"not an executable file" when exec an exe file which has been modified by UpdateResourceA API
mkch opened this issue · comments
-
What version of Delve are you using (
dlv version
)?
Delve Debugger
Version: 1.22.0
Build:$Id: 61ecdbbe1b574f0dd7d7bad8b6a5d564cce981e9 $ -
What version of Go are you using? (
go version
)?
go version go1.21.5 windows/amd64 -
What operating system and processor architecture are you using?
Windows 10/amd64 -
What did you do?
Two files in a directory:
// main.go
package main
import "syscall"
func main() {
syscall.NewLazyDLL("user32.dll").NewProc("MessageBoxA").Call(0, 0, 0, 0)
}
// addres.go
package main
import (
"syscall"
"unsafe"
)
func main() {
dll := syscall.NewLazyDLL("kernel32.dll")
var filename = [9]byte{'m', 'a', 'i', 'n', '.', 'e', 'x', 'e', 0} // NULL terminated string "main.exe"
h, _, err := dll.NewProc("BeginUpdateResourceA").Call(uintptr(unsafe.Pointer(&filename)), 0)
if h == 0 {
panic(err)
}
const RT_RCDATA = 10 // Application-defined resource (raw data).
var data = [1]byte{1}
r, _, err := dll.NewProc("UpdateResourceA").Call(h, RT_RCDATA, 100, 0, uintptr(unsafe.Pointer(&data)), uintptr(len(data)))
if r == 0 {
panic(err)
}
r, _, err = dll.NewProc("EndUpdateResourceA").Call(h, 0)
if r == 0 {
panic(err)
}
}
Execute the the following commands in that directory:
go build main.go
go run addres.go
dlv exec main.exe
- What did you expect to see?
Type 'help' for list of commands.
(dlv)
- What did you see instead?
could not launch process: not an executable file
Can you run main.exe directly? Can you copy main.exe somewhere I can download it from?
Can you run main.exe directly?
Of course.
Can you copy main.exe somewhere I can download it from?
main.exe in the zip is the exe generated by go build main.go
. main-modified.exe is the result of go run addres.go
.
The original content of main.exe is irrelevant actually. It can be any exe generated by go build
.
That message is happening because debug/pe.NewFile returns an error, so this problem should be reported to https://github.com/golang/go/issues/.
However modified-main.exe does look malformed, the PointerToSymbolTable and NumberOfSymbol entries of the file header are unchanged, even though something has been added to the file, so debug/pe can't find the string table. Gnu objdump can't parse the executable file either.
Reported.
Closing in favor of golang/go issue