PE: parse rich header and refactor DOS stub parser #406
Conversation
|
I'm a bit tired, will fix the CI at the rest of today or tomorrow. |
There was a problem hiding this comment.
unfortunately there are some breaking changes here, but some seem unavoidable; primarily I'd like to see DosStub have it's parse method move into an impl DosStub and the &[u8] be reverted back to the DosStub type that was there before. otherwise it's looking ok!
| pub dos_header: DosHeader, | ||
| /// DOS program for legacy loaders | ||
| pub dos_stub: DosStub, |
There was a problem hiding this comment.
breaking change, and unclear why it went from DosStub to &[u8]
| @@ -1071,6 +1225,69 @@ mod tests { | |||
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |||
| ]; | |||
|
|
|||
| static NO_RICH_HEADER: [u8; 262] = [ | |||
| @@ -410,7 +410,7 @@ impl<'a> ctx::TryIntoCtx<scroll::Endian> for PE<'a> { | |||
| } | |||
| _ => None, | |||
| }; | |||
| bytes.gwrite_with(self.header, &mut offset, ctx)?; | |||
| bytes.gwrite_with(self.header.clone(), &mut offset, ctx)?; | |||
There was a problem hiding this comment.
i think keeping copy derive on self.header is fine, and also its a breaking change to remove
| type Error = error::Error; | ||
|
|
||
| fn try_into_ctx(self, bytes: &mut [u8], ctx: scroll::Endian) -> Result<usize, Self::Error> { | ||
| let offset = &mut 0; | ||
| bytes.gwrite_with(self.dos_header, offset, ctx)?; | ||
| bytes.gwrite_with(self.dos_stub, offset, ctx)?; | ||
| bytes.gwrite_with(self.dos_stub, offset, ())?; |
There was a problem hiding this comment.
i'd expect this to use the same ctx here but maybe there's a good reason
| pub struct DosStub(pub [u8; 0x40]); | ||
| impl Default for DosStub { | ||
| pub struct DosStub<'a> { | ||
| pub data: &'a [u8], |
There was a problem hiding this comment.
this is a breaking change, going from newtype struct to regular struct with named field
| /// | ||
| /// The DOS stub is a small program that prints the message "This program cannot be run in DOS mode" and exits; and | ||
| /// is not really read for the PECOFF file format. It's a relic from the MS-DOS era. | ||
| pub fn parse_dos_stub<'a>(bytes: &'a [u8], pe_pointer: u32) -> error::Result<&'a [u8]> { |
There was a problem hiding this comment.
I would expect this fucntion to be pub fn new in the impl of DosStub?
| @@ -792,15 +813,11 @@ pub struct Header { | |||
| pub optional_header: Option<optional_header::OptionalHeader>, | |||
| } | |||
|
|
|||
| impl Header { | |||
| pub fn parse(bytes: &[u8]) -> error::Result<Self> { | |||
| impl<'a> Header<'a> { | |||
There was a problem hiding this comment.
this is also technically a breaking change; i believe you message makes clear why this should now be borrowed/have a lifetime
This PR adds parsing of Rich headers, as someone opened issue #400.
goblin::pe::header::RichHeadergoblin::pe::header::RichMetadataparsing if present, with success/fail/corrupted tests.I took the constant bytes in the test code from mthiesen/link-patcher (MIT). If this can potentially be license incompliance, I am happy to make own specimens for testing.