... | ... |
@@ -1077,11 +1077,11 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1077 | 1077 |
} |
1078 | 1078 |
realoff = offset + bp - pt->prefix_length; |
1079 | 1079 |
if(patt->offdata[0] == CLI_OFF_VERSION) { |
1080 |
- cli_errmsg("CHECK: %x\n", realoff); |
|
1081 | 1080 |
if(!cli_hashset_contains_maybe_noalloc(&mdata->vinfo, realoff)) { |
1082 | 1081 |
pt = pt->next_same; |
1083 | 1082 |
continue; |
1084 | 1083 |
} |
1084 |
+ cli_dbgmsg("cli_ac_scanbuff: VI match for offset %x\n", realoff); |
|
1085 | 1085 |
} else if(pt->offset_min != CLI_OFF_ANY && (!pt->sigid || pt->partno == 1)) { |
1086 | 1086 |
if(pt->offset_min == CLI_OFF_NONE) { |
1087 | 1087 |
pt = pt->next_same; |
... | ... |
@@ -201,7 +201,7 @@ struct vinfo_list { |
201 | 201 |
int versioninfo_cb(void *opaque, uint32_t type, uint32_t name, uint32_t lang, uint32_t rva) { |
202 | 202 |
struct vinfo_list *vlist = (struct vinfo_list *)opaque; |
203 | 203 |
|
204 |
- cli_errmsg("versioninfo_cb: type: %x, name: %x, lang: %x, rva: %x\n", type, name, lang, rva); |
|
204 |
+ cli_dbgmsg("versioninfo_cb: type: %x, name: %x, lang: %x, rva: %x\n", type, name, lang, rva); |
|
205 | 205 |
vlist->rvas[vlist->count] = rva; |
206 | 206 |
if(++vlist->count == sizeof(vlist->rvas) / sizeof(vlist->rvas[0])) |
207 | 207 |
return 1; |
... | ... |
@@ -2432,7 +2432,7 @@ int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo) |
2432 | 2432 |
|
2433 | 2433 |
err = 0; |
2434 | 2434 |
for(i=0; i<vlist.count; i++) { /* enum all version_information res - RESUMABLE */ |
2435 |
- cli_dbgmsg("cli_peheader: parsing version info @ rva %x\n", vlist.rvas[i]); |
|
2435 |
+ cli_dbgmsg("cli_peheader: parsing version info @ rva %x (%u/%u)\n", vlist.rvas[i], i+1, vlist.count); |
|
2436 | 2436 |
rva = cli_rawaddr(vlist.rvas[i], peinfo->section, peinfo->nsections, &err, fsize, hdr_size); |
2437 | 2437 |
if(err) |
2438 | 2438 |
continue; |
... | ... |
@@ -2506,7 +2506,6 @@ int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo) |
2506 | 2506 |
|
2507 | 2507 |
while(st_sz > 6) { /* enum all strings - RESUMABLE */ |
2508 | 2508 |
uint32_t s_sz, s_key_sz, s_val_sz; |
2509 |
- char *k, *v; |
|
2510 | 2509 |
|
2511 | 2510 |
s_sz = s_val_sz = cli_readint32(vptr); |
2512 | 2511 |
s_sz &= 0xffff; |
... | ... |
@@ -2549,16 +2548,21 @@ int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo) |
2549 | 2549 |
return -1; |
2550 | 2550 |
} |
2551 | 2551 |
|
2552 |
- cli_errmsg("ADD %x\n", (uint32_t)(vptr - baseptr + 6)); |
|
2553 | 2552 |
if(cli_debug_flag) { |
2554 |
- /* FIXME: pretty print an usable VI-sig */ |
|
2553 |
+ char *k, *v, *s; |
|
2554 |
+ |
|
2555 |
+ /* FIXME: skip too long strings */ |
|
2555 | 2556 |
k = cli_utf16toascii(vptr + 6, s_key_sz); |
2556 | 2557 |
if(k) { |
2557 | 2558 |
s_key_sz += 6 + 3; |
2558 | 2559 |
s_key_sz &= ~3; |
2559 | 2560 |
v = cli_utf16toascii(vptr + s_key_sz, s_val_sz); |
2560 | 2561 |
if(v) { |
2561 |
- cli_errmsg("VersionInfo: '%s' = '%s'\n", k, v); |
|
2562 |
+ s = cli_str2hex(vptr + 6, s_key_sz + s_val_sz - 6); |
|
2563 |
+ if(s) { |
|
2564 |
+ cli_dbgmsg("VersionInfo (%x): '%s'='%s' - VI:%s\n", vptr - baseptr + 6, k, v, s); |
|
2565 |
+ free(s); |
|
2566 |
+ } |
|
2562 | 2567 |
free(v); |
2563 | 2568 |
} |
2564 | 2569 |
free(k); |