Releases: saferwall/pe
Releases · saferwall/pe
v1.5.0
Added
- feat: improve PR dumper to print CLR directory by @LordNoteworthy in #73
- feat: allow custom hash algo selection for authentihash calculation by @hansinator in #76
- feat: version resource parsing by @rabbitstack in #78
- feat: verify authenticode hash from signature by @secDre4mer in #84
- feat: parse a large number of .NET metadata headers by @veramine in #86
- feat: annotate structs missing json tags by @LordNoteworthy in #90
- feat(dumper): walk dir in async mode + print rsrc version info by @LordNoteworthy in #92
Changed
Fixed
- fix: AuthentiHash() out of bound access check by @LordNoteworthy in #91
- fix: do not print to stdout unhandled metadata table by @LordNoteworthy in #89
- fix: correct broken reflection compare by @secDre4mer in #81
- fix offset issue when reading
StringFileInfo
by @dmjb in #79 - chore: increase unit test coverage to 80% by @LordNoteworthy in #74
New Contributors
- @hansinator made their first contribution in #76
- @dmjb made their first contribution in #79
- @veramine made their first contribution in #85
Full Changelog: v1.4.0...v1.5.0
v1.4.0
Added
- Permit more granular control over which data directories are parsed by rabbitstack #72.
- Support parsing the different
retpoline
types: Imported Address, Indirect Branch and Switchable retpoline #70. - Unit tests for load config directory #70.
- Unit tests for TLS directory #69.
- Unit tests for debug directory #68.
- Unit tests for resource directory and add functions to prettify resource (sub)languages #66.
- Annotate PE structures with JSON tags during JSON encoding #64, #65 and #67.
- Improve PE dumper to print imports and unit test parsing imports data directory#63.
- Improve PE dumper to print section headers #62.
- Improve PE dumper to print PE headers #61.
- Add
SerialNumber
,SignatureAlgorithm
andPubKeyAlgorithm
to theCertInfo
#60. - Option to disable certificate validation #59.
- Improve PE dumper to print exceptions #57.
- Unit tests for debug directory #49.
Fixed
- Bug while iterating over VolatileInfoRangeTable entries #70.
- Bug while iterating (additional padding and loop condition) over DVRT relocation block entries #70.
- Bug while appending (twice) Control Flow Guard IAT entries #70.
- Bug while parsing
POGO
debug entry types #68. Authentihash()
for instances w/o fd thanks to flanfly #47.
Changed
- Some fields has been renamed for consistency:
RichHeader.XorKey
->RichHeader.XORKey
.- Any
Rva
substring ->RVA
and anyIat
substring ->IAT
. - And many more.
- Some fields used internally in imports parsing were changed from a slice of pointers to a simple slice.
- Certificate.Content changed from
*pkcs7.PKCS7
topkcs7.PKCS7
. Section.Entropy
changed fromfloat64
tofloat64*
to distinguish between the case when the section entropy is equal to zero and the case when the entropy is equal to nil - meaning that it was never calculated.- Remove
cobra
dependency fromcmd/pedumper
#56.
New Contributors
- @flanfly made their first contribution in #47
- @smallzhong made their first contribution in #53
- @rabbitstack made their first contribution in #72
Full Changelog: v1.3.0...v1.4.0
v1.3.0
[1.3.0] - 2022-08-04
Added
- Authenticode signature validation in Windows #43.
- File information structure that helps to identify what parts of the PE file we have, such as
HasImports()
#42.. - Calculate Rich header hash thanks to wanglei-coder #38.
- PE Overlay thanks to wanglei-coder #37.
- Unit tests for DOS header parsing.
- Unit tests for CLR directory #34.
- Unit tests for Rich header #33.
Changed
- Do not return an error when parsing a data directory fails #45.
- Remove pointers from fields in the main
File
structure #44.
Fixed
- Fix getting section data repeatedly thanks to wanglei-coder #41.
- Fix
adjustSectionAlignment()
thanks to wanglei-coder #40. - Fix authentihash calculation thanks to wanglei-coder #38.
- Memory leak in
Close()
function that missed a call tounmap()
thanks to Mamba24L8.
New Contributors
- @wanglei-coder made their first contribution in #37
Full Changelog: v1.2.0...v1.3.0
v1.2.0
[1.2.0] - 2022-06-12
Added
- Unit tests for export directory #28.
- Add a new option to allow usage of a custom logger #24.
- Unit tests for delay imports directory #23.
- Allow access to the raw certificates content #22.
- Unit tests for security directory #19.
- Unit tests for bound imports directory #18.
Changed
- Make
GetData()
andGetRVAFromOffset()
andGetOffsetFromRva()
helper routines public. - Keep parsing in exports directories even when anomalies are found #26.
Fixed
- Incorrect check for
skipCertVerification
in security directory. - Null pointer dereference in
GetExportFunctionByRVA()
and out of bounds when calculatingsymbolAddress
in export directory #28. - Reading unicode string from resource directory
readUnicodeStringAtRVA()
#26. - Null pointer dereference in resource directory parsing #25.
- Imphash calculation #17 thanks to @secDre4mer.
- Null certificate header in security directory #19
v1.1.0
[1.1.0] - 2021-12-20
Added
- Add .editorconfig and .vscode config.
- Add github action CI workflow to test the package.
- Add few badges for the README.md to track build status, coverage and code quality.
- Introduce a new API to parse a file from a byte array.
- Parse .net metadata Module table.
- Parse .net metadata stream headers and metadata tables stream header.
- Add cmd/pedumper to illustrate how to use the library.
- Add unit test for relocation, exception, security, symbol, file, nt header, section and helper files.
- Add an option
New()
to customize max of relocations entries and COFF symbols to parse.
Changed
- Remove uneeded break statements & lowercase error messages and anomalies.
- Make COFF entry in File struct a pointer.
- Remove unsafe pointer usage from resource directory.
- Do not return an error when COFF symbol table is not found.
- License from Apache 2 to MIT.
Fixed
- Probe for invalid Nt Header offset.
- Fix authenticode hash calculation.
- Compile correctly on 32 bit thnkas to
@Max Altgelt
. - COFF symbol table
readASCIIStringAtOffset()
out of bounds exception. - Probe for optional header section alignment != 0.
- Fix infinite loop in exception unwind code parsing.
- Fix last data directory entry is reserved and must be zero.
- Safe ready of global pointer register
v1.0.0
- Works with PE32/PE32+ file fomat.
- Supports Intel x86/AMD64/ARM7ARM7 Thumb/ARM8-64/IA64/CHPE architectures.
- MS DOS header.
- Rich Header (calculate checksum).
- NT Header (file header + optional header).
- COFF symbol table and string table.
- Sections headers + entropy calculation.
- Data directories:
- Import Table + ImpHash calculation.
- Export Table.
- Resource Table.
- Exceptions Table.
- Security Table + Authentihash calculation.
- Relocations Table.
- Debug Table (CODEVIEW, POGO, VC FEATURE, REPRO, FPO, EXDLL CHARACTERISTICS debug types).
- TLS Table.
- Load Config Directory (SEH, GFID, GIAT, Guard LongJumps, CHPE, Dynamic Value Reloc Table, Enclave Configuration, Volatile Metadata tables).
- Bound Import Table.
- Delay Import Table.
- COM Table (CLR Metadata Header, Metadata Table Streams).
- Report several anomalies.