EOFException reading VersionInfo on some dlls
mpkusnierz opened this issue · comments
I tried parsing this dll and it failed part way though with an EOFException:
C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v2.0\Packages\Microsoft.AspNet.Razor.2.0.30506.0\lib\net40\System.Web.Razor.dll
Exception in thread "main" java.io.EOFException: Expected to read bytes from the stream
at org.boris.pecoff4j.io.DataReader.safeRead(DataReader.java:161)
at org.boris.pecoff4j.io.DataReader.readWord(DataReader.java:48)
at org.boris.pecoff4j.io.DataReader.readUnicode(DataReader.java:146)
at org.boris.pecoff4j.io.ResourceParser.readStringPair(ResourceParser.java:193)
at org.boris.pecoff4j.io.ResourceParser.readStringTable(ResourceParser.java:181)
at org.boris.pecoff4j.io.ResourceParser.readStringFileInfo(ResourceParser.java:227)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:147)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:135)
There seems to be some sort of offset problem reading the stringTable such that it starts trying to read a StringPair and gets the length wrong, and then tries to read past the end of the table and fails.
I believe the problem is the missing/TODO read VarFileInfo on line 148 of this method:
org.boris.pecoff4j.io.ResourceParser.readVersionInfo(IDataReader)
it appears that in this dll, the VarFileInfo is present - and comes before the StringfileInfo; hence when reading StringFileInfo at the offset of the VarFileInfo, the stream is effectively corrupt
Attached a possible patch to the ResourceParser.java class that fixes this issue. It might not be the cleanest, but it seems to work.
ResourceParser.zip
Can you please submit this as a pull request?
I'll do it tomorrow
On 6 Sep 2016 21:10, "kichik" notifications@github.com wrote:
Can you please submit this as a pull request?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#6 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAeTvF0FvDoxDWZsylgE9vORZjhC7Dswks5qncizgaJpZM4J2AZd
.
I don't think I have push access to be able to push a branch with the the change. Do you need to add me to the members?
Actually even with my "fix" I've still found some dll's that can provoke the same error. e.g.
------------C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPFIME50.DLL --------------------
java.io.EOFException: Expected to read bytes from the stream
at org.boris.pecoff4j.io.DataReader.safeRead(DataReader.java:161)
at org.boris.pecoff4j.io.DataReader.readWord(DataReader.java:48)
at org.boris.pecoff4j.io.DataReader.readUnicode(DataReader.java:146)
at org.boris.pecoff4j.io.ResourceParser.readStringPair(ResourceParser.java:229)
at org.boris.pecoff4j.io.ResourceParser.readStringTable(ResourceParser.java:217)
at org.boris.pecoff4j.io.ResourceParser.readStringFileInfo(ResourceParser.java:259)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:164)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:135)
Another example using a more common dll:
-------------- C:\Windows\System32\spool\drivers\x64\3\hpfie112.dll
java.io.EOFException: Expected to read bytes from the stream --------------------------
at org.boris.pecoff4j.io.DataReader.safeRead(DataReader.java:161)
at org.boris.pecoff4j.io.DataReader.readWord(DataReader.java:48)
at org.boris.pecoff4j.io.DataReader.readUnicode(DataReader.java:146)
at org.boris.pecoff4j.io.ResourceParser.readStringPair(ResourceParser.java:229)
at org.boris.pecoff4j.io.ResourceParser.readStringTable(ResourceParser.java:217)
at org.boris.pecoff4j.io.ResourceParser.readStringFileInfo(ResourceParser.java:259)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:164)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:135)
I don't have any of those files for testing.
As for a branch, you can fork and create a branch and then make a pull request out of that. Since it's one file, it doesn't really matter. Pull request mostly means you'll get proper credit in the log in this case :)
OK PR created