Bug Report - Microsoft DLL

[Hank]

The attached file comes from a Microsoft, however, Exiftool fails to read the file properly (VirusTotal however can read the file properly).
Thoughts?

System: Linux / Windows
Version(s): 10.58 (Linux) / 12.01 (Windows)
Command: Exiftool System.Reflection.Emit.dll
Output:      Error                           : File format error

Thank you

[Phil Harvey]

Thanks for this report.  I'll look into it as soon as I get a chance.

- Phil

[Hank]

Just to add to this mystery, or perhaps this is an Ah-Ha! moment (no Eureka's and running nude down the streets here, mainly cause locals frown upon that sort of thing).

I believe that these failing binaries have been built with Mono.

[Phil Harvey]

(no Eureka's and running nude down the streets here, mainly cause locals frown upon that sort of thing).

Here too.  Go figure.  Germany seems to be ahead of the curve with this.

- Phil

[Phil Harvey]

Sorry for the delay in responding.  The problem is that the file size reported in the header is invalid (ie. zero).  I'll patch ExifTool 12.08 to issue a warning instead of a format error for this, which will allow the file to be recognized.

- Phil

[Hank]

No problems on the delay- actually thank you, because I have now started to hack in Perl and found the same thing:
The line :
return 0 if $fileSize < 0x40;
in EXE.pm is where I found the issue.
I will continue to play with the code and see if I can get the rest of the information to be revealed.
Which brings up an interesting question:
How do you accept submissions?

[Hank]

And the other patch to the code:

Module EXE.pm

Code Select Expand


#------------------------------------------------------------------------------
# Process Windows PE file data dictionary
# Inputs: 0) ExifTool object ref, 1) dirInfo ref
# Returns: true on success
sub ProcessPEDict($$)
{
    my ($et, $dirInfo) = @_;
    my $raf = $$dirInfo{RAF};
    my $dataPt = $$dirInfo{DataPt};
    my $dirLen = length($$dataPt);
    my ($pos, @sections, %dirInfo);
my $rsrcfound = "false";
my $name = "";

# Hack Hack Hack 
# Need to know if we have both .rsrc and .text
# if both or only .rsrc, then only look at .rsrc
# else look at .text
    for ($pos=0; $pos+40<=$dirLen; $pos+=40) {
        $name = substr($$dataPt, $pos, 8);
if ($name eq ".rsrc\0\0\0") {
$rsrcfound = "true";
}
}

    # loop through all sections
    for ($pos=0; $pos+40<=$dirLen; $pos+=40) {
        $name = substr($$dataPt, $pos, 8);
        my $va = Get32u($dataPt, $pos + 12);
        my $size = Get32u($dataPt, $pos + 16);
        my $offset = Get32u($dataPt, $pos + 20);
        # remember the section offsets for the VirtualAddress lookup later
        push @sections, { Base => $offset, Size => $size, VirtualAddress => $va };
        # save details of the first resource section
        %dirInfo = (
            RAF      => $raf,
            Base     => $offset,
            DirStart => 0,   # (relative to Base)
            DirLen   => $size,
            Sections => \@sections,
        ) if ($name eq ".rsrc\0\0\0" and not %dirInfo) or ($name eq ".text\0\0\0" and $rsrcfound eq "false" and not %dirInfo);
    }
    # process the first resource section
    ProcessPEResources($et, \%dirInfo) or return 0 if %dirInfo;

    return 1;
}


[Phil Harvey]

Interesting.  Can you send me a sample which doesn't contain the rsrc so I can test this?  My email is philharvey66 at gmail.com

Thanks.

- Phil

[Hank]

The file attached to my bug report is one such.

[Phil Harvey]

Thanks.

- Phil

[Hank]

I see that a patch has been applied (and far more elegant than my solution).
Thanks!

[Phil Harvey]

Yes.  And thank you!

But I forgot to add a comment in the version history.  Done now.

- Phil