Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve PE module when scanning memory and fix PE certificate parsing #1657

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Improve PE module when scanning memory and fix PE certificate parsing #1657

wants to merge 16 commits into from

Commits on Feb 24, 2022

  1. Added ability for pe module to scan memory mapped images

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    de44c33 View commit details
    Browse the repository at this point in the history

  2. Fix win process base module location to work with 32 bit builds

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    98680c3 View commit details
    Browse the repository at this point in the history

  3. Do not attempt to get process module base address when running under … 

    …WOW64 unless the target is also WOW64
    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    1a17386 View commit details
    Browse the repository at this point in the history

  4. Return correct process memory region when an offset is on the upper b… 

    …oundary
    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    feb2e7c View commit details
    Browse the repository at this point in the history

  5. Avoid use after free when the block buffer is reallocated to fit the … 

    …process binary
    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    3824f56 View commit details
    Browse the repository at this point in the history

  6. Fix typo in libyara vcxproj file

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    fda8607 View commit details
    Browse the repository at this point in the history

  7. Use correct size for WOW64 ImageBase in 64 bit build

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    659507f View commit details
    Browse the repository at this point in the history

  8. Fix bounds checks for memory region buffer data size

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    9d4212e View commit details
    Browse the repository at this point in the history

  9. Added vs2019 solution directory for Windows

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    7564997 View commit details
    Browse the repository at this point in the history

  10. Fix various uninitialised variables when scanning process memory

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    dc15092 View commit details
    Browse the repository at this point in the history

  11. Set DLLs which are rarely used to delay load for better performance

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    58b08a0 View commit details
    Browse the repository at this point in the history

  12. Fix issue where certificate subject and issuer are truncated 

    * The X509_NAME_oneline function was being used to extract the certificate issuer and subject. The function
is being provided a static buffer which is only 254 chars in size, meaning that if either string is larger they will
be truncated and essential information may be lost.
* Increasing the buffer size or using a dynamic buffer could solve the issue, however the X509_NAME_oneline
function is deprecated and its use is strongly discouraged. Instead, the issue can be fixed using the newer
X509_NAME_print_ex function which will output the full string in a standard format.
* Unicode data is escaped in the output string by default, so ASN1_STRFLGS_ESC_MSB is explicitly cleared to
force the output of UTF8 encoded data. This allows matching unicode byte sequences in a more natural
and expected manner.
* This change has the side effect of addressing VirusTotal#1392
    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    3ae5bda View commit details
    Browse the repository at this point in the history

  13. Updated vs2019 project for new console module

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    1046b5f View commit details
    Browse the repository at this point in the history

  14. Switch from MultiByte to Unicode builds

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    6617f76 View commit details
    Browse the repository at this point in the history

  15. Fix build error due to use of windows typedef

    @niallnsec
    niallnsec committed Feb 24, 2022
    Configuration menu
    Copy the full SHA
    c0b0b77 View commit details
    Browse the repository at this point in the history

Commits on Mar 1, 2022

  1. Attempt to fix issues with CI build

    @niallnsec
    niallnsec committed Mar 1, 2022
    Configuration menu
    Copy the full SHA
    18dbd48 View commit details
    Browse the repository at this point in the history