pe: some debug

src/pe/certificate_table.rs

@@ -3,6 +3,7 @@
 /// https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only
 /// https://learn.microsoft.com/en-us/windows/win32/api/wintrust/ns-wintrust-win_certificate
 use crate::error;
+use crate::pe::debug;
 use scroll::{ctx, Pread, Pwrite};
 
 use alloc::string::ToString;
@@ -74,7 +75,7 @@ impl TryFrom<u16> for AttributeCertificateType {
     }
 }
 
-#[derive(Clone, Pread)]
+#[derive(Debug, Clone, Pread)]
 struct AttributeCertificateHeader {
     /// dwLength
     length: u32,
@@ -96,6 +97,7 @@ impl<'a> AttributeCertificate<'a> {
         bytes: &'a [u8],
         current_offset: &mut usize,
     ) -> Result<AttributeCertificate<'a>, error::Error> {
+        debug!("reading certificate header at {current_offset}");
         // `current_offset` is moved sizeof(AttributeCertificateHeader) = 8 bytes further.
         let header: AttributeCertificateHeader = bytes.gread_with(current_offset, scroll::LE)?;
         let cert_size = usize::try_from(header.length.saturating_sub(CERTIFICATE_DATA_OFFSET))
@@ -105,6 +107,11 @@ impl<'a> AttributeCertificate<'a> {
                 )
             })?;
 
+        debug!(
+            "parsing certificate header {:#?}, predicted certificate size: {}",
+            header, cert_size
+        );
+
         if let Some(bytes) = bytes.get(*current_offset..(*current_offset + cert_size)) {
             let attr = Self {
                 length: header.length,
@@ -147,7 +154,8 @@ impl<'a> ctx::TryIntoCtx<scroll::Endian> for &AttributeCertificate<'a> {
     }
 }
 
-pub type CertificateDirectoryTable<'a> = Vec<AttributeCertificate<'a>>;
+/// A pair of offset, attribute certificate.
+pub type CertificateDirectoryTable<'a> = Vec<(usize, AttributeCertificate<'a>)>;
 
 pub(crate) fn enumerate_certificates(
     bytes: &[u8],
@@ -178,7 +186,7 @@ pub(crate) fn enumerate_certificates(
     // or because current_offset >= table_end_offset by virtue of current_offset being strictly
     // increasing through `AttributeCertificate::parse`.
     while current_offset < table_end_offset {
-        attrs.push(AttributeCertificate::parse(bytes, &mut current_offset)?);
+        attrs.push((current_offset, AttributeCertificate::parse(bytes, &mut current_offset)?));
     }
 
     Ok(attrs)

src/pe/header.rs

@@ -253,6 +253,7 @@ impl CoffHeader {
         let string_table_offset = self.pointer_to_symbol_table as usize
             + symbol::SymbolTable::size(self.number_of_symbol_table as usize);
         for i in 0..nsections {
+            debug!("parsing section at offset {offset}");
             let section =
                 section_table::SectionTable::parse(bytes, offset, string_table_offset as usize)?;
             debug!("({}) {:#?}", i, section);

src/pe/mod.rs

@@ -313,8 +313,10 @@ impl<'a> PE<'a> {
             // you can check the parse logic to understand how that works
             if dt_type == DataDirectoryType::CertificateTable {
                 let mut certificate_start = dd.virtual_address.try_into()?;
-                for certificate in &self.certificates {
-                    bytes.gwrite_with(certificate, &mut certificate_start, ctx)?;
+                for (original_offset, certificate) in &self.certificates {
+                    debug!("certificate size: {}", certificate.length);
+                    debug!("writing certificate at offset {} (original: {})", certificate_start, original_offset);
+                    written += bytes.gwrite_with(certificate, &mut certificate_start, ctx)?;
                     max_offset = max(max_offset, certificate_start);
                 }
             } else {