PE File Format (Document is now Office 2007)
-
It seems Microsoft is pushing developers to the Office 2007 document format. The Microsoft Portable Executable and Common Object File Format Specification[^], which was updated in the end of March, is now sporting a *.docx extension.
-
It seems Microsoft is pushing developers to the Office 2007 document format. The Microsoft Portable Executable and Common Object File Format Specification[^], which was updated in the end of March, is now sporting a *.docx extension.
Heh. Whenever i find spec documents online in Word format (or any other word-processor format...) my first thought is, "can't make the HTML converter work either, eh?" :rolleyes:
Citizen 20.1.01
'The question is,' said Humpty Dumpty, 'which is to be master - that's all.'
-
It seems Microsoft is pushing developers to the Office 2007 document format. The Microsoft Portable Executable and Common Object File Format Specification[^], which was updated in the end of March, is now sporting a *.docx extension.
Yeah, I read through it last week. Due to (idiotic) security settings on a code signing server, I couldn't verify signed files using signtool.exe. The real pain was that I didn't even need to know if the signature was valid or not, I only needed to know whether it was present or it. Mailing the admininstrator about it didn't help - I never even got a response! Bloody bastard operator from hell... So I read through the spec, and started writing a tool for checking signatures. After a while, I learned something very valuable (again): always read the entire spec first before you implement anything. As I was working my way towards the signature, I found a reference to the Imagehlp function library. My 3 hours of work was shot to pieces by the paraphrase "instead of writing your own shitty code to investigate signatures and certificates in PE files, you can use the function ImageEnumerateCertificates()". :doh:
-- Kein Mitleid Für Die Mehrheit
-
Yeah, I read through it last week. Due to (idiotic) security settings on a code signing server, I couldn't verify signed files using signtool.exe. The real pain was that I didn't even need to know if the signature was valid or not, I only needed to know whether it was present or it. Mailing the admininstrator about it didn't help - I never even got a response! Bloody bastard operator from hell... So I read through the spec, and started writing a tool for checking signatures. After a while, I learned something very valuable (again): always read the entire spec first before you implement anything. As I was working my way towards the signature, I found a reference to the Imagehlp function library. My 3 hours of work was shot to pieces by the paraphrase "instead of writing your own shitty code to investigate signatures and certificates in PE files, you can use the function ImageEnumerateCertificates()". :doh:
-- Kein Mitleid Für Die Mehrheit
Hi Jörgen,
Jörgen Sigvardsson wrote:
Due to (idiotic) security settings on a code signing server
Can you forward me a URL (noloader, gmail)? I'd like to take a look. I've written certicate parsers. I've found the worst to be some early Slovakian certicates (this even considers the mess that certificate profiles have caused).
Jörgen Sigvardsson wrote:
Mailing the admininstrator about it didn't help - I never even got a response!
Sounds like service I'd expect from Symantec or Adobe.
Jörgen Sigvardsson wrote:
I found a reference to the Imagehlp function library.
There are lots of goodies in there. I find I use it to cross check a lot of my stuff.
Jörgen Sigvardsson wrote:
use the function ImageEnumerateCertificates
If you are looking for a signature on the PE (without the X.509 overhead), there is an easier solution: latch on to the public key's OID through byte scanning the Certificate (located in the .security section), and then parse the key. Create the signature as specified in the PE specification. Finally, verify the signature. It's a nice exercise in PE parsing and basic crypto without the walking of a certifcate chain. Jeff
-
Hi Jörgen,
Jörgen Sigvardsson wrote:
Due to (idiotic) security settings on a code signing server
Can you forward me a URL (noloader, gmail)? I'd like to take a look. I've written certicate parsers. I've found the worst to be some early Slovakian certicates (this even considers the mess that certificate profiles have caused).
Jörgen Sigvardsson wrote:
Mailing the admininstrator about it didn't help - I never even got a response!
Sounds like service I'd expect from Symantec or Adobe.
Jörgen Sigvardsson wrote:
I found a reference to the Imagehlp function library.
There are lots of goodies in there. I find I use it to cross check a lot of my stuff.
Jörgen Sigvardsson wrote:
use the function ImageEnumerateCertificates
If you are looking for a signature on the PE (without the X.509 overhead), there is an easier solution: latch on to the public key's OID through byte scanning the Certificate (located in the .security section), and then parse the key. Create the signature as specified in the PE specification. Finally, verify the signature. It's a nice exercise in PE parsing and basic crypto without the walking of a certifcate chain. Jeff
Jeffrey Walton wrote:
Can you forward me a URL (noloader, gmail)? I'd like to take a look. I've written certicate parsers. I've found the worst to be some early Slovakian certicates (this even considers the mess that certificate profiles have caused).
The certificates were Microsoft's own, more specifically C:\Windows\Microsoft.Net\Framework\NETFXSBS10.exe (that's the reference file I used). If I right click a file, choose properties, and select the digital signatures tab, there's no problem. It's when I use signtool (on this particular Windows 2003 machine), it freaks out. I can't remember the configuration error, but it was apparently a common problem for people. I think it was some kind of trust parameter.
Jeffrey Walton wrote:
Sounds like service I'd expect from Symantec or Adobe.
We're talking people from within my own organisation...
-- Kein Mitleid Für Die Mehrheit
-
It seems Microsoft is pushing developers to the Office 2007 document format. The Microsoft Portable Executable and Common Object File Format Specification[^], which was updated in the end of March, is now sporting a *.docx extension.
That's Microsoft's normal MO, they assume every developer will jump to the next version of C++/C#/Office/Whatever the instant it ships.
--Mike-- Visual C++ MVP :cool: LINKS~! CP SearchBar v3.0 | C++ Forum FAQ I work for Keyser Söze