diff options
| author | bitform <matt@exploit-monday.com> | 2012-07-22 16:47:44 -0400 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2012-07-22 16:47:44 -0400 |
| commit | f8a3a702913dc94da34837fdf98cf3bbb274c09e (patch) | |
| tree | d84638f56096589f8a9308c50b44ba41e463427a | |
| parent | 65ebaea880b1470718f609e1946f950e7fff0d81 (diff) | |
| download | PowerSploit-f8a3a702913dc94da34837fdf98cf3bbb274c09e.tar.gz PowerSploit-f8a3a702913dc94da34837fdf98cf3bbb274c09e.zip | |
Fixed bug in executables with no imports/exports
I now check for the existance of imports/exports in the data directory.
| -rw-r--r-- | PETools/Get-PEHeader.ps1 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/PETools/Get-PEHeader.ps1 b/PETools/Get-PEHeader.ps1 index 315f397..8422390 100644 --- a/PETools/Get-PEHeader.ps1 +++ b/PETools/Get-PEHeader.ps1 @@ -665,6 +665,11 @@ $code = @" function Get-Exports()
{
+
+ if ($NTHeader.OptionalHeader.DataDirectory[0].VirtualAddress -eq 0) {
+ Write-Verbose 'Module does not contain any exports'
+ return
+ }
# List all function Rvas in the export table
$ExportPointer = [IntPtr] ($PEBaseAddr.ToInt64() + $NtHeader.OptionalHeader.DataDirectory[0].VirtualAddress)
@@ -759,6 +764,11 @@ $code = @" function Get-Imports()
{
+ if ($NTHeader.OptionalHeader.DataDirectory[1].VirtualAddress -eq 0) {
+ Write-Verbose 'Module does not contain any imports'
+ return
+ }
+
$FirstImageImportDescriptorPtr = [IntPtr] ($PEBaseAddr.ToInt64() + $NtHeader.OptionalHeader.DataDirectory[1].VirtualAddress)
if ($OnDisk) { $FirstImageImportDescriptorPtr = Convert-RVAToFileOffset $FirstImageImportDescriptorPtr }
$ImportDescriptorPtr = $FirstImageImportDescriptorPtr
|