-
Notifications
You must be signed in to change notification settings - Fork 6
/
sigtool.go
43 lines (36 loc) · 1.01 KB
/
sigtool.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package sigtool
import (
"debug/pe"
"errors"
"os"
)
// ExtractDigitalSignature extracts a digital signature specified in a signed PE file.
// It returns a digital signature (pkcs#7) in bytes.
func ExtractDigitalSignature(filePath string) (buf []byte, err error) {
pefile, err := pe.Open(filePath)
if err != nil {
return nil, err
}
defer pefile.Close()
var vAddr uint32
var size uint32
switch t := pefile.OptionalHeader.(type) {
case *pe.OptionalHeader32:
vAddr = t.DataDirectory[pe.IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress
size = t.DataDirectory[pe.IMAGE_DIRECTORY_ENTRY_SECURITY].Size
case *pe.OptionalHeader64:
vAddr = t.DataDirectory[pe.IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress
size = t.DataDirectory[pe.IMAGE_DIRECTORY_ENTRY_SECURITY].Size
}
if vAddr <= 0 || size <= 0 {
return nil, errors.New("Not signed PE file")
}
f, err := os.Open(filePath)
if err != nil {
return nil, err
}
defer f.Close()
buf = make([]byte, int64(size))
f.ReadAt(buf, int64(vAddr+8))
return buf, nil
}