Comments (6)
[deleted comment]
from pefile.
The attached file seems to have manipulated or corrupted imports and exports.
In the export directory, the NumberOfFunctions for the attached file is
0x10015998 (268523928). So, pefile
seems to barf at parse_export_directory, trying to enumerate all the ExportData
and using too much memory.
Screenshot : http://twitpic.com/1r0xlv
However, the NumberOfNames for the attached file is zero. This could be used as
an additional check before
enumerating the exports. These two values (NumberOfNames, NumberOfFunctions)
are not always equal, but
the lesser of the two should be used for most purposes.
temporary fix : NumberOfNames on line 2891 on r73
Original comment by kbandla%[email protected]
on 25 May 2010 at 9:31
from pefile.
Thanks for your answer,
I did as you wrote and it works for the attached file, But I have some more
files
which still provide a memory leaks. I have attached additionally two files.
I'm checking with script:
import os
import gc
import pefile
folder = 'folder with tested files'
for f in os.listdir(folder):
try:
p = pefile.PE(os.path.join(folder, f), fast_load=False)
del p
except KeyboardInterrupt:
raise KeyboardInterrupt()
except:
pass
gc.collect()
Original comment by [email protected]
on 26 May 2010 at 6:29
Attachments:
from pefile.
This seems like expected behavior. You are asking pefile to load all the
directory info (fast_load=False) on files
that have a lot of relocation information. (looks like a common pattern for all
ASPack packed files).
If you are not using directory information from the pe file, using
fast_load=True will speed things up for you.
You can then explicitly call full_load() on the pefile instance to parse all
directories if you need them.
Original comment by kbandla%[email protected]
on 26 May 2010 at 5:05
from pefile.
Hello,
I have tried getting info as
p = pefile.PE(os.path.join(folder, f), fast_load=True)
p.parse_data_directories([0,1])
del p
but the test script still has memory leaks. I have tested my script of a large
number
of files and I will try find samples with provide a memory leaks and will send
you.
Who do I think that it isn't expected behavior?
I delete each PE instance explicitly and call python's GC, but memory still
continue
to grow.
Original comment by [email protected]
on 28 May 2010 at 12:37
from pefile.
(Revision 76) Added an upper bound on the number of export entries that will be
handled. If there are more
entries than what would fit in what's left until the end of the file we don't
attempt to process any more
This makes it possible to handle all the files reported although in some larger
cases it might still take a few
seconds to load a file
Original comment by [email protected]
on 3 Jun 2010 at 12:05
- Changed state: Fixed
from pefile.
Related Issues (20)
- find int(AddressOfEntryPoint) is greater than get_memory_mapped_image() HOT 1
- find bug in format string at line 4074 HOT 2
- 'PE' object has no attribute 'DIRECTORY_ENTRY_IMPORT' HOT 1
- AttributeError: 'PE' object has no attribute 'resources' - resources_nb = len(pe.resources) HOT 1
- Feature request: function for checking of validity of PE files HOT 1
- Utility to change the icon
- how do for the result of dump in str HOT 3
- Problem with overlay and clipped executables
- Accept memoryview for data HOT 1
- pefile.py failed to load PE binary with bogus section.SizeOfRawData HOT 1
- pefile.get_imphash() function bug HOT 5
- Exports table bad/wrong function addresses
- Discrepancy between YARA and pefile while computing imphash HOT 2
- _abc_impl is set to a wrong type in cython HOT 2
- Invalid offset assignment at get_data function during PE loading
- ordlookup returns incorrect names for wsock32 ordinals HOT 1
- get_memory_mapped_image leaves trash data in alignment regions
- Wrong assumption while parsing rich header HOT 4
- Error in parse dynamic relocations HOT 1
- 256 MiB maximum offset limit is too low HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pefile.