pe: Add ParseOptions field to toggle parsing Attribute Certificates for PEs loaded into memory (#377)

suttonbradley · Sutton Bradley · web-flow · commit 03eb434207b6 · 2023-10-08T18:22:58.000-07:00
* Add in_memory feature to prevent parsing attribute certificates (not pulled into memory by loader)

---------

Co-authored-by: Sutton Bradley &lt;suttonb@microsoft.com&gt;
diff --git a/src/pe/mod.rs b/src/pe/mod.rs
@@ -222,18 +222,23 @@ impl<'a> PE<'a> {
                 }
             }
 
-            let certtable = if let Some(certificate_table) =
-                *optional_header.data_directories.get_certificate_table()
-            {
-                certificates = certificate_table::enumerate_certificates(
-                    bytes,
-                    certificate_table.virtual_address,
-                    certificate_table.size,
-                )?;
+            // Parse attribute certificates unless opted out of
+            let certtable = if opts.parse_attribute_certificates {
+                if let Some(certificate_table) =
+                    *optional_header.data_directories.get_certificate_table()
+                {
+                    certificates = certificate_table::enumerate_certificates(
+                        bytes,
+                        certificate_table.virtual_address,
+                        certificate_table.size,
+                    )?;
 
-                let start = certificate_table.virtual_address as usize;
-                let end = start + certificate_table.size as usize;
-                Some(start..end)
+                    let start = certificate_table.virtual_address as usize;
+                    let end = start + certificate_table.size as usize;
+                    Some(start..end)
+                } else {
+                    None
+                }
             } else {
                 None
             };
diff --git a/src/pe/options.rs b/src/pe/options.rs
@@ -3,11 +3,19 @@
 pub struct ParseOptions {
     /// Wether the parser should resolve rvas or not. Default: true
     pub resolve_rva: bool,
+    /// Whether or not to parse attribute certificates.
+    /// Set to false for in-memory representation, as the [loader does not map this info into
+    /// memory](https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#other-contents-of-the-file).
+    /// For on-disk representations, leave as true. Default: true
+    pub parse_attribute_certificates: bool,
 }
 
 impl ParseOptions {
     /// Returns a parse options structure with default values
     pub fn default() -> Self {
-        ParseOptions { resolve_rva: true }
+        ParseOptions {
+            resolve_rva: true,
+            parse_attribute_certificates: true,
+        }
     }
 }
