View Single Post
  #8  
Old 06-21-2014, 19:34
n00b n00b is offline
Friend
 
Join Date: Mar 2009
Posts: 43
Rept. Given: 18
Rept. Rcvd 25 Times in 14 Posts
Thanks Given: 11
Thanks Rcvd at 59 Times in 20 Posts
n00b Reputation: 26
I'd like to add that in some protected targets (which you end up dumping), the author has written a fake VA size on some of the sections in the PE.

This may then result in a big problem when dumping with the current code, as it uses the Virtual & Real size as the same value.

So I present to you this easy fix:

Quote:
PEFixSection->SizeOfRawData = PEFixSection->SizeOfRawData;//RealignedVirtualSize;
It's really as simple as that - only, you have to rebuild the size manually afterwards using for example CFF Explorer - or as in my case, I use a source I found on google...

Anyways, as always - really useful post, and new edit of this great project
Reply With Quote
The Following 2 Users Gave Reputation+1 to n00b For This Useful Post:
mr.exodia (06-21-2014), Youtoo (06-22-2014)