diff --git a/src/pe/certificate_table.rs b/src/pe/certificate_table.rs index 709a48161..3bd218ab5 100644 --- a/src/pe/certificate_table.rs +++ b/src/pe/certificate_table.rs @@ -3,6 +3,7 @@ /// https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only /// https://learn.microsoft.com/en-us/windows/win32/api/wintrust/ns-wintrust-win_certificate use crate::error; +use crate::pe::debug; use scroll::{ctx, Pread, Pwrite}; use alloc::string::ToString; @@ -132,6 +133,7 @@ impl<'a> AttributeCertificate<'a> { bytes: &'a [u8], current_offset: &mut usize, ) -> Result, error::Error> { + debug!("reading certificate header at {current_offset}"); // `current_offset` is moved sizeof(AttributeCertificateHeader) = 8 bytes further. let header: AttributeCertificateHeader = bytes.gread_with(current_offset, scroll::LE)?; let cert_size = usize::try_from(header.length.saturating_sub(CERTIFICATE_DATA_OFFSET)) @@ -141,6 +143,11 @@ impl<'a> AttributeCertificate<'a> { ) })?; + debug!( + "parsing certificate header {:#?}, predicted certificate size: {}", + header, cert_size + ); + if let Some(bytes) = bytes.get(*current_offset..(*current_offset + cert_size)) { let attr = Self { length: header.length, diff --git a/src/pe/header.rs b/src/pe/header.rs index 06e23c0b0..c5cea0c46 100644 --- a/src/pe/header.rs +++ b/src/pe/header.rs @@ -253,6 +253,7 @@ impl CoffHeader { let string_table_offset = self.pointer_to_symbol_table as usize + symbol::SymbolTable::size(self.number_of_symbol_table as usize); for i in 0..nsections { + debug!("parsing section at offset {offset}"); let section = section_table::SectionTable::parse(bytes, offset, string_table_offset as usize)?; debug!("({}) {:#?}", i, section); @@ -342,6 +343,7 @@ impl ctx::TryIntoCtx for Header { bytes.gwrite_with(self.dos_stub, offset, ctx)?; bytes.gwrite_with(self.signature, offset, scroll::LE)?; bytes.gwrite_with(self.coff_header, offset, ctx)?; + debug!("Non-optional header written, current offset: {}", offset); if let Some(opt_header) = self.optional_header { bytes.gwrite_with(opt_header, offset, ctx)?; } diff --git a/src/pe/optional_header.rs b/src/pe/optional_header.rs index 852f4dced..b043fc38e 100644 --- a/src/pe/optional_header.rs +++ b/src/pe/optional_header.rs @@ -2,6 +2,7 @@ use crate::container; use crate::error; use crate::pe::data_directories; +use crate::pe::debug; use scroll::{ctx, Endian, LE}; use scroll::{Pread, Pwrite, SizeWith}; @@ -358,12 +359,16 @@ impl ctx::TryIntoCtx for OptionalHeader { match self.standard_fields.magic { MAGIC_32 => { bytes.gwrite_with::(self.standard_fields.into(), offset, ctx)?; + debug!("Wrote standard fields 32 bits (offset: {})", offset); bytes.gwrite_with(WindowsFields32::try_from(self.windows_fields)?, offset, ctx)?; + debug!("Wrote windows fields 32 bits (offset: {})", offset); bytes.gwrite_with(self.data_directories, offset, ctx)?; } MAGIC_64 => { bytes.gwrite_with::(self.standard_fields.into(), offset, ctx)?; + debug!("Wrote standard fields 64 bits (offset: {})", offset); bytes.gwrite_with(self.windows_fields, offset, ctx)?; + debug!("Wrote windows fields 64 bits (offset: {})", offset); bytes.gwrite_with(self.data_directories, offset, ctx)?; } _ => panic!(),