You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 7, 2023. It is now read-only.
is not properly performed as its comment. If the value of exe.FILE_HEADER.Characteristics is 0x22 (e.g., PE+ EXE), upper 8bits data cannot be accessed, so "ValueError: Bitstrings must have the same length for ^ operator." exception is thrown as follows
#pad to 16 bits
img_chars = bitstring.BitArray(bytes=img_chars.tobytes())
--> img_chars_xor = img_chars[0:8] ^ img_chars[8:16]
/usr/local/lib/python3.5/dist-packages/bitstring-3.1.5-py3.5.egg/bitstring.py in __xor__(self, bs)
1128 bs = Bits(bs)
1129 if self.len != bs.len:
-> 1130 raise ValueError("Bitstrings must have the same length "
1131 "for ^ operator.")
1132 s = self._copy()
ValueError: Bitstrings must have the same length for ^ operator.
I think these lines should be fixed as follows.
#image characteristicsimg_chars=bitstring.BitArray(hex(exe.FILE_HEADER.Characteristics))
#pad to 16 bits# img_chars = bitstring.BitArray(bytes=img_chars.tobytes()) # <- this line do not do 16bits paddingimg_chars=img_chars.bin.zfill(16) # <- correct 16bits paddingimg_chars_xor=img_chars[0:8] ^img_chars[8:16]
Is this an intended behavior of calculate_pehash function?
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
According to the current implementation of
calculate_pehash
, "pad to 16 bits"viper-modules/pehash/pehasher.py
Lines 25 to 28 in d21d555
exe.FILE_HEADER.Characteristics
is 0x22 (e.g., PE+ EXE), upper 8bits data cannot be accessed, so "ValueError: Bitstrings must have the same length for ^ operator." exception is thrown as followsI think these lines should be fixed as follows.
Is this an intended behavior of
calculate_pehash
function?The text was updated successfully, but these errors were encountered: