Open Mgamerz opened 3 years ago
srivas-ksh
commented
2 years ago +1 for the feature to have this library work byte array or file stream such that the dependency on physical file path can be avoided. In cloud environment, it is hard to store file, instead file stream or byte array can help this library to work in cloud environment also.
kapsiR
commented
1 year ago You can use the same package, that PowerShell uses under the hood 😉
Microsoft.Security.Extensions is available for that:
using Microsoft.Security.Extensions;
...
using (FileStream fs = File.OpenRead(@"c:\test.exe"))
{
FileSignatureInfo sigInfo = FileSignatureInfo.GetFromFileStream(fs);
Console.WriteLine(sigInfo.State); // SignatureState.SignedAndTrusted
}
Hi,
Thanks for this library, I use it in my modding software I write to validate the source of a game. I'm wondering if it would be possible to extend this to support reading files from memory/byte arrays, which is apparently something that can be done in powershell (https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-authenticodesignature?view=powershell-7).
I ask for this feature because for one of the games my software mods, the executable has to be modified to support Large Address Aware (LAA - it's a really old game from mid 2000s), as well as patched in a few other areas to prevent things like running as admin (it's a long story) and other stuff. I want to be able to determine the source of it still, so I'm planning to write a 'executable reverser', which will read in the executable, reverse the changes we've made, and then I would feed that data to AuthenticodeExaminer. The game will not work if we don't make these changes so we will always have a game executable with a broken signature.
This is easily possible by doing a disk write but I'm trying to avoid writing a 20MB file to disk just to determine the signature.
I see you are using native windows API to perform this, and I haven't looked at powershell to see how it does it. Another use case for this is that I perform updates through patches, so I update my program's executable by applying a patch to it in memory and validating the hash. If I could validate the signature in memory instead, it would drop the need for me to validate the hash (I don't write to disk until I validate the result), which is extra manual work I have to do on every build of my software.