From 9a64573f72d384139161f7f7fcdbffcb6e5e5b54 Mon Sep 17 00:00:00 2001
From: clairelevin <clairelevin@ufl.edu>
Date: Thu, 1 Jun 2023 10:28:35 -0400
Subject: [PATCH 1/2] fixed bugs in export table and GetProcAddress

---
 qiling/loader/pe.py                             | 3 +++
 qiling/os/windows/dlls/kernel32/libloaderapi.py | 4 ----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/qiling/loader/pe.py b/qiling/loader/pe.py
index 724a33a9a..4bf278710 100644
--- a/qiling/loader/pe.py
+++ b/qiling/loader/pe.py
@@ -553,6 +553,9 @@ def init_exports(self, pe: pefile.PE):
 
         # Do a full load if IMAGE_DIRECTORY_ENTRY_EXPORT is present so we can load the exports
         pe.full_load()
+        
+        # check whether loading of export table succeeded
+        if not hasattr(pe, 'DIRECTORY_ENTRY_EXPORT'): return
 
         iat = {}
 
diff --git a/qiling/os/windows/dlls/kernel32/libloaderapi.py b/qiling/os/windows/dlls/kernel32/libloaderapi.py
index 29b4ce88f..d7a2b4b3d 100644
--- a/qiling/os/windows/dlls/kernel32/libloaderapi.py
+++ b/qiling/os/windows/dlls/kernel32/libloaderapi.py
@@ -144,10 +144,6 @@ def hook_GetProcAddress(ql: Qiling, address: int, params):
         # let log output reflect a human-readable procname
         params["lpProcName"] = procname
 
-        # WORKAROUND for gandcrab
-        if procname == "RtlComputeCrc32":
-            return 0
-
         procname = procname.encode('latin1')
 
     else:

From 41b3b83bf542593524f38b574bdaa07f13af0baa Mon Sep 17 00:00:00 2001
From: clairelevin <clairelevin@ufl.edu>
Date: Mon, 5 Jun 2023 16:52:37 -0400
Subject: [PATCH 2/2] added comment for export table fix

---
 qiling/loader/pe.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/qiling/loader/pe.py b/qiling/loader/pe.py
index 4bf278710..8fd7dd4ed 100644
--- a/qiling/loader/pe.py
+++ b/qiling/loader/pe.py
@@ -554,8 +554,9 @@ def init_exports(self, pe: pefile.PE):
         # Do a full load if IMAGE_DIRECTORY_ENTRY_EXPORT is present so we can load the exports
         pe.full_load()
         
-        # check whether loading of export table succeeded
-        if not hasattr(pe, 'DIRECTORY_ENTRY_EXPORT'): return
+        # address corner case for malformed export tables where IMAGE_DIRECTORY_ENTRY_EXPORT exists, but DIRECTORY_ENTRY_EXPORT does not
+        if not hasattr(pe, 'DIRECTORY_ENTRY_EXPORT'): 
+            return
 
         iat = {}