{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Viruses. 的问题《Where is the digital signature stored when code si》','https://www.manongdao.com/q-588825.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
As stated in the question title. However, I am using a "trick" where i store extra data after the executable to be used at runtime (see here).
Signing my executable appears to break this 'trick' however, so my question is where is the signature stored in the exe (PE) file?
I am usingsigntool from microsoft to sign my executable.
An embedded digital signature is always appended to the end of the executable file, whether or not you have custom data attached to it. The attached data is included in the hash of the signature.
The location and size of the signature is stored in the security directory of the PE header. Extracting that information goes like this:
IMAGE_OPTIONAL_HEADERof the PE file.IMAGE_OPTIONAL_HEADER::DataDirectoryis an array ofIMAGE_DATA_DIRECTORYstructures. Index it byIMAGE_DIRECTORY_ENTRY_SECURITY(undocumented but declared in winnt.h) to locate the entry of the security directory.IMAGE_DATA_DIRECTORY::VirtualAddresscontains the file offset (not the RVA) of the signature andIMAGE_DATA_DIRECTORY::Sizecontains the size of the signature.References:
The format of a signed PE file is documented by Microsoft:
Windows Authenticode Portable Executable Signature Format