在没有WinVerifyTrust的情况下检测数字签名 [英] Detect a digital signature without WinVerifyTrust

问题描述

我有大量的EXE文件，需要弄清楚哪些文件具有数字签名.有谁知道是否有一种方法可以检查而不访问WinVerifyTrust(它们都在Unix服务器上).

I have a large number of EXE files and need to figure out which ones have digital signatures. Does anyone know if there is a way to check without access to WinVerifyTrust (they're all on a Unix server).

我似乎找不到有关EXE内部数字签名实际位置的任何信息.如果我可以找到它在哪里，则可以打开该文件并查找要测试的位置.我不需要对证书进行真实"验证，我只想查看是否存在数字签名(或更重要的是，不存在)而不必使用WinVerifyTrust.

I can't seem to find any information on where the digital signature actually is inside the EXE. If I could find out where it is I might be able to open the file and fseek to a location to test. I don't need to do "real" verification on the certificate, I just want to see if a digital signature is present (or, more importantly, NOT present) without having to use WinVerifyTrust.

推荐答案

如上所述，仅IMAGE_DIRECTORY_ENTRY_SECURITY目录的存在明确指示了PE文件中是否存在签名.如果要测试的文件很多，并且要过滤它们，则仅测试此标准目录的存在是有效的.您不需要图书馆就可以做到这一点.

As mentioned above, the solely presence of the IMAGE_DIRECTORY_ENTRY_SECURITY directory is a clear indicator to detect the presence of a signature inside a PE file. If you have a large amount of files to test and want to filter these, just testing the presence of this standard directory is valid. You don't need a library to do this.

这篇关于在没有WinVerifyTrust的情况下检测数字签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！