Hi all,
while playing with a library of mine, dealing with different file formats, i usually use tools like peid, petools and co for revalidation my results and so i saw, that PETools has a bug in deserialization of load config table data directory. it seems that is processing all field with 8 byte size are considered to be 4 bytes only, what is wrong, specificationwise....
maybe somebody who knows NEOx, tell him to fix it)))
Regards,
OHPen
- Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -
Forget about what i said. It's not the deserialization which is wrong, it is the fucking spec!!!!!!! Cannot understand why MS was not fixing it with that last revision !???
Field which are clear stated as 8 byte fields are not, instead they are 4 / 8 byte fields. depending on bitness.
damn ms, update the fucking spec !!!!!!
regards,
OHP
- Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -
Posting Permissions
Bookmarks