From f8a3a702913dc94da34837fdf98cf3bbb274c09e Mon Sep 17 00:00:00 2001
From: bitform <matt@exploit-monday.com>
Date: Sun, 22 Jul 2012 16:47:44 -0400
Subject: Fixed bug in executables with no imports/exports

I now check for the existance of imports/exports in the data directory.
---
 PETools/Get-PEHeader.ps1 | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'PETools')

diff --git a/PETools/Get-PEHeader.ps1 b/PETools/Get-PEHeader.ps1
index 315f397..8422390 100644
--- a/PETools/Get-PEHeader.ps1
+++ b/PETools/Get-PEHeader.ps1
@@ -665,6 +665,11 @@ $code = @"
     
     function Get-Exports()
     {
+    
+        if ($NTHeader.OptionalHeader.DataDirectory[0].VirtualAddress -eq 0) {
+            Write-Verbose 'Module does not contain any exports'
+            return
+        }
 
         # List all function Rvas in the export table
         $ExportPointer = [IntPtr] ($PEBaseAddr.ToInt64() + $NtHeader.OptionalHeader.DataDirectory[0].VirtualAddress)
@@ -759,6 +764,11 @@ $code = @"
 
     function Get-Imports()
     {
+        if ($NTHeader.OptionalHeader.DataDirectory[1].VirtualAddress -eq 0) {
+            Write-Verbose 'Module does not contain any imports'
+            return
+        }
+    
         $FirstImageImportDescriptorPtr = [IntPtr] ($PEBaseAddr.ToInt64() + $NtHeader.OptionalHeader.DataDirectory[1].VirtualAddress)
         if ($OnDisk) { $FirstImageImportDescriptorPtr = Convert-RVAToFileOffset $FirstImageImportDescriptorPtr }
         $ImportDescriptorPtr = $FirstImageImportDescriptorPtr
-- 
cgit v1.2.3