Giters

go-delve / delve

Delve is a debugger for the Go programming language.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

"not an executable file" when exec an exe file which has been modified by UpdateResourceA API

mkch opened this issue · comments

commented

  1. What version of Delve are you using (dlv version)?
    Delve Debugger
    Version: 1.22.0
    Build: $Id: 61ecdbbe1b574f0dd7d7bad8b6a5d564cce981e9 $

  2. What version of Go are you using? (go version)?
    go version go1.21.5 windows/amd64

  3. What operating system and processor architecture are you using?
    Windows 10/amd64

  4. What did you do?

Two files in a directory:

// main.go
package main

import "syscall"

func main() {
	syscall.NewLazyDLL("user32.dll").NewProc("MessageBoxA").Call(0, 0, 0, 0)
}

// addres.go
package main

import (
	"syscall"
	"unsafe"
)

func main() {
	dll := syscall.NewLazyDLL("kernel32.dll")
	var filename = [9]byte{'m', 'a', 'i', 'n', '.', 'e', 'x', 'e', 0} // NULL terminated string "main.exe"
	h, _, err := dll.NewProc("BeginUpdateResourceA").Call(uintptr(unsafe.Pointer(&filename)), 0)
	if h == 0 {
		panic(err)
	}
	const RT_RCDATA = 10 // Application-defined resource (raw data).
	var data = [1]byte{1}
	r, _, err := dll.NewProc("UpdateResourceA").Call(h, RT_RCDATA, 100, 0, uintptr(unsafe.Pointer(&data)), uintptr(len(data)))
	if r == 0 {
		panic(err)
	}
	r, _, err = dll.NewProc("EndUpdateResourceA").Call(h, 0)
	if r == 0 {
		panic(err)
	}
}

Execute the the following commands in that directory:

go build main.go
go run addres.go
dlv exec main.exe
  1. What did you expect to see?
Type 'help' for list of commands.
(dlv)
  1. What did you see instead?
could not launch process: not an executable file
commented

Can you run main.exe directly? Can you copy main.exe somewhere I can download it from?

commented

Can you run main.exe directly?

Of course.

Can you copy main.exe somewhere I can download it from?

testdlv.zip

main.exe in the zip is the exe generated by go build main.go. main-modified.exe is the result of go run addres.go.

The original content of main.exe is irrelevant actually. It can be any exe generated by go build.

commented

That message is happening because debug/pe.NewFile returns an error, so this problem should be reported to https://github.com/golang/go/issues/.
However modified-main.exe does look malformed, the PointerToSymbolTable and NumberOfSymbol entries of the file header are unchanged, even though something has been added to the file, so debug/pe can't find the string table. Gnu objdump can't parse the executable file either.

commented

Closing in favor of golang/go issue