It would be nice to be able to compute a PE binary "Authentihash" according to a hash algorithm.
This basically requires hashing the whole PE binary except: Windows checksum field, Certificate Table entry in Data Directory, Certificate Attributes entries somewhere after the sections.
I suggest proceeding by finding all the regions of interest, including the "junk at the end" (which can potentially contain other things).
I will try to hack something and submit it as a PR.
It would be nice to be able to compute a PE binary "Authentihash" according to a hash algorithm.
This basically requires hashing the whole PE binary except: Windows checksum field, Certificate Table entry in Data Directory, Certificate Attributes entries somewhere after the sections.
I suggest proceeding by finding all the regions of interest, including the "junk at the end" (which can potentially contain other things).
I will try to hack something and submit it as a PR.