You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For convenience, patching examples\rdr.rs may improve readability specifically for this case since theres a bunch of irrelevant logs:
fn run() -> error::Result<()> {
for (i, arg) in env::args().enumerate() {
if i == 1 {
let path = Path::new(arg.as_str());
let buffer = fs::read(path)?;
let res = goblin::Object::parse(&buffer)?;
- //println!("{:#?}", res);+ match res {+ goblin::Object::PE(x) => {+ println!("{:#x}", x.image_base)+ }+ _ => {}+ }
}
}
Ok(())
}
Then run:
cargo run --target i686-pc-windows-msvc --example rdr -- "path/to/pe64-bin.exe"
If the image base of path/to/pe64-bin.exe is 0x140000000 (the default value of COFF linkers), it outputs trimmed 32-bit value 0x40000000.
This is not particular to i686-pc-windows-msvc triple but any other 32-bit builds.
The text was updated successfully, but these errors were encountered:
Uh oh!
There was an error while loading. Please reload this page.
As pointed out in this comment the
goblin::pe::PE::image_base
silently overflowing when parsing PE64 on 32-bit goblin.usize
u64
goblin/src/pe/mod.rs
Lines 61 to 62 in 48da3d8
The
goblin::pe::PE::image_base
must be defined asu64
to be compatible with 32-bit hosts.Steps to reproduce
For convenience, patching
examples\rdr.rs
may improve readability specifically for this case since theres a bunch of irrelevant logs:Then run:
If the image base of
path/to/pe64-bin.exe
is0x140000000
(the default value of COFF linkers), it outputs trimmed 32-bit value0x40000000
.This is not particular to
i686-pc-windows-msvc
triple but any other 32-bit builds.The text was updated successfully, but these errors were encountered: