在Windows中对exe文件进行代码签名时,数字签名存储在哪里? [英] Where is the digital signature stored when code signing a exe file in windows?
问题描述
如问题标题中所述。但是,我使用的是技巧,我在其中存储了要在运行时使用的可执行文件之后的额外数据(请参见此处)。
As stated in the question title. However, I am using a "trick" where i store extra data after the executable to be used at runtime (see here).
但是,对我的可执行文件签名似乎破坏了这个技巧,所以我的问题是exe(PE)文件中存储的签名在哪里?
Signing my executable appears to break this 'trick' however, so my question is where is the signature stored in the exe (PE) file?
我正在使用 signtool
从Microsoft签署我的可执行文件。
I am usingsigntool
from microsoft to sign my executable.
推荐答案
嵌入的数字签名始终附加在可执行文件的末尾,无论您是否附加了自定义数据。附加的数据包含在签名的哈希中。
An embedded digital signature is always appended to the end of the executable file, whether or not you have custom data attached to it. The attached data is included in the hash of the signature.
签名的位置和大小存储在PE标头的安全目录中。提取信息的过程如下:
The location and size of the signature is stored in the security directory of the PE header. Extracting that information goes like this:
- 找到并阅读
IMAGE_OPTIONAL_HEADER
。。 li>
-
IMAGE_OPTIONAL_HEADER :: DataDirectory
是IMAGE_DATA_DIRECTORY
结构。通过IMAGE_DIRECTORY_ENTRY_SECURITY
(未记录,但在winnt.h中声明)对其建立索引,以找到安全目录的条目。 -
IMAGE_DATA_DIRECTORY :: VirtualAddress
包含签名和<$的文件偏移量(不是RVA) c $ c> IMAGE_DATA_DIRECTORY :: Size 包含签名的大小。
- Locate and read the
IMAGE_OPTIONAL_HEADER
of the PE file. IMAGE_OPTIONAL_HEADER::DataDirectory
is an array ofIMAGE_DATA_DIRECTORY
structures. Index it byIMAGE_DIRECTORY_ENTRY_SECURITY
(undocumented but declared in winnt.h) to locate the entry of the security directory.IMAGE_DATA_DIRECTORY::VirtualAddress
contains the file offset (not the RVA) of the signature andIMAGE_DATA_DIRECTORY::Size
contains the size of the signature.
参考:
- PE格式(MSDN)
- 在PE内部窥视(有些可读性更高,带有示例)
- IMAGE_DATA_DIRECTORY值
- 丢失的数字签名选项卡的情况
- PE Format (MSDN)
- Peering inside the PE (somewhat more readable, with examples)
- IMAGE_DATA_DIRECTORY values
- The Case of the Missing Digital Signatures Tab
这篇关于在Windows中对exe文件进行代码签名时,数字签名存储在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!