public static Signature?GetSignatureStatus(string Path) { if (Path is null) { return(null); } try { if (PeFile.IsPeFile(Path)) { using var mmf = new PeNet.FileParser.MMFile(Path); var peHeader = new PeFile(mmf); if (peHeader.Authenticode is AuthenticodeInfo ai) { var sig = new Signature(ai); return(sig); } } } catch (Exception e) { Log.Verbose("Failed to get signature for {0} ({1}:{2})", Path, e.GetType(), e.Message); } return(null); }
public static Signature?GetSignatureStatus(string Path) { if (Path is null || !NeedsSignature(Path)) { return(null); } try { if (PeFile.IsPeFile(Path)) { using var mmf = new PeNet.FileParser.MMFile(Path); var peHeader = new PeFile(mmf); if (peHeader.Authenticode is AuthenticodeInfo ai) { var sig = new Signature(ai); return(sig); } } } catch (Exception) { Log.Debug("Failed to get signature for {0}.", Path); } return(null); }
public void GetAuthenticodeInfo_FromArmBinary_WithMMF() { using var mmf = new PeNet.FileParser.MMFile(@"./Binaries/arm_binary.dll"); var peFile = new PeFile(mmf); Assert.Equal((uint)0, peFile.ImageNtHeaders.OptionalHeader.DataDirectory[(int)DataDirectoryType.Security].VirtualAddress); Assert.Equal((uint)0, peFile.ImageNtHeaders.OptionalHeader.DataDirectory[(int)DataDirectoryType.Security].Size); Assert.Null(peFile.Pkcs7); Assert.NotNull(peFile.Authenticode); }
public static List <DLLCHARACTERISTICS> GetDllCharacteristics(string Path) { List <DLLCHARACTERISTICS> output = new List <DLLCHARACTERISTICS>(); if (NeedsSignature(Path)) { try { if (PeFile.IsPeFile(Path)) { using var mmf = new PeNet.FileParser.MMFile(Path); var peHeader = new PeFile(mmf); var dllCharacteristics = peHeader.ImageNtHeaders?.OptionalHeader.DllCharacteristics; if (dllCharacteristics is DllCharacteristicsType chars) { ushort characteristics = (ushort)chars; foreach (DLLCHARACTERISTICS?characteristic in Enum.GetValues(typeof(DLLCHARACTERISTICS))) { if (characteristic is DLLCHARACTERISTICS c) { if (((ushort)c & characteristics) == (ushort)c) { output.Add(c); } } } } } } catch (Exception e) when( e is IndexOutOfRangeException || e is ArgumentNullException || e is System.IO.IOException || e is ArgumentException || e is UnauthorizedAccessException || e is NullReferenceException) { Log.Verbose("Failed to get PE Headers for {0} ({1}:{2})", Path, e.GetType(), e.Message); } catch (Exception e) { Log.Debug(e, "Failed to get PE Headers for {0} ({1}:{2})", Path, e.GetType(), e.Message); } } return(output); }