Speedup reading file, added authenticode arg

NetSPI / PESecurity

PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.

https://blog.netspi.com/verifying-aslr-dep-and-safeseh-with-powershell/

MIT License

614 stars 152 forks source link

Speedup reading file, added authenticode arg #15

Closed aaronhudon closed 4 years ago

aaronhudon commented 5 years ago

[IO.File]::ReadAllBytes will place entire file in memory. On large files, this is a performance issue. Get-AuthenticodeStatus is extremely slow on large files. Added -SkipAuthenticode argument to skip checking authenticode.

ESIC-DA commented 4 years ago

I think it would be great if this got merged in...I just spent ...too long... trying to remember where I had seen something about skipping authenticode checks before

(our usecase: because we want to combine everything else provided by Get-PESecurity with a direct call to Get-AuthentiCode signature to have access to more info than gets passed through Get-PESecurity)