public static Signature?GetSignatureStatus(string Path)
{
if (Path is null)
{
return(null);
}
try
{
if (PeFile.IsPeFile(Path))
{
using var mmf = new PeNet.FileParser.MMFile(Path);
var peHeader = new PeFile(mmf);
if (peHeader.Authenticode is AuthenticodeInfo ai)
{
var sig = new Signature(ai);
return(sig);
}
}
}
catch (Exception e)
{
Log.Verbose("Failed to get signature for {0} ({1}:{2})", Path, e.GetType(), e.Message);
}
return(null);
}
public static Signature?GetSignatureStatus(string Path)
{
if (Path is null || !NeedsSignature(Path))
{
return(null);
}
try
{
if (PeFile.IsPeFile(Path))
{
using var mmf = new PeNet.FileParser.MMFile(Path);
var peHeader = new PeFile(mmf);
if (peHeader.Authenticode is AuthenticodeInfo ai)
{
var sig = new Signature(ai);
return(sig);
}
}
}
catch (Exception)
{
Log.Debug("Failed to get signature for {0}.", Path);
}
return(null);
}
public void GetAuthenticodeInfo_FromArmBinary_WithMMF()
{
using var mmf = new PeNet.FileParser.MMFile(@"./Binaries/arm_binary.dll");
var peFile = new PeFile(mmf);
Assert.Equal((uint)0, peFile.ImageNtHeaders.OptionalHeader.DataDirectory[(int)DataDirectoryType.Security].VirtualAddress);
Assert.Equal((uint)0, peFile.ImageNtHeaders.OptionalHeader.DataDirectory[(int)DataDirectoryType.Security].Size);
Assert.Null(peFile.Pkcs7);
Assert.NotNull(peFile.Authenticode);
}
public static List <DLLCHARACTERISTICS> GetDllCharacteristics(string Path)
{
List <DLLCHARACTERISTICS> output = new List <DLLCHARACTERISTICS>();
if (NeedsSignature(Path))
{
try
{
if (PeFile.IsPeFile(Path))
{
using var mmf = new PeNet.FileParser.MMFile(Path);
var peHeader = new PeFile(mmf);
var dllCharacteristics = peHeader.ImageNtHeaders?.OptionalHeader.DllCharacteristics;
if (dllCharacteristics is DllCharacteristicsType chars)
{
ushort characteristics = (ushort)chars;
foreach (DLLCHARACTERISTICS?characteristic in Enum.GetValues(typeof(DLLCHARACTERISTICS)))
{
if (characteristic is DLLCHARACTERISTICS c)
{
if (((ushort)c & characteristics) == (ushort)c)
{
output.Add(c);
}
}
}
}
}
}
catch (Exception e) when(
e is IndexOutOfRangeException ||
e is ArgumentNullException ||
e is System.IO.IOException ||
e is ArgumentException ||
e is UnauthorizedAccessException ||
e is NullReferenceException)
{
Log.Verbose("Failed to get PE Headers for {0} ({1}:{2})", Path, e.GetType(), e.Message);
}
catch (Exception e)
{
Log.Debug(e, "Failed to get PE Headers for {0} ({1}:{2})", Path, e.GetType(), e.Message);
}
}
return(output);
}
