Skip to content

Commit

Permalink
pe: Add ParseOptions field to toggle parsing Attribute Certificates…
Browse files Browse the repository at this point in the history
… for PEs loaded into memory (#377)

* Add in_memory feature to prevent parsing attribute certificates (not pulled into memory by loader)

---------

Co-authored-by: Sutton Bradley <[email protected]>
  • Loading branch information
suttonbradley and Sutton Bradley authored Oct 9, 2023
1 parent 5bddac6 commit 03eb434
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 12 deletions.
27 changes: 16 additions & 11 deletions src/pe/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -222,18 +222,23 @@ impl<'a> PE<'a> {
}
}

let certtable = if let Some(certificate_table) =
*optional_header.data_directories.get_certificate_table()
{
certificates = certificate_table::enumerate_certificates(
bytes,
certificate_table.virtual_address,
certificate_table.size,
)?;
// Parse attribute certificates unless opted out of
let certtable = if opts.parse_attribute_certificates {
if let Some(certificate_table) =
*optional_header.data_directories.get_certificate_table()
{
certificates = certificate_table::enumerate_certificates(
bytes,
certificate_table.virtual_address,
certificate_table.size,
)?;

let start = certificate_table.virtual_address as usize;
let end = start + certificate_table.size as usize;
Some(start..end)
let start = certificate_table.virtual_address as usize;
let end = start + certificate_table.size as usize;
Some(start..end)
} else {
None
}
} else {
None
};
Expand Down
10 changes: 9 additions & 1 deletion src/pe/options.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,19 @@
pub struct ParseOptions {
/// Wether the parser should resolve rvas or not. Default: true
pub resolve_rva: bool,
/// Whether or not to parse attribute certificates.
/// Set to false for in-memory representation, as the [loader does not map this info into
/// memory](https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#other-contents-of-the-file).
/// For on-disk representations, leave as true. Default: true
pub parse_attribute_certificates: bool,
}

impl ParseOptions {
/// Returns a parse options structure with default values
pub fn default() -> Self {
ParseOptions { resolve_rva: true }
ParseOptions {
resolve_rva: true,
parse_attribute_certificates: true,
}
}
}

0 comments on commit 03eb434

Please sign in to comment.