-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pesec: fails to properly read PE file on s390x #198
Comments
I have to look into this. I will probably have to setup some virtual machine to look into what is actually breaking here but it is probably magic bytes/string comparisons. |
So I did look into this and the general gist is that we currently just load all headers straight into memory. |
That's good news! And congrats for the good work you are doing on readpe! 👏🏼 |
Describe the bug
pesec
does not recognize a PE-compliant file on s390x. Fails with:To Reproduce
Please provide us with:
/usr/share/win32/gzip.exe
as installed by thegzip-win32
package on Debian sidpesec /usr/share/win32/gzip.exe
Expected behavior
I expected
pesec
would read the PE file and report about its security properties.Screenshots
N/A.
Additional context
The failure is likely due to
libpe
not taking endianness into account when loading the file into memory, being tested mostly on little-endian architectures (as amd64 and arm64). Those problems arise on s390x, as it is a big-endian architecture.The text was updated successfully, but these errors were encountered: