Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid PE signature errors #3

Closed
Sembiance opened this issue May 15, 2024 · 2 comments
Closed

Invalid PE signature errors #3

Sembiance opened this issue May 15, 2024 · 2 comments
Assignees
@dhondta
Labels
enhancement New feature or request

Comments

@Sembiance
Copy link

I'm attempting to use this to check these .exe files:
https://sembiance.com/fileFormatSamples/executable/exe/CNDRAW.EXE
https://sembiance.com/fileFormatSamples/executable/exe/VIEWGIF.EXE
https://sembiance.com/fileFormatSamples/executable/exe/VESA.EXE

Running peid <exe> against any of them yields:

Traceback (most recent call last):
  File "/home/sembiance/Downloads/wip/env/bin/peid", line 8, in <module>
    sys.exit(main())
  File "/home/sembiance/Downloads/wip/env/lib/python3.10/site-packages/peid/__main__.py", line 67, in main
    results = identify_packer(*args.path, db=args.db, ep_only=args.ep_only, sec_start_only=args.sec_start_only,
  File "/home/sembiance/Downloads/wip/env/lib/python3.10/site-packages/peid/__init__.py", line 67, in identify_packer
    results.append((path, db.match(path, ep_only, sec_start_only, match_all)))
  File "/home/sembiance/Downloads/wip/env/lib/python3.10/site-packages/peid/db/__init__.py", line 80, in match
    with PE(pe, logger=self.logger) as f:
  File "/home/sembiance/Downloads/wip/env/lib/python3.10/site-packages/peid/pe.py", line 28, in __init__
    raise OSError("Invalid PE signature")
OSError: Invalid PE signature

I'm able to run it ok on some other .exe files, but not these.

Versions installed:

$ pip list
Package    Version
---------- -------
msgspec    0.18.6
peid       2.1.1
pip        24.0
setuptools 69.5.1
wheel      0.43.0

$ python --version
Python 3.10.14

Is it not designed to work with all .exe's? Is there something wrong with my configurations?
@dhondta dhondta self-assigned this May 15, 2024
@dhondta dhondta added the enhancement New feature or request label May 15, 2024
dhondta added a commit that referenced this issue May 15, 2024
@dhondta
Added support for MSDOS Executable (#3)
0370936
@dhondta
Copy link
Collaborator

dhondta commented May 15, 2024

Hi @Sembiance !
Thanks for reporting this error.
This comes from the fact that MSDOS Executable format is currently not supported.
I just added it but, given the 3 samples you mention, did you expect any of them to have a signature matching from PEiD's database ?

dhondta added a commit that referenced this issue May 15, 2024
@dhondta
Added support for MSDOS Executable (#3)
f18f0a1
@Sembiance
Copy link
Author

Thanks for the fix!

Using Detect-It-Easy it found:
CNDRAW.EXE Packer: EXEPACK(3.69)
VIEWGIF.EXE Packer: LZEXE(0.91, 1.0)

VESA.EXE doesn't have anything special, it was just a test.

I'm not sure if peid is supposed to find packers like that or not, I was just looking into other things I could use to help identify EXE files.

@dhondta dhondta closed this as completed Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dhondta dhondta

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sembiance @dhondta