[Forensics-changes] [yara] 406/415: Fix issue #122
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:29 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit c4091c72de3b097e17610bb85962d7027d2bf5e1
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Mar 3 13:17:33 2014 +0100
Fix issue #122
---
libyara/exefiles.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libyara/exefiles.c b/libyara/exefiles.c
index d279b7b..fc0e1b0 100644
--- a/libyara/exefiles.c
+++ b/libyara/exefiles.c
@@ -87,8 +87,11 @@ uint64_t yr_pe_rva_to_offset(
{
int i = 0;
PIMAGE_SECTION_HEADER section;
+ DWORD section_rva;
+ DWORD section_offset;
section = IMAGE_FIRST_SECTION(pe_header);
+ section_rva = 0;
while(i < MIN(pe_header->FileHeader.NumberOfSections, 60))
{
@@ -96,9 +99,10 @@ uint64_t yr_pe_rva_to_offset(
(uint8_t*) pe_header + sizeof(IMAGE_SECTION_HEADER) < buffer_length)
{
if (rva >= section->VirtualAddress &&
- rva < section->VirtualAddress + section->SizeOfRawData)
+ section_rva <= section->VirtualAddress)
{
- return section->PointerToRawData + (rva - section->VirtualAddress);
+ section_rva = section->VirtualAddress;
+ section_offset = section->PointerToRawData;
}
section++;
@@ -106,11 +110,11 @@ uint64_t yr_pe_rva_to_offset(
}
else
{
- break;
+ return 0;
}
}
- return 0;
+ return section_offset + (rva - section_rva);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list