Forum » Support and Bug Reports »

Malformed PE header in DragExt64.dll

Advertisement

Noah
Guest

Malformed PE header in DragExt64.dll

In the "Optional" header, SizeOfHeaders is set to 0x610 which does not match the alignment specified by FileAlignment, set to 0x200. In this specific example, SizeOfHeaders should be 0x800.

This technically causes an issue with the Microsoft Authenticode specification. Some authenticode hash implementations handle it and some do not. Implementations that do not handle this will cause the signature on the DLL to be flagged invalid.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,717
Location:
Prague, Czechia

Re: Malformed PE header in DragExt64.dll

How are you checking this? What version of WinSCP/DLL?
For DLL from WinSCP 6.3.6 I get this with dumpbin.exe /headers WinSCPnet.dll: 
Microsoft (R) COFF/PE Dumper Version 14.43.34808.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file WinSCPnet.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
             14C machine (x86)
               3 number of sections
        8721E0A3 time date stamp
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
            2022 characteristics
                   Executable
                   Application can handle large (>2GB) addresses
                   DLL

OPTIONAL HEADER VALUES
             10B magic # (PE32)
           48.00 linker version
           23400 size of code
             600 size of initialized data
               0 size of uninitialized data
           25216 entry point (10025216)
            2000 base of code
           26000 base of data
        10000000 image base (10000000 to 10029FFF)
            2000 section alignment
             200 file alignment
            4.00 operating system version
            0.00 image version
            4.00 subsystem version
               0 Win32 version
           2A000 size of image
             200 size of headers
...

Reply with quote

Advertisement

You can post new topics in this forum

Documentation

Support

Associations

Follow Us