ValueError in meta_pe.py

[agrajag9]

meta_pe.py is throwing the following error on some PE samples:

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/si_module.py", line 43, in run
    moduleResult = self._run(scanObject, result, depth, args)
  File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/modules/meta_pe.py", line 201, in _run
    self.module_name, 'Rich Header', self.parseRich(pe))
  File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/modules/meta_pe.py", line 247, in parseRich
    result['Hashes'] = self.richHeaderHashes(pe)
  File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/modules/meta_pe.py", line 259, in richHeaderHashes
    rich_end = data.index(0x68636952)
ValueError: 1751345490 is not in list

I'd rather not share details about the sample here, but will say that the data list variable is not empty. I can share the sample and details through an alternate channel.

[agrajag9]

Suggested change (per discussion with @marnao):

256,257c256,257
<         rich_data = pe.get_data(0x80, 0x80)
<         data = list(struct.unpack('<32I', rich_data))
---
>         rich_data = pe.get_data(0x80)
>         data = list(struct.unpack('<%sI' % str(len(rich_data)/4), rich_data))

Resolves issues with previously identified samples.

[marnao]

we'll get this merged in soon..

[estuart]

Interestingly, I have the same exact error and have made the code changes per @agrajag9 suggestion but am still having the same error.

[agrajag9]

@estuart I assume you made the changes and did a fresh build and install?