From 8d97d84a9b0abbd24d53704c9046d70e9acf625c Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Sat, 7 Oct 2023 01:07:01 +0200 Subject: [PATCH] pe(write): some `debug!` traces It can be hard to debug why your writer is not working as intended, here are some `debug!` traces to help in that endeavor. --- src/pe/certificate_table.rs | 13 +++++++++++++ src/pe/header.rs | 2 ++ src/pe/optional_header.rs | 5 +++++ 3 files changed, 20 insertions(+) diff --git a/src/pe/certificate_table.rs b/src/pe/certificate_table.rs index f58bb8af1..6f4b8da1b 100644 --- a/src/pe/certificate_table.rs +++ b/src/pe/certificate_table.rs @@ -143,6 +143,7 @@ impl<'a> AttributeCertificate<'a> { bytes: &'a [u8], current_offset: &mut usize, ) -> Result, error::Error> { + debug!("reading certificate header at {current_offset}"); // `current_offset` is moved sizeof(AttributeCertificateHeader) = 8 bytes further. let header: AttributeCertificateHeader = bytes.gread_with(current_offset, scroll::LE)?; let cert_size = usize::try_from(header.length.saturating_sub(ATTRIBUTE_CERTIFICATE_HEADER_SIZEOF as u32)) @@ -152,6 +153,11 @@ impl<'a> AttributeCertificate<'a> { ) })?; + debug!( + "parsing certificate header {:#?}, predicted certificate size: {}", + header, cert_size + ); + if let Some(bytes) = bytes.get(*current_offset..(*current_offset + cert_size)) { let attr = Self { length: header.length, @@ -187,6 +193,13 @@ impl<'a> ctx::TryIntoCtx for &AttributeCertificate<'a> { let maybe_certificate_padding = pad(self.certificate.len(), Some(16usize)); bytes.gwrite(self.certificate, offset)?; if let Some(cert_padding) = maybe_certificate_padding { + debug!( + "Extending the buffer ({}) at offset {} with {} extra bytes for quadword alignment", + bytes.len(), + *offset, + cert_padding.len() + ); + bytes.gwrite(&cert_padding[..], offset)?; } diff --git a/src/pe/header.rs b/src/pe/header.rs index 06e23c0b0..c5cea0c46 100644 --- a/src/pe/header.rs +++ b/src/pe/header.rs @@ -253,6 +253,7 @@ impl CoffHeader { let string_table_offset = self.pointer_to_symbol_table as usize + symbol::SymbolTable::size(self.number_of_symbol_table as usize); for i in 0..nsections { + debug!("parsing section at offset {offset}"); let section = section_table::SectionTable::parse(bytes, offset, string_table_offset as usize)?; debug!("({}) {:#?}", i, section); @@ -342,6 +343,7 @@ impl ctx::TryIntoCtx for Header { bytes.gwrite_with(self.dos_stub, offset, ctx)?; bytes.gwrite_with(self.signature, offset, scroll::LE)?; bytes.gwrite_with(self.coff_header, offset, ctx)?; + debug!("Non-optional header written, current offset: {}", offset); if let Some(opt_header) = self.optional_header { bytes.gwrite_with(opt_header, offset, ctx)?; } diff --git a/src/pe/optional_header.rs b/src/pe/optional_header.rs index 852f4dced..b043fc38e 100644 --- a/src/pe/optional_header.rs +++ b/src/pe/optional_header.rs @@ -2,6 +2,7 @@ use crate::container; use crate::error; use crate::pe::data_directories; +use crate::pe::debug; use scroll::{ctx, Endian, LE}; use scroll::{Pread, Pwrite, SizeWith}; @@ -358,12 +359,16 @@ impl ctx::TryIntoCtx for OptionalHeader { match self.standard_fields.magic { MAGIC_32 => { bytes.gwrite_with::(self.standard_fields.into(), offset, ctx)?; + debug!("Wrote standard fields 32 bits (offset: {})", offset); bytes.gwrite_with(WindowsFields32::try_from(self.windows_fields)?, offset, ctx)?; + debug!("Wrote windows fields 32 bits (offset: {})", offset); bytes.gwrite_with(self.data_directories, offset, ctx)?; } MAGIC_64 => { bytes.gwrite_with::(self.standard_fields.into(), offset, ctx)?; + debug!("Wrote standard fields 64 bits (offset: {})", offset); bytes.gwrite_with(self.windows_fields, offset, ctx)?; + debug!("Wrote windows fields 64 bits (offset: {})", offset); bytes.gwrite_with(self.data_directories, offset, ctx)?; } _ => panic!(),