diff --git a/src/pe/certificate_table.rs b/src/pe/certificate_table.rs index aedd7da4a..7809b4980 100644 --- a/src/pe/certificate_table.rs +++ b/src/pe/certificate_table.rs @@ -134,6 +134,7 @@ impl<'a> AttributeCertificate<'a> { bytes: &'a [u8], current_offset: &mut usize, ) -> Result, error::Error> { + debug!("reading certificate header at {current_offset}"); // `current_offset` is moved sizeof(AttributeCertificateHeader) = 8 bytes further. let header: AttributeCertificateHeader = bytes.gread_with(current_offset, scroll::LE)?; let cert_size = usize::try_from(header.length.saturating_sub(CERTIFICATE_DATA_OFFSET)) @@ -143,6 +144,11 @@ impl<'a> AttributeCertificate<'a> { ) })?; + debug!( + "parsing certificate header {:#?}, predicted certificate size: {}", + header, cert_size + ); + if let Some(bytes) = bytes.get(*current_offset..(*current_offset + cert_size)) { let attr = Self { length: header.length, @@ -178,6 +184,13 @@ impl<'a> ctx::TryIntoCtx for &AttributeCertificate<'a> { let maybe_certificate_padding = pad(self.certificate.len(), Some(16usize)); bytes.gwrite(self.certificate, offset)?; if let Some(cert_padding) = maybe_certificate_padding { + debug!( + "Extending the buffer ({}) at offset {} with {} extra bytes for quadword alignment", + bytes.len(), + *offset, + cert_padding.len() + ); + bytes.gwrite(&cert_padding[..], offset)?; } diff --git a/src/pe/header.rs b/src/pe/header.rs index 06e23c0b0..c5cea0c46 100644 --- a/src/pe/header.rs +++ b/src/pe/header.rs @@ -253,6 +253,7 @@ impl CoffHeader { let string_table_offset = self.pointer_to_symbol_table as usize + symbol::SymbolTable::size(self.number_of_symbol_table as usize); for i in 0..nsections { + debug!("parsing section at offset {offset}"); let section = section_table::SectionTable::parse(bytes, offset, string_table_offset as usize)?; debug!("({}) {:#?}", i, section); @@ -342,6 +343,7 @@ impl ctx::TryIntoCtx for Header { bytes.gwrite_with(self.dos_stub, offset, ctx)?; bytes.gwrite_with(self.signature, offset, scroll::LE)?; bytes.gwrite_with(self.coff_header, offset, ctx)?; + debug!("Non-optional header written, current offset: {}", offset); if let Some(opt_header) = self.optional_header { bytes.gwrite_with(opt_header, offset, ctx)?; } diff --git a/src/pe/optional_header.rs b/src/pe/optional_header.rs index 852f4dced..b043fc38e 100644 --- a/src/pe/optional_header.rs +++ b/src/pe/optional_header.rs @@ -2,6 +2,7 @@ use crate::container; use crate::error; use crate::pe::data_directories; +use crate::pe::debug; use scroll::{ctx, Endian, LE}; use scroll::{Pread, Pwrite, SizeWith}; @@ -358,12 +359,16 @@ impl ctx::TryIntoCtx for OptionalHeader { match self.standard_fields.magic { MAGIC_32 => { bytes.gwrite_with::(self.standard_fields.into(), offset, ctx)?; + debug!("Wrote standard fields 32 bits (offset: {})", offset); bytes.gwrite_with(WindowsFields32::try_from(self.windows_fields)?, offset, ctx)?; + debug!("Wrote windows fields 32 bits (offset: {})", offset); bytes.gwrite_with(self.data_directories, offset, ctx)?; } MAGIC_64 => { bytes.gwrite_with::(self.standard_fields.into(), offset, ctx)?; + debug!("Wrote standard fields 64 bits (offset: {})", offset); bytes.gwrite_with(self.windows_fields, offset, ctx)?; + debug!("Wrote windows fields 64 bits (offset: {})", offset); bytes.gwrite_with(self.data_directories, offset, ctx)?; } _ => panic!(),