Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: Malformed PE header in DragExt64.dll

2025-02-20

How are you checking this? What version of WinSCP/DLL?
For DLL from WinSCP 6.3.6 I get this with dumpbin.exe /headers WinSCPnet.dll:


Microsoft (R) COFF/PE Dumper Version 14.43.34808.0

Copyright (C) Microsoft Corporation.  All rights reserved.





Dump of file WinSCPnet.dll



PE signature found



File Type: DLL



FILE HEADER VALUES

             14C machine (x86)

               3 number of sections

        8721E0A3 time date stamp

               0 file pointer to symbol table

               0 number of symbols

              E0 size of optional header

            2022 characteristics

                   Executable

                   Application can handle large (>2GB) addresses

                   DLL



OPTIONAL HEADER VALUES

             10B magic # (PE32)

           48.00 linker version

           23400 size of code

             600 size of initialized data

               0 size of uninitialized data

           25216 entry point (10025216)

            2000 base of code

           26000 base of data

        10000000 image base (10000000 to 10029FFF)

            2000 section alignment

             200 file alignment

            4.00 operating system version

            0.00 image version

            4.00 subsystem version

               0 Win32 version

           2A000 size of image

             200 size of headers

...

Noah

Malformed PE header in DragExt64.dll

2025-02-20 01:13

In the "Optional" header, SizeOfHeaders is set to 0x610 which does not match the alignment specified by FileAlignment, set to 0x200. In this specific example, SizeOfHeaders should be 0x800.

This technically causes an issue with the Microsoft Authenticode specification. Some authenticode hash implementations handle it and some do not. Implementations that do not handle this will cause the signature on the DLL to be flagged invalid.

Post a reply

Topic review

Re: Malformed PE header in DragExt64.dll

Malformed PE header in DragExt64.dll

Documentation

Support

Associations

Follow Us