Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Exception throw while parsing null byte array on GetStringsFromMultistring #7

Closed
SteAmeR opened this issue Nov 17, 2022 · 4 comments
Closed

Exception throw while parsing null byte array on GetStringsFromMultistring #7

SteAmeR opened this issue Nov 17, 2022 · 4 comments

Comments

@SteAmeR
Copy link
Contributor

SteAmeR commented Nov 17, 2022

Hi Eric,

I came across a new malicious lnk sample on wild but it throw an exception when I tried parsing by LNK project because GetStringsFromMultistring function on Utility.cs doesn't check properly to the byte array that is given to it as an argument. If the byte array filled with 0x00 (zero) then calculation (instancePosition - index) is wrong! Because the index can be a negative number!

I fixed the problem by adding an "if condition" at the beginning of the function that checks for zero bytes.
@AndrewRathbun
Copy link
Contributor

@SteAmeR any chance you're going to do a PR for this?

SteAmeR added a commit to SteAmeR/ExtensionBlocks that referenced this issue Nov 17, 2022
@SteAmeR
Update Utils.cs
fd30061 
This pull request is related to the issue EricZimmerman#7
@SteAmeR SteAmeR mentioned this issue Nov 17, 2022
Merged
@SteAmeR
Copy link
Contributor Author

SteAmeR commented Nov 17, 2022

@SteAmeR any chance you're going to do a PR for this?

sure #8

@EricZimmerman
Copy link
Owner

ill push a new package asap.

@EricZimmerman
Copy link
Owner

1.3.2 pushed.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SteAmeR @EricZimmerman @AndrewRathbun