From 64b058924be7dd9dde8bb09611de0ff9974a10ba Mon Sep 17 00:00:00 2001 From: Joey Vagedes Date: Mon, 18 Mar 2024 08:31:52 -0700 Subject: [PATCH] Updates per PR Review --- src/pe/header.rs | 10 ++++++---- src/pe/mod.rs | 16 ++++++++++------ tests/bins/te/README.md | 24 ++++++++++++++++++++++++ tests/bins/te/Readme.md | 18 ------------------ 4 files changed, 40 insertions(+), 28 deletions(-) create mode 100644 tests/bins/te/README.md delete mode 100644 tests/bins/te/Readme.md diff --git a/src/pe/header.rs b/src/pe/header.rs index 010d7246..98e3e333 100644 --- a/src/pe/header.rs +++ b/src/pe/header.rs @@ -587,9 +587,11 @@ impl ctx::TryIntoCtx for Header { } } -/// The TE header is a reduced PE32/PE32+ header containing only fields required for -/// execution in the PI architecture. The TE header is described in by the PI spec: -/// https://uefi.org/specs/PI/1.8/V1_TE_Image.html#te-header +/// The TE header is a reduced PE32/PE32+ header containing only fields +/// required for execution in the Platform Initialization +/// ([PI](https://uefi.org/specs/PI/1.8/V1_Introduction.html)) architecture. +/// The TE header is described in this specification: +/// #[cfg(feature = "te")] #[repr(C)] #[derive(Debug, Default, PartialEq, Copy, Clone, Pread, Pwrite)] @@ -600,7 +602,7 @@ pub struct TeHeader { pub machine: u16, /// The number of sections pub number_of_sections: u8, - /// The subystem + /// The subsystem pub subsystem: u8, /// the amount of bytes stripped from the header when converting from a /// PE32/PE32+ header to a TE header. Used to resolve addresses diff --git a/src/pe/mod.rs b/src/pe/mod.rs index b01f7072..0f107d84 100644 --- a/src/pe/mod.rs +++ b/src/pe/mod.rs @@ -467,19 +467,23 @@ impl<'a> ctx::TryIntoCtx for PE<'a> { /// An analyzed TE binary /// -/// A TE binary is a PE/PE32+ binary that has had it's header stripped -/// and re-formatted to the TE specification. This presents a challenge -/// for parsing, as all relative addresses (RVAs) are not updated to -/// take this into account, and are thus incorrect. The parsing of a TE -/// must take this into account by using the `stripped_size` field of the -/// TE header to adjust the RVAs during parsing. +/// A TE binary is a PE/PE32+ binary that has had it's header stripped and +/// re-formatted to the TE specification. This presents a challenge for +/// parsing, as all relative addresses (RVAs) are not updated to take this into +/// account, and are thus incorrect. The parsing of a TE must take this into +/// account by using the [header::TeHeader::stripped_size`] field of the TE +/// header to adjust the RVAs during parsing. #[cfg(feature = "te")] #[derive(Debug)] pub struct TE<'a> { /// The TE header pub header: header::TeHeader, + /// A list of the sections in this TE binary pub sections: Vec, + /// Debug information, contained in the PE header pub debug_data: debug::DebugData<'a>, + /// The offset to apply to addresses not parsed by the TE parser + /// itself: [header::TeHeader::stripped_size] - size_of::<[header::TeHeader]>() pub rva_offset: usize, } diff --git a/tests/bins/te/README.md b/tests/bins/te/README.md new file mode 100644 index 00000000..c60f2633 --- /dev/null +++ b/tests/bins/te/README.md @@ -0,0 +1,24 @@ +# TE binaries + +Binaries located in this directory are precompiled PE32/PE32+ binaries using a +terse executable (TE) header as defined in the Platform Initialization (PI) +specification: [TE](https://uefi.org/specs/PI/1.8/V1_TE_Image.html#te-header). +These binaries were compiled using the +[EDK2](https://github.com/tianocore/edk2) build system. + +## test_image.te + +This binary is a simple Terse executable binary + +## test_image_loaded.bin + +This binary is the same as `test_image.te`, but it has been loaded by a loader, +meaning the sections have been placed in the expected address. Please note that +this particular binary has not been relocated, so no relocations have been +applied + +## test_image_relocated.bin + +This binary is the same as `test_image.te`, but it has been loaded by a loader, +meaning the sections have been placed in the expected address, and any any +relocations have been applied. diff --git a/tests/bins/te/Readme.md b/tests/bins/te/Readme.md deleted file mode 100644 index c265de42..00000000 --- a/tests/bins/te/Readme.md +++ /dev/null @@ -1,18 +0,0 @@ -# TE binaries - -Binaries located in this directory are precompiled PE32/PE32+ binaries using a -terse executable (TE) header as defined in the PI specification: -[TE](https://uefi.org/specs/PI/1.8/V1_TE_Image.html#te-header). These binaries -were compiled using the [EDK2](https://github.com/tianocore/edk2) build system. - -## test_image.te - -This binary is a simple Terse executable binary - -## test_image_loaded.bin - -This binary is the same as `test_image.te`, but it has been loaded by a loader, meaning the sections have been placed in the expected address. Please note that this particular binary has not been relocated, so no relocations have been applied - -## test_image_relocated.bin - -This binary is the same as `test_image.te`, but it has been loaded by a loader, meaning the sections have been placed in the expected address, and any any relocations have been applied. \ No newline at end of file