search

sassoftware / relic

Relic is a service and a tool for adding digital signatures to operating system packages for Linux and Windows
Apache License 2.0
151 stars 41 forks source link

Adjust section size when not aligned #27

Closed chrisroberts closed 1 year ago

chrisroberts commented 1 year ago

When attempting to sign a PE file I encountered the following error:

ERROR: PE sections are out of order

Inspecting the sections of the PE file, I found that the listed size of one of the sections was not properly aligned:

file alignment: 512
section 0: start - 1536 | computed end: 8192 | size: 6656
section 1: start - 8192 | computed end: 8704 | size: 512
section 2: start - 8704 | computed end: 11776 | size: 3072
section 3: start - 11776 | computed end: 12800 | size: 1024
section 4: start - 12800 | computed end: 13312 | size: 512
section 6: start - 13312 | computed end: 15360 | size: 2048
section 7: start - 15360 | computed end: 15872 | size: 512
section 8: start - 15872 | computed end: 16384 | size: 512
section 9: start - 16384 | computed end: 19136 | size: 2752
section 9: unaligned by 320 bytes
section 10: start - 19456 | computed end: 19968 | size: 512
section 11: start - 19968 | computed end: 21504 | size: 1536
section 12: start - 21504 | computed end: 65024 | size: 43520
section 13: start - 65024 | computed end: 73216 | size: 8192
section 14: start - 73216 | computed end: 80896 | size: 7680
section 15: start - 80896 | computed end: 83968 | size: 3072
section 16: start - 83968 | computed end: 84992 | size: 1024
section 17: start - 84992 | computed end: 93184 | size: 8192
section 18: start - 93184 | computed end: 98304 | size: 5120
section 19: start - 98304 | computed end: 98816 | size: 512

Computing the end of section 9 points to 19136 but the reported start of section 10 is at 19456. Checking the contents of the file it's visible there is still padding after the computed end of section 9:

Screenshot_20230412_101914

And the reported start of section 10 shows at the end of the padding and at the proper alignment:

Screenshot_20230412_101953

By adjusting the reported size of the section to be properly aligned, the file can be fully read/digested and signed:

file alignment: 512
section 0: start - 1536 | computed end: 8192 | size: 6656
section 1: start - 8192 | computed end: 8704 | size: 512
section 2: start - 8704 | computed end: 11776 | size: 3072
section 3: start - 11776 | computed end: 12800 | size: 1024
section 4: start - 12800 | computed end: 13312 | size: 512
section 6: start - 13312 | computed end: 15360 | size: 2048
section 7: start - 15360 | computed end: 15872 | size: 512
section 8: start - 15872 | computed end: 16384 | size: 512
section 9: start - 16384 | computed end: 19136 | size: 2752
section 9: unaligned by 320 bytes
section 9: realigning...
section 10: start - 19456 | computed end: 19968 | size: 512
section 11: start - 19968 | computed end: 21504 | size: 1536
section 12: start - 21504 | computed end: 65024 | size: 43520
section 13: start - 65024 | computed end: 73216 | size: 8192
section 14: start - 73216 | computed end: 80896 | size: 7680
section 15: start - 80896 | computed end: 83968 | size: 3072
section 16: start - 83968 | computed end: 84992 | size: 1024
section 17: start - 84992 | computed end: 93184 | size: 8192
section 18: start - 93184 | computed end: 98304 | size: 5120
section 19: start - 98304 | computed end: 98816 | size: 512
Signed ./ruby.exe

And properly validated that the signature is correct:

Screenshot_20230412_103645

I've also included the executable so it can be inspected if needed. If a different approach is preferred or whatever, please just let me know. Thanks so much!

ruby.zip