NIM compiled binaries fail to parse section.

Question

NIM compiled binaries fail to parse section.

rafale0n opened this issue a year ago · 4 comments

This issue can be replicated with creating a simple nim program, for eg.

echo "Hello World"

and compiling it with on linux:

nim c --app=console -d:exe -d:mingw --cpu=amd64 -d:debug -d:strip -d:exe --out=helloworld.exe helloworld.nim

scan with avred results in following output:

╰─ python3 ./avred.py --file helloworld.exe                                                                                                                                                                                                                         ─╯
[INFO    ][2023-09-11 14:33:58,601] main() :: Using file: helloworld.exe
[INFO    ][2023-09-11 14:33:58,601] handleFile() :: Handle file: helloworld.exe
[INFO    ][2023-09-11 14:33:58,605] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-11 14:33:58,647] parseFile() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-11 14:33:58,647] handleFile() :: Using scanner from command line: amsi
[INFO    ][2023-09-11 14:33:58,649] load() :: Loading HashCache
[INFO    ][2023-09-11 14:33:58,650] load() ::   0 hashes loaded
Traceback (most recent call last):
  File "/home/*****/Downloads/avred/./avred.py", line 354, in <module>
    main()
  File "/home//*****//Downloads/avred/./avred.py", line 76, in main
    handleFile(args.file, args, args.server)
  File "/home//*****//Downloads/avred/./avred.py", line 178, in handleFile
    outcome.scanInfo = ScanInfo(scanner.scanner_name, analyzerOptions['scanSpeed'])
                                                      ~~~~~~~~~~~~~~~^^^^^^^^^^^^^
KeyError: 'scanSpeed'

Any other file types work as expected.

Answer 1 · 2023-09-11T14:59:06.000Z

It actually didnt even depend on nim compiled exes, but was just bad coding on my part. Can try again.

Answer 2 · 2023-09-11T15:47:14.000Z

It is not the matter of dependence on nim compiled exes, but the error of detecting sections of nim compiled exes:

 PE32+ executable (console) x86-64, for MS Windows, 20 sections

Answer 3 · 2023-09-11T15:47:38.000Z

The fix does not crash the program now, but the issue remains the same.

Answer 4 · 2023-09-11T16:44:05.000Z

What exactly is the issue?

Is avred crashing?
Is the binary misidentified? NIM compiled exe's should be PE32
Do the sections not get identified? Are some missing?

I compiled and uploaded your example, looks alright to me: https://avred.r00ted.ch/file/qCJRKw.nim.exe