests for bound imports directory #18.

Changed

  • Make GetData() and GetRVAFromOffset() and GetOffsetFromRva() helper routines public.
  • Keep parsing in exports directories even when anomalies are found #26.

Fixed

  • Incorrect check for skipCertVerification in security directory.
  • Null pointer dereference in GetExportFunctionByRVA() and out of bounds when calculating symbolAddress in export directory #28.
  • Reading unicode string from resource directory readUnicodeStringAtRVA() #26.
  • Null pointer dereference in resource directory parsing #25.
  • Imphash calculation #17 thanks to @secDre4mer.
  • Null certificate header in security directory #19
Loading

v1.1.0

19 Dec 23:16
@ayoubfaouzi ayoubfaouzi
v1.1.0
d27c6ad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0

[1.1.0] - 2021-12-20

Added

  • Add .editorconfig and .vscode config.
  • Add github action CI workflow to test the package.
  • Add few badges for the README.md to track build status, coverage and code quality.
  • Introduce a new API to parse a file from a byte array.
  • Parse .net metadata Module table.
  • Parse .net metadata stream headers and metadata tables stream header.
  • Add cmd/pedumper to illustrate how to use the library.
  • Add unit test for relocation, exception, security, symbol, file, nt header, section and helper files.
  • Add an option New() to customize max of relocations entries and COFF symbols to parse.

Changed

  • Remove uneeded break statements & lowercase error messages and anomalies.
  • Make COFF entry in File struct a pointer.
  • Remove unsafe pointer usage from resource directory.
  • Do not return an error when COFF symbol table is not found.
  • License from Apache 2 to MIT.

Fixed

  • Probe for invalid Nt Header offset.
  • Fix authenticode hash calculation.
  • Compile correctly on 32 bit thnkas to @Max Altgelt.
  • COFF symbol table readASCIIStringAtOffset() out of bounds exception.
  • Probe for optional header section alignment != 0.
  • Fix infinite loop in exception unwind code parsing.
  • Fix last data directory entry is reserved and must be zero.
  • Safe ready of global pointer register
Loading

v1.0.0

16 Apr 06:37
@ayoubfaouzi ayoubfaouzi
v1.0.0
393f4bb

Choose a tag to compare

View all tags
v1.0.0
  • Works with PE32/PE32+ file fomat.
  • Supports Intel x86/AMD64/ARM7ARM7 Thumb/ARM8-64/IA64/CHPE architectures.
  • MS DOS header.
  • Rich Header (calculate checksum).
  • NT Header (file header + optional header).
  • COFF symbol table and string table.
  • Sections headers + entropy calculation.
  • Data directories:
    • Import Table + ImpHash calculation.
    • Export Table.
    • Resource Table.
    • Exceptions Table.
    • Security Table + Authentihash calculation.
    • Relocations Table.
    • Debug Table (CODEVIEW, POGO, VC FEATURE, REPRO, FPO, EXDLL CHARACTERISTICS debug types).
    • TLS Table.
    • Load Config Directory (SEH, GFID, GIAT, Guard LongJumps, CHPE, Dynamic Value Reloc Table, Enclave Configuration, Volatile Metadata tables).
    • Bound Import Table.
    • Delay Import Table.
    • COM Table (CLR Metadata Header, Metadata Table Streams).
    • Report several anomalies.
Loading