Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

In artefacts scan: misaligned offsets of artefacts #25

Closed
hasherezade opened this issue Dec 6, 2018 · 1 comment
Closed

In artefacts scan: misaligned offsets of artefacts #25

hasherezade opened this issue Dec 6, 2018 · 1 comment
Assignees
@hasherezade
Labels
bug

Comments

@hasherezade
Copy link
Owner

hasherezade commented Dec 6, 2018
edited
Loading

Test case

e757457b62788c658d38e4d77a0c8cfd5272c5690389e6f51bf4349795311c63

Problem

PE Image Base was found after section headers:
section_hdrs_after_base
Dumped memory region: 55a075c86f2529613dd7df289d2fb6e828fa2e50b6f0be6d483d29f5393d5c90

Comment

A possible reason was that the memory area contained some bogus artefacts, that misguided the scan. This kind of situation should be prevented by additional checks.
@hasherezade hasherezade added the bug label Dec 6, 2018
@hasherezade hasherezade self-assigned this Dec 6, 2018
hasherezade added a commit that referenced this issue Dec 10, 2018
@hasherezade
Refactored ArtefactsScanner (including fix for Issue #25)
ea56b75
@hasherezade
Copy link
Owner Author

Fixed:

The same sample scanned with the improved scanner:
workingset_scan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hasherezade hasherezade

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hasherezade