ExifTool Forum

The attached file comes from a Microsoft, however, Exiftool fails to read the file properly (VirusTotal however can read the file properly).
Thoughts?

System: Linux / Windows
Version(s): 10.58 (Linux) / 12.01 (Windows)
Command: Exiftool System.Reflection.Emit.dll
Output:      Error                           : File format error

Thank you

Thanks for this report.  I'll look into it as soon as I get a chance.

- Phil

Just to add to this mystery, or perhaps this is an Ah-Ha! moment (no Eureka's and running nude down the streets here, mainly cause locals frown upon that sort of thing).

I believe that these failing binaries have been built with Mono.

Quote from: Hank on September 30, 2020, 09:30:23 AM
(no Eureka's and running nude down the streets here, mainly cause locals frown upon that sort of thing).

Here too.  Go figure.  Germany seems to be ahead of the curve with this. (https://www.nydailynews.com/news/world/ny-naked-german-fergal-hog-laptop-20200808-i6rrgjy6cbg3bjc7dnxxhcm7fa-story.html)

- Phil

Sorry for the delay in responding.  The problem is that the file size reported in the header is invalid (ie. zero).  I'll patch ExifTool 12.08 to issue a warning instead of a format error for this, which will allow the file to be recognized.

- Phil

No problems on the delay- actually thank you, because I have now started to hack in Perl and found the same thing:
The line :
return 0 if $fileSize < 0x40;
in EXE.pm is where I found the issue.
I will continue to play with the code and see if I can get the rest of the information to be revealed.
Which brings up an interesting question:
How do you accept submissions?

And the other patch to the code:

Module EXE.pm

#------------------------------------------------------------------------------
# Process Windows PE file data dictionary
# Inputs: 0) ExifTool object ref, 1) dirInfo ref
# Returns: true on success
sub ProcessPEDict($$)
{
    my ($et, $dirInfo) = @_;
    my $raf = $$dirInfo{RAF};
    my $dataPt = $$dirInfo{DataPt};
    my $dirLen = length($$dataPt);
    my ($pos, @sections, %dirInfo);
my $rsrcfound = "false";
my $name = "";

# Hack Hack Hack 
# Need to know if we have both .rsrc and .text
# if both or only .rsrc, then only look at .rsrc
# else look at .text
    for ($pos=0; $pos+40<=$dirLen; $pos+=40) {
        $name = substr($$dataPt, $pos, 8);
if ($name eq ".rsrc\0\0\0") {
$rsrcfound = "true";
}
}

    # loop through all sections
    for ($pos=0; $pos+40<=$dirLen; $pos+=40) {
        $name = substr($$dataPt, $pos, 8);
        my $va = Get32u($dataPt, $pos + 12);
        my $size = Get32u($dataPt, $pos + 16);
        my $offset = Get32u($dataPt, $pos + 20);
        # remember the section offsets for the VirtualAddress lookup later
        push @sections, { Base => $offset, Size => $size, VirtualAddress => $va };
        # save details of the first resource section
        %dirInfo = (
            RAF      => $raf,
            Base     => $offset,
            DirStart => 0,   # (relative to Base)
            DirLen   => $size,
            Sections => \@sections,
        ) if ($name eq ".rsrc\0\0\0" and not %dirInfo) or ($name eq ".text\0\0\0" and $rsrcfound eq "false" and not %dirInfo);
    }
    # process the first resource section
    ProcessPEResources($et, \%dirInfo) or return 0 if %dirInfo;

    return 1;
}


Interesting.  Can you send me a sample which doesn't contain the rsrc so I can test this?  My email is philharvey66 at gmail.com

Thanks.

- Phil

The file attached to my bug report is one such.

Thanks.

- Phil

I see that a patch has been applied (and far more elegant than my solution).
Thanks!

Yes.  And thank you!

But I forgot to add a comment in the version history (https://exiftool.org/history.html).  Done now.

- Phil