From 8aa574a7c4c14b067abcdf6c4530dd74fb300c27 Mon Sep 17 00:00:00 2001
From: Matt Nadareski <mnadareski@outlook.com>
Date: Wed, 9 Nov 2022 21:28:00 -0800
Subject: [PATCH] Add PE COFF string table printing

---
 BurnOutSharp.Builder/PortableExecutable.cs | 58 +++++++++++-----------
 ExecutableTest/Program.cs                  | 22 +++++++-
 2 files changed, 49 insertions(+), 31 deletions(-)

diff --git a/BurnOutSharp.Builder/PortableExecutable.cs b/BurnOutSharp.Builder/PortableExecutable.cs
index c78d1f9c..a25808a5 100644
--- a/BurnOutSharp.Builder/PortableExecutable.cs
+++ b/BurnOutSharp.Builder/PortableExecutable.cs
@@ -93,7 +93,7 @@ namespace BurnOutSharp.Builder
 
             #endregion
 
-            #region COFF Symbol Table
+            #region COFF Symbol Table and COFF String Table
 
             // TODO: Validate that this is correct with an "old" PE
             if (coffFileHeader.PointerToSymbolTable != 0)
@@ -569,33 +569,6 @@ namespace BurnOutSharp.Builder
             return coffSymbolTable;
         }
 
-        /// <summary>
-        /// Parse a byte array into an attribute certificate table
-        /// </summary>
-        /// <param name="data">Byte array to parse</param>
-        /// <param name="offset">Offset into the byte array</param>
-        /// <param name="endOffset">First address not part of the attribute certificate table</param>
-        /// <returns>Filled attribute certificate on success, null on error</returns>
-        private static AttributeCertificateTableEntry[] ParseAttributeCertificateTable(byte[] data, int offset, int endOffset)
-        {
-            var attributeCertificateTable = new List<AttributeCertificateTableEntry>();
-
-            while (offset < endOffset)
-            {
-                var entry = new AttributeCertificateTableEntry();
-
-                entry.Length = data.ReadUInt32(ref offset);
-                entry.Revision = (WindowsCertificateRevision)data.ReadUInt16(ref offset);
-                entry.CertificateType = (WindowsCertificateType)data.ReadUInt16(ref offset);
-                if (entry.Length > 0)
-                    entry.Certificate = data.ReadBytes(ref offset, (int)entry.Length);
-
-                attributeCertificateTable.Add(entry);
-            }
-
-            return attributeCertificateTable.ToArray();
-        }
-
         /// <summary>
         /// Parse a Stream into a COFF string table
         /// </summary>
@@ -627,6 +600,33 @@ namespace BurnOutSharp.Builder
             return coffStringTable;
         }
 
+        /// <summary>
+        /// Parse a byte array into an attribute certificate table
+        /// </summary>
+        /// <param name="data">Byte array to parse</param>
+        /// <param name="offset">Offset into the byte array</param>
+        /// <param name="endOffset">First address not part of the attribute certificate table</param>
+        /// <returns>Filled attribute certificate on success, null on error</returns>
+        private static AttributeCertificateTableEntry[] ParseAttributeCertificateTable(byte[] data, int offset, int endOffset)
+        {
+            var attributeCertificateTable = new List<AttributeCertificateTableEntry>();
+
+            while (offset < endOffset)
+            {
+                var entry = new AttributeCertificateTableEntry();
+
+                entry.Length = data.ReadUInt32(ref offset);
+                entry.Revision = (WindowsCertificateRevision)data.ReadUInt16(ref offset);
+                entry.CertificateType = (WindowsCertificateType)data.ReadUInt16(ref offset);
+                if (entry.Length > 0)
+                    entry.Certificate = data.ReadBytes(ref offset, (int)entry.Length);
+
+                attributeCertificateTable.Add(entry);
+            }
+
+            return attributeCertificateTable.ToArray();
+        }
+
         /// <summary>
         /// Parse a byte array into a resource directory table
         /// </summary>
@@ -853,7 +853,7 @@ namespace BurnOutSharp.Builder
 
             #endregion
 
-            #region COFF Symbol Table
+            #region COFF Symbol Table and COFF String Table
 
             // TODO: Validate that this is correct with an "old" PE
             if (coffFileHeader.PointerToSymbolTable != 0)
diff --git a/ExecutableTest/Program.cs b/ExecutableTest/Program.cs
index a835f566..a9065b22 100644
--- a/ExecutableTest/Program.cs
+++ b/ExecutableTest/Program.cs
@@ -740,11 +740,29 @@ namespace ExecutableTest
                     if (auxSymbolsRemaining == 0)
                         currentSymbolType = 0;
                 }
+
+                Console.WriteLine();
+                Console.WriteLine("  COFF String Table Information:");
+                Console.WriteLine("  -------------------------");
+                if (executable.COFFStringTable == null
+                    || executable.COFFStringTable.Strings == null
+                    || executable.COFFStringTable.Strings.Length == 0)
+                {
+                    Console.WriteLine("  No COFF string table items");
+                }
+                else
+                {
+                    Console.WriteLine($"  Total size: {executable.COFFStringTable.TotalSize}");
+                    for (int i = 0; i < executable.COFFStringTable.Strings.Length; i++)
+                    {
+                        string entry = executable.COFFStringTable.Strings[i];
+                        Console.WriteLine($"  COFF String Table Entry {i})");
+                        Console.WriteLine($"    Value = {entry}");
+                    }
+                }
             }
             Console.WriteLine();
 
-            // TODO: COFFStringTable (Only if COFFSymbolTable?)
-
             Console.WriteLine("  Attribute Certificate Table Information:");
             Console.WriteLine("  -------------------------");
             if (executable.OptionalHeader?.CertificateTable == null