value of the "characteristics" in the FileHeader tab is badly interpreted
mdziczkowski opened this issue · comments
I wanted to let you know that value of the "characteristics" in the FileHeader tab is badly interpreted and gives out a bad output.
For example:
I want to recieve following output:
2 - file is a executable (i.e. no unresolved external references) 10 - agressivelly trim working set 20 - app can handle > 2 GB addressess 400 - if image is on removable media, copy and run from the swap file 800 - if image is on net media, copy and run from the swap file
with is in 1200 (dec) -> 04DD (hex) but instead it gives the output:
200 - debugging info stripped from file in the .DBG file 1000 - system file
Hi! Thank you for reporting. I am currently very busy - so I cannot promise that I will fix it immediately. But I will take a proper care of this issue once I am free
Can you please share the sample and more details (i.e. screenshots) so that I can reproduce it quickly? I tried to reproduce it under PE-bear, but I failed - in a meaning the results that I got were different than what you described. This is what I've got - and it looks valid:
However, the current version of PE-bear uses a bit earlier fork of bearparser, so my test was just a quick check and not 100% reliable.
Did you found this bug using bearparser as a standalone library? Or by using PE-bear?