-
Notifications
You must be signed in to change notification settings - Fork 937
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add parsing of the PE Authenticode format #902
Conversation
…tructuing certificate table to accept new Authenticode content
… Authenticode spec
…ication, added exception handler in pe_format
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The core looks ok and I'm ready to merge it after a few minor changes.
- It looks like Telfhash, rich header hash, and even some UPX changes got mixed up with this. That is unfortunate and it convolutes the PR. Please fix the merge conflicts, and be careful about this in the future.
- Also, there is a massive alignment change in
src/fileinfo/file_information/file_information.h
which also pollutes the PR. You don't have to change it back. it is ok, but again it is not good to have this in a PR. - Add new lines at the ends of your sources. Many are missing them. Git doesn't like it.
- Nitpick: In general we use C++/Doxygen style comments in RetDec. You use C style comment. Don't change it now, it is ok. I said you can use whatever style you want if you are consistent about it, and I should have noticed this earlier. Just for the future reference, it is best to use C++/Doxygen comments in C++, especially if other modules are using it.
src/fileformat/file_format/pe/authenticode/authenticode_structs.h
Outdated
Show resolved
Hide resolved
src/fileformat/file_format/pe/authenticode/ms_counter_signature.cpp
Outdated
Show resolved
Hide resolved
src/fileformat/file_format/pe/authenticode/x509_certificate.cpp
Outdated
Show resolved
Hide resolved
… missing newlines, fix windows build
Yes, I polluted the PR when I merged with master, I removed the polluting commits and forced pushed it into (hopefully) correct state. |
I have reverted the indent as I changed it on an accident with autoformatter, it also solves the merge conflict. |
Now the tests are falling, probably only because of |
Lets run TC tests. |
TC tests are still failing, but it is because it is not testing this PR with the associated tests PR. For future reference - RetDec PR branch is tested with the RetDec regression tests PR branch with a matching (i.e. the same) name - if it exists, otherwise with |
@HoundThe can you try to rename the branch for regression tests PR to |
I've renamed the testing PR branch to |
Some Windows tests were failing because of UB from an uninitialized algorithm value, when parsing of a countersignature fails, should be fixed now. |
I'm submitting progress on Authenticode parsing, it's still a work in progress.
There are few shortcuts I've taken during development that I need to finish.
Also, the commit history is a mess, I can fix it if that's a problem.
Further plans after this could be adding more things that are being parsed, validation/verification of the signature contents
Also, solves #380.