EOFException reading VersionInfo on some dlls

Question

EOFException reading VersionInfo on some dlls

mpkusnierz opened this issue 8 years ago · comments

I tried parsing this dll and it failed part way though with an EOFException:

C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v2.0\Packages\Microsoft.AspNet.Razor.2.0.30506.0\lib\net40\System.Web.Razor.dll

Exception in thread "main" java.io.EOFException: Expected to read bytes from the stream
at org.boris.pecoff4j.io.DataReader.safeRead(DataReader.java:161)
at org.boris.pecoff4j.io.DataReader.readWord(DataReader.java:48)
at org.boris.pecoff4j.io.DataReader.readUnicode(DataReader.java:146)
at org.boris.pecoff4j.io.ResourceParser.readStringPair(ResourceParser.java:193)
at org.boris.pecoff4j.io.ResourceParser.readStringTable(ResourceParser.java:181)
at org.boris.pecoff4j.io.ResourceParser.readStringFileInfo(ResourceParser.java:227)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:147)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:135)

There seems to be some sort of offset problem reading the stringTable such that it starts trying to read a StringPair and gets the length wrong, and then tries to read past the end of the table and fails.

mpkusnierz · Answer 1 · Wed Sep 07 2016 00:13:56 GMT+0800 (China Standard Time)

I believe the problem is the missing/TODO read VarFileInfo on line 148 of this method:
org.boris.pecoff4j.io.ResourceParser.readVersionInfo(IDataReader)
it appears that in this dll, the VarFileInfo is present - and comes before the StringfileInfo; hence when reading StringFileInfo at the offset of the VarFileInfo, the stream is effectively corrupt

mpkusnierz · Answer 2 · Wed Sep 07 2016 01:01:53 GMT+0800 (China Standard Time)

Attached a possible patch to the ResourceParser.java class that fixes this issue. It might not be the cleanest, but it seems to work.
ResourceParser.zip

Amir Szekely · Answer 3 · Wed Sep 07 2016 04:10:26 GMT+0800 (China Standard Time)

Can you please submit this as a pull request?

mpkusnierz · Answer 4 · Wed Sep 07 2016 05:13:11 GMT+0800 (China Standard Time)

I'll do it tomorrow

On 6 Sep 2016 21:10, "kichik" notifications@github.com wrote:

Can you please submit this as a pull request?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#6 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAeTvF0FvDoxDWZsylgE9vORZjhC7Dswks5qncizgaJpZM4J2AZd
.

mpkusnierz · Answer 5 · Wed Sep 07 2016 17:01:46 GMT+0800 (China Standard Time)

I don't think I have push access to be able to push a branch with the the change. Do you need to add me to the members?

mpkusnierz · Answer 6 · Wed Sep 07 2016 20:28:05 GMT+0800 (China Standard Time)

Actually even with my "fix" I've still found some dll's that can provoke the same error. e.g.

------------C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\HPFIME50.DLL --------------------
java.io.EOFException: Expected to read bytes from the stream
at org.boris.pecoff4j.io.DataReader.safeRead(DataReader.java:161)
at org.boris.pecoff4j.io.DataReader.readWord(DataReader.java:48)
at org.boris.pecoff4j.io.DataReader.readUnicode(DataReader.java:146)
at org.boris.pecoff4j.io.ResourceParser.readStringPair(ResourceParser.java:229)
at org.boris.pecoff4j.io.ResourceParser.readStringTable(ResourceParser.java:217)
at org.boris.pecoff4j.io.ResourceParser.readStringFileInfo(ResourceParser.java:259)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:164)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:135)

mpkusnierz · Answer 7 · Wed Sep 07 2016 20:29:29 GMT+0800 (China Standard Time)

Another example using a more common dll:

-------------- C:\Windows\System32\spool\drivers\x64\3\hpfie112.dll
java.io.EOFException: Expected to read bytes from the stream --------------------------
at org.boris.pecoff4j.io.DataReader.safeRead(DataReader.java:161)
at org.boris.pecoff4j.io.DataReader.readWord(DataReader.java:48)
at org.boris.pecoff4j.io.DataReader.readUnicode(DataReader.java:146)
at org.boris.pecoff4j.io.ResourceParser.readStringPair(ResourceParser.java:229)
at org.boris.pecoff4j.io.ResourceParser.readStringTable(ResourceParser.java:217)
at org.boris.pecoff4j.io.ResourceParser.readStringFileInfo(ResourceParser.java:259)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:164)
at org.boris.pecoff4j.io.ResourceParser.readVersionInfo(ResourceParser.java:135)

Amir Szekely · Answer 8 · Fri Sep 09 2016 13:51:54 GMT+0800 (China Standard Time)

I don't have any of those files for testing.

As for a branch, you can fork and create a branch and then make a pull request out of that. Since it's one file, it doesn't really matter. Pull request mostly means you'll get proper credit in the log in this case :)

mpkusnierz · Answer 9 · Fri Sep 09 2016 16:21:06 GMT+0800 (China Standard Time)

hpfie112.zip

mpkusnierz · Answer 10 · Fri Sep 09 2016 16:22:58 GMT+0800 (China Standard Time)

HPFIME50.zip

mpkusnierz · Answer 11 · Fri Sep 09 2016 16:32:04 GMT+0800 (China Standard Time)

OK PR created