Merge pull request #54 from secana/brokensample66c

Too long module names

PeNet.sln

@@ -22,6 +22,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PEditor", "src\PEditor\PEdi
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PeNet.Test", "test\PeNet.Test\PeNet.Test.csproj", "{2A160801-CC38-4986-AC00-B742ACC567D7}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Test.App", "Test.Console\Test.App.csproj", "{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -54,6 +56,14 @@ Global
 		{2A160801-CC38-4986-AC00-B742ACC567D7}.Release|Any CPU.Build.0 = Release|Any CPU
 		{2A160801-CC38-4986-AC00-B742ACC567D7}.Release|x64.ActiveCfg = Release|Any CPU
 		{2A160801-CC38-4986-AC00-B742ACC567D7}.Release|x64.Build.0 = Release|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Debug|x64.Build.0 = Debug|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Release|x64.ActiveCfg = Release|Any CPU
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8}.Release|x64.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -62,6 +72,7 @@ Global
 		{12794D4D-98EA-4A5C-92EA-D3282790C3D3} = {C6BBC182-0EA7-4DEA-8D06-C7B27B863B92}
 		{41416783-179F-4117-A95B-DAAF6DD0B144} = {C6BBC182-0EA7-4DEA-8D06-C7B27B863B92}
 		{2A160801-CC38-4986-AC00-B742ACC567D7} = {B7DE051E-5D6F-4209-8472-B8A407C3D257}
+		{36A620F6-69CB-46B5-B2A9-2EE96D31C1C8} = {C6BBC182-0EA7-4DEA-8D06-C7B27B863B92}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {DDEF9B8E-AB65-440B-86B9-BF0BE9BE5993}

build.cake

@@ -3,10 +3,10 @@
 
 var target					= Argument("target", "Default");
 var solutionDir				= System.IO.Directory.GetCurrentDirectory();
-var testResultDir			= Argument("testResultDir", System.IO.Path.Combine(solutionDir, "test-results"));   // ./build.sh --target test -testResultsDir="somedir"
-var artifactDir				= Argument("artifactDir", System.IO.Path.Combine(solutionDir, "artifacts"));		// ./build.sh --target pack -artifactDir="somedir"
-var apiKey					= Argument<string>("apiKey", null);													// ./build.sh --target push -apiKey="nuget api key"
-var accessToken				= Argument<string>("accessToken", null);											// ./build.sh --target release -accessToken="github access token"
+var testResultDir			= Argument("testResultDir", System.IO.Path.Combine(solutionDir, "test-results"));  
+var artifactDir				= Argument("artifactDir", System.IO.Path.Combine(solutionDir, "artifacts"));		
+var apiKey					= Argument<string>("apiKey", null);													
+var accessToken				= Argument<string>("accessToken", null);											
 var peditorArtifactDir		= System.IO.Path.Combine(artifactDir, "PEditor");
 string peditorReleaseZip	= null;
 string peditorVersion		= null;

src/PEditor/PEditor.csproj

@@ -32,7 +32,7 @@
     <SuiteName>PEditor</SuiteName>
     <OpenBrowserOnPublish>false</OpenBrowserOnPublish>
     <ApplicationRevision>0</ApplicationRevision>
-    <ApplicationVersion>1.0.1.%2a</ApplicationVersion>
+    <ApplicationVersion>1.1.0.%2a</ApplicationVersion>
     <UseApplicationTrust>false</UseApplicationTrust>
     <PublishWizardCompleted>true</PublishWizardCompleted>
     <BootstrapperEnabled>true</BootstrapperEnabled>

src/PEditor/TabItems/Exceptions.xaml.cs

@@ -30,7 +30,7 @@ private void lbRuntimeFunctions_SelectionChanged(object sender, SelectionChanged
             var uw = selected.UnwindInfo.ToIntFromHexString();
 
             // Find the RUNTIME_FUNCTION which was selected.
-            var rt = _peFile.RuntimeFunctions.First(x => x.FunctionStart == funcStart
+            var rt = _peFile.ExceptionDirectory.First(x => x.FunctionStart == funcStart
                                                          && x.FunctionEnd == funcEnd
                                                          && x.UnwindInfo == uw
                 );
@@ -65,10 +65,10 @@ public void SetException(PeFile peFile)
             _peFile = peFile;
             lbRuntimeFunctions.Items.Clear();
 
-            if (peFile.Is32Bit || peFile.RuntimeFunctions == null)
+            if (peFile.Is32Bit || peFile.ExceptionDirectory == null)
                 return;
 
-            foreach (var rt in peFile.RuntimeFunctions)
+            foreach (var rt in peFile.ExceptionDirectory)
             {
                 lbRuntimeFunctions.Items.Add(new
                 {

src/PeNet/Parser/ImportedFunctionsParser.cs

@@ -1,4 +1,5 @@
-using System.Collections.Generic;
+using System;
+using System.Collections.Generic;
 using PeNet.Structures;
 using PeNet.Utilities;
 
@@ -36,6 +37,8 @@ protected override ImportFunction[] ParseTarget()
             {
                 var dllAdr = idesc.Name.RVAtoFileMapping(_sectionHeaders);
                 var dll = _buff.GetCString(dllAdr);
+                if (IsModuleNameTooLong(dll))
+                    continue;
                 var tmpAdr = idesc.OriginalFirstThunk != 0 ? idesc.OriginalFirstThunk : idesc.FirstThunk;
                 if (tmpAdr == 0)
                     continue;
@@ -72,5 +75,10 @@ protected override ImportFunction[] ParseTarget()
 
             return impFuncs.ToArray();
         }
+
+        private bool IsModuleNameTooLong(string dllName)
+        {
+            return dllName.Length > 256;
+        }
     }
 }

src/PeNet/Parser/SafeParser.cs

@@ -3,7 +3,7 @@
 namespace PeNet.Parser
 {
     internal abstract class SafeParser<T>
-        where T : class 
+        where T : class
     {
         protected readonly byte[] _buff;
         protected readonly uint _offset;
@@ -22,7 +22,6 @@ private bool SanityCheckFailed()
             return _offset > _buff?.Length;
         }
 
-        public Exception ParserException { get; protected set; }
 
         protected abstract T ParseTarget();
 
@@ -40,9 +39,11 @@ public T GetParserTarget()
             {
                 _target = ParseTarget();
             }
-            catch (Exception exception)
+            catch (Exception)
             {
-                ParserException = exception;
+                // Silently catch the exception
+                // TODO: Add global list with exception
+                _target = null;
             }
 
             return _target;

src/PeNet/PeFile.cs

@@ -73,11 +73,6 @@ public PeFile(string peFile)
             FileLocation = peFile;
         }
 
-        /// <summary>
-        ///     List with all exceptions that have occurred during the PE header parsing.
-        /// </summary>
-        public List<Exception> Exceptions { get; } = new List<Exception>();
-
         /// <summary>
         ///     Returns true if the Export directory is valid.
         /// </summary>
@@ -96,7 +91,7 @@ public PeFile(string peFile)
         /// <summary>
         ///     Returns true if the Exception directory is valid.
         /// </summary>
-        public bool HasValidExceptionDir => Exceptions != null;
+        public bool HasValidDir => ExceptionDirectory != null;
 
         /// <summary>
         ///     Returns true if the Security directory is valid.
@@ -218,7 +213,7 @@ public bool IsEXE
         /// <summary>
         ///     Access the array of RUNTIME_FUNCTION from the Exception header.
         /// </summary>
-        public RUNTIME_FUNCTION[] RuntimeFunctions => _dataDirectoryParsers.RuntimeFunctions;
+        public RUNTIME_FUNCTION[] ExceptionDirectory => _dataDirectoryParsers.RuntimeFunctions;
 
         /// <summary>
         ///     Access the WIN_CERTIFICATE from the Security header.
@@ -324,10 +319,7 @@ public bool IsEXE
         /// <returns>True of cert chain is valid and from a trusted CA.</returns>
         public bool IsValidCertChain(bool online)
         {
-            if (!IsSigned)
-                return false;
-
-            return SignatureInformation.IsValidCertChain(PKCS7, online);
+            return IsSigned && SignatureInformation.IsValidCertChain(PKCS7, online);
         }
 
         /// <summary>
@@ -341,17 +333,16 @@ public CrlUrlList GetCrlUrlList()
             if (PKCS7 == null)
                 return null;
 
-            CrlUrlList list = null;
             try
             {
-                list = new CrlUrlList(PKCS7);
+                return new CrlUrlList(PKCS7);
             }
-            catch (Exception exception)
+            catch (Exception)
             {
-                Exceptions.Add(exception);
+                // Silently catch exceptions.
+                // TODO: Add to global exception list.
+                return null;
             }
-
-            return list;
         }
 
         /// <summary>
@@ -368,7 +359,6 @@ public static bool IsPEFile(string file)
             using (var fs = new FileStream(file, FileMode.Open, FileAccess.Read))
             {
                 fs.Read(buffer, 0, buffer.Length);
-                fs.Close();
             }
 
             return buffer[1] == 0x5a && buffer[0] == 0x4d; // MZ Header

src/PeNet/PeNet.csproj

@@ -2,12 +2,14 @@
   <PropertyGroup>
     <TargetFrameworks>netstandard2.0;net461;net40</TargetFrameworks>
     <PackageProjectUrl>https://github.com/secana/PeNet</PackageProjectUrl>
-    <Version>0.8.0</Version>
+    <Version>0.8.1</Version>
     <Authors>Stefan Hausotte</Authors>
     <PackageLicenseUrl>http://www.apache.org/licenses/LICENSE-2.0</PackageLicenseUrl>
     <Description>PeNet is a Windows PE (Portable Executable) parser written in C#. It parses all PE header structures for x32 and x64. It supports the ImpHash algorithm which is popular in malware analysis. You can use it for string and pattern matching in PE files.</Description>
     <Copyright>2017 @ Stefan Hausotte</Copyright>
-    <PackageReleaseNotes>Add debug directory parsing</PackageReleaseNotes>
+    <PackageReleaseNotes>Removed "Exceptions" property
+Renamed "RuntimeFunctions" to "ExceptionDirectory"
+Skip imported modules with names longer than 256 characters</PackageReleaseNotes>
     <RepositoryUrl>https://github.com/secana/PeNet</RepositoryUrl>
     <PackageTags>PE Header Portable Executable</PackageTags>
     <PackageIconUrl>https://raw.githubusercontent.com/secana/PeNet/master/src/PEditor/Icons/logo.png</PackageIconUrl>