Open
Description
We are using jsign to implement signature stuffing for installers (i.e. embedding additional branding information in the signature section of a binary while maintaining a properly signed state for the rest of the actual executable. Many installers do this - that's why MS decided to intentionally not forbid this by default in windows). This is the code we use:
/**
* Embeds the given bytes into given signed PE/COFF executable.
*/
public static void embed(Path executable, byte[] data) throws IOException {
try (PEFile pe = new PEFile(executable.toFile())) {
List<CMSSignedData> signatures = pe.getSignatures();
if (signatures.isEmpty()) {
throw new IllegalStateException("Only signed executables can be modified.");
}
// we only support a single top level signature.
CertificateTableEntry topSignature = new CertificateTableEntry(signatures.get(0));
byte[] signature = topSignature.toBytes();
// append data right after each other
// bitwise round up to next multiple of 8
byte[] bytes = new byte[(signature.length + data.length + 7) & (-8)];
System.arraycopy(signature, 0, bytes, 0, signature.length);
System.arraycopy(data, 0, bytes, signature.length, data.length);
// update the executable, table size, checksum, etc.
pe.writeDataDirectory(DataDirectoryType.CERTIFICATE_TABLE, bytes);
}
}
This no longer compiles with 7.0 since APIs have been made private or removed all together:
- CertificateTableEntry class is now private. Unsure whether there is another way of retrieving the bytes though.
- DataDirectoryType class is now private.
- PEFile#writeDataDirectory has been removed alltogether.
Is there a chance to get those things back, or another way I don't know about to achieve the same? Otherwise I'd be locked on an older version indefinitely - which I would not like at all :)
Metadata
Metadata
Assignees
Labels
No labels