в одном документе нашел кусочек : .... After the 'NumberOfRvaAndSizes' there is an array of IMAGE_NUMBEROF_DIRECTORY_ENTRIES (16) IMAGE_DATA_DIRECTORYs. Each of these directories describes the location (32 bits RVA called 'VirtualAddress') and size (also 32 bit, called 'Size') of a particular piece of information, which is located in one of the sections that follow the directory entries. For example, the security directory is found at the RVA and has the size that are given at index 4. The directories that I know the structure of will be discussed later. Defined directory indexes are: IMAGE_DIRECTORY_ENTRY_EXPORT (0) The directory of exported symbols; mostly used for DLLs. Described below. IMAGE_DIRECTORY_ENTRY_IMPORT (1) The directory of imported symbols; see below. IMAGE_DIRECTORY_ENTRY_RESOURCE (2) Directory of resources. Described below. IMAGE_DIRECTORY_ENTRY_EXCEPTION (3) Exception directory - structure and purpose unknown. IMAGE_DIRECTORY_ENTRY_SECURITY (4) Security directory - structure and purpose unknown. .... Вот собственно все, что нашел у себя в доках. Но сам не копал в эту сторону.
http://www.cs.auckland.ac.nz/~pgut001/pubs/authenticode.txt Dumping DLL certs Is there a openssl command to dump the details of a signed DLL under Win-XP? With a command like CertMgr -add -all ipworks6.dll copy.crt I can extract the security part of the IPWorks6.dll. Now I want to dump and process the contents of copy.crt using OpenSSL tools. pedump says the format is PKCS, but I'm not sure if it some MS proprietary format or not (AuthentiCode?). The above dll is just an example (ships with the 4NT cmd-processor). BTW. Anybody know of a free program (cross-platform?) that can add certificates to a DLL? AFAICS, the cert is written in a PE optional header IMAGE_DIRECTORY_ENTRY_SECURITY with a simple length/type header (struct _WIN_CERTIFICATE). Should be easy enough to add once I know the format of the PKCS signed data. Думаю, вполне понятно, куда копать далее.
