waliedassar Posted October 15, 2012 Share Posted October 15, 2012 (edited) If you try to FIX DUMP an executable with the IMAGE_NT_HEADERS structure overlapping the IMAGE_DOS_HEADER i.e. the e_lfanew field has a value less than or equal to 0x38 (and of course, greater than or equal to 0x2), the resulting executable is rejected by the windows PE loader.http://uploadpic.org...p?img=BdtSYOk9lThis is due to Scylla moving the IMAGE_NT_HEADERS at offset 0x40 without updating the "e_lfanew" field.This was tested with Scylla v0.7 beta 7.Best RegardsWaliedassar Edited October 15, 2012 by waliedassar Link to comment
LCF-AT Posted October 15, 2012 Share Posted October 15, 2012 @ waliedassar Wow!You can find a lot of bugs. You seem to be the Indiana Jones of RCE. greetz Link to comment
Aguila Posted October 15, 2012 Share Posted October 15, 2012 thank you very much waliedassar.I didn't even know that this is possible. Link to comment
waliedassar Posted October 15, 2012 Author Share Posted October 15, 2012 thank you very much waliedassar.I didn't even know that this is possible.Files packed with Spack (by Bagie) used to have overlapped headers. Link to comment
waliedassar Posted October 16, 2012 Author Share Posted October 16, 2012 (edited) Here is a simple executable you can use to test Scylla./>http://goo.gl/UlFVH Edited October 16, 2012 by waliedassar Link to comment
mudlord Posted October 17, 2012 Share Posted October 17, 2012 and place where to get spack Link to comment
Nacho_dj Posted October 17, 2012 Share Posted October 17, 2012 Here is a simple executable you can use to test Scylla. http://goo.gl/UlFVH Thanks for this valuable info! Link to comment
Aguila Posted October 17, 2012 Share Posted October 17, 2012 I think this little fix is enough for this problem. Only 2 new lines in source code.Thanks for your help Link to comment
vnhung Posted November 22, 2012 Share Posted November 22, 2012 you can upload the project source code Scylla_v0.7 beta8 thank Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now