Skip to content

Commit 3629b80

Browse files
author
lief-ci-doc
committed
Update latest doc
1 parent 0533e33 commit 3629b80

File tree

12,463 files changed

+1703931
-646007
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

12,463 files changed

+1703931
-646007
lines changed

about/index.html

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
<!doctype html><html lang=en-us prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=description content><meta name=HandheldFriendly content="True"><meta name=MobileOptimized content="320"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=google-site-verification content="OcWjYs0PdsQZtqu1ms5QSr5FplDf_t5GEneU---wWzM"><meta name=description content="About"><meta name=keywords content><meta property="og:type" content="article"><meta property="og:description" content="About"><meta property="og:title" content="About"><meta property="og:site_name" content="LIEF"><meta property="og:url" content="https://lief.re/about/"><meta property="og:locale" content="en-us"><meta property="article:published_time" content="0001-01-01
22
"><meta property="article:modified_time" content="0001-01-01
3-
"><meta name=twitter:card content="summary"><meta name=twitter:site content="@lief_project"><meta name=twitter:creator content="@lief_project"><meta name=twitter:title content="About | LIEF"><meta name=twitter:description content="About | LIEF"><meta name=twitter:domain content="https://lief.re/about/"><title>LIEF</title>
4-
<link rel=canonical href=https://lief.re/about/><link rel=stylesheet type=text/css href=https://lief.re//css/theme.min.css><link rel=stylesheet type=text/css href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/vendor.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/termynal.css><link rel=stylesheet type=text/css href=https://lief.re//css/animate.css><link rel=apple-touch-icon href=https://lief.re//img/favicon.ico type=image/x-icon><link rel="shortcut icon" href=https://lief.re//img/favicon.ico type=image/x-icon><link rel=icon href=https://lief.re//img/favicon.ico type=image/x-icon><style></style></head><body class=bg-light><nav class="navbar navbar-expand-lg navbar-light bg-white" role=navigation><div class="container position-relative"><a href=https://lief.re/ class=navbar-brand>LIEF</a>
3+
"><meta name=twitter:card content="summary"><meta name=twitter:site content="@lief_project"><meta name=twitter:creator content="@lief_project"><meta name=twitter:title content="About | LIEF"><meta name=twitter:description content="About | LIEF"><meta name=twitter:domain content="https://lief.re/about/"><title>LIEF</title><link rel=canonical href=https://lief.re/about/><link rel=stylesheet type=text/css href=https://lief.re//css/theme.min.css><link rel=stylesheet type=text/css href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/vendor.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/termynal.css><link rel=stylesheet type=text/css href=https://lief.re//css/animate.css><link rel=apple-touch-icon href=https://lief.re//img/favicon.ico type=image/x-icon><link rel="shortcut icon" href=https://lief.re//img/favicon.ico type=image/x-icon><link rel=icon href=https://lief.re//img/favicon.ico type=image/x-icon><style></style></head><body class=bg-light><nav class="navbar navbar-expand-lg navbar-light bg-white" role=navigation><div class="container position-relative"><a href=https://lief.re/ class=navbar-brand>LIEF</a>
54
<button class=navbar-toggler data-toggle=collapse data-target=#navbar-collapse>
65
<span class=navbar-toggler-icon></span></button><div class="collapse navbar-collapse justify-content-end mt-2 mt-lg-0" id=navbar-collapse><ul class=navbar-nav><li class=nav-item><a class=nav-link href=https://lief.re/><i class="fa-solid fa-house mr-3"></i>
76
Home</a></li><li class=nav-item><a class=nav-link href=https://lief.re/blog><i class="fa-solid fa-rss mr-3"></i>

blog/2017-04-18-lief/index.html

Lines changed: 64 additions & 65 deletions
Large diffs are not rendered by default.

blog/2017-10-30-lief-0-8-3/index.html

Lines changed: 159 additions & 160 deletions
Large diffs are not rendered by default.

blog/2018-06-11-lief-0-9-0/index.html

Lines changed: 37 additions & 38 deletions
Large diffs are not rendered by default.

blog/2021-01-19-lief-0-11-0/index.html

Lines changed: 19 additions & 20 deletions
Large diffs are not rendered by default.

blog/2021-02-22-lief-0-11-1/index.html

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
<!doctype html><html lang=en-us prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=description content><meta name=HandheldFriendly content="True"><meta name=MobileOptimized content="320"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=google-site-verification content="OcWjYs0PdsQZtqu1ms5QSr5FplDf_t5GEneU---wWzM"><meta name=description content="This blog post outlines the fixes made in LIEF 0.11.1"><meta name=keywords content><meta property="og:type" content="article"><meta property="og:description" content="This blog post outlines the fixes made in LIEF 0.11.1"><meta property="og:title" content="LIEF - Release 0.11.1"><meta property="og:site_name" content="LIEF"><meta property="og:image" content="https://lief.re/blog/2021-02-22-lief-0-11-1/featured.png"><meta property="og:image:type" content="image/png"><meta property="og:image:width" content><meta property="og:image:height" content><meta property="og:url" content="https://lief.re/blog/2021-02-22-lief-0-11-1/"><meta property="og:locale" content="en-us"><meta property="article:published_time" content="2021-02-22
22
"><meta property="article:modified_time" content="2021-02-22
3-
"><meta name=twitter:card content="summary"><meta name=twitter:site content="@lief_project"><meta name=twitter:creator content="@lief_project"><meta name=twitter:title content="LIEF - Release 0.11.1 | LIEF"><meta name=twitter:description content="This blog post outlines the fixes made in LIEF 0.11.1 | LIEF"><meta property="twitter:image:src" content="https://lief.re/blog/2021-02-22-lief-0-11-1/featured.png"><meta name=twitter:domain content="https://lief.re/blog/2021-02-22-lief-0-11-1/"><title>LIEF</title>
4-
<link rel=canonical href=https://lief.re/blog/2021-02-22-lief-0-11-1/><link rel=stylesheet type=text/css href=https://lief.re//css/theme.min.css><link rel=stylesheet type=text/css href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/vendor.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/termynal.css><link rel=stylesheet type=text/css href=https://lief.re//css/animate.css><link rel=apple-touch-icon href=https://lief.re//img/favicon.ico type=image/x-icon><link rel="shortcut icon" href=https://lief.re//img/favicon.ico type=image/x-icon><link rel=icon href=https://lief.re//img/favicon.ico type=image/x-icon><style></style></head><body class=bg-light><nav class="navbar navbar-expand-lg navbar-light bg-light position-absolute w-100 bg-white" role=navigation><div class="container position-relative"><a href=https://lief.re/ class=navbar-brand>LIEF</a>
3+
"><meta name=twitter:card content="summary"><meta name=twitter:site content="@lief_project"><meta name=twitter:creator content="@lief_project"><meta name=twitter:title content="LIEF - Release 0.11.1 | LIEF"><meta name=twitter:description content="This blog post outlines the fixes made in LIEF 0.11.1 | LIEF"><meta property="twitter:image:src" content="https://lief.re/blog/2021-02-22-lief-0-11-1/featured.png"><meta name=twitter:domain content="https://lief.re/blog/2021-02-22-lief-0-11-1/"><title>LIEF</title><link rel=canonical href=https://lief.re/blog/2021-02-22-lief-0-11-1/><link rel=stylesheet type=text/css href=https://lief.re//css/theme.min.css><link rel=stylesheet type=text/css href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/vendor.min.css><link rel=stylesheet type=text/css href=https://lief.re//css/termynal.css><link rel=stylesheet type=text/css href=https://lief.re//css/animate.css><link rel=apple-touch-icon href=https://lief.re//img/favicon.ico type=image/x-icon><link rel="shortcut icon" href=https://lief.re//img/favicon.ico type=image/x-icon><link rel=icon href=https://lief.re//img/favicon.ico type=image/x-icon><style></style></head><body class=bg-light><nav class="navbar navbar-expand-lg navbar-light bg-light position-absolute w-100 bg-white" role=navigation><div class="container position-relative"><a href=https://lief.re/ class=navbar-brand>LIEF</a>
54
<button class=navbar-toggler data-toggle=collapse data-target=#navbar-collapse>
65
<span class=navbar-toggler-icon></span></button><div class="collapse navbar-collapse justify-content-end mt-2 mt-lg-0" id=navbar-collapse><ul class=navbar-nav><li class=nav-item><a class=nav-link href=https://lief.re/><i class="fa-solid fa-house mr-3"></i>
76
Home</a></li><li class=nav-item><a class=nav-link href=https://lief.re/blog><i class="fa-solid fa-rss mr-3"></i>
@@ -20,13 +19,13 @@
2019
February 22, 2021</span></div><img src=https://lief.re//img/waves.png class="d-block mx-auto mt-4 mb-5" alt=Wave><div class=text-dark><div class="admonition abstract"><p class=admonition-title>Tl;DR</p>LIEF v0.11.1 fixes some issues related to PE Authentihash computation. The new packages are available on PyPI and
2120
the SDKs can be downloaded on the official <a href=https://lief.quarkslab.com/download/>website</a>.<p>Enjoy!</p></div><p>LIEF 0.11.0 missed handling some cases in the processing of the PE Authentihash. This new release addresses
2221
these issues and the following blog post explains the cases we did not handle.</p><h3 id=section-name>Section name</h3><p>PE section&rsquo;s names are stored in a <strong>fixed</strong> char array (8 bytes) which means that a section&rsquo;s name can
23-
contain trailing bytes after the null char:</p><div class=highlight><pre tabindex=0 style=background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-cpp data-lang=cpp><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">1</span><span><span style=color:#000;font-weight:700>struct</span> <span style=color:#458;font-weight:700>pe_section</span> {
24-
</span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">2</span><span> <span style=color:#458;font-weight:700>char</span> name[<span style=color:#099>8</span>];
25-
</span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">3</span><span> <span style=color:#458;font-weight:700>uint32_t</span> RVA;
26-
</span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">4</span><span> <span style=color:#998;font-style:italic>// ...
27-
</span></span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">5</span><span><span style=color:#998;font-style:italic></span>};
22+
contain trailing bytes after the null char:</p><div class=highlight><pre tabindex=0 style=background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-cpp data-lang=cpp><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">1</span><span><span style=color:#cf222e>struct</span> <span style=color:#1f2328>pe_section</span> <span style=color:#1f2328>{</span>
23+
</span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">2</span><span> <span style=color:#cf222e>char</span> name<span style=color:#1f2328>[</span><span style=color:#0550ae>8</span><span style=color:#1f2328>];</span>
24+
</span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">3</span><span> <span style=color:#cf222e>uint32_t</span> RVA<span style=color:#1f2328>;</span>
25+
</span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">4</span><span> <span style=color:#57606a>// ...
26+
</span></span></span><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">5</span><span><span style=color:#57606a></span><span style=color:#1f2328>};</span>
2827
</span></span></code></pre></div><p>Before v0.11.1, LIEF didn&rsquo;t take into account the trailing bytes and stopped to read the section&rsquo;s name
29-
on the first null char:</p><div class=highlight><pre tabindex=0 style=background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-cpp data-lang=cpp><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">1</span><span><span style=color:#000;font-weight:700>this</span><span style=color:#000;font-weight:700>-&gt;</span>name_ <span style=color:#000;font-weight:700>=</span> std<span style=color:#000;font-weight:700>::</span>string(header<span style=color:#000;font-weight:700>-&gt;</span>name, <span style=color:#000;font-weight:700>sizeof</span>(header<span style=color:#000;font-weight:700>-&gt;</span>name)).c_str();
28+
on the first null char:</p><div class=highlight><pre tabindex=0 style=background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-cpp data-lang=cpp><span style=display:flex><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#7f7f7f">1</span><span><span style=color:#cf222e>this</span><span style=color:#0550ae>-&gt;</span>name_ <span style=color:#0550ae>=</span> std<span style=color:#0550ae>::</span>string<span style=color:#1f2328>(</span>header<span style=color:#0550ae>-&gt;</span>name<span style=color:#1f2328>,</span> <span style=color:#cf222e>sizeof</span><span style=color:#1f2328>(</span>header<span style=color:#0550ae>-&gt;</span>name<span style=color:#1f2328>)).</span>c_str<span style=color:#1f2328>();</span>
3029
</span></span></code></pre></div><p>This implementation has two drawbacks. First, we lose information since we don&rsquo;t store the extra trailing bytes.
3130
Regular binaries have zero trailing bytes after the first null char but some of them might use this spot to
3231
hide data.</p><p><img src=section_table_e.png alt="Section name with trailing bytes"></p><p>Secondly, the <strong>full</strong> section name (i.e the whole 8 bytes) is used to compute the Authentihash.

0 commit comments

Comments
 (0)