[FEATURE] Add info that sections' PointerToRawData is misaligned (Issue

#11)
hasherezade · Feb 17, 2023 · cf7e942 · cf7e942
1 parent c20e69c
commit cf7e942
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 8 deletions.
diff --git a/pe-bear/PEFileTreeModel.cpp b/pe-bear/PEFileTreeModel.cpp
@@ -170,7 +170,7 @@ bufsize_t PEFileTreeItem::getContentSize() const
 		case PEFILE_DOS_STUB :
 		{
 			const offset_t ntHdrsOffset = m_PE->peNtHdrOffset();
-			if (ntHdrsOffset < offset) {
+			if (ntHdrsOffset == INVALID_ADDR || ntHdrsOffset < offset) {
 				return 0;
 			}
 			return ntHdrsOffset - offset;
@@ -251,13 +251,16 @@ QVariant PEFileTreeItem::toolTip(int column) const
 	if (!this->myPeHndl) return QVariant();
 	PEFile *m_PE = this->myPeHndl->getPe();
 	if (!m_PE) return QVariant();
-
+	QStringList peInfo;
 	int fieldIndx = column;
 	if (this->level == DESC) {
 		if (role == PEFILE_MAIN) {
-			QString truncated = m_PE->isTruncated() ? "\n(truncated)" : "";
-			QString resized = m_PE->isResized() ? "\n(resized)" : "";
-			return myPeHndl->getFullName() + truncated + resized;
+			if (m_PE->isTruncated()) peInfo << "(truncated)";
+			if (m_PE->isResized()) peInfo << "(resized)";
+
+			myPeHndl->isPeAtypical(&peInfo);
+
+			return myPeHndl->getFullName() + "\n" + peInfo.join("\n");
 		}
 		if (role == PEFILE_OVERLAY) {
 			return "Overlay size: 0x" + QString::number(this->getOverlaySize(), 16);
@@ -279,14 +282,14 @@ QVariant PEFileTreeItem::decoration(int column) const
 		}
 
 		if (m_PE->getBitMode() == Executable::BITS_64) {
-			if (myPeHndl->isPeValid()) {
+			if (!myPeHndl->isPeAtypical()) {
 				return ViewSettings::getScaledPixmap(":/icons/app64.ico");
 			}
 			else {
 				return ViewSettings::getScaledPixmap(":/icons/app64_w.ico");
 			}
 		} else {
-			if (myPeHndl->isPeValid()) {
+			if (!myPeHndl->isPeAtypical()) {
 				return ViewSettings::getScaledPixmap(":/icons/app32.ico");
 			}
 			else {

diff --git a/pe-bear/base/PeHandler.h b/pe-bear/base/PeHandler.h
@@ -52,7 +52,7 @@ class PeHandler : public QObject, public Releasable
 	PeHandler(PEFile *_pe, FileBuffer *_fileBuffer);
 	PEFile* getPe() { return m_PE; }
 
-	bool isPeValid() 
+	bool isPeValid() const
 	{
 		if (!m_PE) return false;
 		if (m_PE->getSectionsCount() == 0) {
@@ -66,6 +66,32 @@ class PeHandler : public QObject, public Releasable
 		return true;
 	}
 
+	bool isPeAtypical(QStringList *warnings = NULL) const
+	{
+		bool isAtypical = false;
+		if (!isPeValid()) {
+			isAtypical = true;
+			if (warnings) (*warnings) << "The executable may not run: the ImageSize size doesn't fit sections";
+		}
+		const size_t mappedSecCount = m_PE->getSectionsCount(true);
+		// check for unaligned sections:
+		if (mappedSecCount != m_PE->getSectionsCount(false)) {
+			isAtypical = true;
+			if (warnings) (*warnings) << "Not all sections are mapped";
+		}
+		for (size_t i = 0; i < mappedSecCount; i++) {
+			SectionHdrWrapper *sec = m_PE->getSecHdr(i);
+			const offset_t hdrOffset = sec->getContentOffset(Executable::RAW, false);
+			const offset_t mappedOffset = sec->getContentOffset(Executable::RAW, true);
+			if (hdrOffset != mappedOffset) {
+				isAtypical = true;
+				if (warnings) (*warnings) << "Contains sections misaligned to FileAlignment";
+				break;
+			}
+		}
+		return isAtypical;
+	}
+
 	bool updateFileModifTime()
 	{
 		QDateTime modDate = QDateTime(); //default: empty date