Where is the digital signature stored when code signing a exe file in windows?

问题

As stated in the question title. However, I am using a "trick" where i store extra data after the executable to be used at runtime (see here).

Signing my executable appears to break this 'trick' however, so my question is where is the signature stored in the exe (PE) file?

I am usingsigntool from microsoft to sign my executable.

回答1:

An embedded digital signature is always appended to the end of the executable file, whether or not you have custom data attached to it. The attached data is included in the hash of the signature.

The location and size of the signature is stored in the security directory of the PE header. Extracting that information goes like this:

• Locate and read the IMAGE_OPTIONAL_HEADER of the PE file.
• IMAGE_OPTIONAL_HEADER::DataDirectory is an array of IMAGE_DATA_DIRECTORY structures. Index it by IMAGE_DIRECTORY_ENTRY_SECURITY (undocumented but declared in winnt.h) to locate the entry of the security directory.
• IMAGE_DATA_DIRECTORY::VirtualAddress contains the file offset (not the RVA) of the signature and IMAGE_DATA_DIRECTORY::Size contains the size of the signature.

References:

• PE Format (MSDN)
• Peering inside the PE (somewhat more readable, with examples)
• IMAGE_DATA_DIRECTORY values
• The Case of the Missing Digital Signatures Tab

回答2:

The format of a signed PE file is documented by Microsoft:

Windows Authenticode Portable Executable Signature Format

来源：https://stackoverflow.com/questions/47646135/where-is-the-digital-signature-stored-when-code-signing-a-exe-file-in-windows