+ More checks for resource parsing. Fixes loading of some malformed images.

vdisasmdev · vdisasmdev · commit 9165529f8e8e · 2015-02-24T17:45:58.000Z
* Minor typos fixed.
diff --git a/PE.Common.pas b/PE.Common.pas
@@ -122,7 +122,8 @@ interface
   SCategoryLoadFromFile = 'LoadFromFile';
   SCategoryDOSHeader    = 'DOS Header';
   SCategorySections     = 'Sections';
-  SCategoryDataDirecory = 'Data Direcories';
+  SCategoryDataDirecory = 'Data Directories';
+  SCategoryResources    = 'Resources';
 
 implementation
 
diff --git a/PE.DataDirectories.pas b/PE.DataDirectories.pas
@@ -197,6 +197,7 @@ procedure TDataDirectories.LoadDirectoriesFromStream;
   SizeToEOF: uint64;
   Size: uint32;
   i: integer;
+  needToNullDir: boolean;
 begin
   SizeToEOF := (Stream.Size - Stream.Position);
 
@@ -235,14 +236,27 @@ procedure TDataDirectories.LoadDirectoriesFromStream;
   // Check RVAs.
   for i := 0 to self.Count - 1 do
   begin
-    if not TPEImage(FPE).RVAExists(FItems[i].RVA) then
+    // Empty dir is ok.
+    if FItems[i].IsEmpty then
+      continue;
+
+    needToNullDir := False;
+
+    if (FItems[i].Size = 0) and (FItems[i].RVA <> 0) then
+    begin
+      Msg.Write(SCategoryDataDirecory, 'Directory # %d has size = 0.', [i]);
+      needToNullDir := true;
+    end
+    else if not TPEImage(FPE).RVAExists(FItems[i].RVA) then
+    begin
+      Msg.Write(SCategoryDataDirecory, 'Directory # %d RVA is not in image.', [i]);
+      needToNullDir := true;
+    end;
+
+    if needToNullDir and (PO_NULL_INVALID_DIRECTORY in TPEImage(FPE).Options) then
     begin
-      Msg.Write(SCategoryDataDirecory, 'Directory # %d is not in image.', [i]);
-      if PO_NULL_INVALID_DIRECTORY in TPEImage(FPE).Options then
-      begin
-        FItems[i] := NULL_IMAGE_DATA_DIRECTORY;
-        Msg.Write(SCategoryDataDirecory, 'Directory # %d nulled.', [i]);
-      end;
+      FItems[i] := NULL_IMAGE_DATA_DIRECTORY;
+      Msg.Write(SCategoryDataDirecory, 'Directory # %d nulled.', [i]);
     end;
   end;
 end;
@@ -254,7 +268,7 @@ function TDataDirectories.SaveToStream(Index: integer; Stream: TStream): boolean
   if Get(Index, @Dir) then
   begin
     TPEImage(FPE).SaveRegionToStream(Stream, Dir.VirtualAddress, Dir.Size);
-    exit(True);
+    exit(true);
   end;
   exit(False);
 end;
diff --git a/PE.Parser.Resources.pas b/PE.Parser.Resources.pas
@@ -51,7 +51,7 @@ function TPEResourcesParser.LogInvalidResourceSizesTraverse(
 begin
   if Node.IsLeaf then
     if not TResourceTreeLeafNode(Node).ValidSize then
-      TPEImage(FPE).Msg.Write('Bad size of resource (probably packed): %s', [Node.GetPath]);
+      TPEImage(FPE).Msg.Write(SCategoryResources, 'Bad size of resource (probably packed): %s', [Node.GetPath]);
 
   Result := True;
 end;
@@ -66,6 +66,7 @@ function TPEResourcesParser.Parse: TParserResult;
   // Check if directory present.
   if not Img.DataDirectories.Get(DDIR_RESOURCE, @dir) then
     exit(PR_OK);
+
   if dir.IsEmpty then
     exit(PR_OK);
 
@@ -108,7 +109,15 @@ function TPEResourcesParser.ReadEntry(
   if not(Img.SeekRVA(RVA + Index * SizeOf(Entry)) and
     Img.ReadEx(@Entry, SizeOf(Entry))) then
   begin
-    Img.Msg.Write('Bad resource entry.');
+    Img.Msg.Write(SCategoryResources, 'Bad resource entry.');
+    exit;
+  end;
+
+  // Check if RVA is correct.
+  DataRVA := Entry.DataEntryRVA + FBaseRVA;
+  if not Img.RVAExists(DataRVA) then
+  begin
+    Img.Msg.Write(SCategoryResources, 'Bad entry RVA.');
     exit;
   end;
 
@@ -119,7 +128,7 @@ function TPEResourcesParser.ReadEntry(
     DataRVA := Entry.DataEntryRVA + FBaseRVA;
     if not(Img.SeekRVA(DataRVA) and Img.ReadEx(@DataEntry, SizeOf(DataEntry))) then
     begin
-      Img.Msg.Write('Bad resource leaf node.');
+      Img.Msg.Write(SCategoryResources, 'Bad resource leaf node.');
       exit;
     end;
     LeafNode := TResourceTreeLeafNode.CreateFromEntry(FPE, DataEntry);
@@ -159,7 +168,7 @@ function TPEResourcesParser.ReadEntry(
           NameRVA := Entry.NameRVA + FBaseRVA;
           if not Img.SeekRVA(NameRVA) then
           begin
-            Img.Msg.Write('Failed to read resource name.');
+            Img.Msg.Write(SCategoryResources, 'Failed to read resource name.');
             exit(nil);
           end;
           Result.Name := Img.ReadUnicodeStringLenPfx2;
@@ -190,7 +199,7 @@ function TPEResourcesParser.ReadNode(
   // Read Directory Table.
   if not(Img.SeekRVA(RVA) and Img.ReadEx(@RDT, SizeOf(RDT))) then
   begin
-    Img.Msg.Write('Failed to read resource directory table.');
+    Img.Msg.Write(SCategoryResources, 'Failed to read resource directory table.');
     exit(PR_ERROR);
   end;
 
@@ -201,14 +210,18 @@ function TPEResourcesParser.ReadNode(
   // Read named entries.
   for i := 1 to RDT.NumberOfNameEntries do
   begin
-    ReadEntry(ParentNode, RVA, n, EK_NAME, @RDT);
+    if ReadEntry(ParentNode, RVA, n, EK_NAME, @RDT) = nil then
+      exit(PR_ERROR);
+
     inc(n);
   end;
 
   // Read Id entries.
   for i := 1 to RDT.NumberOfIDEntries do
   begin
-    ReadEntry(ParentNode, RVA, n, EK_ID, @RDT);
+    if ReadEntry(ParentNode, RVA, n, EK_ID, @RDT) = nil then
+      exit(PR_ERROR);
+
     inc(n);
   end;
 
